# scanners. The second modification is in the acl_check_data access
# control list.
-# av_scanner = clamd:/tmp/clamd
+# av_scanner = clamd:/var/run/clamav/clamd.ctl
# For spam scanning, there is a similar option that defines the interface to
# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
# where the domain part is a "domain literal" (an IP address) instead
# of a named domain. The RFCs require this facility, but it is disabled
-# in the default config since it is seldomly used and frequently abused.
+# in the default config since it is rarely used and frequently abused.
# Domain literal support also needs a special router, which is automatically
# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
+# Additionally, you might want to make your local IP addresses (or @[])
+# local domains.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
# In a minimaldns setup, update-exim4.conf guesses the hostname and
# dumps it here to avoid DNS lookups being done at Exim run time.
-DEBCONF_hardcode_primary_hostname_DEBCONF
-
-# The settings below, which are actually the same as the defaults in the
-# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
-# calls. You can limit the hosts to which these calls are made, and/or change
-# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
-# are disabled. RFC 1413 calls are cheap and can provide useful information
-# for tracing problem messages, but some hosts and firewalls are
-# misconfigured to drop the requests instead of either answering or
-# rejecting them. This can result in a timeout instead of an immediate refused
-# connection, leading to delays on starting up SMTP sessions. (The default was
-# reduced from 30s to 5s for release 4.61.)
-# rfc1413_hosts = *
-# rfc1413_query_timeout = 5s
+.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
+primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
+.endif
+
+# The settings below cause Exim to make RFC 1413 (ident) callbacks
+# for all incoming SMTP calls. You can limit the hosts to which these
+# calls are made, and/or change the timeout that is used. If you set
+# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls
+# are cheap and can provide useful information for tracing problem
+# messages, but some hosts and firewalls have problems with them.
+# This can result in a timeout instead of an immediate refused
+# connection, leading to delays on starting up SMTP sessions.
+# (The default was reduced from 30s to 5s for release 4.61. and to
+# disabled for release 4.86)
+#
+#rfc1413_hosts =
+#rfc1413_query_timeout = 0s
+# Enable an efficiency feature. We advertise the feature; clients
+# may request to use it. For multi-recipient mails we then can
+# reject or accept per-user after the message is received.
+#
+prdr_enable = true
+
+# When using an external relay tester (such as rt.njabl.org and/or the
+# currently defunct relay-test.mail-abuse.org, the test may be aborted
+# since exim complains about "too many nonmail commands". If you want
+# the test to complete, add the host from where "your" relay tester
+# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro.
+# Please note that a non-empty setting may cause extra DNS lookups to
+# happen, which is the reason why this option is commented out in the
+# default settings.
+# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org
+.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
+smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
+.endif
+
# By default, exim forces a Sender: header containing the local
# account name at the local host name in all locally submitted messages
# that don't have the local account name at the local host name in the
# SMTP Banner. The example includes the Debian version in the SMTP dialog
-# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package DEBCONFpackageversionDEBCONF) ${tod_full}"
+# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
+
+# hcoop-change: better load limiting
+# these values should be checked, documented, and committed to git (clinton)
+smtp_accept_max = 50
+retry_data_expire = 1d
+retry_interval_max = 8h
+# load max is just a guess for what will work ATM...
+queue_only_load = 20
+deliver_queue_load_max = 36
+queue_run_max = 10
+
+# hcoop-change: raise limit for incoming SMTP connections
+#smtp_accept_max = 95
+
+# hcoop-change: expire retry data after a single day
+#retry_data_expire = 1d
+
+# hcoop-change: don't penalize hosts past 4 hours
+#retry_interval_max = 4h
+
+# hcoop-change: disable smtp_enforce_sync (https://bugzilla.mozilla.org/show_bug.cgi?id=538809)
+smtp_enforce_sync = false
+
+# hcoop-change: disable outgoing ipv6 -- digital ocean is blocking
+# outgoing smtp on ipv6, but incoming works fine.
+disable_ipv6 = false
+dns_ipv4_lookup = *
+
+# hcoop-change: disable pointless ident check
+rfc1413_hosts =
+rfc1413_query_timeout = 0s
+
+# hcoop-change: submission + legacy smtp (many members use smtps)
+daemon_smtp_ports = smtp : smtps : submission
+tls_on_connect_ports = smtps
+
+# hcoop-change: preserve kerberos environment
+MAIN_KEEP_ENVIRONMENT = KRB5CCNAME
+
+.ifdef MAIN_KEEP_ENVIRONMENT
+keep_environment = MAIN_KEEP_ENVIRONMENT
+.else
+# set option to empty value to avoid warning.
+keep_environment =
+.endif
+.ifdef MAIN_ADD_ENVIRONMENT
+add_environment = MAIN_ADD_ENVIRONMENT
+.endif