diff options
Diffstat (limited to 'conf.d/010_main.conf')
-rw-r--r-- | conf.d/010_main.conf | 303 |
1 files changed, 303 insertions, 0 deletions
diff --git a/conf.d/010_main.conf b/conf.d/010_main.conf new file mode 100644 index 0000000..08694c8 --- /dev/null +++ b/conf.d/010_main.conf | |||
@@ -0,0 +1,303 @@ | |||
1 | ###################################################################### | ||
2 | # MAIN CONFIGURATION SETTINGS # | ||
3 | ###################################################################### | ||
4 | # | ||
5 | |||
6 | # Specify your host's canonical name here. This should normally be the fully | ||
7 | # qualified "official" name of your host. If this option is not set, the | ||
8 | # uname() function is called to obtain the name. In many cases this does | ||
9 | # the right thing and you need not set anything explicitly. | ||
10 | |||
11 | # primary_hostname = | ||
12 | |||
13 | |||
14 | # The next three settings create two lists of domains and one list of hosts. | ||
15 | # These lists are referred to later in this configuration using the syntax | ||
16 | # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They | ||
17 | # are all colon-separated lists: | ||
18 | |||
19 | domainlist local_domains = @ | ||
20 | domainlist relay_to_domains = | ||
21 | hostlist relay_from_hosts = localhost | ||
22 | # (We rely upon hostname resolution working for localhost, because the default | ||
23 | # uncommented configuration needs to work in IPv4-only environments.) | ||
24 | |||
25 | # Most straightforward access control requirements can be obtained by | ||
26 | # appropriate settings of the above options. In more complicated situations, | ||
27 | # you may need to modify the Access Control Lists (ACLs) which appear later in | ||
28 | # this file. | ||
29 | |||
30 | # The first setting specifies your local domains, for example: | ||
31 | # | ||
32 | # domainlist local_domains = my.first.domain : my.second.domain | ||
33 | # | ||
34 | # You can use "@" to mean "the name of the local host", as in the default | ||
35 | # setting above. This is the name that is specified by primary_hostname, | ||
36 | # as specified above (or defaulted). If you do not want to do any local | ||
37 | # deliveries, remove the "@" from the setting above. If you want to accept mail | ||
38 | # addressed to your host's literal IP address, for example, mail addressed to | ||
39 | # "user@[192.168.23.44]", you can add "@[]" as an item in the local domains | ||
40 | # list. You also need to uncomment "allow_domain_literals" below. This is not | ||
41 | # recommended for today's Internet. | ||
42 | |||
43 | # The second setting specifies domains for which your host is an incoming relay. | ||
44 | # If you are not doing any relaying, you should leave the list empty. However, | ||
45 | # if your host is an MX backup or gateway of some kind for some domains, you | ||
46 | # must set relay_to_domains to match those domains. For example: | ||
47 | # | ||
48 | # domainlist relay_to_domains = *.myco.com : my.friend.org | ||
49 | # | ||
50 | # This will allow any host to relay through your host to those domains. | ||
51 | # See the section of the manual entitled "Control of relaying" for more | ||
52 | # information. | ||
53 | |||
54 | # The third setting specifies hosts that can use your host as an outgoing relay | ||
55 | # to any other host on the Internet. Such a setting commonly refers to a | ||
56 | # complete local network as well as the localhost. For example: | ||
57 | # | ||
58 | # hostlist relay_from_hosts = <; 127.0.0.1 ; ::1 ; 192.168.0.0/16 | ||
59 | # | ||
60 | # The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you | ||
61 | # have to include 127.0.0.1 if you want to allow processes on your host to send | ||
62 | # SMTP mail by using the loopback address. A number of MUAs use this method of | ||
63 | # sending mail. Often, connections are made to "localhost", which might be ::1 | ||
64 | # on IPv6-enabled hosts. Do not forget CIDR for your IPv6 networks. | ||
65 | |||
66 | # All three of these lists may contain many different kinds of item, including | ||
67 | # wildcarded names, regular expressions, and file lookups. See the reference | ||
68 | # manual for details. The lists above are used in the access control lists for | ||
69 | # checking incoming messages. The names of these ACLs are defined here: | ||
70 | |||
71 | acl_smtp_rcpt = acl_check_rcpt | ||
72 | acl_smtp_data = acl_check_data | ||
73 | |||
74 | # You should not change those settings until you understand how ACLs work. | ||
75 | |||
76 | |||
77 | # If you are running a version of Exim that was compiled with the content- | ||
78 | # scanning extension, you can cause incoming messages to be automatically | ||
79 | # scanned for viruses. You have to modify the configuration in two places to | ||
80 | # set this up. The first of them is here, where you define the interface to | ||
81 | # your scanner. This example is typical for ClamAV; see the manual for details | ||
82 | # of what to set for other virus scanners. The second modification is in the | ||
83 | # acl_check_data access control list (see below). | ||
84 | |||
85 | # av_scanner = clamd:/run/clamav/clamd.sock | ||
86 | |||
87 | |||
88 | # For spam scanning, there is a similar option that defines the interface to | ||
89 | # SpamAssassin. You do not need to set this if you are using the default, which | ||
90 | # is shown in this commented example. As for virus scanning, you must also | ||
91 | # modify the acl_check_data access control list to enable spam scanning. | ||
92 | |||
93 | # spamd_address = 127.0.0.1 783 | ||
94 | # spamd_address = 127.0.0.1 11333 variant=rspamd | ||
95 | |||
96 | |||
97 | # If Exim is compiled with support for TLS, you may want to enable the | ||
98 | # following options so that Exim allows clients to make encrypted | ||
99 | # connections. In the authenticators section below, there are template | ||
100 | # configurations for plaintext username/password authentication. This kind | ||
101 | # of authentication is only safe when used within a TLS connection, so the | ||
102 | # authenticators will only work if the following TLS settings are turned on | ||
103 | # as well. | ||
104 | |||
105 | # Allow any client to use TLS. | ||
106 | |||
107 | # tls_advertise_hosts = * | ||
108 | |||
109 | # Specify the location of the Exim server's TLS certificate and private key. | ||
110 | # The private key must not be encrypted (password protected). You can put | ||
111 | # the certificate and private key in the same file, in which case you only | ||
112 | # need the first setting, or in separate files, in which case you need both | ||
113 | # options. | ||
114 | |||
115 | # tls_certificate = /etc/ssl/exim.crt | ||
116 | # tls_privatekey = /etc/ssl/exim.pem | ||
117 | |||
118 | # In order to support roaming users who wish to send email from anywhere, | ||
119 | # you may want to make Exim listen on other ports as well as port 25, in | ||
120 | # case these users need to send email from a network that blocks port 25. | ||
121 | # The standard port for this purpose is port 587, the "message submission" | ||
122 | # port. See RFC 4409 for details. Microsoft MUAs cannot be configured to | ||
123 | # talk the message submission protocol correctly, so if you need to support | ||
124 | # them you should also allow TLS-on-connect on the traditional but | ||
125 | # non-standard port 465. | ||
126 | |||
127 | # daemon_smtp_ports = 25 : 465 : 587 | ||
128 | # tls_on_connect_ports = 465 | ||
129 | |||
130 | |||
131 | # Specify the domain you want to be added to all unqualified addresses | ||
132 | # here. An unqualified address is one that does not contain an "@" character | ||
133 | # followed by a domain. For example, "caesar@rome.example" is a fully qualified | ||
134 | # address, but the string "caesar" (i.e. just a login name) is an unqualified | ||
135 | # email address. Unqualified addresses are accepted only from local callers by | ||
136 | # default. See the recipient_unqualified_hosts option if you want to permit | ||
137 | # unqualified addresses from remote sources. If this option is not set, the | ||
138 | # primary_hostname value is used for qualification. | ||
139 | |||
140 | # qualify_domain = | ||
141 | |||
142 | |||
143 | # If you want unqualified recipient addresses to be qualified with a different | ||
144 | # domain to unqualified sender addresses, specify the recipient domain here. | ||
145 | # If this option is not set, the qualify_domain value is used. | ||
146 | |||
147 | # qualify_recipient = | ||
148 | |||
149 | |||
150 | # The following line must be uncommented if you want Exim to recognize | ||
151 | # addresses of the form "user@[10.11.12.13]" that is, with a "domain literal" | ||
152 | # (an IP address) instead of a named domain. The RFCs still require this form, | ||
153 | # but it makes little sense to permit mail to be sent to specific hosts by | ||
154 | # their IP address in the modern Internet. This ancient format has been used | ||
155 | # by those seeking to abuse hosts by using them for unwanted relaying. If you | ||
156 | # really do want to support domain literals, uncomment the following line, and | ||
157 | # see also the "domain_literal" router below. | ||
158 | |||
159 | # allow_domain_literals | ||
160 | |||
161 | |||
162 | # No deliveries will ever be run under the uids of users specified by | ||
163 | # never_users (a colon-separated list). An attempt to do so causes a panic | ||
164 | # error to be logged, and the delivery to be deferred. This is a paranoic | ||
165 | # safety catch. There is an even stronger safety catch in the form of the | ||
166 | # FIXED_NEVER_USERS setting in the configuration for building Exim. The list of | ||
167 | # users that it specifies is built into the binary, and cannot be changed. The | ||
168 | # option below just adds additional users to the list. The default for | ||
169 | # FIXED_NEVER_USERS is "root", but just to be absolutely sure, the default here | ||
170 | # is also "root". | ||
171 | |||
172 | # Note that the default setting means you cannot deliver mail addressed to root | ||
173 | # as if it were a normal user. This isn't usually a problem, as most sites have | ||
174 | # an alias for root that redirects such mail to a human administrator. | ||
175 | |||
176 | never_users = root | ||
177 | |||
178 | |||
179 | # The setting below causes Exim to do a reverse DNS lookup on all incoming | ||
180 | # IP calls, in order to get the true host name. If you feel this is too | ||
181 | # expensive, you can specify the networks for which a lookup is done, or | ||
182 | # remove the setting entirely. | ||
183 | |||
184 | host_lookup = * | ||
185 | |||
186 | |||
187 | # The settings below cause Exim to make RFC 1413 (ident) callbacks | ||
188 | # for all incoming SMTP calls. You can limit the hosts to which these | ||
189 | # calls are made, and/or change the timeout that is used. If you set | ||
190 | # the timeout to zero, all RFC 1413 calls are disabled. RFC 1413 calls | ||
191 | # are cheap and can provide useful information for tracing problem | ||
192 | # messages, but some hosts and firewalls have problems with them. | ||
193 | # This can result in a timeout instead of an immediate refused | ||
194 | # connection, leading to delays on starting up SMTP sessions. | ||
195 | # (The default was reduced from 30s to 5s for release 4.61. and to | ||
196 | # disabled for release 4.86) | ||
197 | # | ||
198 | #rfc1413_hosts = * | ||
199 | #rfc1413_query_timeout = 5s | ||
200 | |||
201 | |||
202 | # Enable an efficiency feature. We advertise the feature; clients | ||
203 | # may request to use it. For multi-recipient mails we then can | ||
204 | # reject or accept per-user after the message is received. | ||
205 | # | ||
206 | prdr_enable = true | ||
207 | |||
208 | |||
209 | # By default, Exim expects all envelope addresses to be fully qualified, that | ||
210 | # is, they must contain both a local part and a domain. If you want to accept | ||
211 | # unqualified addresses (just a local part) from certain hosts, you can specify | ||
212 | # these hosts by setting one or both of | ||
213 | # | ||
214 | # sender_unqualified_hosts = | ||
215 | # recipient_unqualified_hosts = | ||
216 | # | ||
217 | # to control sender and recipient addresses, respectively. When this is done, | ||
218 | # unqualified addresses are qualified using the settings of qualify_domain | ||
219 | # and/or qualify_recipient (see above). | ||
220 | |||
221 | |||
222 | # Unless you run a high-volume site you probably want more logging | ||
223 | # detail than the default. Adjust to suit. | ||
224 | |||
225 | log_selector = +smtp_protocol_error +smtp_syntax_error \ | ||
226 | +tls_certificate_verified | ||
227 | |||
228 | |||
229 | # If you want Exim to support the "percent hack" for certain domains, | ||
230 | # uncomment the following line and provide a list of domains. The "percent | ||
231 | # hack" is the feature by which mail addressed to x%y@z (where z is one of | ||
232 | # the domains listed) is locally rerouted to x@y and sent on. If z is not one | ||
233 | # of the "percent hack" domains, x%y is treated as an ordinary local part. This | ||
234 | # hack is rarely needed nowadays; you should not enable it unless you are sure | ||
235 | # that you really need it. | ||
236 | # | ||
237 | # percent_hack_domains = | ||
238 | # | ||
239 | # As well as setting this option you will also need to remove the test | ||
240 | # for local parts containing % in the ACL definition below. | ||
241 | |||
242 | |||
243 | # When Exim can neither deliver a message nor return it to sender, it "freezes" | ||
244 | # the delivery error message (aka "bounce message"). There are also other | ||