Server IP : 85.214.239.14 / Your IP : 3.144.1.100 Web Server : Apache/2.4.62 (Debian) System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64 User : www-data ( 33) PHP Version : 7.4.18 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : OFF | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /etc/exim4/conf.d/main/ |
Upload File : |
### main/03_exim4-config_tlsoptions ################################# # TLS/SSL configuration for exim as an SMTP server. # See /usr/share/doc/exim4-base/README.Debian.gz for explanations. .ifdef MAIN_TLS_ENABLE # Defines what hosts to 'advertise' STARTTLS functionality to. The # default, *, will advertise to all hosts that connect with EHLO. .ifndef MAIN_TLS_ADVERTISE_HOSTS MAIN_TLS_ADVERTISE_HOSTS = * .endif tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS # Full paths to Certificate and Private Key. The Private Key file # must be kept 'secret' and should be owned by root.Debian-exim mode # 640 (-rw-r-----). exim-gencert takes care of these prerequisites. # Normally, exim4 looks for certificate and key in different files: # MAIN_TLS_CERTIFICATE - path to certificate file, # CONFDIR/exim.crt if unset # MAIN_TLS_PRIVATEKEY - path to private key file # CONFDIR/exim.key if unset # You can also configure exim to look for certificate and key in the # same file, set MAIN_TLS_CERTKEY to that file to enable. This takes # precedence over all other settings regarding certificate and key file. .ifdef MAIN_TLS_CERTKEY tls_certificate = MAIN_TLS_CERTKEY .else .ifndef MAIN_TLS_CERTIFICATE MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt .endif tls_certificate = MAIN_TLS_CERTIFICATE .ifndef MAIN_TLS_PRIVATEKEY MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key .endif tls_privatekey = MAIN_TLS_PRIVATEKEY .endif # Pointer to the CA Certificates against which client certificates are # checked. This is controlled by the `tls_verify_hosts' and # `tls_try_verify_hosts' lists below. # If you want to check server certificates, you need to add an # tls_verify_certificates statement to the smtp transport. # /etc/ssl/certs/ca-certificates.crt is generated by # the "ca-certificates" package's update-ca-certificates(8) command. .ifndef MAIN_TLS_VERIFY_CERTIFICATES MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\ {/etc/ssl/certs/ca-certificates.crt}\ {/dev/null}} .endif tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES # A list of hosts which are constrained by `tls_verify_certificates'. A host # that matches `tls_verify_host' must present a certificate that is # verifyable through `tls_verify_certificates' in order to be accepted as an # SMTP client. If it does not, the connection is aborted. .ifdef MAIN_TLS_VERIFY_HOSTS tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS .endif # A weaker form of checking: if a client matches `tls_try_verify_hosts' (but # not `tls_verify_hosts'), request a certificate and check it against # `tls_verify_certificates' but do not abort the connection if there is no # certificate or if the certificate presented does not match. (This # condition can be tested for in ACLs through `verify = certificate') # By default, this check is done for all hosts. It is known that some # clients (including incredimail's version downloadable in February # 2008) choke on this. To disable, set MAIN_TLS_TRY_VERIFY_HOSTS to an # empty value. .ifdef MAIN_TLS_TRY_VERIFY_HOSTS tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS .endif .else # Use upstream defaults .endif