37 files changed, 1498 insertions, 0 deletions
diff --git a/debian/debconf/30_exim4-config_example_check_rcpt b/debian/debconf/30_exim4-config_example_check_rcpt
new file mode 100644
index 0000000..8e8883d
--- /dev/null
+++ b/debian/debconf/30_exim4-config_example_check_rcpt
@@ -0,0 +1,139 @@
+# This access control list is used for every RCPT command in an incoming
+# SMTP message. The tests are run in order until the address is either
+# accepted or denied.
+#
+acl_example_check_rcpt:
+  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
+  # testing for an empty sending host field.
+  accept hosts = :
+
+  # Deny if the local part contains @ or % or / or | or !. These are rarely
+  # found in genuine local parts, but are often tried by people looking to
+  # circumvent relaying restrictions.
+  #
+  # Also deny if the local part starts with a dot. Empty components aren't
+  # strictly legal in RFC 2822, but Exim allows them because this is common.
+  # However, actually starting with a dot may cause trouble if the local part
+  # is used as a file name (e.g. for a mailing list).
+  #
+  deny local_parts = ^.*[@%!/|] : ^\\.
+
+  # Accept mail to postmaster in any local domain, regardless of the source,
+  # and without verifying the sender.
+  #
+  accept local_parts = postmaster
+         domains = +local_domains
+
+  # Deny unless the sender address can be verified.
+  deny !acl = acl_whitelist_local_deny
+       !verify = sender
+
+  # Warn if the sender host does not have valid reverse DNS.
+  warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
+       !verify = reverse_host_lookup
+
+  # deny bad senders (envelope sender)
+  # CONFDIR/local_sender_blacklist holds a list of envelope senders that
+  # should have their access denied to the local host. Incoming messages
+  # with one of these senders are rejected at RCPT time.
+  #
+  # The explicit white lists are honored as well as negative items in
+  # the black list. See /usr/share/doc/exim4-config/default_acl for details.
+  deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+       !acl = acl_whitelist_local_deny
+       senders = ${if exists{CONFDIR/local_sender_blacklist}\
+                             {CONFDIR/local_sender_blacklist}\
+                             {}}
+
+  # deny bad sites (IP address)
+  # CONFDIR/local_host_blacklist holds a list of host names, IP addresses
+  # and networks (CIDR notation)  that should have their access denied to
+  # The local host. Messages coming in from a listed host will have all
+  # RCPT statements rejected.
+  #
+  # The explicit white lists are honored as well as negative items in
+  # the black list. See /usr/share/doc/exim4-config/default_acl for details.
+  deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+       !acl = acl_whitelist_local_deny
+       hosts = ${if exists{CONFDIR/local_host_blacklist}\
+                             {CONFDIR/local_host_blacklist}\
+                             {}}
+
+
+  #############################################################################
+  # The DNS "black" lists here might have gone out of existence at the
+  # time you might want to start using this example. Use at your own risk,
+  # and verify the used lists' policies.
+  #############################################################################
+
+  warn  message         = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        log_message     = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        dnslists        = inputs.relays.osirusoft.com:dialups.relays.osirusoft.com:spamhaus.relays.osirusoft.com:spamsites.relays.osirusoft.com:spews.relays.osirusoft.com:relays.ordb.org:relays.bl.kundenserver.de:relays.visi.com:sbl.spamhaus.org
+  
+  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        !senders = ${if exists{CONFDIR/local_postmaster.rfc-ignorant.org_whitelist}\
+		        {CONFDIR/local_postmaster.rfc-ignorant.org_whitelist}\
+                        {}}
+        dnslists        = postmaster.rfc-ignorant.org/$sender_address_domain
+
+  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        !senders = ${if exists{CONFDIR/local_abuse.rfc-ignorant.org_whitelist}\
+		        {CONFDIR/local_abuse.rfc-ignorant.org_whitelist}\
+                        {}}
+	dnslists        = abuse.rfc-ignorant.org/$sender_address_domain
+  
+  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        !senders = ${if exists{CONFDIR/local_whois.rfc-ignorant.org_whitelist}\
+		        {CONFDIR/local_whois.rfc-ignorant.org_whitelist}\
+                        {}}
+	dnslists        = whois.rfc-ignorant.org/$sender_address_domain
+  
+  warn  message         = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        log_message     = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        !senders = ${if exists{CONFDIR/local_dsn.rfc-ignorant.org_whitelist}\
+                        {CONFDIR/local_dsn.rfc-ignorant.org_whitelist}\
+			{}}
+	dnslists = dsn.rfc-ignorant.org/$sender_address_domain
+
+  # Accept if the address is in a local domain, but only if the recipient can
+  # be verified. Otherwise deny. The "endpass" line is the border between
+  # passing on to the next ACL statement (if tests above it fail) or denying
+  # access (if tests below it fail).
+  #
+  accept domains = +local_domains
+         endpass
+         message = unknown user
+         verify = recipient
+
+  # Accept if the address is in a domain for which we are relaying, but again,
+  # only if the recipient can be verified.
+  #
+  accept domains = +relay_to_domains
+         endpass
+         message = unrouteable address
+         verify = recipient
+
+  # If control reaches this point, the domain is neither in +local_domains
+  # nor in +relay_to_domains.
+
+  # Accept if the message comes from one of the hosts for which we are an
+  # outgoing relay. Recipient verification is omitted here, because in many
+  # cases the clients are dumb MUAs that don't cope well with SMTP error
+  # responses. If you are actually relaying out from MTAs, you should probably
+  # add recipient verification here.
+  #
+  accept hosts = +relay_from_hosts
+
+  # Accept if the message arrived over an authenticated connection, from
+  # any host. Again, these messages are usually from MUAs, so recipient
+  # verification is omitted.
+  #
+  accept authenticated = *
+
+  # Reaching the end of the ACL causes a "deny", but we might as well give
+  # an explicit message.
+  #
+  deny message = relay not permitted
diff --git a/debian/debconf/conf.d/acl/00_exim4-config_header b/debian/debconf/conf.d/acl/00_exim4-config_header
new file mode 100644
index 0000000..76b017e
--- /dev/null
+++ b/debian/debconf/conf.d/acl/00_exim4-config_header
@@ -0,0 +1,8 @@
+
+######################################################################
+#                       ACL CONFIGURATION                            #
+#         Specifies access control lists for incoming SMTP mail      #
+######################################################################
+begin acl
+
+
diff --git a/debian/debconf/conf.d/acl/20_exim4-config_whitelist_local_deny b/debian/debconf/conf.d/acl/20_exim4-config_whitelist_local_deny
new file mode 100644
index 0000000..7ff368f
--- /dev/null
+++ b/debian/debconf/conf.d/acl/20_exim4-config_whitelist_local_deny
@@ -0,0 +1,29 @@
+# This access control list is used to determine whitelisted senders and
+# hosts. It checks for CONFDIR/local_host_whitelist and
+# CONFDIR/local_sender_whitelist.
+#
+# It is meant to be used from some other acl entry.
+#
+# For example,
+# deny message = local blacklist example
+#      !acl = acl_whitelist
+#      dnslist = some.dns.list.example
+# will allow messages with envelope sender listed in local_sender_whitelist
+# or messages coming in from hosts listed in local_host_whitelist to be
+# accepted even if the delivering host is listed in the dns list.
+#
+# Whitelisting can also be configured by including negative items in the
+# black list. See /usr/share/doc/exim4-config/default_acl for details.
+#
+# If the files do not exist, the white list never matches, which is
+# the desired behaviour.
+
+acl_whitelist_local_deny:
+  accept hosts = ${if exists{CONFDIR/local_host_whitelist}\
+                        {CONFDIR/local_host_whitelist}\
+                        {}}
+  accept senders = ${if exists{CONFDIR/local_sender_whitelist}\
+                        {CONFDIR/local_sender_whitelist}\
+                        {}}
+
+
diff --git a/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
new file mode 100644
index 0000000..13d5852
--- /dev/null
+++ b/debian/debconf/conf.d/acl/30_exim4-config_check_rcpt
@@ -0,0 +1,118 @@
+# This access control list is used for every RCPT command in an incoming
+# SMTP message. The tests are run in order until the address is either
+# accepted or denied.
+#
+acl_check_rcpt:
+  # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
+  # testing for an empty sending host field.
+  accept hosts = :
+
+  # Deny if the local part contains @ or % or / or | or !. These are rarely
+  # found in genuine local parts, but are often tried by people looking to
+  # circumvent relaying restrictions.
+  #
+  # Also deny if the local part starts with a dot. Empty components aren't
+  # strictly legal in RFC 2822, but Exim allows them because this is common.
+  # However, actually starting with a dot may cause trouble if the local part
+  # is used as a file name (e.g. for a mailing list).
+  #
+  deny local_parts = ^.*[@%!/|] : ^\\.
+
+  # Accept mail to postmaster in any local domain, regardless of the source,
+  # and without verifying the sender.
+  #
+  accept local_parts = postmaster
+         domains = +local_domains
+
+  # Deny unless the sender address can be verified.
+  #
+  # This is disabled by default so that DNSless systems don't break. If
+  # your system can do DNS lookups without delay or cost, you might want
+  # to enable the following line.
+  # deny !acl = acl_whitelist_local_deny
+  # 	 !verify = sender
+
+  # Warn if the sender host does not have valid reverse DNS.
+  # 
+  # This is disabled by default so that DNSless systems don't break. If
+  # your system can do DNS lookups without delay or cost, you might want
+  # to enable the following lines.
+  # warn message = X-Broken-Reverse-DNS: no host name found for IP address $sender_host_address
+  #      !verify = reverse_host_lookup
+
+  # deny bad senders (envelope sender)
+  # CONFDIR/local_sender_blacklist holds a list of envelope senders that
+  # should have their access denied to the local host. Incoming messages
+  # with one of these senders are rejected at RCPT time.
+  #
+  # The explicit white lists are honored as well as negative items in
+  # the black list. See /usr/share/doc/exim4-config/default_acl for details.
+  deny message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+       !acl = acl_whitelist_local_deny
+       senders = ${if exists{CONFDIR/local_sender_blacklist}\
+                             {CONFDIR/local_sender_blacklist}\
+                             {}}
+
+  # deny bad sites (IP address)
+  # CONFDIR/local_host_blacklist holds a list of host names, IP addresses
+  # and networks (CIDR notation)  that should have their access denied to
+  # The local host. Messages coming in from a listed host will have all
+  # RCPT statements rejected.
+  #
+  # The explicit white lists are honored as well as negative items in
+  # the black list. See /usr/share/doc/exim4-config/default_acl for details.
+  deny message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+       !acl = acl_whitelist_local_deny
+       hosts = ${if exists{CONFDIR/local_host_blacklist}\
+                             {CONFDIR/local_host_blacklist}\
+                             {}}
+
+
+  #############################################################################
+  # There are no checks on DNS "black" lists because the domains that contain
+  # these lists are changing all the time. You can find examples of
+  # how to use dnslists in /usr/share/doc/exim4-config/examples/acl
+  #############################################################################
+
+  # Accept if the address is in a local domain, but only if the recipient can
+  # be verified. Otherwise deny. The "endpass" line is the border between
+  # passing on to the next ACL statement (if tests above it fail) or denying
+  # access (if tests below it fail).
+  #
+  accept domains = +local_domains
+         endpass
+         message = unknown user
+         verify = recipient
+
+  # Accept if the address is in a domain for which we are relaying, but again,
+  # only if the recipient can be verified.
+  #
+  accept domains = +relay_to_domains
+         endpass
+         message = unrouteable address
+         verify = recipient
+
+  # If control reaches this point, the domain is neither in +local_domains
+  # nor in +relay_to_domains.
+
+  # Accept if the message comes from one of the hosts for which we are an
+  # outgoing relay. Recipient verification is omitted here, because in many
+  # cases the clients are dumb MUAs that don't cope well with SMTP error
+  # responses. If you are actually relaying out from MTAs, you should probably
+  # add recipient verification here.
+  #
+  accept hosts = +relay_from_hosts
+
+  # Accept if the message arrived over an authenticated connection, from
+  # any host. Again, these messages are usually from MUAs, so recipient
+  # verification is omitted.
+  #
+  accept authenticated = *
+
+  # Reaching the end of the ACL causes a "deny", but we might as well give
+  # an explicit message.
+  #
+  deny message = relay not permitted
+
+
+
diff --git a/debian/debconf/conf.d/acl/40_exim4-config_check_data b/debian/debconf/conf.d/acl/40_exim4-config_check_data
new file mode 100644
index 0000000..220a572
--- /dev/null
+++ b/debian/debconf/conf.d/acl/40_exim4-config_check_data
@@ -0,0 +1,29 @@
+# 40_exim4-config_check_data
+
+acl_check_data:
+   # Add Message-ID if missing
+   warn condition = ${if !def:h_Message-ID: {1}}
+        hosts = +relay_from_hosts
+        message = Message-ID: <E$message_id@$primary_hostname>
+		      
+   # Deny unless the address list headers are syntactically correct.
+   #
+   # This is disabled by default because it might reject legitimate mail.
+   # If you want your system to insist on syntactically valid address
+   # headers, you might want to enable the following lines.
+   # deny message = Message headers fail syntax check
+   #	!acl = acl_whitelist_local_deny
+   #    !verify = header_syntax
+
+   # require that there is a verifiable sender address in at least
+   # one of the "Sender:", "Reply-To:", or "From:" header lines.
+   # deny message = No verifiable sender address in message headers
+   #	!acl = acl_whitelist_local_deny
+   #    !verify = header_sender
+
+   # enforce a message-size limit
+   # deny message = Message size $message_size is larger than limit of MESSAGE_SIZE_LIMIT
+   #	condition = ${if >{$message_size}{MESSAGE_SIZE_LIMIT}{yes}{no}}
+
+   # accept otherwise
+   accept
diff --git a/debian/debconf/conf.d/auth/00_exim4-config_header b/debian/debconf/conf.d/auth/00_exim4-config_header
new file mode 100644
index 0000000..c5f8fc1
--- /dev/null
+++ b/debian/debconf/conf.d/auth/00_exim4-config_header
@@ -0,0 +1,8 @@
+
+######################################################################
+#                   AUTHENTICATION CONFIGURATION                     #
+######################################################################
+
+begin authenticators
+
+
diff --git a/debian/debconf/conf.d/auth/30_exim4-config_examples b/debian/debconf/conf.d/auth/30_exim4-config_examples
new file mode 100644
index 0000000..dbc3b9b
--- /dev/null
+++ b/debian/debconf/conf.d/auth/30_exim4-config_examples
@@ -0,0 +1,102 @@
+
+### auth/30_exim4-config_examples
+#################################
+
+# The examples below are for server side authentication; they allow two
+# styles of plain-text authentication against an CONFDIR/passwd file
+# which should have user IDs in the first column and crypted passwords
+# in the second. The columns need to be separated by ':'. For CRAM-MD5
+# exim needs access to the UNECRYPTED passwd - the example below assumes
+# it is avalable in the third column of CONFDIR/passwd
+
+# plain_server:
+#   driver = plaintext
+#   public_name = PLAIN
+#   server_condition = "${if crypteq{$3}{${extract{1}{:}{${lookup{$2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
+#   server_set_id = $2
+#   server_prompts = :
+#
+# login_server:
+#   driver = plaintext
+#   public_name = LOGIN
+#   server_prompts = "Username:: : Password::"
+#   server_condition = "${if crypteq{$2}{${extract{1}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
+#   server_set_id = $1
+#
+# cram_md5_server:
+#   driver = cram_md5
+#   public_name = CRAM-MD5
+#   server_secret = ${extract{2}{:}{${lookup{$1}lsearch{CONFDIR/passwd}{$value}fail}}}
+#   server_set_id = $1
+
+# Here is an example of CRAM-MD5 authentication against PostgreSQL:
+#
+# psqldb_auth:
+#   driver = cram_md5
+#   public_name = CRAM-MD5
+#   server_secret = ${lookup pgsql{SELECT pw FROM users WHERE username = '${quote_pgsql:$1}'}{$value}fail}
+#   server_set_id = $1
+
+# Authenticate against local passwords using sasl2-bin
+#
+# plain_saslauthd:
+#   driver = plaintext
+#   public_name = PLAIN
+#   # don't send system passwords over unencrypted connections
+#   server_advertise_condition = ${if eq{$tls_cipher}{}{0}{1}}
+#   server_condition = ${if saslauthd{{$2}{$3}}{1}{0}}
+#   server_set_id = $2
+#   server_prompts = :
+
+##############
+# See /usr/share/doc/exim4-base/README.SMTP-AUTH
+##############
+
+# These examples below are the equivalent for client side authentication.
+# They get the passwords from CONFDIR/passwd.client. This file should have
+# three columns separated by colons, the first contains the name of the
+# mailserver to authenticate against, the second the username and the third
+# contains the password.
+
+### # example for CONFDIR/passwd.client
+### mail.server:blah:secret
+### # default entry:
+### *:bar:foo
+
+cram_md5:
+  driver = cram_md5
+  public_name = CRAM-MD5
+  client_name = ${extract{1}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
+  client_secret = ${extract{2}{:}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}
+
+# Because AUTH PLAIN sends the password in clear, per default we only allow it
+# over encrypted connections. If you want to change this disable the existing
+# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}"
+# by removing the hash-mark (#) at the beginning of the line.
+plain:
+  driver = plaintext
+  public_name = PLAIN
+  client_send = "${if !eq{$tls_cipher}{}{\
+                     ^${extract{1}{::}\
+		       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
+		     ^${extract{2}{::}\
+		       {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}\
+		   }fail}"
+#  client_send = "^${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}^${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
+
+# Because AUTH LOGIN sends the password in clear, per default we only allow it
+# over encrypted connections. If you want to change this disable the existing
+# "client send" entry and enable the one below without the "if !eq{$tls_cipher}{}"
+# by removing the hash-mark (#) at the beginning of the line.
+login:
+  driver = plaintext
+  public_name = LOGIN
+  client_send = "${if !eq{$tls_cipher}{}{}fail}\
+                 : ${extract{1}{::}\
+		        {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} \
+		 : ${extract{2}{::}\
+		     {${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
+#  client_send = ": ${extract{1}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}} : ${extract{2}{::}{${lookup{$host}lsearch*{CONFDIR/passwd.client}{$value}fail}}}"
+
+
+
diff --git a/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs b/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs
new file mode 100644
index 0000000..5b29ed0
--- /dev/null
+++ b/debian/debconf/conf.d/main/01_exim4-config_listmacrosdefs
@@ -0,0 +1,72 @@
+
+######################################################################
+#                  Runtime configuration file for Exim               #
+######################################################################
+
+######################################################################
+#                    MAIN CONFIGURATION SETTINGS                     #
+######################################################################
+
+# Just for reference and scripts, on debian, the main binary is
+# installed as exim4
+exim_path = /usr/sbin/exim4
+
+# Macro defining the main configuration directory, we use no abolute
+# paths.
+CONFDIR = /etc/exim4
+
+# Macro defining the message size limit. This is not enabled by default
+# in CONFDIR/conf.d/acl/40_exim4-config_check_data
+MESSAGE_SIZE_LIMIT = 10M
+
+# Define a macro DC_minimaldns if dc_minimaldns=true, to use in
+# .ifdef-statements otherwise this expands to an empty line
+DEBCONFminimaldnsDEBCONF
+
+# The next three settings create two lists of domains and one list of hosts.
+# These lists are referred to later in this configuration using the syntax
+# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
+# are all colon-separated lists:
+
+# '@' refers to 'the name of the local host'
+
+### EXPANSION-begins ######################
+domainlist local_domains = DEBCONFlocal_domainsDEBCONF
+
+domainlist relay_to_domains = DEBCONFrelay_domainsDEBCONF
+
+hostlist relay_from_hosts = 127.0.0.1 : ::::1 : DEBCONFrelay_netsDEBCONF
+
+
+# Specify the domain you want to be added to all unqualified addresses
+# here. An unqualified address is one that does not contain an "@" character
+# followed by a domain. For example, "caesar@rome.example" is a fully qualified
+# address, but the string "caesar" (i.e. just a login name) is an unqualified
+# email address. Unqualified addresses are accepted only from local callers by
+# default. See the recipient_unqualified_hosts option if you want to permit
+# unqualified addresses from remote sources. If this option is not set, the
+# primary_hostname value is used for qualification.
+qualify_domain = DEBCONFvisiblenameDEBCONF
+
+# only used for satellite-system
+DCreadhost = DEBCONFreadhostDEBCONF
+
+#for satellite and smarthost-systems
+DCsmarthost = DEBCONFsmarthostDEBCONF
+
+# listen on all all interfaces?
+DEBCONFlistenonpublicDEBCONF
+### EXPANSION-ends   ######################
+
+# The default delivery method. See CONFDIR/conf.d/transports/ for other
+# possibilities
+LOCAL_DELIVERY=mail_spool
+
+# The gecos field in /etc/passwd holds not only the name. see passwd(5).
+gecos_pattern = ^([^,:]*)
+gecos_name = $1
+
+
+# define a macro DCconfig_smarthost, DCconfig_satellite, etc. we need this
+# for .ifdef ... .endif
+DCconfig_DEBCONFconfigtypeDEBCONF = 1
diff --git a/debian/debconf/conf.d/main/02_exim4-config_options b/debian/debconf/conf.d/main/02_exim4-config_options
new file mode 100644
index 0000000..1a85e8e
--- /dev/null
+++ b/debian/debconf/conf.d/main/02_exim4-config_options
@@ -0,0 +1,103 @@
+
+### main/02_exim4-config_options
+#################################
+
+# This option defines the access control list that is run when an
+# SMTP RCPT command is received.
+#
+acl_smtp_rcpt = acl_check_rcpt
+
+# This option defines the access control list that is run when an
+# SMTP DATA command is received.
+#
+acl_smtp_data = acl_check_data
+
+# If you want unqualified recipient addresses to be qualified with a different
+# domain to unqualified sender addresses, specify the recipient domain here.
+# If this option is not set, the qualify_domain value is used.
+#
+# qualify_recipient = 
+
+# The following line must be uncommented if you want Exim to recognize
+# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal"
+# (an IP address) instead of a named domain. The RFCs still require this form,
+# but it makes little sense to permit mail to be sent to specific hosts by
+# their IP address in the modern Internet. This ancient format has been used
+# by those seeking to abuse hosts by using them for unwanted relaying. If you
+# really do want to support domain literals, uncomment the following line, and
+# see also the "domain_literal" router.
+#
+# allow_domain_literals
+
+.ifndef DC_minimaldns
+# The setting below causes Exim to do a reverse DNS lookup on all incoming
+# IP calls, in order to get the true host name. If you feel this is too
+# expensive, you can specify the networks for which a lookup is done, or
+# remove the setting entirely.
+#
+host_lookup = *
+.endif
+
+# The settings below, which are actually the same as the defaults in the
+# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
+# calls. You can limit the hosts to which these calls are made, and/or change
+# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
+# are disabled. RFC 1413 calls are cheap and can provide useful information
+# for tracing problem messages, but some hosts and firewalls have problems
+# with them. This can result in a timeout instead of an immediate refused
+# connection, leading to delays on starting up an SMTP session.
+#
+rfc1413_hosts = *
+rfc1413_query_timeout = 30s
+
+# By default, Exim expects all envelope addresses to be fully qualified, that
+# is, they must contain both a local part and a domain. If you want to accept
+# unqualified addresses (just a local part) from certain hosts, you can specify
+# these hosts by setting one or both of
+#
+# sender_unqualified_hosts =
+# recipient_unqualified_hosts =
+#
+# to control sender and recipient addresses, respectively. When this is done,
+# unqualified addresses are qualified using the settings of qualify_domain
+# and/or qualify_recipient (see above).
+
+# If you want Exim to support the "percent hack" for certain domains,
+# uncomment the following line and provide a list of domains. The "percent
+# hack" is the feature by which mail addressed to x%y@z (where z is one of
+# the domains listed) is locally rerouted to x@y and sent on. If z is not one
+# of the "percent hack" domains, x%y is treated as an ordinary local part. This
+# hack is rarely needed nowadays; you should not enable it unless you are sure
+# that you really need it.
+#
+# percent_hack_domains =
+
+# When Exim can neither deliver a message nor return it to sender, it "freezes"
+# the delivery error message (aka "bounce message"). There are also other
+# circumstances in which messages get frozen. They will stay on the queue for
+# ever unless one of the following options is set.
+
+# This option unfreezes frozen bounce messages after two days, tries
+# once more to deliver them, and ignores any delivery failures.
+#
+ignore_bounce_errors_after = 2d
+
+# This option cancels (removes) frozen messages that are older than a week.
+#
+timeout_frozen_after = 7d
+
+freeze_tell = postmaster
+
+# Only for interacting with other packages, to make it possible to use
+# -DSPOOLDIR to override it on the command line
+.ifndef SPOOLDIR
+SPOOLDIR = /var/spool/exim4
+.endif
+spool_directory = SPOOLDIR
+
+# uucp should be able to set envelope-from to arbitrary values
+trusted_users = uucp
+
+# uncomment this to get the Debian version in the SMTP dialog
+# smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} (Debian package DEBCONFpackageversionDEBCONF) ${tod_full}"
+
diff --git a/debian/debconf/conf.d/main/03_exim4-config_tlsoptions b/debian/debconf/conf.d/main/03_exim4-config_tlsoptions
new file mode 100644
index 0000000..d462ff9
--- /dev/null
+++ b/debian/debconf/conf.d/main/03_exim4-config_tlsoptions
@@ -0,0 +1,46 @@
+# Example for TLS/SSL configuration.
+
+# See /usr/share/doc/exim4-base/README.TLS* for explanations.
+
+# Defines that you want to log what cipher your exim and the peer's mailer
+# uses to encrypt the transaction. It also defines you want to log the 'DN'
+# (Distinguished Name) of the certificate of the peer.
+#
+# log_selector = +tls_cipher +tls_peerdn
+
+# Defines what hosts to 'advertise' STARTTLS functionality to. Setting this
+# to * will advertise to all hosts that connect with EHLO, and this is a
+# good default
+#
+# tls_advertise_hosts = *
+
+# Defines where your SSL-certificate and SSL-Private Key are located.
+# This requires a full path. The files pointed to must be kept 'secret'
+# and should be owned my root.Debian-exim mode 640 (-rw-r-----). Usually the
+# exim-gencert script takes care of these prerequisites.
+#
+# tls_certificate = CONFDIR/exim.crt
+# tls_privatekey = CONFDIR/exim.key
+
+# A file which contains the certificates of the trusted CAs (Certification
+# Authorities) against which host certificates can be checked (through the
+# `tls_verify_hosts' and `tls_try_verify_hosts' lists below).
+# /etc/ssl/certs/ca-certificates.crt is generated by
+# the "ca-certificates" package's update-ca-certificates(8) command.
+#
+#tls_verify_certificates = /etc/ssl/certs/ca-certificates.crt
+
+# A list of hosts which are constrained by `tls_verify_certificates'. A host
+# that matches `tls_verify_host' must present a certificate that's
+# verifyable through `tls_verify_certificates' in order to be accepted as an
+# SMTP client. If it does not, the connection is aborted.
+#
+#tls_verify_hosts = 
+
+# A weaker form of checking: if a client matches `tls_try_verify_hosts' (but
+# not `tls_verify_hosts'), request a certificate and check it against
+# `tls_verify_certificates' but do not abort the connection if there is no
+# certificate or if the certificate presented does not match. (This
+# condition can be tested for in ACLs through `verify = certificate')
+#
+#tls_try_verify_hosts = *
diff --git a/debian/debconf/conf.d/retry/00_exim4-config_header b/debian/debconf/conf.d/retry/00_exim4-config_header
new file mode 100644
index 0000000..e2bb4a4
--- /dev/null
+++ b/debian/debconf/conf.d/retry/00_exim4-config_header
@@ -0,0 +1,7 @@
+
+######################################################################
+#                      RETRY CONFIGURATION                           #
+######################################################################
+
+begin retry
+
diff --git a/debian/debconf/conf.d/retry/30_exim4-config b/debian/debconf/conf.d/retry/30_exim4-config
new file mode 100644
index 0000000..0ade295
--- /dev/null
+++ b/debian/debconf/conf.d/retry/30_exim4-config
@@ -0,0 +1,14 @@
+
+# This single retry rule applies to all domains and all errors. It specifies
+# retries every 15 minutes for 2 hours, then increasing retry intervals,
+# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
+# hours, then retries every 6 hours until 4 days have passed since the first
+# failed delivery.
+
+# Domain               Error       Retries
+# ------               -----       -------
+
+*                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+
+
diff --git a/debian/debconf/conf.d/rewrite/00_exim4-config_header b/debian/debconf/conf.d/rewrite/00_exim4-config_header
new file mode 100644
index 0000000..a32db17
--- /dev/null
+++ b/debian/debconf/conf.d/rewrite/00_exim4-config_header
@@ -0,0 +1,7 @@
+
+######################################################################
+#                      REWRITE CONFIGURATION                         #
+######################################################################
+
+begin rewrite
+
diff --git a/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting b/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting
new file mode 100644
index 0000000..e5944dc
--- /dev/null
+++ b/debian/debconf/conf.d/rewrite/31_exim4-config_rewriting
@@ -0,0 +1,23 @@
+
+### rewrite/31_exim4-config_rewriting
+#################################
+
+# This rewriting rule is particularily useful for dialup users who
+# don't have their own domain, but could be useful for anyone.
+# It looks up the real address of all local users in a file
+*@+local_domains ${lookup{${local_part}}lsearch{/etc/email-addresses}\
+                   {$value}fail} Ffrs
+
+# The same as above, using outdated /etc/exim4/email-addresses, please
+# move its contents to /etc/email-addresses and delete
+# /etc/exim4/email-addresses
+*@+local_domains "${if exists {CONFDIR/email-addresses}\
+                    {${lookup{${local_part}}lsearch{CONFDIR/email-addresses}\
+		    {$value}fail}}fail}" Ffrs
+
+
+
+# hide mailname for satellite system and masqerade as DCreadhost instead
+.ifdef DCconfig_satellite
+*@+local_domains ${local_part}@DCreadhost Ffr
+.endif
diff --git a/debian/debconf/conf.d/router/00_exim4-config_header b/debian/debconf/conf.d/router/00_exim4-config_header
new file mode 100644
index 0000000..531e21f
--- /dev/null
+++ b/debian/debconf/conf.d/router/00_exim4-config_header
@@ -0,0 +1,11 @@
+
+######################################################################
+#                      ROUTERS CONFIGURATION                         #
+#               Specifies how addresses are handled                  #
+######################################################################
+#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
+# An address is passed to each router in turn until it is accepted.  #
+######################################################################
+
+begin routers
+
diff --git a/debian/debconf/conf.d/router/100_exim4-config_domain_literal b/debian/debconf/conf.d/router/100_exim4-config_domain_literal
new file mode 100644
index 0000000..c07a354
--- /dev/null
+++ b/debian/debconf/conf.d/router/100_exim4-config_domain_literal
@@ -0,0 +1,16 @@
+
+# This router routes to remote hosts over SMTP by explicit IP address,
+# when an email address is given in "domain literal" form, for example,
+# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
+# little-known these days, and has been exploited by evil people seeking
+# to abuse SMTP relays. Consequently it is commented out in the default
+# configuration. If you uncomment this router, you also need to uncomment
+# allow_domain_literals above, so that Exim can recognize the syntax of
+# domain literal addresses.
+
+# domain_literal:
+#   debug_print = "R: domain_literal for $local_part@$domain"
+#   driver = ipliteral
+#   domains = ! +local_domains
+#   transport = remote_smtp
+
diff --git a/debian/debconf/conf.d/router/200_exim4-config_primary b/debian/debconf/conf.d/router/200_exim4-config_primary
new file mode 100644
index 0000000..0a64829
--- /dev/null
+++ b/debian/debconf/conf.d/router/200_exim4-config_primary
@@ -0,0 +1,72 @@
+
+### router/200_exim4-config_primary
+#################################
+# This file holds the primary router, responsible for nonlocal mails
+
+.ifdef DCconfig_internet
+# configtype=internet
+#
+# deliver mail to the recipient if recipient domain is a domain we
+# relay for. We do not ignore any target hosts here since delivering to
+# a site local or even a link local address might be wanted here, and if
+# such an address has found its way into the MX record of such a domain,
+# the local admin is probably in a place where that broken MX record
+# could be fixed.
+
+dnslookup_relay_to_domains:
+  driver = dnslookup
+  domains = ! +local_domains : +relay_to_domains
+  transport = remote_smtp
+  same_domain_copy_routing = yes
+  no_more
+
+# deliver mail directly to the recipient. This router is only reached
+# for domains that we do not relay for. Since we most probably can't
+# have broken MX records pointing to site local or link local IP
+# addresses fixed, we ignore target hosts pointing to these addresses.
+
+dnslookup:
+  driver = dnslookup
+  domains = ! +local_domains
+  transport = remote_smtp
+  same_domain_copy_routing = yes
+  # ignore private rfc1918 and APIPA addresses
+  ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 : 192.168.0.0/16 :\
+                        172.16.0.0/12 : 10.0.0.0/8 : 169.254.0.0/16
+  no_more
+
+.endif
+
+
+.ifdef DCconfig_local
+# configtype=local
+#
+# Stand-alone system, so generate an error for mail to a non-local domain
+nonlocal:
+  driver = redirect
+  allow_fail
+  data = :fail: Mailing to remote domains not supported
+  no_more
+  domains = ! +local_domains
+
+.endif
+
+
+.ifdef DCconfig_smarthost DCconfig_satellite
+# configtype=smarthost or configtype=satellite
+#
+# Send all non-local mail to a single other machine (smarthost).
+smarthost:
+  driver = manualroute
+  domains = ! +local_domains
+  transport = remote_smtp
+  route_list = * DCsmarthost
+  host_find_failed = defer
+  same_domain_copy_routing = yes
+  no_more
+
+.endif
+
+
+# The "no_more" above means that all later routers are for
+# domains in the local_domains list, i.e. just like Exim 3 directors.
diff --git a/debian/debconf/conf.d/router/300_exim4-config_real_local b/debian/debconf/conf.d/router/300_exim4-config_real_local
new file mode 100644
index 0000000..1703d7d
--- /dev/null
+++ b/debian/debconf/conf.d/router/300_exim4-config_real_local
@@ -0,0 +1,9 @@
+
+real_local:
+  debug_print = "R: real_local for $local_part@$domain"
+  driver = accept
+  domains = +local_domains
+  local_part_prefix = real-
+  check_local_user
+  transport = LOCAL_DELIVERY
+
diff --git a/debian/debconf/conf.d/router/400_exim4-config_system_aliases b/debian/debconf/conf.d/router/400_exim4-config_system_aliases
new file mode 100644
index 0000000..c663570
--- /dev/null
+++ b/debian/debconf/conf.d/router/400_exim4-config_system_aliases
@@ -0,0 +1,29 @@
+
+# This router handles aliasing using a traditional /etc/aliases file.
+#
+##### NB  You must ensure that /etc/aliases exists. It used to be the case
+##### NB  that every Unix had that file, because it was the Sendmail default.
+##### NB  These days, there are systems that don't have it. Your aliases
+##### NB  file should at least contain an alias for "postmaster".
+#
+# Piping to programs in /etc/aliases is disabled per default.
+# If that is a problem for you, see
+#   /usr/share/doc/exim4-config/README.system_aliases
+# or explanation and some workarounds.
+#
+# Note that the transports listed below are the same as are used for
+# .forward files; you might want to set up different ones for pipe and
+# file deliveries from aliases.
+
+system_aliases:
+  debug_print = "R: system_aliases for $local_part@$domain"
+  driver = redirect
+  domains = +local_domains
+  allow_fail
+  allow_defer
+  data = ${lookup{$local_part}lsearch{/etc/aliases}}
+#  user = list
+#  group = mail
+  file_transport = address_file
+# pipe_transport = address_pipe
+# directory_transport = address_directory
diff --git a/debian/debconf/conf.d/router/500_exim4-config_hubuser b/debian/debconf/conf.d/router/500_exim4-config_hubuser
new file mode 100644
index 0000000..1e2a179
--- /dev/null
+++ b/debian/debconf/conf.d/router/500_exim4-config_hubuser
@@ -0,0 +1,19 @@
+
+### router/500_exim4-config_hubuser
+#################################
+
+.ifdef DCconfig_satellite
+# This router is only used for configtype=satellite.
+# It takes care to route all mail targetted to <somelocaluser@this.machine>
+# to the host where we read our mail
+#
+hub_user:
+  debug_print = "R: hub_user for $local_part@$domain"
+  driver = redirect
+  domains = +local_domains
+  data = ${local_part}@DCreadhost
+  check_local_user
+
+.endif
+
+
diff --git a/debian/debconf/conf.d/router/600_exim4-config_userforward b/debian/debconf/conf.d/router/600_exim4-config_userforward
new file mode 100644
index 0000000..2b71cc0
--- /dev/null
+++ b/debian/debconf/conf.d/router/600_exim4-config_userforward
@@ -0,0 +1,48 @@
+
+# router/600_exim4-config_userforward
+#################################
+
+# This router handles forwarding using traditional .forward files in users'
+# home directories and filtering with exim's builtin filter language. 
+#
+# The no_verify setting means that this router is skipped when Exim is
+# verifying addresses. Similarly, no_expn means that this router is skipped if
+# Exim is processing an EXPN command.
+#
+# The check_ancestor option means that if the forward file generates an
+# address that is an ancestor of the current one, the current one gets
+# passed on instead. This covers the case where A is aliased to B and B
+# has a .forward file pointing to A.
+#
+# The four transports specified at the end are those that are used when
+# forwarding generates a direct delivery to a directory, or a file, or to a
+# pipe, or sets up an auto-reply, respectively.
+#
+userforward:
+  debug_print = "R: userforward for $local_part@$domain"
+  driver = redirect
+  domains = +local_domains
+  check_local_user
+  file = $home/.forward
+  no_verify
+  no_expn
+  check_ancestor
+  allow_filter
+  directory_transport = address_directory
+  file_transport = address_file
+  pipe_transport = address_pipe
+  reply_transport = address_reply
+  skip_syntax_errors
+  syntax_errors_to = real-$local_part@$domain
+  syntax_errors_text = \
+    This is an automatically generated message. An error has\n\
+    been found in your .forward file. Details of the error are\n\
+    reported below. While this error persists, you will receive\n\
+    a copy of this message for every message that is addressed\n\
+    to you. If your .forward file is a filter file, or if it is\n\
+    a non-filter file containing no valid forwarding addresses,\n\
+    a copy of each incoming message will be put in your normal\n\
+    mailbox. If a non-filter file contains at least one valid\n\
+    forwarding address, forwarding to the valid addresses will\n\
+    happen, and those will be the only deliveries that occur.
+
diff --git a/debian/debconf/conf.d/router/700_exim4-config_procmail b/debian/debconf/conf.d/router/700_exim4-config_procmail
new file mode 100644
index 0000000..8c829c5
--- /dev/null
+++ b/debian/debconf/conf.d/router/700_exim4-config_procmail
@@ -0,0 +1,11 @@
+
+procmail:
+  debug_print = "R: procmail for $local_part@$domain"
+  driver = accept
+  domains = +local_domains
+  check_local_user
+  transport = procmail_pipe
+  require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
+  no_verify
+  no_expn
+
diff --git a/debian/debconf/conf.d/router/800_exim4-config_maildrop b/debian/debconf/conf.d/router/800_exim4-config_maildrop
new file mode 100644
index 0000000..0c57fc6
--- /dev/null
+++ b/debian/debconf/conf.d/router/800_exim4-config_maildrop
@@ -0,0 +1,14 @@
+
+### router/800_exim4-config_maildrop
+#################################
+
+maildrop:
+  debug_print = "R: maildrop for $local_part@$domain"
+  driver = accept
+  domains = +local_domains
+  check_local_user
+  transport = maildrop_pipe
+  require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
+  no_verify
+  no_expn
+
diff --git a/debian/debconf/conf.d/router/900_exim4-config_local_user b/debian/debconf/conf.d/router/900_exim4-config_local_user
new file mode 100644
index 0000000..52e1897
--- /dev/null
+++ b/debian/debconf/conf.d/router/900_exim4-config_local_user
@@ -0,0 +1,14 @@
+
+### router/900_exim4-config_local_user
+#################################
+
+local_user:
+  debug_print = "R: local_user for $local_part@$domain"
+  driver = accept
+  domains = +local_domains
+  check_local_user
+  local_parts = ! root
+  transport = LOCAL_DELIVERY
+
+
+
diff --git a/debian/debconf/conf.d/router/mmm_mail4root b/debian/debconf/conf.d/router/mmm_mail4root
new file mode 100644
index 0000000..88017ba
--- /dev/null
+++ b/debian/debconf/conf.d/router/mmm_mail4root
@@ -0,0 +1,17 @@
+
+### router/mmm_mail4root
+#################################
+# deliver mail addressed to root to /var/mail/mail as user mail:mail
+# if it was not redirected in /etc/aliases or by other means
+# Exim cannot deliver as root since 4.24 (FIXED_NEVER_USERS)
+
+mail4root:
+  debug_print = "R: mail4root for $local_part@$domain"
+  driver = redirect
+  domains = +local_domains
+  data = /var/mail/mail
+  file_transport = address_file
+  local_parts = root
+  user = mail
+  group = mail
+
diff --git a/debian/debconf/conf.d/transport/00_exim4-config_header b/debian/debconf/conf.d/transport/00_exim4-config_header
new file mode 100644
index 0000000..48e45da
--- /dev/null
+++ b/debian/debconf/conf.d/transport/00_exim4-config_header
@@ -0,0 +1,13 @@
+
+######################################################################
+#                      TRANSPORTS CONFIGURATION                      #
+######################################################################
+#                       ORDER DOES NOT MATTER                        #
+#     Only one appropriate transport is called for each delivery.    #
+######################################################################
+
+# A transport is used only when referenced from a router that successfully
+# handles an address.
+
+begin transports
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_address_file b/debian/debconf/conf.d/transport/30_exim4-config_address_file
new file mode 100644
index 0000000..82b55e2
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_address_file
@@ -0,0 +1,11 @@
+
+# This transport is used for handling deliveries directly to files that are
+# generated by aliasing or forwarding.
+#
+address_file:
+  debug_print = "T: address_file for $local_part@$domain"
+  driver = appendfile
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_address_pipe b/debian/debconf/conf.d/transport/30_exim4-config_address_pipe
new file mode 100644
index 0000000..cb01c37
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_address_pipe
@@ -0,0 +1,12 @@
+
+# This transport is used for handling pipe deliveries generated by alias or
+# .forward files. If the commands fails and produces any output on standard
+# output or standard error streams, the output is returned to the sender
+# of the message as a delivery error.
+# You can set different transports for aliases and forwards if you want to
+# - see the references to address_pipe in the routers section above.
+address_pipe:
+  debug_print = "T: address_pipe for $local_part@$domain"
+  driver = pipe
+  return_fail_output
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_address_reply b/debian/debconf/conf.d/transport/30_exim4-config_address_reply
new file mode 100644
index 0000000..b2b8862
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_address_reply
@@ -0,0 +1,8 @@
+
+# This transport is used for handling autoreplies generated by the filtering
+# option of the userforward router.
+#
+address_reply:
+  debug_print = "T: autoreply for $local_part@$domain"
+  driver = autoreply
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_mail_spool b/debian/debconf/conf.d/transport/30_exim4-config_mail_spool
new file mode 100644
index 0000000..21dfae4
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_mail_spool
@@ -0,0 +1,17 @@
+
+### transport/30_exim4-config_mail_spool
+
+# This transport is used for local delivery to user mailboxes in traditional
+# BSD mailbox format.
+#
+mail_spool:
+  debug_print = "T: appendfile for $local_part@$domain"
+  driver = appendfile
+  file = /var/mail/$local_part
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  group = mail
+  mode = 0660
+  mode_fail_narrower = false
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_maildir_home b/debian/debconf/conf.d/transport/30_exim4-config_maildir_home
new file mode 100644
index 0000000..3d25c30
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_maildir_home
@@ -0,0 +1,17 @@
+
+### transport/30_exim4-config_maildir_home
+
+# Use this instead of mail_spool if you want to to deliver to Maildir in
+# home-directory - change the definition of LOCAL_DELIVERY
+#
+maildir_home:
+  debug_print = "T: maildir_home for $local_part@$domain"
+  driver = appendfile
+  directory = $home/Maildir
+  delivery_date_add
+  envelope_to_add
+  return_path_add
+  maildir_format
+  mode = 0600
+  mode_fail_narrower = false
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe b/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe
new file mode 100644
index 0000000..0ba27bc
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_maildrop_pipe
@@ -0,0 +1,10 @@
+
+maildrop_pipe:
+  debug_print = "T: maildrop_pipe for $local_part@$domain"
+  driver = pipe
+  path = "/bin:/usr/bin:/usr/local/bin"
+  command = "/usr/bin/maildrop"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_procmail_pipe b/debian/debconf/conf.d/transport/30_exim4-config_procmail_pipe
new file mode 100644
index 0000000..5fb03ff
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_procmail_pipe
@@ -0,0 +1,10 @@
+
+procmail_pipe:
+  debug_print = "T: procmail_pipe for $local_part@$domain"
+  driver = pipe
+  path = "/bin:/usr/bin:/usr/local/bin"
+  command = "/usr/bin/procmail"
+  return_path_add
+  delivery_date_add
+  envelope_to_add
+
diff --git a/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp
new file mode 100644
index 0000000..62ab68e
--- /dev/null
+++ b/debian/debconf/conf.d/transport/30_exim4-config_remote_smtp
@@ -0,0 +1,14 @@
+
+### transport/30_exim4-config_remote_smtp
+#################################
+# This transport is used for delivering messages over SMTP connections.
+remote_smtp:
+  debug_print = "T: remote_smtp for $local_part@$domain"
+  driver = smtp
+#  hosts_try_auth = DCsmarthost
+
+# To use SMTP AUTH when sending to your smarthost, uncomment the above line,
+# "hosts_try_auth = DCsmarthost" and add the necessary information (password,
+# etc.) to the passwd.client file.
+# /usr/share/doc/exim4-base/README.SMTP-AUTH
+
diff --git a/debian/debconf/conf.d/transport/35_exim4-config_address_directory b/debian/debconf/conf.d/transport/35_exim4-config_address_directory
new file mode 100644
index 0000000..94541a4
--- /dev/null
+++ b/debian/debconf/conf.d/transport/35_exim4-config_address_directory
@@ -0,0 +1,13 @@
+# This transport is used for handling file addresses generated by alias
+# or .forward files if the path ends in "/", which causes it to be treated
+# as a directory name rather than a file name.
+
+address_directory:
+  debug_print = "T: address_directory for $local_part@$domain"
+  driver = appendfile
+  envelope_to_add = true
+  return_path_add = true
+  check_string = ""
+  escape_string = ""
+  maildir_format
+
diff --git a/debian/debconf/default_acl b/debian/debconf/default_acl
new file mode 100644
index 0000000..452615c
--- /dev/null
+++ b/debian/debconf/default_acl
@@ -0,0 +1,48 @@
+Access Control in the default configuration
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+The Debian exim 4 package comes with a default configuration that
+allows flexible access control and blacklisting of sites and hosts.
+The acls involved can be found in /etc/exim4/conf.d/acl with the file
+names 20_exim4-config_whitelist_local_deny and 30_exim4-config_check_rcpt,
+thus all rejections of messages due to this mechanism happen at RCPT
+time. Local configuration of the mechanisms happen through data files
+in /etc/exim4, so there is normally no need to change the files in the
+acl subdirectory.
+
+/etc/exim4/local_sender_blacklist contains a list of envelope senders
+whose messages will be denied with the error message "locally
+blacklisted".  This is a full exim 4 address list, and all available
+features can be used. This includes negative items, and so it is
+possible to exclude addresses from being blacklisted. For convenience,
+as an additional method to whitelist addresses from being blocked, an
+explicit whitelist is read in from /etc/exim4/local_sender_whitelist.
+Entries in the whitelist override corresponding blacklist entries.
+
+In the blacklist, the trick is to read a line break as "or" if it
+follows a positive item, and as "and" if it follows a negative item.
+
+For example, a /etc/exim4/local_sender_blacklist
+
+domain1.example
+!local@domain2.example
+domain2.example
+domain3.example
+
+Exim just evaluates left to right (or up-down in the file listing
+context), so you don't get the same kind of operator binding as in a
+programming language.
+
+/etc/exim4/local_host_blacklist contains a list of IP addresses,
+networks and host names whose messages will be denied with the error
+message "locally blacklisted". This is a full exim 4 host list. Again,
+negative items can be used here, and there is also an explicit
+whitelist read in from /etc/exim4/local_host_whitelist, and whitelist
+entries override blacklistings.
+
+The example access list shipped in
+/usr/share/doc/exim4-config/examples/acl/30_exim4-config_example_check_rcpt
+includes a bunch of dnslists configured to warn and/or deny incoming
+messages. Some of these lists have a corresponding whitelist, read
+in from /etc/exim4/local_$DNSLISTNAME_whitelist which allows the local
+administrator to override dnslist entries for domains or IP addresses
+that should be able to send mail despite the dnslist entry.
diff --git a/debian/debconf/update-exim4.conf b/debian/debconf/update-exim4.conf
new file mode 100644
index 0000000..2399388
--- /dev/null
+++ b/debian/debconf/update-exim4.conf
@@ -0,0 +1,360 @@
+#!/bin/sh
+# update-exim4.conf(8) - Generate /var/lib/exim4/config.autogenerated
+
+
+UPEX4C_confdir="/etc/exim4"
+UPEX4C_sections="main acl router transport retry rewrite auth"
+EXIM="/usr/sbin/exim4"
+
+UPEX4C_verbose=no
+UPEX4C_comments=no
+UPEX4C_autoconfigfile=/var/lib/exim4/config.autogenerated
+UPEX4C_outputfile="${UPEX4C_autoconfigfile}"
+UPEX4C_version=""
+
+usage() {
+cat <<EOF
+$0 - Generate exim4 configuration files
+       Options:
+       -v|--verbose - Enable verbose mode, tell about ignored files
+       -h|--help - Show this message
+       --keepcomments - Do not remove comment lines
+       --removecomments - Remove comment lines
+       -o|--output file - write output to file instead of ${UPEX4C_outputfile}
+       -d|--confdir directory - read input from given directory instead of ${UPEX4C_confdir}
+EOF
+}
+
+## Parse commandline
+TEMP=$(getopt -n update-exim4.conf \
+	-l keepcomments,removecomments,output:,confdir:,help,verbose -- \
+	+o:d:vh "$@")
+
+if test "$?" != 0; then
+	echo "Terminating..." >&2
+	exit 1
+fi
+
+eval set -- ${TEMP}
+while test "$1" != "--"; do
+	case $1 in
+		-h|--help)
+			usage
+			exit 0
+		;;
+		-v|--verbose)
+			UPEX4C_verbose=yes
+		;;
+		--keepcomments)
+			UPEX4C_comments=yes
+		;;
+		--removecomments)
+			UPEX4C_comments=no
+		;;
+		-o|--output)
+			shift
+			UPEX4C_outputfile="$1"
+		;;
+		-d|--confdir)
+			shift
+			UPEX4C_confdir="$1"
+		;;
+	esac
+	shift
+done
+shift
+
+# No non-option arguments allowed.
+if [ "$#" -ne 0 ]; then
+	echo "No non option arguments ($@) allowed" >&2
+	usage >&2
+	exit 1
+fi
+
+# exit immediately if /etc/exim4/exim4.conf exists and -o was not specified
+if [ -e /etc/exim4/exim4.conf ] && \
+  [ "x${UPEX4C_outputfile}" = "x${UPEX4C_autoconfigfile}" ] ; then
+  exit 0
+fi
+
+
+UPEX4C_confd=$UPEX4C_confdir/conf.d
+
+[ -d ${UPEX4C_confd} ] || \
+{ printf "$0: Error, no ${UPEX4C_confd}, exiting.\n" 1>&2 ; exit 1 ; }
+
+[ -d `dirname $UPEX4C_outputfile` ] || \
+{ printf "$0: Error, missing `dirname $UPEX4C_outputfile`, exiting.\n" 1>&2 ; exit 1 ; }
+
+. $UPEX4C_confdir/update-exim4.conf.conf || \
+{ printf "$0: Error, no $UPEX4C_confdir/update-exim4.conf.conf, exiting.\n" 1>&2 ; exit 1 ; }
+
+[ "x${CFILEMODE}" = "x" ] && CFILEMODE=644
+[ "x${dc_use_split_config}" = "x" ] && dc_use_split_config='false'
+
+mailname=`cat /etc/mailname | head -n 1`
+
+# add localhost and mailname, get rid of spaces and trailing colons
+local_domains="`echo ${mailname}:localhost:${dc_other_hostnames} | \
+	sed -e 's�[: ]*$��' -e 's� *��'`"
+	
+TEMPLATEFILE=${UPEX4C_confdir}/exim4.conf.template
+
+UPEX4C_internal_tmp=`tempfile -m600 -p ex4`
+
+trap "rm -f ${UPEX4C_internal_tmp}" 0 2 15
+
+# test if $1 is user modified, print message
+unmodifandmessage() {
+	[ "$#" -eq 1 ] || return 1
+	if unmodified "$1" ; then
+		return 0
+	else
+		[ "${UPEX4C_verbose}" = "yes" ] && \
+			echo "ignoring user modified file $1"
+		return 1
+	fi
+}	
+
+# 0123456789abcdef0123456789abcdef
+
+
+
+# use this as template for new gen_something functions.
+UPEX4C_skeleton() {
+	UPEX4C_internal_currfile="${UPEX4C_confd}/foo/bar"
+	unmodifandmessage "${UPEX4C_internal_currfile}" || return
+	cat << EOF > "${UPEX4C_internal_tmp}"
+# ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+# This is an md5sum.
+#######################################
+# WARNING WARNING WARNING WARNING
+# This file is dynamically generated by update-exim4.conf(8) using the data
+# in /etc/exim4/update-exim4.conf.conf.
+EOF
+# insert more code that appends to ${UPEX4C_internal_tmp}
+	UPEX4C_internal_md5=`cat "${UPEX4C_internal_tmp}" | md5sum | cut -d\  -f1`
+	{ echo "# ${UPEX4C_internal_md5}" ; cat "${UPEX4C_internal_tmp}" ; } > \
+		"${UPEX4C_internal_currfile}"
+}
+
+# run-parts emulation, stolen from Branden's /etc/X11/Xsession
+# Addition: Use file.rul instead if file if it exists.
+run_parts () {
+	# reset LC_COLLATE
+	unset LANG LC_COLLATE LC_ALL
+
+	if [ -z "$1" ]; then
+		errormessage "$0: internal run_parts called without an argument"
+	fi
+	if [ ! -d "$1" ]; then
+		errormessage "$0: internal run_parts called, but $1 does not exist or is not a directory."
+	fi
+	for F in $(ls $1); do
+		if expr "$F" : '[[:alnum:]_-]\+$' > /dev/null 2>&1; then
+			if [ -f "$1/$F" ] ; then
+				if [ -f "$1/${F}.rul" ] ; then
+					echo "$1/${F}.rul"
+				else
+					echo "$1/$F"
+				fi
+			fi
+		fi
+	done;
+}
+# also from Branden
+errormessage () {
+	# pretty-print messages of arbitrary length (no trailing newline)
+	echo "$*" | fold -s -w ${COLUMNS:-80} >&2;
+}
+
+cat_parts() {
+       if [ -z "$1" ]; then
+               errormessage "$0: internal cat_parts called without an argument"
+       fi
+       if [ ! -d "$1" ]; then
+               errormessage "$0: internal cat_parts called, but $1 does not exist or is not a directory."
+       fi
+       for file in `run_parts $1`; do
+               echo "#####################################################"
+               echo "### $file"
+               echo "#####################################################"
+               cat $file
+               echo "#####################################################"
+               echo "### end $file"
+               echo "#####################################################"
+       done
+}
+
+# check whether the file given as argument was modified by the user
+# by comparing the md5sum in the first line with the real one.
+unmodified() {
+	[ "$#" -eq 1 ] || return 1
+	[ -f "$1" ] || return 1
+	# first line, without the leading '# '.
+	checksum_current=`sed -n -e '1s/^# //' -e '1p;1q' "$1"`
+
+	# md5sum over the rest of the file.
+	# some versions of md5sum produce
+	# '68b329da9893e34099c7d8ad5cb9c940  -' others don't add the dash.
+	# '68b329da9893e34099c7d8ad5cb9c940'
+	checksum_new=`sed -n '2,$p' "$1" | md5sum | cut -d\  -f1`
+
+	if [ "${checksum_current}" = "${checksum_new}" ] ; then
+		return 0
+	else
+		return 1
+	fi
+}
+
+# update the md5sum given in the first line, return an error if the file does
+# not have an md5sum header in the first line.
+updatechecksumheader() {
+	[ "$#" -eq 1 ] || return 1
+	[ -f "$1" ] || return 1
+	# check for correct format "# 76a51391da4a0687697224a124b71a17"
+	sed -n -e '1p;1q' "$1" | grep -q -E '^# [[:xdigit:]]{32}$' || \
+		{ echo "incorrect format" ; return 1 ;}
+
+	NEWFILE=`tempfile -m600 -p ex4`
+	sed -n '2,$p' "$1" | md5sum | cut -d\  -f1 | sed '1s/^/# /' > $NEWFILE
+	sed -n '2,$p' "$1" >> $NEWFILE
+	mv -f $NEWFILE "$1"
+}
+
+gentmpconf() {
+	touch ${UPEX4C_outputfile}.tmp
+	#chown --reference=${TEMPLATEFILE} \
+	#	${UPEX4C_outputfile}.tmp ${UPEX4C_outputfile}
+	#chmod --reference=${TEMPLATEFILE} \
+	#		${UPEX4C_outputfile}.tmp ${UPEX4C_outputfile}
+	if [ "`id -u`" = "0" ]; then 
+		chown root:Debian-exim ${UPEX4C_outputfile}.tmp
+		[ -e ${UPEX4C_outputfile} ] && \
+		chown root:Debian-exim ${UPEX4C_outputfile}
+	fi
+	chmod 640 ${UPEX4C_outputfile}.tmp
+	[ -e ${UPEX4C_outputfile} ] && chmod 640 ${UPEX4C_outputfile}
+}
+
+removecomments(){
+	if [ "x${UPEX4C_comments}" = "xno" ] ; then
+		egrep -v '^[[:space:]]*#' | sed -e '/^$/N;/\n$/D' ;
+	else
+		cat
+	fi
+}
+
+case "$dc_eximconfig_configtype" in
+	satellite)
+	;;
+	local)
+	;;
+	smarthost|internet)
+	;;
+	none|*)
+		gentmpconf
+		for i in ${UPEX4C_sections} ; do
+			cat_parts ${UPEX4C_confd}/$i
+		done | \
+		removecomments \
+		sed -e "s/DEBCONF[^D][^E][^B].*DEBCONF//g" \
+			> ${UPEX4C_outputfile}.tmp
+		mv -f ${UPEX4C_outputfile}.tmp ${UPEX4C_outputfile}
+		chmod ${CFILEMODE} ${UPEX4C_outputfile}
+		[ "${UPEX4C_verbose}" = "yes" ] && \
+			echo "Not substituting variables since conftype is none (or other)"
+		exit 0
+	;;
+esac
+
+if [ "x${dc_local_interfaces}" = "x" ] ; then
+	listenonpublic='# if local_interfaces is unset, we listen on all interfaces'
+else
+	listenonpublic="local_interfaces = ${dc_local_interfaces}"
+fi
+
+if [ "x${dc_minimaldns}" = "xtrue" ] ; then
+	UPEX4C_minimaldns='DC_minimaldns = 1'
+else
+	UPEX4C_minimaldns=''
+fi
+
+gentmpconf
+
+cat << EOF > ${UPEX4C_outputfile}.tmp
+#########
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# this file is generated dynamically from the files in
+# CONFDIR/conf.d/ or /etc/exim4/exim4.conf.template respectively and
+# /etc/exim4/update-exim4.conf.conf
+# Any changes you make here will be lost.
+# See /usr/share/doc/exim4-base/README.Debian.gz and update-exim4.conf(8)
+# for instructions of customization.
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+# WARNING WARNING WARNING
+#########
+EOF
+
+case "${dc_use_split_config}" in
+true)
+	for i in ${UPEX4C_sections} ; do
+		echo "# begin processing $i #####"
+		cat_parts ${UPEX4C_confd}/$i
+		echo "# end of $i  #####"
+	done | \
+	sed -e "s�DEBCONFlocal_domainsDEBCONF�@:${local_domains}�g" \
+		-e "s�DEBCONFrelay_domainsDEBCONF�${dc_relay_domains}�g" \
+		-e "s�DEBCONFrelay_netsDEBCONF�${dc_relay_nets}�g" \
+		-e "s�DEBCONFvisiblenameDEBCONF�${mailname}�g" \
+		-e "s�DEBCONFreadhostDEBCONF�${dc_readhost}�g" \
+		-e "s�DEBCONFsmarthostDEBCONF�${dc_smarthost}�g" \
+		-e "s�DEBCONFconfigtypeDEBCONF�${dc_eximconfig_configtype}�g" \
+		-e "s�DEBCONFlistenonpublicDEBCONF�${listenonpublic}�g" \
+		-e "s�DEBCONFpackageversionDEBCONF�${UPEX4C_version}�g" \
+		-e "s�DEBCONFminimaldnsDEBCONF�${UPEX4C_minimaldns}�g" \
+		-e "s�DEBCONFnever_usersDEBCONF��g" \
+	| removecomments \
+		>> ${UPEX4C_outputfile}.tmp
+;;
+false)
+	if [ ! -r /etc/exim4/exim4.conf.template ] ; then
+		echo "Error: Unsplit config selected and /etc/exim4/exim4.conf.template missing ... exiting" 1>&2
+		exit 1
+	fi
+	sed -e "s�DEBCONFlocal_domainsDEBCONF�@:${local_domains}�g" \
+		-e "s�DEBCONFrelay_domainsDEBCONF�${dc_relay_domains}�g" \
+		-e "s�DEBCONFrelay_netsDEBCONF�${dc_relay_nets}�g" \
+		-e "s�DEBCONFvisiblenameDEBCONF�${mailname}�g" \
+		-e "s�DEBCONFreadhostDEBCONF�${dc_readhost}�g" \
+		-e "s�DEBCONFsmarthostDEBCONF�${dc_smarthost}�g" \
+		-e "s�DEBCONFconfigtypeDEBCONF�${dc_eximconfig_configtype}�g" \
+		-e "s�DEBCONFlistenonpublicDEBCONF�${listenonpublic}�g" \
+		-e "s�DEBCONFpackageversionDEBCONF�${UPEX4C_version}�g" \
+		-e "s�DEBCONFminimaldnsDEBCONF�${UPEX4C_minimaldns}�g" \
+		-e "s�DEBCONFnever_usersDEBCONF��g" \
+		< /etc/exim4/exim4.conf.template \
+	| removecomments \
+		>> ${UPEX4C_outputfile}.tmp
+;;
+esac
+
+# test validity if called without -o
+if [ "x${UPEX4C_outputfile}" = "x${UPEX4C_autoconfigfile}" ] && \
+	[ -x ${EXIM} ] ; then
+	if ! ${EXIM} -C "${UPEX4C_outputfile}.tmp" -bV > /dev/null ; then
+		errormessage "Invalid new configfile ${UPEX4C_outputfile}.tmp"
+		errormessage "not installing ${UPEX4C_outputfile}.tmp to ${UPEX4C_outputfile}"
+		exit 1
+	fi
+fi
+
+mv -f ${UPEX4C_outputfile}.tmp ${UPEX4C_outputfile}
+chmod ${CFILEMODE} ${UPEX4C_outputfile}