daemon_smtp_ports = 25 : 465
tls_on_connect_ports = 465

DXLD_SELFSIGNED_CERT_PORT = 465

MAIN_TLS_ENABLE = true

DXLD_TLS = eq {$received_port}{DXLD_SELFSIGNED_CERT_PORT}

MAIN_TLS_VERIFY_CERTIFICATES = ${if DXLD_TLS \
 {/etc/ssl/dxld-selfsigned/trusted.crt} \
 {/etc/ssl/certs/ca-certificates.crt}}

DXLD_STRICT_TLS_HOSTS \
  = 9elements.com \
  : gmail.com \
  : andy-morris.xyz \
  : niss.website \
  : rhiannon.website \



MAIN_TLS_VERIFY_HOSTS = ${if DXLD_TLS {*} {}} : DXLD_STRICT_TLS_HOSTS
REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS = DXLD_STRICT_TLS_HOSTS

MAIN_TLS_CERTIFICATE = ${if DXLD_TLS \
 {/etc/ssl/dxld-selfsigned/mail.crt} \
 {CONFDIR/exim.crt}}

MAIN_TLS_PRIVATEKEY = ${if DXLD_TLS \
 {/etc/ssl/dxld-selfsigned/mail.key} \
 {CONFDIR/exim.key}}

MAIN_ACL_CHECK_RCPT = ${if DXLD_TLS \
 {acl_check_rcpt_dxld_tls} \
 {acl_check_rcpt_dxld}}

MAIN_ACL_CHECK_DATA = acl_check_data_dxld

CHECK_RCPT_SPF = yes
CHECK_RCPT_VERIFY_SENDER = true
CHECK_RCPT_REVERSE_DNS = yes
CHECK_RCPT_IP_DNSBLS = zen.spamhaus.org

DEFAULT_RECEIVED_HEADER = Received: \
  ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
  {${if def:sender_ident \
  {from ${quote_local_part:$sender_ident} }}\
  ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
  by $primary_hostname \
  ${if def:received_protocol {with $received_protocol}} \
  ${if def:tls_in_cipher {($tls_in_cipher)\n\t}}\
  (Exim $version_number)\n\t\
  ${if def:sender_address \
  {(envelope-from <$sender_address>)\n\t}}\
  id $message_exim_id\
  ${if def:received_for {\n\tfor $received_for}}

DXLD_RECEIVED_HEADER = Received: $primary_hostname

#  from tunnel.internal.dxld.at ([10.0.0.1])\n\t \
#  by $primary_hostname\n\t \
#  ($tls_in_cipher)\n\t \
#  (Exim $version_number)\n\t \
#  id $message_exim_id \
#  ${if def:received_for {\n\tfor $received_for}}

received_header_text = \
 ${if and {{DXLD_TLS}{eq {1}{$tls_in_certificate_verified}}} \
  {DXLD_RECEIVED_HEADER} \
  {DEFAULT_RECEIVED_HEADER}}

LOCAL_DELIVERY=maildrop_pipe

delay_warning = 5m:30m:2h:6h:24h
