about summary refs log tree commit diff stats
diff options
context:
space:
mode:
-rw-r--r--core/conf/exim/aliases2
-rw-r--r--core/conf/exim/exim.conf39
-rw-r--r--core/exim.html2
-rw-r--r--tools/conf/etc/skel/.mutt/muttrc49
4 files changed, 62 insertions, 30 deletions
diff --git a/core/conf/exim/aliases b/core/conf/exim/aliases
index 2ebd0b9..2efb04c 100644
--- a/core/conf/exim/aliases
+++ b/core/conf/exim/aliases
@@ -4,7 +4,7 @@
 # The following alias is required by the mail RFCs 2821 and 2822.
 # Set it to the address of a HUMAN who deals with this system's mail problems.
 
-postmaster: c9admin@localhost
+postmaster: c9admin
 
 # It is also common to set the following alias so that if anybody replies to a
 # bounce message from this host, the reply goes to the postmaster.
diff --git a/core/conf/exim/exim.conf b/core/conf/exim/exim.conf
index 397ad70..47a6094 100644
--- a/core/conf/exim/exim.conf
+++ b/core/conf/exim/exim.conf
@@ -40,6 +40,7 @@
 ######################################################################
 #                    MAIN CONFIGURATION SETTINGS                     #
 ######################################################################
+#
 
 # Specify your host's canonical name here. This should normally be the fully
 # qualified "official" name of your host. If this option is not set, the
@@ -141,7 +142,7 @@ acl_smtp_data = acl_check_data
 
 # Allow any client to use TLS.
 
-# tls_advertise_hosts = *
+tls_advertise_hosts = *
 
 # Specify the location of the Exim server's TLS certificate and private key.
 # The private key must not be encrypted (password protected). You can put
@@ -149,8 +150,8 @@ acl_smtp_data = acl_check_data
 # need the first setting, or in separate files, in which case you need both
 # options.
 
-tls_certificate = /etc/ssl/exim.crt
-tls_privatekey = /etc/ssl/exim.pem
+tls_certificate = /etc/ssl/certs/exim.crt
+tls_privatekey = /etc/ssl/keys/exim.key
 
 # In order to support roaming users who wish to send email from anywhere,
 # you may want to make Exim listen on other ports as well as port 25, in
@@ -161,9 +162,8 @@ tls_privatekey = /etc/ssl/exim.pem
 # them you should also allow TLS-on-connect on the traditional but
 # non-standard port 465.
 
-# daemon_smtp_ports = 25 : 465 : 587
-local_interfaces = 127.0.0.1
-# tls_on_connect_ports = 465
+daemon_smtp_ports = 25 : 465 : 587
+tls_on_connect_ports = 465
 
 
 # Specify the domain you want to be added to all unqualified addresses
@@ -289,6 +289,7 @@ log_selector = +smtp_protocol_error +smtp_syntax_error \
 
 
 
+
 # If you want Exim to support the "percent hack" for certain domains,
 # uncomment the following line and provide a list of domains. The "percent
 # hack" is the feature by which mail addressed to x%y@z (where z is one of
@@ -355,6 +356,18 @@ timeout_frozen_after = 7d
 # accept_8bitmime = false
 
 
+# Exim does not make use of environment variables itself. However,
+# libraries that Exim uses (e.g. LDAP) depend on specific environment settings.
+# There are two lists: keep_environment for the variables we trust, and
+# add_environment for variables we want to set to a specific value.
+# Note that TZ is handled separateley by the timezone runtime option
+# and TIMEZONE_DEFAULT buildtime option.
+
+# keep_environment = ^LDAP
+# add_environment = PATH=/usr/bin::/bin
+
+
+
 ######################################################################
 #                       ACL CONFIGURATION                            #
 #         Specifies access control lists for incoming SMTP mail      #
@@ -462,6 +475,11 @@ acl_check_rcpt:
           control       = submission
           control       = dkim_disable_verify
 
+  # Insist that a HELO/EHLO was accepted.
+
+  require message	= nice hosts say HELO first
+          condition	= ${if def:sender_helo_name}
+
   # Insist that any other recipient address that we accept is either in one of
   # our local domains, or is in a domain for which we explicitly allow
   # relaying. Any other domain is rejected as being unacceptable for relaying.
@@ -518,6 +536,11 @@ acl_check_rcpt:
 
 acl_check_data:
 
+  # Deny if the message contains an overlong line.  Per the standards
+  # we should never receive one such via SMTP.
+  #
+  deny    condition  = ${if > {$max_received_linelength}{998}}
+
   # Deny if the message contains a virus. Before enabling this check, you
   # must install a virus scanner and set the av_scanner option above.
   #
@@ -710,9 +733,13 @@ begin transports
 
 
 # This transport is used for delivering messages over SMTP connections.
+# Refuse to send any message with over-long lines, which could have
+# been received other than via SMTP. The use of message_size_limit to
+# enforce this is a red herring.
 
 remote_smtp:
   driver = smtp
+  message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
 
 
 # This transport is used for local delivery to user mailboxes in traditional
diff --git a/core/exim.html b/core/exim.html
index 4dacfda..c2a5a63 100644
--- a/core/exim.html
+++ b/core/exim.html
@@ -67,7 +67,7 @@
         # The following alias is required by the mail RFCs 2821 and 2822.
         # Set it to the address of a HUMAN who deals with this system's mail problems.
 
-        postmaster: c9admin@localhost
+        postmaster: c9admin
 
         # It is also common to set the following alias so that if anybody replies to a
         # bounce message from this host, the reply goes to the postmaster.
diff --git a/tools/conf/etc/skel/.mutt/muttrc b/tools/conf/etc/skel/.mutt/muttrc
index a56757e..aa41d50 100644
--- a/tools/conf/etc/skel/.mutt/muttrc
+++ b/tools/conf/etc/skel/.mutt/muttrc
@@ -11,30 +11,34 @@ set sort_browser=reverse-date
 set sort_aux=reverse-last-date-received
 set duplicate_threads=yes
 
-source ~/.mutt/gpg.rc
+set crypt_use_gpgme=yes
 
-set pgp_autosign=yes
-set pgp_sign_as=0x1D327CA1
-set pgp_replyencrypt=yes
 set pgp_timeout=1800
 
-# automatically sign all outgoing messages
-set crypt_autosign
+## sign only replies to signed messages
+set crypt_replysign=yes
 
-# sign only replies to signed messages
-set crypt_replysign
-
-# automatically encrypt outgoing messages
-#set crypt_autoencrypt=yes
-
-# encrypt only replies to signed messages
-set crypt_replyencrypt=yes
-
-# encrypt and sign replies to encrypted messages
+## encrypt and sign replies to encrypted messages
 set crypt_replysignencrypted=yes
 
-# automatically verify the sign of a message when opened
-set crypt_verify_sig=yes
+#source ~/.mutt/gpg.rc
+#
+#set pgp_autosign=yes
+#set pgp_sign_as=0xEE29B7D3
+#set pgp_replyencrypt=yes
+#
+## automatically sign all outgoing messages
+#set crypt_autosign
+#
+## automatically encrypt outgoing messages
+##set crypt_autoencrypt=yes
+#
+## encrypt only replies to signed messages
+#set crypt_replyencrypt=yes
+#
+## automatically verify the sign of a message when opened
+#set crypt_verify_sig=yes
+#
 
 source "~/.mutt/mail_alias"
 set alias_file=~/.mutt/mail_alias
@@ -52,14 +56,15 @@ set mail_check=5  # mutt checks for new mails on every keystroke
 set beep_new      # beep on new messages in the mailboxes
 
 ## Local system account
-folder-hook 'Mail' 'source ~/.mutt/system'
+folder-hook '.mail' 'source ~/.mutt/system'
 
 ## Remote account
-folder-hook 'MailExt' 'source ~/.mutt/external'
+folder-hook '.mailext' 'source ~/.mutt/external'
 
 ## Default account
-source "~/.mutt/system"
+source ~/.mutt/system
 
 ## Shortcuts
-macro index,pager <f2> '<sync-mailbox><enter-command>source ~/.mutt/system<enter><change-folder>!<enter>'
 macro index,pager <f3> '<sync-mailbox><enter-command>source ~/.mutt/external<enter><change-folder>!<enter>'
+
+macro index,pager <f2> '<sync-mailbox><enter-command>source ~/.mutt/system<enter><change-folder>!<enter>'