X-Git-Url: https://git.hcoop.net/hcoop/config/exim.git/blobdiff_plain/06b25c81f94c65d1a7ea5a2aaf8c0be470e998ce..7b83f2a34b7c9cd42f4cc52bc3948e8714046871:/conf.d/main/01_exim4-config_listmacrosdefs diff --git a/conf.d/main/01_exim4-config_listmacrosdefs b/conf.d/main/01_exim4-config_listmacrosdefs index fec1059..01214de 100644 --- a/conf.d/main/01_exim4-config_listmacrosdefs +++ b/conf.d/main/01_exim4-config_listmacrosdefs @@ -1,4 +1,3 @@ - ###################################################################### # Runtime configuration file for Exim 4 (Debian Packaging) # ###################################################################### @@ -11,10 +10,6 @@ # If you find this comment anywhere else, somebody copied it there. # Documentation about the Debian exim4 configuration scheme can be # found in /usr/share/doc/exim4-base/README.Debian.gz. -# -# Strings like DEBCONFsomethingDEBCONF are replaced by installation -# dependent values by update-exim4.conf, the script which builds the -# actual configuration from the templates. ###################################################################### ###################################################################### @@ -32,124 +27,91 @@ exim_path = /usr/sbin/exim4 CONFDIR = /etc/exim4 .endif -# This sets a macro DC_minimaldns if dc_minimaldns=true. If -# dc_minimaldns=false, this expands to an empty line. -.ifndef DC_minimaldns -DEBCONFminimaldnsDEBCONF -.endif - -# Create other macros from Debconf. Macros created here are used in -# other places in exim config. -.ifndef DC_visiblename -DC_visiblename=DEBCONFvisiblenameDEBCONF -.endif +# debconf-driven macro definitions get inserted after this line +UPEX4CmacrosUPEX4C = 1 # Create domain and host lists for relay control # '@' refers to 'the name of the local host' # List of domains considered local for exim. Domains not listed here # need to be deliverable remotely. -# hcoop-change: comment out -#.ifndef MAIN_LOCAL_DOMAINS -#MAIN_LOCAL_DOMAINS = DEBCONFlocal_domainsDEBCONF -#.endif -#domainlist local_domains = MAIN_LOCAL_DOMAINS +# hcoop-change: comment out, provided by domtool +# domainlist local_domains = MAIN_LOCAL_DOMAINS # List of recipient domains to relay _to_. Use this list if you're - # for example - fallback MX or mail gateway for domains. -# hcoop-change: comment out -#.ifndef MAIN_RELAY_TO_DOMAINS -#MAIN_RELAY_TO_DOMAINS = DEBCONFrelay_domainsDEBCONF -#.endif -#domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS +# hcoop-change: comment out, provided by domtool +# domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS + +# hcoop-change: List of domains that accept mail from local users. +# Mail sent to other domains we manage will be transformed into a +# local address by /etc/aliases. +domainlist unix_domains = hcoop.net:deleuze.hcoop.net:outpost.hcoop.net:hopper.hcoop.net:navajos.hcoop.net:bog.hcoop.net:fritz.hcoop.net:mccarthy.hcoop.net:gibran.hcoop.net:marsh.hcoop.net:minsky.hcoop.net:shelob.hcoop.net:lovelace.hcoop.net:localhost # List of sender networks (IP addresses) to _unconditionally_ relay # _for_. If you intend to be SMTP AUTH server, you do not need to enter # anything here. -.ifndef MAIN_RELAY_NETS -MAIN_RELAY_NETS = DEBCONFrelay_netsDEBCONF -.endif hostlist relay_from_hosts = MAIN_RELAY_NETS -# Specify the domain you want to be added to all unqualified addresses -# here. Unqualified addresses are accepted only from local callers by -# default. The recipient_unqualified_hosts option can be used to permit -# unqualified addresses from remote sources. -# If qualify_domain is not set, the primary_hostname value is used for -# qualification. -# The ifdef bracket makes sure that an empty debconf value is correctly -# translated to "unset". -.ifdef DC_visiblename -qualify_domain = DC_visiblename -.endif - -# only used for satellite-system -.ifndef DCreadhost -DCreadhost = DEBCONFreadhostDEBCONF +# Decide which domain to use to add to all unqualified addresses. +# If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary +# hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value +# of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined, +# the first line of /etc/mailname is used. +.ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN +.ifndef MAIN_QUALIFY_DOMAIN +qualify_domain = ETC_MAILNAME +.else +qualify_domain = MAIN_QUALIFY_DOMAIN .endif - -#for satellite and smarthost-systems -.ifndef DCsmarthost -DCsmarthost = DEBCONFsmarthostDEBCONF .endif # listen on all all interfaces? .ifdef MAIN_LOCAL_INTERFACES local_interfaces = MAIN_LOCAL_INTERFACES -.else -DEBCONFlistenonpublicDEBCONF .endif .ifndef LOCAL_DELIVERY # The default transport, set in /etc/exim4/update-exim4.conf.conf, # defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities -LOCAL_DELIVERY=DEBCONFlocaldeliveryDEBCONF +LOCAL_DELIVERY=mail_spool .endif # The gecos field in /etc/passwd holds not only the name. see passwd(5). gecos_pattern = ^([^,:]*) gecos_name = $1 - -# define a macro DCconfig_smarthost, DCconfig_satellite, etc. we need this -# for .ifdef ... .endif -.ifndef DCconfig_satellite -.ifndef DCconfig_internet -.ifndef DCconfig_local -.ifndef DCconfig_smarthost -DCconfig_DEBCONFconfigtypeDEBCONF = 1 -.endif -.endif -.endif +# always log tls_peerdn as we use TLS for outgoing connects by default +# hcoop-change: add +tls_cipher +.ifndef MAIN_LOG_SELECTOR +MAIN_LOG_SELECTOR = +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn +tls_cipher .endif +# hcoop-change: use file_transport = address_file for /etc/aliases +# delivery, as per old configuration +SYSTEM_ALIASES_FILE_TRANSPORT = address_file +# hcoop-change: deliver mail to AFS +MAILDIR_HOME_MAILDIR_LOCATION = /afs/hcoop.net/common/email -# define macros to be used in acl/30_exim4-config_check_rcpt to check -# recipient local parts for strange characters. - -# This macro definition really should be in -# acl/30_exim4-config_check_rcpt but cannot be there due to -# http://www.exim.org/bugzilla/show_bug.cgi?id=101 as of exim 4.62. +# hcoop-change: enable TLS +MAIN_TLS_ENABLE = yes -# These macros are documented in acl/30_exim4-config_check_rcpt, -# can be changed here or overridden by a locally added configuration -# file as described in README.Debian chapter 2.1.2 +# hcoop-change: enabled sender verification +CHECK_RCPT_VERIFY_SENDER = true +CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org +CHECK_RCPT_REVERSE_DNS = true +CHECK_RCPT_SPF = true -.ifndef CHECK_RCPT_LOCAL_LOCALPARTS -CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?] -.endif +# hcoop-change: use hcoop cert 2015-05-04 clinton +MAIN_TLS_CERTKEY = /etc/hcoop-ssl/hcoop.pem -.ifndef CHECK_RCPT_REMOTE_LOCALPARTS -CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./ -.endif +# hcoop-change: uncomment and set to mailman host if this server does not host mailman +#HCOOP_MAILMAN_RELAY_HOST = minsky.hcoop.net -# always log tls_peerdn as we use TLS for outgoing connects by default -# hcoop-change: add +tls_ciper -.ifndef MAIN_LOG_SELECTOR -MAIN_LOG_SELECTOR = +tls_cipher +tls_peerdn -.endif +# hcoop-change: all mail for users < 1000 to logs, reject entirely from untrusted remote hosts +FIRST_USER_ACCOUNT_UID = 1000 +HCOOP_SYSTEM_ACCOUNT_ALIAS = logs@hcoop.net -# hcoop-change: use file_transport = address_file for /etc/aliases -# delivery, as per old configuration -SYSTEM_ALIASES_FILE_TRANSPORT = address_file +# hcoop-change: ignore smtp line length restrictions as it rejects valid mail +IGNORE_SMTP_LINE_LENGTH_LIMIT = yes \ No newline at end of file