dns_cname_loops = 9
chunking_advertise_hosts = OPT
tls_advertise_hosts = *
-tls_certificate = ${if eq {SERVER}{server}{DIR/aux-fixed/cert1}fail}
+tls_certificate = DIR/aux-fixed/cert1
+
+.ifdef _HAVE_TLS_CA_CACHE
+tls_verify_certificates = system,cache
+.endif
+
+.ifdef _HAVE_DMARC
+dmarc_tld_file =
+.endif
# Avoid ECDHE key-exchange so that we can wireshark-decode (not TLS1.3)
.ifdef _HAVE_GNUTLS
tls_require_ciphers = DEFAULT:!kECDHE
.endif
-pipelining_connect_advertise_hosts = *
+pipelining_connect_advertise_hosts = CONTROL
log_selector = +received_recipients +millisec +pipelining
queue_only