Exim's Main Configuration
The Main configuration part of Exim's configuration is the only section which is not labelled, it is the only section that is required. Exim uses lots of macro's within its configuration that are used in a simple variable/value pair.
Main Section |
#####################################################
### main/01_exim-config_listmacrosdefs
#####################################################
######################################################################
# Runtime configuration file for Exim 4 (Debian Packaging) #
######################################################################
######################################################################
# Datadisk SPECIFIC STUFF #
# WARNING #
# THERE ARE A FEW MORE datadisk SPECIFIC LINES #
# TOWARDS THE END OF THIS FILE #
######################################################################
primary_hostname = gw1.datadisk.co.uk
######################################################################
# /etc/exim/exim.conf.template is only used with the non-split
# configuration scheme.
# /etc/exim/conf.d/main/01_exim-config_listmacrosdefs is only used
# with the split configuration scheme.
# If you find this comment anywhere else, somebody copied it there.
# Documentation about the Debian exim configuration scheme can be
# found in /usr/share/doc/exim-base/README.Debian.gz.
#
# Strings like DEBCONFsomethingDEBCONF are replaced by installation
# dependent values by update-exim.conf, the script which builds the
# actual configuration from the templates.
######################################################################
######################################################################
# MAIN CONFIGURATION SETTINGS #
######################################################################
#
# datadisk Specific settings
#
CHECK_RCPT_DOMAIN_DNSBLS = smtp.dnsbl.sorbs.net : \
spam.dnsbl.sorbs.net : \
sbl-xbl.spamhaus.org : \
zombie.dnsbl.sorbs.net : \
web.dnsbl.sorbs.net : \
rhsbl.sorbs.net
# list.dsbl.org
CHECK_RCPT_IP_DNSBLS = sbl-xbl.spamhaus.org : \
dnsbl.sorbs.net : \
cbl.abuseat.org
# Just for reference and scripts.
# On Debian systems, the main binary is installed as exim to avoid
# conflicts with the exim 3 packages.
exim_path = /usr/sbin/exim
# Macro defining the main configuration directory.
# We do not use absolute paths.
.ifndef CONFDIR
CONFDIR = /etc/exim
.endif
# This sets a macro DC_minimaldns if dc_minimaldns=true. If
# dc_minimaldns=false, this expands to an empty line.
.ifndef DC_minimaldns
DEBCONFminimaldnsDEBCONF
.endif
# Create other macros from Debconf. Macros created here are used in
# other places in exim config.
.ifndef DC_visiblename
DC_visiblename=DEBCONFvisiblenameDEBCONF
.endif
# Create domain and host lists for relay control
# '@' refers to 'the name of the local host'
.ifndef MAIN_LOCAL_DOMAINS
MAIN_LOCAL_DOMAINS = DEBCONFlocal_domainsDEBCONF
.endif
domainlist local_domains = MAIN_LOCAL_DOMAINS
.ifndef MAIN_RELAY_TO_DOMAINS
MAIN_RELAY_TO_DOMAINS = DEBCONFrelay_domainsDEBCONF
.endif
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
.ifndef MAIN_RELAY_NETS
MAIN_RELAY_NETS = DEBCONFrelay_netsDEBCONF
.endif
hostlist relay_from_hosts = 127.0.0.1 : MAIN_RELAY_NETS
# Specify the domain you want to be added to all unqualified addresses
# here. Unqualified addresses are accepted only from local callers by
# default. The recipient_unqualified_hosts option can be used to permit
# unqualified addresses from remote sources.
# If qualify_domain is not set, the primary_hostname value is used for
# qualification.
# The ifdef bracket makes sure that an empty debconf value is correctly
# translated to "unset".
.ifdef DC_visiblename
qualify_domain = DC_visiblename
.endif
# only used for satellite-system
.ifndef DCreadhost
DCreadhost = DEBCONFreadhostDEBCONF
.endif
#for satellite and smarthost-systems
.ifndef DCsmarthost
DCsmarthost = DEBCONFsmarthostDEBCONF
.endif
# listen on all all interfaces?
.ifdef MAIN_LOCAL_INTERFACES
local_interfaces = MAIN_LOCAL_INTERFACES
.else
DEBCONFlistenonpublicDEBCONF
.endif
.ifndef LOCAL_DELIVERY
# The default transport, set in /etc/exim/update-exim.conf.conf,
# defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
LOCAL_DELIVERY=DEBCONFlocaldeliveryDEBCONF
.endif
# The gecos field in /etc/passwd holds not only the name. see passwd(5).
gecos_pattern = ^([^,:]*)
gecos_name = $1
# define a macro DCconfig_smarthost, DCconfig_satellite, etc. we need this
# for .ifdef ... .endif
.ifndef DCconfig_satellite
.ifndef DCconfig_internet
.ifndef DCconfig_local
.ifndef DCconfig_smarthost
DCconfig_DEBCONFconfigtypeDEBCONF = 1
.endif
.endif
.endif
.endif
# define macros to be used in acl/30_exim-config_check_rcpt to check
# recipient local parts for strange characters
# This macro is used to check local parts of recipients in local
# domains. It blocks local parts that begin with a dot or contain a
# quite broad range of non-alphanumeric characters.
#
# Original....
# CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|\'`#&?]
#
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|\#&?]
.endif
# This macro is used to check local parts of recipients in non-local
# domains. It thus allows your own users to send outgoing messages to
# sites that use slashes and vertical bars in their local parts. It blocks
# local parts that begin with a dot, slash, or vertical bar, but allows
# these characters within the local part. However, the sequence /../ is
# barred. The use of some other non-alphanumeric characters is blocked.
# The motivation here is to prevent your users (or your users' viruses)
# from mounting certain kinds of attack on remote sites.
#
# Original....
# CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!\'`#&?] : ^.*/\\.\\./
#
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!\#&?] : ^.*/\\.\\./
.endif
#####################################################
### end main/01_exim-config_listmacrosdefs
#####################################################
#####################################################
### main/02_exim-config_options
#####################################################
### main/02_exim-config_options
#################################
# Defines the access control list that is run when an
# SMTP RCPT command is received.
#
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
# Defines the access control list that is run when an
# SMTP DATA command is received.
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
# Message size limit. The default (used when MESSAGE_SIZE_LIMIT
# is unset) is 50 MB
.ifdef MESSAGE_SIZE_LIMIT
message_size_limit = MESSAGE_SIZE_LIMIT
.endif
# Domain used to qualify unqualified recipient addresses
# If this option is not set, the qualify_domain value is used.
# qualify_recipient = <value of qualify_domain>
# Allow Exim to recognize addresses of the form "user@[10.11.12.13]",
# where the domain part is a "domain literal" (an IP address) instead
# of a named domain. The RFCs require this facility, but it is disabled
# in the default config since it is seldomly used and frequently abused.
# Domain literal support also needs a special router, which is automatically
# enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
.ifdef MAIN_ALLOW_DOMAIN_LITERALS
allow_domain_literals
.endif
# Do a reverse DNS lookup on all incoming IP calls, in order to get the
# true host name. If you feel this is too expensive, the networks for
# which a lookup is done can be listed here.
.ifndef DC_minimaldns
.ifndef MAIN_HOST_LOOKUP
MAIN_HOST_LOOKUP = *
.endif
host_lookup = MAIN_HOST_LOOKUP
.endif
# In a minimaldns setup, update-exim.conf guesses the hostname and
# dumps it here to avoid DNS lookups being done at Exim run time.
DEBCONF_hardcode_primary_hostname_DEBCONF
# Do RFC 1413 (ident) callbacks for incoming SMTP calls. The default
# is to do lookups for all hosts with a timeout of 30 seconds.
# The options can be used to limit the hosts to which these calls are
# made, and/or change the timeout that is used. If the timeout is zero,
# no RFC 1413 calls are made. RFC 1413 calls are cheap and can provide
# useful information for tracing problem messages, but some hosts and
# firewalls are misconfigured to drop the requests instead of either
# answering or rejecting them. This can result in timeouts, leading to
# delays on starting up an SMTP session and to strange behavior in
# settings where SMTP callouts are used.
rfc1413_hosts = *
rfc1413_query_timeout = 0s
# By default, exim forces a Sender: header containing the local
# account name at the local host name in all locally submitted messages
# that don't have the local account name at the local host name in the
# From: header, deletes any Sender: header present in the submitted
# message and forces the envelope sender of all locally submitted
# messages to the local account name at the local host name.
# The following settings allow local users to specify their own envelope sender
# in a locally submitted message. Sender: headers existing in a locally
# submitted message are not removed, and no automatic Sender: headers
# are added. These settings are fine for most hosts.
# If you run exim on a classical multi-user systems where all users
# have local mailboxes that can be reached via SMTP from the Internet
# with the local FQDN as the domain part of the address, you might want
# to disable the following three lines for traceability reasons.
.ifndef MAIN_FORCE_SENDER
local_from_check = false
local_sender_retain = true
untrusted_set_sender = *
.endif
# By default, Exim expects all envelope addresses to be fully qualified, that
# is, they must contain both a local part and a domain. Configure exim
# to accept unqualified addresses from certain hosts. When this is done,
# unqualified addresses are qualified using the settings of qualify_domain
# and/or qualify_recipient (see above).
# sender_unqualified_hosts = <unset>
# recipient_unqualified_hosts = <unset>
# Configure Exim to support the "percent hack" for certain domains.
# The "percent hack" is the feature by which mail addressed to x%y@z
# (where z is one of the domains listed) is locally rerouted to x@y
# and sent on. If z is not one of the "percent hack" domains, x%y is
# treated as an ordinary local part. The percent hack is rarely needed
# nowadays but frequently abused. You should not enable it unless you
# are sure that you really need it.
# percent_hack_domains = <unset>
# Bounce handling
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
# Define spool directory
.ifndef SPOOLDIR
SPOOLDIR = /var/spool/exim
.endif
spool_directory = SPOOLDIR
# trusted users can set envelope-from to arbitrary values
.ifndef MAIN_TRUSTED_USERS
MAIN_TRUSTED_USERS = uucp
.endif
trusted_users = MAIN_TRUSTED_USERS
.ifdef MAIN_TRUSTED_GROUPS
trusted_groups = MAIN_TRUSTED_GROUPS
.endif
# users in admin group can do many other things
# admin_groups = <unset>
# customize logging. See spec.txt 48.15.
# If you want to debug, it is probably a good idea to set this to
# "+all -subject -arguments".
# If you use TLS, it might be a good idea to set "+tls_cipher
# +tls_peerdn".
# log_selector = <unset>
# SMTP Banner. The example includes the Debian version in the SMTP dialog
# MAIN_SMTP_BANNER = "${primary_hostname} ESMTP Exim ${version_number} |
The Breakdown
The primary_hostname is used during the SMTP transmission, $host and $host_address are set to the identity of the remote host. If you test a MTA host using telnet on port 25, the primary_hostname is display after you send the HELO or EHLO command. Sometimes you see the @ in the configuration file, this is expanded to the primary_hostname.
| primary_hostname = gw1.datadisk.co.uk |
This is a custom specific part of the configuration, here we are using external resouces to confirm if mail addresses and IP addresses are listed as spam, etc. There are a number of resouces you can use to check mail addresses. Note here that we are generating a list by using the colon (:) with the variable list names check_rcpt_domain_dnsbls and check_rcpt_ip_dnsbls. You will see this list getting used in other parts of the runtime configuration file.
CHECK_RCPT_DOMAIN_DNSBLS = smtp.dnsbl.sorbs.net : spam.dnsbl.sorbs.net : \ CHECK_RCPT_IP_DNSBLS = sbl-xbl.spamhaus.org : dnsbl.sorbs.net : cbl.abuseat.org |
The main binary is installed as exim to avoid conflicts with the exim packages. You can point this to other versions if you wish.
| exim_path = /usr/sbin/exim |
A Macro defining the main configuration directory. Point this to where you have installed Exim. I have more details on macros in operations overview, you can also override macros at the commandline.
| .ifndef CONFDIR CONFDIR = /etc/exim .endif |
This sets a macro DC_minimaldns if dc_minimaldns=true. If dc_minimaldns=false, this expands to an empty line. Notice the inclosing DEBCONF, this variable could possibly be set in the update-exim.conf.conf file. This option provides additional DNS lookups, basically lookups up its own IP address via DNS instead of using the local hosts files (uses more resources). So to avoid additional lookups set this to false, there are also know problems with the primary_hostname and minimaldns best use the web to lookup this problems. See routers for more on DNS lokups.
| .ifndef DC_minimaldns DEBCONFminimaldnsDEBCONF .endif |
Aother macros from Debconf. Macros created here are used in other places in exim config. This variable could possibly be set in the update-exim.conf.conf file.
| .ifndef DC_visiblename DC_visiblename=DEBCONFvisiblenameDEBCONF .endif |
Here are are generating a number of named lists that will be used later in the runtime configuration file. I have more information on named lists in operations overview and lists. As a quick recap we use named lists because they have a performance advantage because they are cached.
# Create domain and host lists for relay control
# '@' refers to 'the name of the local host'
.ifndef MAIN_LOCAL_DOMAINS
MAIN_LOCAL_DOMAINS = DEBCONFlocal_domainsDEBCONF
.endif
domainlist local_domains = MAIN_LOCAL_DOMAINS
.ifndef MAIN_RELAY_TO_DOMAINS
MAIN_RELAY_TO_DOMAINS = DEBCONFrelay_domainsDEBCONF
.endif
domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
.ifndef MAIN_RELAY_NETS
MAIN_RELAY_NETS = DEBCONFrelay_netsDEBCONF
.endif
hostlist relay_from_hosts = 127.0.0.1 : MAIN_RELAY_NETS |
Specify the domain you want to be added to all unqualified addresses here. Unqualified addresses are accepted only from local callers by default. The recipient_unqualified_hosts option can be used to permit unqualified addresses from remote sources. If qualify_domain is not set, the primary_hostname value is used for qualification. The ifdef bracket makes sure that an empty debconf value is correctly translated to "unset".
.ifdef DC_visiblename
qualify_domain = DC_visiblename
.endif
# only used for satellite-system
.ifndef DCreadhost
DCreadhost = DEBCONFreadhostDEBCONF
.endif
#for satellite and smarthost-systems
.ifndef DCsmarthost
DCsmarthost = DEBCONFsmarthostDEBCONF
.endif |
Here we can specify which interfaces we want to listen on, here we can use a named list or use something from update-exim.conf.conf.
| .ifdef MAIN_LOCAL_INTERFACES local_interfaces = MAIN_LOCAL_INTERFACES .else DEBCONFlistenonpublicDEBCONF .endif |
The below extracts everything before the first comma as the users full name, they are used to obtain the users name. See String Expansion for more on patterns.
| gecos_pattern = ^([^,:]*) gecos_name = $1 |
If we are not setting up satellite, internet or smarthost be define the configtype as 1. I could not find out much information on this so will continue to investigate.
| .ifndef DCconfig_satellite Note: not use what 1 means? |
These macro's are used to check local and remote parts of recipients in local and remote domains. It blocks parts that begin with a dot or contain a quite broad range of non-alphanumeric characters. See String expansion for more information.
# Original....
# CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|\'`#&?]
#
.ifndef CHECK_RCPT_LOCAL_LOCALPARTS
CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|\#&?]
.endif
# Original....
# CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!\'`#&?] : ^.*/\\.\\./
#
.ifndef CHECK_RCPT_REMOTE_LOCALPARTS
CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!\#&?] : ^.*/\\.\\./
.endif
Note: the colons which means lists |
Defines the access control list that is run when an SMTP RCPT or DATA command is received. Check out the ACL section for information on my ACL's
#
.ifndef MAIN_ACL_CHECK_RCPT
MAIN_ACL_CHECK_RCPT = acl_check_rcpt
.endif
acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
#
.ifndef MAIN_ACL_CHECK_DATA
MAIN_ACL_CHECK_DATA = acl_check_data
.endif
acl_smtp_data = MAIN_ACL_CHECK_DATA
Note: you be looking for two ACL's called acl_check_rcpt and acl_check_data which will be in the |
Message size limit. The default (used when MESSAGE_SIZE_LIMIT is unset) is 50 MB.
| .ifdef MESSAGE_SIZE_LIMIT message_size_limit = MESSAGE_SIZE_LIMIT .endif |
Allow Exim to recognize addresses of the form "user@[10.11.12.13]", where the domain part is a "domain literal" (an IP address) instead of a named domain. The RFCs require this facility, but it is disabled in the default config since it is seldomly used and frequently abused. Domain literal support also needs a special router, which is automatically enabled if you use the enable macro MAIN_ALLOW_DOMAIN_LITERALS.
| .ifdef MAIN_ALLOW_DOMAIN_LITERALS allow_domain_literals .endif |
Do a reverse DNS lookup on all incoming IP calls, in order to get the true host name. If you feel this is too expensive, the networks for which a lookup is done can be listed here.
| .ifndef DC_minimaldns # in my case minimaldns is set to false .ifndef MAIN_HOST_LOOKUP MAIN_HOST_LOOKUP = * .endif host_lookup = MAIN_HOST_LOOKUP # host_lookup will equal * in my case .endif Note: I am performing a DNS lookup for all hosts, as my system can handle it. |
Do RFC 1413 (ident) callbacks for incoming SMTP calls. The default is to do lookups for all hosts with a timeout of 30 seconds. The options can be used to limit the hosts to which these calls are made, and/or change the timeout that is used. If the timeout is zero, no RFC 1413 calls are made. RFC 1413 calls are cheap and can provide useful information for tracing problem messages, but some hosts and firewalls are misconfigured to drop the requests instead of either answering or rejecting them. This can result in timeouts, leading to delays on starting up an SMTP session and to strange behavior in settings where SMTP callouts are used.
| rfc1413_hosts = * rfc1413_query_timeout = 0s |
By default, exim forces a Sender: header containing the local account name at the local host name in all locally submitted messages that don't have the local account name at the local host name in the From: header, deletes any Sender: header present in the submitted message and forces the envelope sender of all locally submitted messages to the local account name at the local host name. The following settings allow local users to specify their own envelope sender in a locally submitted message. Sender: headers existing in a locally submitted message are not removed, and no automatic Sender: headers are added. These settings are fine for most hosts. If you run exim on a classical multi-user systems where all users have local mailboxes that can be reached via SMTP from the Internet with the local FQDN as the domain part of the address, you might want to disable the following three lines for traceability reasons.
| .ifndef MAIN_FORCE_SENDER local_from_check = false # don't check the from address local_sender_retain = true # add the sender header untrusted_set_sender = * .endif |
Here we are setting up variables that will be used later regarding bounced messages. For more on bounced messages see operations overview and miscellany.
# Bounce handling
.ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
.endif
ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
.ifndef MAIN_TIMEOUT_FROZEN_AFTER
MAIN_TIMEOUT_FROZEN_AFTER = 7d
.endif
timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
.ifndef MAIN_FREEZE_TELL
MAIN_FREEZE_TELL = postmaster
.endif
freeze_tell = MAIN_FREEZE_TELL
Note:
ignore_bounce_errors_after 2 days thus freezing it and subject to retry rules |
Define Exim's spool directory, message logs and hints databases are kept here.
| .ifndef SPOOLDIR SPOOLDIR = /var/spool/exim .endif spool_directory = SPOOLDIR |
Trusted users are allowed to perform privileged functions within Exim, I talked about this in the miscellany topic.
| .ifndef MAIN_TRUSTED_USERS .ifdef MAIN_TRUSTED_GROUPS |
Here I change the SMTP banner, I don't give to much away for security reasons (less is more).
| MAIN_SMTP_BANNER = "datadisk SMTP Daemon" smtp_banner = "datadisk SMTP Daemon" |
Now we configure the TLS/SSL options, I do not use TLS/SSL so will simply cut and paste from the configuration file. I will leave you to modify this section as you see fit.
# TLS/SSL configuration.
# See /usr/share/doc/exim-base/README.Debian.gz for explanations.
.ifdef MAIN_TLS_ENABLE
# Defines what hosts to 'advertise' STARTTLS functionality to. The
# default, *, will advertise to all hosts that connect with EHLO.
.ifndef MAIN_TLS_ADVERTISE_HOSTS
MAIN_TLS_ADVERTISE_HOSTS = *
.endif
tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
# Full paths to Certificate and Private Key. The Private Key file
# must be kept 'secret' and should be owned by root.Debian-exim mode
# 640 (-rw-r-----). exim-gencert takes care of these prerequisites.
.ifndef MAIN_TLS_CERTIFICATE
MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
.endif
tls_certificate = MAIN_TLS_CERTIFICATE
.ifndef MAIN_TLS_PRIVATEKEY
MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
.endif
tls_privatekey = MAIN_TLS_PRIVATEKEY
# Pointer to the CA Certificates against which client certificates are
# checked. This is controlled by the `tls_verify_hosts' and
# `tls_try_verify_hosts' lists below.
# If you want to check server certificates, you need to add an
# tls_verify_certificates statement to the smtp transport.
# /etc/ssl/certs/ca-certificates.crt is generated by
# the "ca-certificates" package's update-ca-certificates(8) command.
.ifndef MAIN_TLS_VERIFY_CERTIFICATES
MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
{/etc/ssl/certs/ca-certificates.crt}\
{/dev/null}}
.endif
tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
# A list of hosts which are constrained by `tls_verify_certificates'. A host
# that matches `tls_verify_host' must present a certificate that is
# verifyable through `tls_verify_certificates' in order to be accepted as an
# SMTP client. If it does not, the connection is aborted.
.ifdef MAIN_TLS_VERIFY_HOSTS
tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
.endif
# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
# not `tls_verify_hosts'), request a certificate and check it against
# `tls_verify_certificates' but do not abort the connection if there is no
# certificate or if the certificate presented does not match. (This
# condition can be tested for in ACLs through `verify = certificate')
.ifndef MAIN_TLS_TRY_VERIFY_HOSTS
MAIN_TLS_TRY_VERIFY_HOSTS = *
.endif
tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
.endif |