# comments MUST begin with a #.

# boolean options recognise (true, 1, on, yes) as true
# and anything else as false

# string literals can be surrounded by the " character,
# but everything else CANNOT be

# whether to fork to the background. initscripts require
# this to be true most of the time.
background = true

# chroot to this directory on startup.
# this path is ABSOLUTE, it WON'T work with a relative path,
# because we are chrooting to the dir BEFORE chrooting, as a
# security measure.
# to disable chrooting, use an empty string (default).
chroot = ""

# drop privileges once running? recomended.
drop_privileges = true

# user to drop privileges to.
user = "mail"

# group to drop privileges to.
group = "mail"

# write a pid file with the pid of the main hermes server.
# if you set background=true above, this will write the pid
# of the forked hermes, not the original.
pid_file = "/var/run/hermes.pid"

# the port where hermes will listen for new connection.
# if you are going to use a port lower than 1024 (almost always,
# smtp is 25, smtps is 465 and delivery is 587), then you need
# to run as root (you can drop privileges) or with setUID active.
listening_port = 25

# the ip to bind to. if you leave it empty (default), then it
# listens on all available ips
bind_to = ""

# the host of the real smtp server.
# if your server is qmail and you have the AUTH patch,
# DON'T use localhost, use the external IP instead.
server_host = "twoja.domena.pl lub localhost"

# the port for the real smtp server.
server_port = 2525

# database file to use.
# if you are chrooting, the path is relative to the chroot:
# real filepath = chroot + database_file
database_file = "/var/lib/hermes/greylisting.db"

# whether to use greylisting.
# greylisting will slightly delay your emails (configurable, see below)
# to stop most spam. is the most efective technique in use by hermes.
greylist = true

# whether to throttle connection.
# it will force some spammers (the more impatient ones) to drop the connection
# and leave you alone.
throttle = false

# throttling time
# this is the time (in seconds) that hermes will wait between each sent line.
# don't set this too high (more than 3), as that will drop MANY connections
throttling_time = 1

# whether we should check if there is data before we send the SMTP banner.
# if there is data the email is almost certainly spam.
allow_data_before_banner = false

# dns blacklist domain list to check.
# if this is empty (default) hermes will not check anything, effectively disabling
# dns blacklisting.
# recommended value is "zen.spamhaus.org"
dns_blacklist_domains = ""

# percentage of domains that have to blacklist an ip before considering it blacklisted.
# for example if you need a domain to be listed in only half of the blacklists to be considered
# as listed, just define dns_blacklist_percentage as 50 (50%)
dns_blacklist_percentage = 100

# dns whitelist domain to check.
# if this is empty (default) hermes will not check anything, effectively disabling
# dns whitelisting.
# this lists should only list hosts that have a history of NOT sending spam.
# recommended value is "list.dnswl.org"
dns_whitelist_domains = ""

# percentage of domains that have to whitelist an ip before considering it whitelisted.
# for example if you need a domain to be listed in only half of the whitelists to be considered
# as listed, just define dns_whitelist_percentage as 50 (50%).
dns_whitelist_percentage = 100

# time to delay the initial SMTP banner
banner_delay_time = 5

# greylisting options.

# initial expiry time.
# when email is first recorded, it will expire after this time (in minutes).
initial_expiry = 240

# initial period of time (in minutes) during which a retry on the spammer's side will FAIL.
initial_blacklist = 5

# once we have whitelisted a triplet, how long it stays whitelisted (in days).
# 36 is a magic number, is the maximum days between a day and the same day next month
whitelist_expiry = 36

# whether to submit stats.
submit_stats = false

# should stats be submited using SSL?
# recomended, but some people will compile without ssl.
submit_stats_ssl = false

# username (used to submit stats).
# you can register on http:
submit_stats_username = "anonymous"

# password
submit_stats_password = "anonymous"

# if you are using the filelogger, which file to log to.
file_logger_filename = "hermes.log"

# whether to keep the logger file locked between writes
keep_file_locked = true

# whether to clean the database file and send stats.
# if you have two instances of hermes running (for example one for smtp and other for smtps)
# you want to configure all of them but one to use clean_db=false.
# also, you might prefer to not clean the database at all for many reasons (for example to
# keep a huge file around with all your system's email data).
# anyway, this doesn't mean in anyway that entries in the database won't expire, only that they
# will be left hanging around without any use.
clean_db = true

# ssl-related config options
# NOTE: this NEEDS the openssl library

# should we try to connect to our real smtp server using ssl?
# not really neccesary unless real smtp server is on other machine.
outgoing_ssl = false

# should we accept connections using ssl?
# NOTE: this does NOT disable the starttls capability, only starts hermes expecting SSL negotiation.
# starttls is handled the following way: if you have ssl, it is always on. clients can request it at
# any time an hermes will change to ssl at once. if you don't have ssl, hermes will refuse to starttls
# with a 354 error code, although it WILL still accept the command. connection should proceed normally
# even on that event
incoming_ssl = false

# file with our private key (PEM format).
# to generate, execute:
# # openssl genrsa 1024 > private.key
private_key_file = "/etc/mail/exim.key"

# file with our server certificate (PEM format).
# to generate, execute:
# # openssl req -new -x509 -nodes -sha1 -days 365 -key private.key > certificate.crt
# and answer the questions
certificate_file = "/etc/mail/exim.crt"

# whether to add headers to the email sent or no.
# to be rfc compatible this HAS to be true, but if you set to false, no one will know you are using hermes
add_headers = true

# the hostname to use for the headers. useful only in case that gethostname() returns
# something that is not correct. For example on windows, it seems to return only the host
# part of the name.

# if this is empty, hermes will use the value returned by gethostname()
hostname = "twoja.domena.pl"

# should a whitelisted hostname or whitelisted ip also disable throttling and banner delaying?
# it is useful to make remote hosts deliver mail almost at once
whitelisted_disables_everything = true

# whether to reject connections from hosts that do not provide DNS reverse resolution.
# don't enable if you don't know what you are doing or what this switch does
reject_no_reverse_resolution = false

# check whether your ehlo hostname matches your ip reverse resolution.
# don't enable unless you understand perfectly what this means
check_helo_against_reverse = false

# whether to query the spf record for the incoming domain.
# should help, enable if you have libspf (if you don't, install it and recompile)
query_spf = false

# return temporary error instead of permanent error.
# Currently, this only applies to SPF and DNSBL rejected email
# You should enable this while debugging your hermes installation,
# as configuration errors won't be fatal.
return_temp_error_on_reject = false