2013-10-29 17:42:20 +00:00
|
|
|
diff --git a/src/configure.default b/src/configure.default
|
2018-02-14 12:28:19 +00:00
|
|
|
index 1138335..0675b40 100644
|
2013-10-29 17:42:20 +00:00
|
|
|
--- a/src/configure.default
|
|
|
|
+++ b/src/configure.default
|
2016-04-10 21:30:22 +00:00
|
|
|
@@ -142,7 +142,7 @@ acl_smtp_data = acl_check_data
|
2005-04-19 04:06:04 +00:00
|
|
|
|
2006-09-04 02:51:36 +00:00
|
|
|
# Allow any client to use TLS.
|
2005-04-19 04:06:04 +00:00
|
|
|
|
2006-09-04 02:51:36 +00:00
|
|
|
-# tls_advertise_hosts = *
|
2005-04-19 04:06:04 +00:00
|
|
|
+tls_advertise_hosts = *
|
2006-09-04 02:51:36 +00:00
|
|
|
|
|
|
|
# Specify the location of the Exim server's TLS certificate and private key.
|
|
|
|
# The private key must not be encrypted (password protected). You can put
|
2016-04-10 21:30:22 +00:00
|
|
|
@@ -150,8 +150,8 @@ acl_smtp_data = acl_check_data
|
2006-09-04 02:51:36 +00:00
|
|
|
# need the first setting, or in separate files, in which case you need both
|
|
|
|
# options.
|
|
|
|
|
|
|
|
-# tls_certificate = /etc/ssl/exim.crt
|
|
|
|
-# tls_privatekey = /etc/ssl/exim.pem
|
2006-07-27 07:05:24 +00:00
|
|
|
+tls_certificate = /etc/pki/tls/certs/exim.pem
|
|
|
|
+tls_privatekey = /etc/pki/tls/private/exim.pem
|
2006-09-04 02:51:36 +00:00
|
|
|
|
2018-02-14 12:28:19 +00:00
|
|
|
# For OpenSSL, prefer EC- over RSA-authenticated ciphers
|
|
|
|
# tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT
|
|
|
|
@@ -165,8 +165,8 @@ acl_smtp_data = acl_check_data
|
2006-09-04 02:51:36 +00:00
|
|
|
# them you should also allow TLS-on-connect on the traditional but
|
|
|
|
# non-standard port 465.
|
|
|
|
|
|
|
|
-# daemon_smtp_ports = 25 : 465 : 587
|
|
|
|
-# tls_on_connect_ports = 465
|
|
|
|
+daemon_smtp_ports = 25 : 465 : 587
|
|
|
|
+tls_on_connect_ports = 465
|
|
|
|
|
|
|
|
|
|
|
|
# Specify the domain you want to be added to all unqualified addresses
|
2018-02-14 12:28:19 +00:00
|
|
|
@@ -224,6 +224,24 @@ never_users = root
|
2006-09-04 02:51:36 +00:00
|
|
|
|
2008-08-13 14:36:02 +00:00
|
|
|
host_lookup = *
|
2006-09-04 02:51:36 +00:00
|
|
|
|
2005-04-19 04:06:04 +00:00
|
|
|
+# This setting, if uncommented, allows users to authenticate using
|
|
|
|
+# their system passwords against saslauthd if they connect over a
|
|
|
|
+# secure connection. If you have network logins such as NIS or
|
|
|
|
+# Kerberos rather than only local users, then you possibly also want
|
|
|
|
+# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism
|
|
|
|
+# too. Once a user is authenticated, the acl_check_rcpt ACL then
|
2017-01-23 14:09:19 +00:00
|
|
|
+# allows them to relay through the system.
|
2005-04-19 04:06:04 +00:00
|
|
|
+#
|
|
|
|
+# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}}
|
|
|
|
+#
|
|
|
|
+# By default, we set this option to allow SMTP AUTH from nowhere
|
|
|
|
+# (Exim's default would be to allow it from anywhere, even on an
|
|
|
|
+# unencrypted connection).
|
|
|
|
+#
|
|
|
|
+# Comment this one out if you uncomment the above. Did you make sure
|
|
|
|
+# saslauthd is actually running first?
|
|
|
|
+#
|
|
|
|
+auth_advertise_hosts =
|
|
|
|
|
2015-07-27 12:43:48 +00:00
|
|
|
# The settings below cause Exim to make RFC 1413 (ident) callbacks
|
|
|
|
# for all incoming SMTP calls. You can limit the hosts to which these
|
2018-02-14 12:28:19 +00:00
|
|
|
@@ -847,7 +865,7 @@ begin authenticators
|
2006-09-04 02:51:36 +00:00
|
|
|
# driver = plaintext
|
|
|
|
# server_set_id = $auth2
|
|
|
|
# server_prompts = :
|
|
|
|
-# server_condition = Authentication is not yet configured
|
|
|
|
+# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}}
|
2013-10-29 17:42:20 +00:00
|
|
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
2005-04-19 04:06:04 +00:00
|
|
|
|
2006-09-04 02:51:36 +00:00
|
|
|
# LOGIN authentication has traditional prompts and responses. There is no
|
2018-02-14 12:28:19 +00:00
|
|
|
@@ -859,7 +877,7 @@ begin authenticators
|
2006-09-04 02:51:36 +00:00
|
|
|
# driver = plaintext
|
|
|
|
# server_set_id = $auth1
|
|
|
|
# server_prompts = <| Username: | Password:
|
|
|
|
-# server_condition = Authentication is not yet configured
|
|
|
|
+# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}}
|
2013-10-29 17:42:20 +00:00
|
|
|
# server_advertise_condition = ${if def:tls_in_cipher }
|
2005-04-19 04:06:04 +00:00
|
|
|
|
|
|
|
|