X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/7411ebe05198d5365557b6c982b76ceb9e843894..HEAD:/src/src/configure.default diff --git a/src/src/configure.default b/src/src/configure.default index 87f255aa9..633c6539e 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -147,15 +147,15 @@ acl_smtp_data = acl_check_data # spamd_address = 127.0.0.1 783 -# If Exim is compiled with support for TLS, you may want to enable the -# following options so that Exim allows clients to make encrypted -# connections. In the authenticators section below, there are template -# configurations for plaintext username/password authentication. This kind -# of authentication is only safe when used within a TLS connection, so the -# authenticators will only work if the following TLS settings are turned on -# as well. +# If Exim is compiled with support for TLS, you may want to change the +# following option so that Exim disallows certain clients from makeing encrypted +# connections. The default is to allow all. +# In the authenticators section below, there are template configurations for +# plaintext username/password authentication. This kind of authentication is +# only safe when used within a TLS connection, so the authenticators will only +# work if TLS is allowed here. -# Allow any client to use TLS. +# This is equivalent to the default. # tls_advertise_hosts = * @@ -183,11 +183,15 @@ tls_resumption_hosts = ${if inlist {$received_port}{587:465} {:}{*}} # In order to support roaming users who wish to send email from anywhere, # you may want to make Exim listen on other ports as well as port 25, in # case these users need to send email from a network that blocks port 25. -# The standard port for this purpose is port 587, the "message submission" -# port. See RFC 4409 for details. Microsoft MUAs cannot be configured to +# The standard ports for this purpose are: +# port 587, the "message submission" port - see RFC 4409 for details, +# and 465 the TLS-encrypted "submission" port, service name is "submissions", +# see RFC 8314. + +# Microsoft MUAs cannot be configured to # talk the message submission protocol correctly, so if you need to support -# them you should also allow TLS-on-connect on the traditional but -# non-standard port 465. +# them you should also allow TLS-on-connect on the traditional (and now +# standard) port 465. # daemon_smtp_ports = 25 : 465 : 587 # tls_on_connect_ports = 465 @@ -504,11 +508,6 @@ acl_check_rcpt: control = submission control = dkim_disable_verify - # Insist that a HELO/EHLO was accepted. - - require message = nice hosts say HELO first - condition = ${if def:sender_helo_name} - # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow # relaying. Any other domain is rejected as being unacceptable for relaying. @@ -848,7 +847,7 @@ smarthost_smtp: # request with your smarthost provider to get things fixed: hosts_require_tls = * tls_verify_hosts = * - # As long as tls_verify_hosts is enabled, this this will have no effect, + # As long as tls_verify_hosts is enabled this will have no effect, # but if you have to comment it out then this will at least log whether # you succeed or not: tls_try_verify_hosts = *