###################################################################### # Runtime configuration file for Exim 4 # ###################################################################### # $Cambridge: hermes/conf/exim/etc/etc.client/configure,v 1.11 2006/06/12 09:42:57 fanf2 Exp $ # This Exim 4 configuration file is designed for use as a Hermes client, # i.e. it sends encrypted authenticated email via smtp.hermes.cam.ac.uk # so can be used with an IMAP MUA that doesn't include its own SMTP # implementation. It does not do any local delivery, so it isn't # suitable for use with non-IMAP email software. It also assumes that # the machine is only used by one person, in that it maps all local # users to a single remote email address. This configuration should be # usable anywhere on the Internet, so it's suitable for use at home or # at conferences etc. # # When you have installed this file in the right place (e.g. for # Debian /etc/exim4/exim4.conf) you should only need to change the # ADMIN setting below and populate the USER_PASS_FILE. # # Tony Finch http://www.cus.cam.ac.uk/~fanf2/ # The email address of this computer's admin, which is used as the # destination of all email to local users (e.g. from cron) and for # all bounce messages. # ADMIN = *****@cam.ac.uk # The file containing your username and password. This setting is # roughly compatible with Debian. It should contain a line of the form # SERVER:USERNAME:PASSWORD # where the first field matches the SERVER setting below and the # other fields are your username and password. Make sure this file # has suitable permissions set so that no-one can get hold of your # password! # USER_PASS_FILE = /etc/exim4/passwd.client # The message submission server to use for outgoing SMTP. # SERVER = smtp.hermes.cam.ac.uk # The CA certificates are used to verify that the server's certificate # is correct. This setting is suitable for use on Debian, where the # file is generated by the update-ca-certificates(8) command from the # "ca-certificates" package. # TLS_CA_CERTS = /etc/ssl/certs/ca-certificates.crt # If you are roaming on a network with an excessively strict firewall # that blocks port 587, then you can get outgoing email working # temporarily by creating this file and putting the name of the local # network's SMTP smarthost in it. For example, # echo smtp.wanadoo.co.uk > /etc/mailserver # EMERGENCY_ROUTE = /etc/exim4/smarthost # Users in this group are granted special privilege by Exim. # WHEEL = root # The following macros are used to make the authentication # configuration easier to read. # CREDENTIALS = ${lookup {SERVER} lsearch {USER_PASS_FILE} } USERNAME = ${extract {1}{:} {CREDENTIALS} } PASSWORD = ${extract {2}{:} {CREDENTIALS} } ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### # Which domains are local, i.e. the hostname and localhost # (the latter being for fetchmail users). # domainlist local = localhost : @ : @[] # Accept connections from the local machine, either not over TCP/IP, # or with a source address that's one of this machine's interfaces. # acl_smtp_connect = accept hosts = : @[] # Accept everything that is allowed through by the connect ACL. # acl_smtp_rcpt = accept # Do lots of DNS lookups for debugging. # host_lookup = * helo_lookup_domains = * helo_try_verify_hosts = * # Don't do ident checks - they cause problems. # rfc1413_hosts = : rfc1413_query_timeout = 0s # Be verbose. # log_selector = +all # Unfreeze frozen bounce messages after two days, try once more to # deliver them, and ignore any delivery failures. # ignore_bounce_errors_after = 2d # Discard frozen messages that are older than a week. # timeout_frozen_after = 7d # Use all 8 bits of TCP. # accept_8bitmime = true # Privileged users. # admin_groups = WHEEL trusted_groups = WHEEL ###################################################################### # ROUTERS CONFIGURATION # ###################################################################### # Routers specify how addresses are handled. An address is passed to # each router in turn until it is accepted. The order of the routers # in this section is important. begin routers # This router redirects all local email (e.g. from cron) to the admin. # local_to_admin: driver = redirect domains = +local data = ADMIN # This router redirects all bounce messages to the admin. # bounce_to_admin: driver = redirect senders = : data = ADMIN # If the local network prevents us from reaching the usual server, # this router allows the admin to choose an alternative route. # emergency_route: driver = manualroute require_files = EMERGENCY_ROUTE route_data = ${readfile {EMERGENCY_ROUTE} } transport = fallback_smtp # In the usual case, use the default transport # default: driver = accept transport = secure_smtp ###################################################################### # TRANSPORTS CONFIGURATION # ###################################################################### # A transport is used only when referenced from a router that successfully # handles an address. The order of transports does not matter. begin transports # Both of these transports perform address rewriting. The return # path (i.e. envelope sender address) and any local addresses in # the message header are replaced with the admin's address. This # should prevent the local domain (which is not a valid mail domain # on the public Internet) from leaking outside this machine. # This is the normal transport that submits email to the server # specified by the macros at the start of this file. secure_smtp: driver = smtp hosts = SERVER port = 587 hosts_override = true hosts_require_auth = * hosts_require_tls = * tls_verify_certificates = ${if exists{TLS_CA_CERTS} {TLS_CA_CERTS} fail } return_path = ADMIN authenticated_sender = ADMIN headers_rewrite = *@+local ADMIN # This transport is for unauthenticated message submission, in case # port 587 is blocked on the local network. fallback_smtp: driver = smtp return_path = ADMIN headers_rewrite = *@+local ADMIN ###################################################################### # AUTHENTICATION CONFIGURATION # ###################################################################### begin authenticators # This authenticator is implicitly invoked by the secure_smtp # transport's hosts_require_auth option. PLAIN: driver = plaintext client_send = <| ^USERNAME^PASSWORD ###################################################################### # RETRY CONFIGURATION # ###################################################################### begin retry # This single retry rule applies to all domains and all errors. # Domain Error Retries # ------ ----- ------- * * F,2h,15m; G,4h,15m,2; F,1w,4h # End of Exim configuration file