
DXLD_SELFSIGNED_CERT_PORT = 466
# listen port is configured in /etc/default/exim4

DXLD_TLS = eq {$received_port}{DXLD_SELFSIGNED_CERT_PORT}

MAIN_TLS_VERIFY_CERTIFICATES = ${if DXLD_TLS \
 {/etc/ssl/dxld-selfsigned/trusted.crt} \
 {/etc/ssl/certs/ca-certificates.crt}}

MAIN_TLS_VERIFY_HOSTS = ${if DXLD_TLS {*} {}}

MAIN_TLS_CERTIFICATE = ${if DXLD_TLS \
 {/etc/ssl/dxld-selfsigned/mail.crt} \
 {CONFDIR/exim.crt}}

MAIN_TLS_PRIVATEKEY = ${if DXLD_TLS \
 {/etc/ssl/dxld-selfsigned/mail.key} \
 {CONFDIR/exim.key}}

MAIN_ACL_CHECK_RCPT = ${if DXLD_TLS \
 {acl_check_rcpt_dxld_tls} \
 {acl_check_rcpt}}


DEFAULT_RECEIVED_HEADER = Received: \
  ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
  {${if def:sender_ident \
  {from ${quote_local_part:$sender_ident} }}\
  ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
  by $primary_hostname \
  ${if def:received_protocol {with $received_protocol}} \
  ${if def:tls_in_cipher {($tls_in_cipher)\n\t}}\
  (Exim $version_number)\n\t\
  ${if def:sender_address \
  {(envelope-from <$sender_address>)\n\t}}\
  id $message_exim_id\
  ${if def:received_for {\n\tfor $received_for}}

DXLD_RECEIVED_HEADER = Received: $primary_hostname

#  from tunnel.internal.dxld.at ([10.0.0.1])\n\t \
#  by $primary_hostname\n\t \
#  ($tls_in_cipher)\n\t \
#  (Exim $version_number)\n\t \
#  id $message_exim_id \
#  ${if def:received_for {\n\tfor $received_for}}

received_header_text = \
 ${if and {{DXLD_TLS}{eq {1}{$tls_in_certificate_verified}}} \
  {DXLD_RECEIVED_HEADER} \
  {DEFAULT_RECEIVED_HEADER}}
