postmaster=$u
mxhost=mail.iankelling.org
-mxport=25
+mxport=587
forward=$u@$mxhost
# old setup. left as comment for example
# MAIN_HARDCODE_PRIMARY_HOSTNAME might mess up the
# smarthost config type, not sure. all other settings
# would be unused in that config type.
- cat >/etc/exim4/conf.d/main/000_localmacros <<EOF
+ rm -f /etc/exim4/conf.d/main/000_localmacros # old filename
+ cat >/etc/exim4/conf.d/main/000_local <<EOF
+# enable 587 in addition to the default 25, so that
+# i can send mail where port 25 is firewalled by isp
+daemon_smtp_ports = 25 : 587
# i don't have ipv6 setup for my vpn tunnel yet.
disable_ipv6 = true
# keep your dkim signature intact but add list- headers.
DKIM_SIGN_HEADERS = mime-version:in-reply-to:references:from:date:subject:to
+# recommended if dns is expected to work
+CHECK_RCPT_VERIFY_SENDER = true
+# seems like a good idea
+CHECK_DATA_VERIFY_HEADER_SENDER = true
+CHECK_RCPT_SPF = true
+CHECK_RCPT_REVERSE_DNS = true
+CHECK_MAIL_HELO_ISSUED = true
EOF
# light version of exim does not have sasl auth support.
- pi exim4-daemon-heavy spamassassin
+ pi exim4-daemon-heavy spamassassin spf-tools-perl