X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/f26587cbf325ebb365cd670db767363775391dc6..2c47372fad0f829ddfa29d04095f57a70206469c:/src/src/configure.default diff --git a/src/src/configure.default b/src/src/configure.default index e5feb7751..79bbc8c30 100644 --- a/src/src/configure.default +++ b/src/src/configure.default @@ -153,6 +153,9 @@ acl_smtp_data = acl_check_data # tls_certificate = /etc/ssl/exim.crt # tls_privatekey = /etc/ssl/exim.pem +# For OpenSSL, prefer EC- over RSA-authenticated ciphers +# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT + # In order to support roaming users who wish to send email from anywhere, # you may want to make Exim listen on other ports as well as port 25, in # case these users need to send email from a network that blocks port 25. @@ -334,7 +337,7 @@ timeout_frozen_after = 7d # libraries that Exim uses (e.g. LDAP) depend on specific environment settings. # There are two lists: keep_environment for the variables we trust, and # add_environment for variables we want to set to a specific value. -# Note that TZ is handled separateley by the timezone runtime option +# Note that TZ is handled separately by the timezone runtime option # and TIMEZONE_DEFAULT buildtime option. # keep_environment = ^LDAP @@ -513,7 +516,15 @@ acl_check_data: # Deny if the message contains an overlong line. Per the standards # we should never receive one such via SMTP. # - deny condition = ${if > {$max_received_linelength}{998}} + deny message = maximum allowed line length is 998 octets, \ + got $max_received_linelength + condition = ${if > {$max_received_linelength}{998}} + + # Deny if the headers contain badly-formed addresses. + # + deny !verify = header_syntax + message = header syntax + log_message = header syntax ($acl_verify_message) # Deny if the message contains a virus. Before enabling this check, you # must install a virus scanner and set the av_scanner option above. @@ -707,8 +718,8 @@ begin transports # This transport is used for delivering messages over SMTP connections. -# Refuse to send any messsage with over-long lines, which could have -# been receved other than via SMTP. The use of message_size_limit to +# Refuse to send any message with over-long lines, which could have +# been received other than via SMTP. The use of message_size_limit to # enforce this is a red herring. remote_smtp: