A.3. Options and Settings

The main section of the Exim configuration file (before the first begin keyword) contains various macros, policy controls, and other general settings. Let us start by defining a couple of macros we will use later:

# Define the message size limit; we will use this in the DATA ACL. MESSAGE_SIZE_LIMIT = 10M # Maximum message size for which we will run Spam or Virus scanning. # This is to reduce the load imposed on the server by very large messages. MESSAGE_SIZE_SPAM_MAX = 1M # Macro defining a secret that we will use to generate various hashes. # PLEASE CHANGE THIS!. SECRET = some-secret

Let us tweak some general Exim settings:

# Treat DNS failures (SERVFAIL) as lookup failures. # This is so that we can later reject sender addresses # within non-existing domains, or domains for which no # nameserver exists. dns_again_means_nonexist = !+local_domains : !+relay_to_domains # Enable HELO verification in ACLs for all hosts helo_try_verify_hosts = * # Remove any limitation on the maximum number of incoming # connections we can serve at one time. This is so that while # we later impose SMTP transaction delays for spammers, we # will not refuse to serve new connections. smtp_accept_max = 0 # ..unless the system load is above 10 smtp_load_reserve = 10 # Do not advertise ESMTP "PIPELINING" to any hosts. # This is to trip up ratware, which often tries to pipeline # commands anyway. pipelining_advertise_hosts = :

Finally, we will point some Exim policy controls to five ACLs that we will create to evaluate the various stages of an incoming SMTP transaction:

acl_smtp_connect = acl_connect acl_smtp_helo = acl_helo acl_smtp_mail = acl_mail_from acl_smtp_rcpt = acl_rcpt_to acl_smtp_data = acl_data