Logging: disable the verbose DKIM verification line by default; add a tag to <= lines.

[exim.git] / src / src / configure.default

diff --git a/src/src/configure.default b/src/src/configure.default
index a294dc3e603f652743fc8bd5bdfd70515071b4ff..79bbc8c30fb98d190a34f1d1e02ab3c72b2f82a6 100644 (file)
--- a/src/src/configure.default
+++ b/src/src/configure.default
@@ -153,6 +153,9 @@ acl_smtp_data = acl_check_data
 # tls_certificate = /etc/ssl/exim.crt
 # tls_privatekey = /etc/ssl/exim.pem
 
+# For OpenSSL, prefer EC- over RSA-authenticated ciphers
+# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
+
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
 # case these users need to send email from a network that blocks port 25.
@@ -517,6 +520,12 @@ acl_check_data:
                        got $max_received_linelength
           condition  = ${if > {$max_received_linelength}{998}}
 
+  # Deny if the headers contain badly-formed addresses.
+  #
+  deny   !verify =     header_syntax
+         message =     header syntax
+         log_message = header syntax ($acl_verify_message)
+
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
   #