diff --git a/src/configure.default b/src/configure.default index ae50b15..6966ad3 100644 --- a/src/configure.default +++ b/src/configure.default @@ -142,7 +142,7 @@ acl_smtp_data = acl_check_data # Allow any client to use TLS. -# tls_advertise_hosts = * +tls_advertise_hosts = * # Specify the location of the Exim server's TLS certificate and private key. # The private key must not be encrypted (password protected). You can put @@ -150,8 +150,8 @@ acl_smtp_data = acl_check_data # need the first setting, or in separate files, in which case you need both # options. -# tls_certificate = /etc/ssl/exim.crt -# tls_privatekey = /etc/ssl/exim.pem +tls_certificate = /etc/pki/tls/certs/exim.pem +tls_privatekey = /etc/pki/tls/private/exim.pem # For OpenSSL, prefer EC- over RSA-authenticated ciphers # tls_require_ciphers = ECDSA:RSA:!COMPLEMENTOFDEFAULT @@ -165,8 +165,8 @@ acl_smtp_data = acl_check_data # them you should also allow TLS-on-connect on the traditional but # non-standard port 465. -# daemon_smtp_ports = 25 : 465 : 587 -# tls_on_connect_ports = 465 +daemon_smtp_ports = 25 : 465 : 587 +tls_on_connect_ports = 465 # Specify the domain you want to be added to all unqualified addresses @@ -224,6 +224,24 @@ never_users = root host_lookup = * +# This setting, if uncommented, allows users to authenticate using +# their system passwords against saslauthd if they connect over a +# secure connection. If you have network logins such as NIS or +# Kerberos rather than only local users, then you possibly also want +# to configure /etc/sysconfig/saslauthd to use the 'pam' mechanism +# too. Once a user is authenticated, the acl_check_rcpt ACL then +# allows them to relay through the system. +# +# auth_advertise_hosts = ${if eq {$tls_cipher}{}{}{*}} +# +# By default, we set this option to allow SMTP AUTH from nowhere +# (Exim's default would be to allow it from anywhere, even on an +# unencrypted connection). +# +# Comment this one out if you uncomment the above. Did you make sure +# saslauthd is actually running first? +# +auth_advertise_hosts = # The settings below cause Exim to make RFC 1413 (ident) callbacks # for all incoming SMTP calls. You can limit the hosts to which these @@ -853,7 +871,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth2 # server_prompts = : -# server_condition = Authentication is not yet configured +# server_condition = ${if saslauthd{{$2}{$3}{smtp}} {1}} # server_advertise_condition = ${if def:tls_in_cipher } # LOGIN authentication has traditional prompts and responses. There is no @@ -865,7 +883,7 @@ begin authenticators # driver = plaintext # server_set_id = $auth1 # server_prompts = <| Username: | Password: -# server_condition = Authentication is not yet configured +# server_condition = ${if saslauthd{{$1}{$2}{smtp}} {1}} # server_advertise_condition = ${if def:tls_in_cipher }