X-Git-Url: http://git.hcoop.net/hcoop/config/exim.git/blobdiff_plain/d2b0a5673bd9cea2df559aca7295fa4586fdaebd..4e747ea1877de143bb603ee0acc3d7642e5d078b:/conf.d/main/02_exim4-config_options diff --git a/conf.d/main/02_exim4-config_options b/conf.d/main/02_exim4-config_options index e28e3e6..47c8782 100644 --- a/conf.d/main/02_exim4-config_options +++ b/conf.d/main/02_exim4-config_options @@ -46,7 +46,7 @@ message_size_limit = MESSAGE_SIZE_LIMIT # scanners. The second modification is in the acl_check_data access # control list. -# av_scanner = clamd:/tmp/clamd +# av_scanner = clamd:/var/run/clamav/clamd.ctl # For spam scanning, there is a similar option that defines the interface to @@ -64,9 +64,11 @@ message_size_limit = MESSAGE_SIZE_LIMIT # Allow Exim to recognize addresses of the form "user@[10.11.12.13]", # where the domain part is a "domain literal" (an IP address) instead # of a named domain. The RFCs require this facility, but it is disabled -# in the default config since it is seldomly used and frequently abused. +# in the default config since it is rarely used and frequently abused. # Domain literal support also needs a special router, which is automatically # enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS. +# Additionally, you might want to make your local IP addresses (or @[]) +# local domains. .ifdef MAIN_ALLOW_DOMAIN_LITERALS allow_domain_literals .endif @@ -85,22 +87,44 @@ host_lookup = MAIN_HOST_LOOKUP # In a minimaldns setup, update-exim4.conf guesses the hostname and # dumps it here to avoid DNS lookups being done at Exim run time. -DEBCONF_hardcode_primary_hostname_DEBCONF - -# The settings below, which are actually the same as the defaults in the -# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP -# calls. You can limit the hosts to which these calls are made, and/or change -# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls -# are disabled. RFC 1413 calls are cheap and can provide useful information -# for tracing problem messages, but some hosts and firewalls are -# misconfigured to drop the requests instead of either answering or -# rejecting them. This can result in a timeout instead of an immediate refused -# connection, leading to delays on starting up SMTP sessions. (The default was -# reduced from 30s to 5s for release 4.61.) -# rfc1413_hosts = * -# rfc1413_query_timeout = 5s +.ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME +primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME +.endif + +# The settings below cause Exim to make RFC 1413 (ident) callbacks +# for all incoming SMTP calls. You can limit the hosts to which these +# calls are made, and/or change the timeout that is used. If you set +# the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls +# are cheap and can provide useful information for tracing problem +# messages, but some hosts and firewalls have problems with them. +# This can result in a timeout instead of an immediate refused +# connection, leading to delays on starting up SMTP sessions. +# (The default was reduced from 30s to 5s for release 4.61. and to +# disabled for release 4.86) +# +#rfc1413_hosts = +#rfc1413_query_timeout = 0s +# Enable an efficiency feature. We advertise the feature; clients +# may request to use it. For multi-recipient mails we then can +# reject or accept per-user after the message is received. +# +prdr_enable = true + +# When using an external relay tester (such as rt.njabl.org and/or the +# currently defunct relay-test.mail-abuse.org, the test may be aborted +# since exim complains about "too many nonmail commands". If you want +# the test to complete, add the host from where "your" relay tester +# connects from to the MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS macro. +# Please note that a non-empty setting may cause extra DNS lookups to +# happen, which is the reason why this option is commented out in the +# default settings. +# MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS = !rt.njabl.org +.ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS +.endif + # By default, exim forces a Sender: header containing the local # account name at the local host name in all locally submitted messages # that don't have the local account name at the local host name in the @@ -180,5 +204,53 @@ trusted_groups = MAIN_TRUSTED_GROUPS # SMTP Banner. The example includes the Debian version in the SMTP dialog -# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package DEBCONFpackageversionDEBCONF) ${tod_full}" +# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}" # smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full + +# hcoop-change: better load limiting +# these values should be checked, documented, and committed to git (clinton) +smtp_accept_max = 50 +retry_data_expire = 1d +retry_interval_max = 8h +# load max is just a guess for what will work ATM... +queue_only_load = 20 +deliver_queue_load_max = 36 +queue_run_max = 10 + +# hcoop-change: raise limit for incoming SMTP connections +#smtp_accept_max = 95 + +# hcoop-change: expire retry data after a single day +#retry_data_expire = 1d + +# hcoop-change: don't penalize hosts past 4 hours +#retry_interval_max = 4h + +# hcoop-change: disable smtp_enforce_sync (https://bugzilla.mozilla.org/show_bug.cgi?id=538809) +smtp_enforce_sync = false + +# hcoop-change: disable outgoing ipv6 -- digital ocean is blocking +# outgoing smtp on ipv6, but incoming works fine. +disable_ipv6 = false +dns_ipv4_lookup = * + +# hcoop-change: disable pointless ident check +rfc1413_hosts = +rfc1413_query_timeout = 0s + +# hcoop-change: submission + legacy smtp (many members use smtps) +daemon_smtp_ports = smtp : smtps : submission +tls_on_connect_ports = smtps + +# hcoop-change: preserve kerberos environment +MAIN_KEEP_ENVIRONMENT = KRB5CCNAME + +.ifdef MAIN_KEEP_ENVIRONMENT +keep_environment = MAIN_KEEP_ENVIRONMENT +.else +# set option to empty value to avoid warning. +keep_environment = +.endif +.ifdef MAIN_ADD_ENVIRONMENT +add_environment = MAIN_ADD_ENVIRONMENT +.endif