# accepted or denied.
#
acl_check_mail:
- .ifdef CHECK_MAIL_HELO_ISSUED
- deny
- message = no HELO given before MAIL command
- condition = ${if def:sender_helo_name {no}{yes}}
- .endif
--
accept
# broad range of non-alphanumeric characters.
.ifdef CHECK_RCPT_LOCAL_LOCALPARTS
deny
- domains = +local_domains
+ domains = +local_domains : +unix_domains
local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
message = restricted characters in address
.endif
# from mounting certain kinds of attack on remote sites.
.ifdef CHECK_RCPT_REMOTE_LOCALPARTS
deny
- domains = !+local_domains
+ domains = !+local_domains : !+unix_domains
local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
message = restricted characters in address
.endif
.else
local_parts = CHECK_RCPT_POSTMASTER
.endif
- domains = +local_domains : +relay_to_domains
-
+ domains = +local_domains : +unix_domains : +relay_to_domains
-
# Deny unless the sender address can be verified.
#
# This is disabled by default so that DNSless systems don't break. If
# to enable this feature.
#
# This feature does not work in smarthost and satellite setups as
- # with these setups all domains pass verification. See spec.txt section
- # "Access control lists" subsection "Address verification" with the added
- # information that a smarthost/satellite setup routes all non-local e-mail
- # to the smarthost.
+ # with these setups all domains pass verification. See spec.txt chapter
+ # 39.31 with the added information that a smarthost/satellite setup
+ # routes all non-local e-mail to the smarthost.
.ifdef CHECK_RCPT_VERIFY_SENDER
- deny
- message = Sender verification failed
+ # hcoop-change: warn so that we can track down webapps sending
+ # without a valid return user, but not break the many web apps that
+ # do so. Fix.
+ warn
+ log_message = Sender verification failed
!acl = acl_local_deny_exceptions
!verify = sender
.endif
+ # hcoop-change: Add recommended lines from
+ # /usr/share/doc/mailman/README.EXIM.gz so that bounce messages
+ # get through, even if they are from a malformed address
+
+ # Accept bounces to lists even if callbacks or other checks would fail
+ warn
+ message = X-WhitelistedRCPT-nohdrfromcallback: Yes
+ condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
+ {def:domain} \
+ {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
+ {true}}} \
+ {yes}{no}}
+
+ accept
+ condition = ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
+ {def:domain} \
+ {eq {${lookup{$local_part@$domain}lsearch{MAILMAN_DB}}} \
+ {true}}} \
+ {yes}{no}}
+
# Verify senders listed in local_sender_callout with a callout.
#
# In smarthost and satellite setups, this causes the callout to be
control = submission/sender_retain
control = dkim_disable_verify
+ # Insist that a HELO/EHLO was accepted.
+
+ require message = nice hosts say HELO first
+ condition = ${if def:sender_helo_name}
# Insist that any other recipient address that we accept is either in one of
# our local domains, or is in a domain for which we explicitly allow
# relaying. Any other domain is rejected as being unacceptable for relaying.
require
message = relay not permitted
- domains = +local_domains : +relay_to_domains
+ domains = +local_domains : +unix_domains : +relay_to_domains
# We also require all accepted addresses to be verifiable. This check will
warn
condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
{yes}{no}}
+ log_message = Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
.endif
# Check against classic DNS "black" lists (DNSBLs) which list
# sender IP addresses
.ifdef CHECK_RCPT_IP_DNSBLS
- warn
+ # hcoop-change: drop connection instead of warning
+ drop
+ message = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+ log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
dnslists = CHECK_RCPT_IP_DNSBLS
+ add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+ log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
.endif
.include CHECK_RCPT_LOCAL_ACL_FILE
.endif
+ # hcoop-change: 2015-03-19 clinton_admin
+ # testing if this will reject the fucktons of spam hitting logs@,
+ # most of it fscking signed with valid DKIM keys and evading
+ # spamassassin.
+ deny
+ log_message = rejecting non-hcoop host sending to logs
+ recipients = logs@*.hcoop.net
+ !hosts = +relay_from_hosts
-
#############################################################################
# This check is commented out because it is recognized that not every
# sysadmin will want to do it. If you enable it, the check performs
# .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
# server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
# .endif
-#
+#
# digest_md5_sasl_server:
# driver = cyrus_sasl
# public_name = DIGEST-MD5
# You can set AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS to allow unencrypted
# clear text password authentication on all connections.
-cram_md5:
- driver = cram_md5
- public_name = CRAM-MD5
- client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
- client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
-
-# this returns the matching line from passwd.client and doubles all ^
-PASSWDLINE=${sg{\
- ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
- }\
- {\\N[\\^]\\N}\
- {^^}\
- }
-
-plain:
+# cram_md5:
+# driver = cram_md5
+# public_name = CRAM-MD5
+# client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
+# client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
+
+# # this returns the matching line from passwd.client and doubles all ^
+# PASSWDLINE=${sg{\
+# ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
+# }\
+# {\\N[\\^]\\N}\
+# {^^}\
+# }
+
++# # this returns the matching line from passwd.client and doubles all ^
++# PASSWDLINE=${sg{\
++# ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
++# }\
++# {\\N[\\^]\\N}\
++# {^^}\
++# }
++
+# plain:
+# driver = plaintext
+# public_name = PLAIN
+# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
+# client_send = "<; ${if !eq{$tls_out_cipher}{}\
+# {^${extract{1}{:}{PASSWDLINE}}\
+# ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
+# }fail}"
+# .else
+# client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
+# ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .endif
+
+# login:
+# driver = plaintext
+# public_name = LOGIN
+# .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
+# # Return empty string if not non-TLS AND looking up $host in passwd-file
+# # yields a non-empty string; fail otherwise.
+# client_send = "<; ${if and{\
+# {!eq{$tls_out_cipher}{}}\
+# {!eq{PASSWDLINE}{}}\
+# }\
+# {}fail}\
+# ; ${extract{1}{::}{PASSWDLINE}}\
+# ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .else
+# # Return empty string if looking up $host in passwd-file yields a
+# # non-empty string; fail otherwise.
+# client_send = "<; ${if !eq{PASSWDLINE}{}\
+# {}fail}\
+# ; ${extract{1}{::}{PASSWDLINE}}\
+# ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+# .endif
+
+# hcoop-change: auth against sasld
+hcoop_plain:
driver = plaintext
public_name = PLAIN
-.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
- client_send = "<; ${if !eq{$tls_out_cipher}{}\
- {^${extract{1}{:}{PASSWDLINE}}\
- ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
- }fail}"
-.else
- client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
- ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.endif
-
-login:
+ server_prompts = :
+ server_condition = \
+ ${if or {{crypteq {$auth3} \
+ {${extract{systempw}{${tr{${lookup{$auth2} \
+ dbm{/etc/courier/exim.dat} \
+ }}{|}{ }}}}}} \
+ {saslauthd {{$auth2}{$auth3}{exim4}}}}}
+ server_set_id = $auth2
+ server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
+
+hcoop_login:
driver = plaintext
public_name = LOGIN
-.ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
- # Return empty string if not non-TLS AND looking up $host in passwd-file
- # yields a non-empty string; fail otherwise.
- client_send = "<; ${if and{\
- {!eq{$tls_out_cipher}{}}\
- {!eq{PASSWDLINE}{}}\
- }\
- {}fail}\
- ; ${extract{1}{::}{PASSWDLINE}}\
- ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.else
- # Return empty string if looking up $host in passwd-file yields a
- # non-empty string; fail otherwise.
- client_send = "<; ${if !eq{PASSWDLINE}{}\
- {}fail}\
- ; ${extract{1}{::}{PASSWDLINE}}\
- ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-.endif
+ server_prompts = "Username:: : Password::"
+ server_condition = \
+ ${if or {{crypteq {$auth2} \
+ {${extract{systempw}{${tr{${lookup{$auth1} \
+ dbm{/etc/courier/exim.dat} \
+ }}{|}{ }}}}}} \
+ {saslauthd {{$auth1}{$auth2}{exim4}}}}}
+ server_set_id = $auth1
- server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
++ server_advertise_condition = ${if eq{$tls_cipher}{}{}{*}}
++
# List of domains considered local for exim. Domains not listed here
# need to be deliverable remotely.
-domainlist local_domains = MAIN_LOCAL_DOMAINS
+# hcoop-change: comment out, provided by domtool
+# domainlist local_domains = MAIN_LOCAL_DOMAINS
# List of recipient domains to relay _to_. Use this list if you're -
# for example - fallback MX or mail gateway for domains.
-domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
+# hcoop-change: comment out, provided by domtool
+# domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
+
+# hcoop-change: List of domains that accept mail from local users.
+# Mail sent to other domains we manage will be transformed into a
+# local address by /etc/aliases.
+domainlist unix_domains = hcoop.net:deleuze.hcoop.net:outpost.hcoop.net:hopper.hcoop.net:navajos.hcoop.net:bog.hcoop.net:fritz.hcoop.net:mccarthy.hcoop.net:gibran.hcoop.net:marsh.hcoop.net:localhost
# List of sender networks (IP addresses) to _unconditionally_ relay
# _for_. If you intend to be SMTP AUTH server, you do not need to enter
# These macros are documented in acl/30_exim4-config_check_rcpt,
# can be changed here or overridden by a locally added configuration
- # file as described in README.Debian chapter 2.1.2
+ # file as described in README.Debian section "Using Exim Macros to control
+ # the configuration".
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
.endif
# always log tls_peerdn as we use TLS for outgoing connects by default
+ .ifndef MAIN_LOG_SELECTOR
+ MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn
+ .endif
++
++# always log tls_peerdn as we use TLS for outgoing connects by default
+# hcoop-change: add +tls_ciper
+.ifndef MAIN_LOG_SELECTOR
+MAIN_LOG_SELECTOR = +tls_cipher +tls_peerdn
+.endif
+
+# hcoop-change: use file_transport = address_file for /etc/aliases
+# delivery, as per old configuration
+SYSTEM_ALIASES_FILE_TRANSPORT = address_file
+
+# hcoop-change: deliver mail to AFS
+MAILDIR_HOME_MAILDIR_LOCATION = /afs/hcoop.net/common/email
+
+# hcoop-change: enable TLS
+MAIN_TLS_ENABLE = yes
+
+# hcoop-change: enabled sender verification
+CHECK_RCPT_VERIFY_SENDER = true
+CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_RCPT_SPF = true
+
+# hcoop-change: use hcoop cert 2015-05-04 clinton
+MAIN_TLS_CERTKEY = /etc/hcoop-ssl/hcoop.pem
+
+# hcoop-change: uncomment and set to mailman host if this server does not host mailman
+#HCOOP_MAILMAN_RELAY_HOST = deleuze.hcoop.net
+
+# hcoop-change: all mail for users < 1000 to logs, reject entirely from untrusted remote hosts
+FIRST_USER_ACCOUNT_UID = 1000
+HCOOP_SYSTEM_ACCOUNT_ALIAS = logs@hcoop.net
# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
# where the domain part is a "domain literal" (an IP address) instead
# of a named domain. The RFCs require this facility, but it is disabled
- # in the default config since it is seldomly used and frequently abused.
+ # in the default config since it is rarely used and frequently abused.
# Domain literal support also needs a special router, which is automatically
# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
# Additionally, you might want to make your local IP addresses (or @[])
primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
.endif
- # The settings below, which are actually the same as the defaults in the
- # code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
- # calls. You can limit the hosts to which these calls are made, and/or change
- # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
- # are disabled. RFC 1413 calls are cheap and can provide useful information
- # for tracing problem messages, but some hosts and firewalls are
- # misconfigured to drop the requests instead of either answering or
- # rejecting them. This can result in a timeout instead of an immediate refused
- # connection, leading to delays on starting up SMTP sessions. (The default was
- # reduced from 30s to 5s for release 4.61.)
- # rfc1413_hosts =
- # rfc1413_query_timeout = 0s
+ # The settings below cause Exim to make RFC 1413 (ident) callbacks
+ # for all incoming SMTP calls. You can limit the hosts to which these
+ # calls are made, and/or change the timeout that is used. If you set
+ # the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls
+ # are cheap and can provide useful information for tracing problem
+ # messages, but some hosts and firewalls have problems with them.
+ # This can result in a timeout instead of an immediate refused
+ # connection, leading to delays on starting up SMTP sessions.
+ # (The default was reduced from 30s to 5s for release 4.61. and to
+ # disabled for release 4.86)
+ #
-#rfc1413_hosts = *
-#rfc1413_query_timeout = 5s
++#rfc1413_hosts =
++#rfc1413_query_timeout = 0s
+
+
+ # Enable an efficiency feature. We advertise the feature; clients
+ # may request to use it. For multi-recipient mails we then can
+ # reject or accept per-user after the message is received.
+ #
+ prdr_enable = true
# When using an external relay tester (such as rt.njabl.org and/or the
# currently defunct relay-test.mail-abuse.org, the test may be aborted
# SMTP Banner. The example includes the Debian version in the SMTP dialog
# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} (Debian package MAIN_PACKAGE_VERSION) ${tod_full}"
# smtp_banner = $smtp_active_hostname ESMTP Exim $version_number $tod_full
- tls_on_connect_ports = smtps
+
+# hcoop-change: better load limiting
+# these values should be checked, documented, and committed to git (clinton)
+smtp_accept_max = 50
+retry_data_expire = 1d
+retry_interval_max = 8h
+# load max is just a guess for what will work ATM...
+queue_only_load = 20
+deliver_queue_load_max = 36
+queue_run_max = 10
+
+# hcoop-change: raise limit for incoming SMTP connections
+#smtp_accept_max = 95
+
+# hcoop-change: expire retry data after a single day
+#retry_data_expire = 1d
+
+# hcoop-change: don't penalize hosts past 4 hours
+#retry_interval_max = 4h
+
+# hcoop-change: disable smtp_enforce_sync (https://bugzilla.mozilla.org/show_bug.cgi?id=538809)
+smtp_enforce_sync = false
+
+# hcoop-change: disable ipv6 because exim seems unaware we can lookup AAAA but not actually reach them
+disable_ipv6 = true
+
+# hcoop-change: disable pointless ident check
+rfc1413_hosts =
+rfc1413_query_timeout = 0s
+
+# hcoop-change: submission + legacy smtp (many members use smtps)
+daemon_smtp_ports = smtp : smtps : submission
++tls_on_connect_ports = smtps
++
+ .ifdef MAIN_KEEP_ENVIRONMENT
+ keep_environment = MAIN_KEEP_ENVIRONMENT
+ .else
+ # set option to empty value to avoid warning.
+ keep_environment =
+ .endif
+ .ifdef MAIN_ADD_ENVIRONMENT
+ add_environment = MAIN_ADD_ENVIRONMENT
+ .endif
# effective retry-time depends on the frequency of queue-running, too.
# See QUEUEINTERVAL in /etc/default/exim4.
++
+# hcoop-change: Customize all of this to not penalize local users so
+# much for timeouts.
+
# Address or Domain Error Retries
# ----------------- ----- -------
-* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
+# Local users who might have temporary AFS-related issues
+localhost * F,10m,1m; F,30m,5m; G,6h,10m,1.2; G,1d,1h,1.5; F,4d,6h
+hcoop.net * F,10m,1m; F,30m,5m; G,6h,10m,1.2; G,1d,1h,1.5; F,4d,6h
+
+# gmail this is probably spam
+gmail.com data_4xx G,2d,30m,1.5
+
+# Default
+* * F,4h,10m; G,16h,1h,1.5; F,4d,6h
+
${if match_ip{$sender_host_address}{:@[]}\
{1}{0}\
}"
+
+# hcoop-change: Use unix_domains rather than local_domains.
+
real_local:
debug_print = "R: real_local for $local_part@$domain"
driver = accept
- condition = COND_LOCAL_SUBMITTER
- domains = +local_domains
+ domains = +unix_domains
+ condition = COND_LOCAL_SUBMITTER
local_part_prefix = real-
check_local_user
transport = LOCAL_DELIVERY
{1}{0}\
}"
-lowuid_aliases:
- debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
+# hcoop-change: separate local and remote router
+# hcoop-change: disable remote check since it interferes with relaying from hosts (should be in ACL)
+
+# lowuid_aliases_remote:
+# debug_print = "R: lowuid_aliases_remote for $local_part@$domain (UID $local_user_uid)"
+# check_local_user
+# driver = redirect
+# allow_fail
+# domains = +unix_domains
+# condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
+# data = ${if exists{CONFDIR/lowuid-aliases}\
+# {${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\
+# {$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\
+# {DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
+
+
+# hcoop-change: redirect all local low uid mail to one account
+COND_SYSTEM_USER = ${if <{$local_user_uid}{FIRST_USER_ACCOUNT_UID}{1}{0}}
+
+lowuid_aliases_local:
+ debug_print = "R: lowuid_aliases_local for $local_part@$domain (UID $local_user_uid)"
check_local_user
driver = redirect
allow_fail
- domains = +local_domains
- condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
+ domains = +unix_domains
+ condition = COND_SYSTEM_USER
data = ${if exists{CONFDIR/lowuid-aliases}\
{${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\
- {$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\
- {DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
+ {$value}{HCOOP_SYSTEM_ACCOUNT_ALIAS}}}\
+ {HCOOP_SYSTEM_ACCOUNT_ALIAS}}
++
# Use this instead of mail_spool if you want to to deliver to Maildir in
# home-directory - change the definition of LOCAL_DELIVERY
#
+# hcoop-change: Deliver to
+# MAILDIR_HOME_MAILDIR_LOCATION/l/lo/$local_part
+#
+# hcoop-change: Make sure get-token gets executed
maildir_home:
debug_print = "T: maildir_home for $local_part@$domain"
driver = appendfile
.ifdef MAILDIR_HOME_MAILDIR_LOCATION
- directory = MAILDIR_HOME_MAILDIR_LOCATION
+ directory = MAILDIR_HOME_MAILDIR_LOCATION/${length_1:$local_part}/${length_2:$local_part}/${local_part}${run{/etc/exim4/get-token ${local_part}}{}}
.else
directory = $home/Maildir
.endif
# $home is not accessible, this chdir fails and prevents delivery.
# If you are in a setup where home directories might not be
# accessible, uncomment the current_directory line below.
- # current_directory = /
+ #
+ # hcoop-change: uncommented this
+ current_directory = /
+ # hcoop-change: Try 20 times rather than 10 before deferring.
+ maildir_retries = 20
- check_owner = false
++ check_owner = false
++
### transport/30_exim4-config_remote_smtp
#################################
# This transport is used for delivering messages over SMTP connections.
+ # Refuse to send any message with over-long lines, which could have
+ # been received other than via SMTP. The use of message_size_limit to
+ # enforce this is a red herring.
- # hcoop-change: drop hosts_max_try to avoid hitting all gmail MX at once
remote_smtp:
debug_print = "T: remote_smtp for $local_part@$domain"
driver = smtp
++ # hcoop-change: drop hosts_max_try to avoid hitting all gmail MX at once
+ hosts_max_try = 2
+ .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+ message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+ .endif
.ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
.endif
# This transport is used for delivering messages over SMTP connections
# to a smarthost. The local host tries to authenticate.
# This transport is used for smarthost and satellite configurations.
+ # Refuse to send any messsage with over-long lines, which could have
+ # been received other than via SMTP. The use of message_size_limit to
+ # enforce this is a red herring.
remote_smtp_smarthost:
debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
driver = smtp
++
+ .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+ message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+ .endif
++
hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
{\
${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
.ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
.endif
+ .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+ hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+ .endif
.ifdef REMOTE_SMTP_HEADERS_REWRITE
headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
# or .forward files if the path ends in "/", which causes it to be treated
# as a directory name rather than a file name.
+# hcoop-change: Run get-token in directory so we acquire afs tokens,
+# and ignore owner
+
address_directory:
debug_print = "T: address_directory for $local_part@$domain"
driver = appendfile
- # group = mail${run{/etc/exim4/get-token ${local_part}}{}}
+ directory = ${address_file}${run{/etc/exim4/get-token ${local_part}}{}}
delivery_date_add
envelope_to_add
return_path_add
check_string = ""
escape_string = ""
+ check_owner = false
maildir_format
-
+ current_directory = /
+ maildir_retries = 20
+ mode_fail_narrower = false