diff options
| -rw-r--r-- | core/conf/exim/aliases | 2 | ||||
| -rw-r--r-- | core/conf/exim/exim.conf | 39 | ||||
| -rw-r--r-- | core/exim.html | 2 | ||||
| -rw-r--r-- | tools/conf/etc/skel/.mutt/muttrc | 49 |
4 files changed, 62 insertions, 30 deletions
diff --git a/core/conf/exim/aliases b/core/conf/exim/aliases index 2ebd0b9..2efb04c 100644 --- a/core/conf/exim/aliases +++ b/core/conf/exim/aliases @@ -4,7 +4,7 @@ # The following alias is required by the mail RFCs 2821 and 2822. # Set it to the address of a HUMAN who deals with this system's mail problems. -postmaster: c9admin@localhost +postmaster: c9admin # It is also common to set the following alias so that if anybody replies to a # bounce message from this host, the reply goes to the postmaster. diff --git a/core/conf/exim/exim.conf b/core/conf/exim/exim.conf index 397ad70..47a6094 100644 --- a/core/conf/exim/exim.conf +++ b/core/conf/exim/exim.conf @@ -40,6 +40,7 @@ ###################################################################### # MAIN CONFIGURATION SETTINGS # ###################################################################### +# # Specify your host's canonical name here. This should normally be the fully # qualified "official" name of your host. If this option is not set, the @@ -141,7 +142,7 @@ acl_smtp_data = acl_check_data # Allow any client to use TLS. -# tls_advertise_hosts = * +tls_advertise_hosts = * # Specify the location of the Exim server's TLS certificate and private key. # The private key must not be encrypted (password protected). You can put @@ -149,8 +150,8 @@ acl_smtp_data = acl_check_data # need the first setting, or in separate files, in which case you need both # options. -tls_certificate = /etc/ssl/exim.crt -tls_privatekey = /etc/ssl/exim.pem +tls_certificate = /etc/ssl/certs/exim.crt +tls_privatekey = /etc/ssl/keys/exim.key # In order to support roaming users who wish to send email from anywhere, # you may want to make Exim listen on other ports as well as port 25, in @@ -161,9 +162,8 @@ tls_privatekey = /etc/ssl/exim.pem # them you should also allow TLS-on-connect on the traditional but # non-standard port 465. -# daemon_smtp_ports = 25 : 465 : 587 -local_interfaces = 127.0.0.1 -# tls_on_connect_ports = 465 +daemon_smtp_ports = 25 : 465 : 587 +tls_on_connect_ports = 465 # Specify the domain you want to be added to all unqualified addresses @@ -289,6 +289,7 @@ log_selector = +smtp_protocol_error +smtp_syntax_error \ + # If you want Exim to support the "percent hack" for certain domains, # uncomment the following line and provide a list of domains. The "percent # hack" is the feature by which mail addressed to x%y@z (where z is one of @@ -355,6 +356,18 @@ timeout_frozen_after = 7d # accept_8bitmime = false +# Exim does not make use of environment variables itself. However, +# libraries that Exim uses (e.g. LDAP) depend on specific environment settings. +# There are two lists: keep_environment for the variables we trust, and +# add_environment for variables we want to set to a specific value. +# Note that TZ is handled separateley by the timezone runtime option +# and TIMEZONE_DEFAULT buildtime option. + +# keep_environment = ^LDAP +# add_environment = PATH=/usr/bin::/bin + + + ###################################################################### # ACL CONFIGURATION # # Specifies access control lists for incoming SMTP mail # @@ -462,6 +475,11 @@ acl_check_rcpt: control = submission control = dkim_disable_verify + # Insist that a HELO/EHLO was accepted. + + require message = nice hosts say HELO first + condition = ${if def:sender_helo_name} + # Insist that any other recipient address that we accept is either in one of # our local domains, or is in a domain for which we explicitly allow # relaying. Any other domain is rejected as being unacceptable for relaying. @@ -518,6 +536,11 @@ acl_check_rcpt: acl_check_data: + # Deny if the message contains an overlong line. Per the standards + # we should never receive one such via SMTP. + # + deny condition = ${if > {$max_received_linelength}{998}} + # Deny if the message contains a virus. Before enabling this check, you # must install a virus scanner and set the av_scanner option above. # @@ -710,9 +733,13 @@ begin transports # This transport is used for delivering messages over SMTP connections. +# Refuse to send any message with over-long lines, which could have +# been received other than via SMTP. The use of message_size_limit to +# enforce this is a red herring. remote_smtp: driver = smtp + message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}} # This transport is used for local delivery to user mailboxes in traditional diff --git a/core/exim.html b/core/exim.html index 4dacfda..c2a5a63 100644 --- a/core/exim.html +++ b/core/exim.html @@ -67,7 +67,7 @@ # The following alias is required by the mail RFCs 2821 and 2822. # Set it to the address of a HUMAN who deals with this system's mail problems. - postmaster: c9admin@localhost + postmaster: c9admin # It is also common to set the following alias so that if anybody replies to a # bounce message from this host, the reply goes to the postmaster. diff --git a/tools/conf/etc/skel/.mutt/muttrc b/tools/conf/etc/skel/.mutt/muttrc index a56757e..aa41d50 100644 --- a/tools/conf/etc/skel/.mutt/muttrc +++ b/tools/conf/etc/skel/.mutt/muttrc @@ -11,30 +11,34 @@ set sort_browser=reverse-date set sort_aux=reverse-last-date-received set duplicate_threads=yes -source ~/.mutt/gpg.rc +set crypt_use_gpgme=yes -set pgp_autosign=yes -set pgp_sign_as=0x1D327CA1 -set pgp_replyencrypt=yes set pgp_timeout=1800 -# automatically sign all outgoing messages -set crypt_autosign +## sign only replies to signed messages +set crypt_replysign=yes -# sign only replies to signed messages -set crypt_replysign - -# automatically encrypt outgoing messages -#set crypt_autoencrypt=yes - -# encrypt only replies to signed messages -set crypt_replyencrypt=yes - -# encrypt and sign replies to encrypted messages +## encrypt and sign replies to encrypted messages set crypt_replysignencrypted=yes -# automatically verify the sign of a message when opened -set crypt_verify_sig=yes +#source ~/.mutt/gpg.rc +# +#set pgp_autosign=yes +#set pgp_sign_as=0xEE29B7D3 +#set pgp_replyencrypt=yes +# +## automatically sign all outgoing messages +#set crypt_autosign +# +## automatically encrypt outgoing messages +##set crypt_autoencrypt=yes +# +## encrypt only replies to signed messages +#set crypt_replyencrypt=yes +# +## automatically verify the sign of a message when opened +#set crypt_verify_sig=yes +# source "~/.mutt/mail_alias" set alias_file=~/.mutt/mail_alias @@ -52,14 +56,15 @@ set mail_check=5 # mutt checks for new mails on every keystroke set beep_new # beep on new messages in the mailboxes ## Local system account -folder-hook 'Mail' 'source ~/.mutt/system' +folder-hook '.mail' 'source ~/.mutt/system' ## Remote account -folder-hook 'MailExt' 'source ~/.mutt/external' +folder-hook '.mailext' 'source ~/.mutt/external' ## Default account -source "~/.mutt/system" +source ~/.mutt/system ## Shortcuts -macro index,pager <f2> '<sync-mailbox><enter-command>source ~/.mutt/system<enter><change-folder>!<enter>' macro index,pager <f3> '<sync-mailbox><enter-command>source ~/.mutt/external<enter><change-folder>!<enter>' + +macro index,pager <f2> '<sync-mailbox><enter-command>source ~/.mutt/system<enter><change-folder>!<enter>' |