The first part of the configuration file contains the main configuration settings. Each setting occupies one line of the file, except that string values can be continued onto multiple lines as described in section "String" in chapter "The Exim configuration file". All macro definitions must be in this part of the file -- they differ from options settings by starting with an upper-case letter (see section "Macros in the configuration file" in chapter "The Exim configuration file"). The available options are as follows:
Option: accept_8bitmime
Type: boolean
Default: false
This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL FROM commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.
Option: accept_timeout
Type: time
Default: 0s
This sets the timeout for accepting a non-SMTP message, that is, the maximum time that Exim waits when reading a message on the standard input. If the value is zero, it will wait for ever. This setting is overridden by the `-or' command option.
Option: address_directory_transport
Type: string
Default: "address_directory"
This sets the default name of the transport driver that is to be used when the expansion of the local part of an address by an aliasing or forwarding director results in a path ending in `/', implying delivery of each message into a separate file in some directory. This transport is used only if the director's own `directory_transport' option is not set.
Option: address_directory2_transport
Type: string
Default: "address_directory2"
This sets the default name of the transport driver that is to be used when the expansion of the local part of an address by an aliasing or forwarding director results in a path ending in `//'. The reason for having both `address_directory' and `address_directory2' is to allow for the rare circumstance in which both maildir and non-maildir format delivery is required. This transport is used only if the director's own `directory2_transport' option is not set.
Option: address_file_transport
Type: string
Default: "address_file"
This sets the default name of the transport driver that is to be used when the expansion of the local part of an address by an aliasing or forwarding director results in a file name. This transport is used only if the director's own `file_transport' option is not set.
Option: address_pipe_transport
Type: string
Default: "address_pipe"
This sets the default name of the transport driver that is to be used when the expansion of the local part of an address by an aliasing or forwarding director results in a pipe command. This transport is used only if the director's own `pipe_transport' option is not set.
Option: address_reply_transport
Type: string
Default: "address_reply"
This sets the default name of the transport driver that is to be used when the expansion of the local part of an address by a forwarding director results in the generation of an automatic reply. This transport is used only if the director's own `reply_transport' option is not set.
Option: always_bcc
Type: boolean
Default: false
Exim adds a `To:' header to messages whose recipients are given on the command line when there is no `To:', `Cc:', or `Bcc:' in the message. In other cases of missing recipient headers, it just adds an empty `Bcc:' header to make the message conform with RFC 822. Setting `always_bcc' causes it to add an empty `Bcc:' in all cases. This can be helpful in conjunction with mailing list software that passes recipient addresses on the command line.
Option: auto_thaw
Type: time
Default: 0s
If this option is set to a non-zero time, a new delivery is attempted on frozen messages if this much time has passed since the message was frozen.
Option: bi_command
Type: string
Default: unset
This option supplies the name of a command that is run when Exim is called with the `-bi' option (see chapter "The Exim command line"). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the `-oA' command line option.
Option: check_log_inodes
Type: integer
Default: 0
See `check_spool_space' below.
Option: check_log_space
Type: integer
Default: 0
See `check_spool_space' below.
Option: check_spool_inodes
Type: integer
Default: 0
See `check_spool_space' below.
Option: check_spool_space
Type: integer
Default: 0
The four `check_...' options allow for checking of disc resources before a message is accepted: `check_spool_space' and `check_spool_inodes' check the spool partition if either value is greater than zero, for example:
check_spool_space = 10M check_spool_inodes = 100
`check_log_space' and `check_log_inodes' check the partition in which log files are written if either is greater than zero. These should be set only if `log_file_path' is set to point to a different partition to the spool directory.
If there is less space or fewer inodes than requested, Exim refuses to accept incoming mail. In the case of SMTP input this is done by giving a 452 temporary error response to the MAIL FROM command. If ESMTP is in use and there was a SIZE parameter on the MAIL FROM command, its value is added to the `check_spool_space' value, and the check is performed even if `check_spool_space' is zero.
For non-SMTP input and for batched SMTP input, the test is done at start-up; on failure a message is written to stderr and Exim exits with a non-zero code, as it obviously cannot send an error message of any kind.
Option: collapse_source_routes
Type: boolean
Default: false
If this option is set, then source-routed mail addresses are stripped down to their final components.
Option: daemon_smtp_service
Type: string
Default: unset
This option specifies the numerical port number or the service name equivalent on which the daemon is to listen for incoming SMTP calls. It is overridden by `-oX' on the command line. If this option is not set, the service name `smtp' is used.
Option: debug_level
Type: integer
Default: 0
This option sets the debug level, thus enabling it to be set when calling Exim from an MUA, but it is overridden by the use of `-d' on the command line.
Option: debug_transport
Type: string
Default: unset
This option can be set only when Exim has been compiled to include the `debug' transport. It causes all deliveries to be subverted by substituting a call to the `debug' transport. This appends information about the address, and a copy of the message, to the file whose name is specified by this option. No locking is used. When local deliveries are being subverted in this way, the file must be set up as writeable by the user under whose uid the delivery process will run. It is recommended that Exim not be compiled with the `debug' option as a matter of course.
Option: delay_warning
Type: time-list
Default: 24h
When a message is delayed, Exim sends a warning message to the sender at intervals specified by this option. If it is set to a zero, no warnings are sent. The data is a colon-separated list of times after which to send warning messages. Up to 10 times may be given. If a message has been on the queue for longer than the last time, the last interval between the times is used to compute subsequent warning times. For example, with
delay_warning = 4h:8h:24h
the first message is sent after 4 hours, the second after 8 hours, and subsequent ones every 16 hours thereafter. To stop warnings after a given time, set a huge subsequent time.
Option: delay_warning_condition
Type: string
Default: unset
The string is expanded at the time a warning message might be sent. If the result of the expansion is a forced failure, an empty string, or a string matching any of `0', `no' or `false' (the comparison being done caselessly) then the warning message is not sent. For example
delay_warning_condition = "\ ${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}"
suppresses the sending of warnings about messages that have `bulk' or `list' or `junk' in a `Precedence:' header. Note that the colon to terminate the header name is necessary because } may legally occur in header names.
Option: deliver_load_max
Type: fixed-point
Default: unset
When this option is set, no message deliveries are ever done if the system load average is greater than its value, except for deliveries forced with the `-M' option. If `deliver_queue_load_max' is not set and the load gets this high during a queue run, the run is abandoned. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect.
Option: deliver_queue_load_max
Type: fixed-point
Default: unset
If this option is set, its value is used to determine whether to abandon a queue run, instead of the value of `deliver_load_max'.
Option: delivery_date_remove
Type: boolean
Default: true
Exim's local transports (`appendfile' and `pipe') have an option for adding a `Delivery-date:' header to a message when it is delivered -- in exactly the same way as `Return-path:' is handled. `Delivery-date:' records the actual time of delivery. Such headers should not be present in outgoing messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.
Option: dns_again_means_nonexist
Type: domain-list
Default: unset
DNS lookups give a `try again' response for the DNS error `non-Authoritive host found or SERVERFAIL'. This can cause Exim to keep trying to deliver a message, or to give repeated temporary errors to incoming mail. Sometimes the effect is caused by a badly set up nameserver and may persist for a long time. If a domain which exhibits this problem matches anything in `dns_again_means_nonexist' then it is treated as if it did not exist. This option should be used with care.
Option: dns_retrans
Type: time
Default: 0s
The options `dns_retrans' and `dns_retry' can be used to set the retransmission and retry parameters for DNS lookups. Values of zero (the defaults) leave the system default settings unchanged. The first value is the time between retries, and the second is the number of retries. It isn't totally clear exactly how these settings affect the total time a DNS lookup may take. I haven't found any documentation about timeouts on DNS lookups; these parameter values are available in the external resolver interface structure, but nowhere does it seem to describe how they are used or what you might want to set in them.
Option: dns_retry
Type: integer
Default: 0
See `dns_retrans' above.
Option: envelope_to_remove
Type: boolean
Default: true
Exim's local transports (`appendfile' and `pipe') have an option for adding an `Envelope-to:' header to a message when it is delivered -- in exactly the same way as `Return-path:' is handled. `Envelope-to:' records the original recipient address in the envelope that caused the delivery. Such headers should not be present in outgoing messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.
Option: errmsg_text
Type: string
Default: unset
If `errmsg_text' is set, its contents are included in the default error message immediately after `This message was created automatically by mail delivery software.' It is not used if `errmsg_file' is set.
Option: errmsg_file
Type: string
Default: unset
This option defines a template file containing paragraphs of text to be used for constructing the message which is sent by Exim in the case of a delivery failure. Details of the file's contents are given in chapter "Customizing error and warning messages". See also `warnmsg_file'.
Option: errors_address
Type: string
Default: "postmaster"
The mail address to which Exim will send certain error reports. As the default is specified without a domain, it will be sent to the domain specified by the `qualify_recipient' option. If this address is specified with a domain, it must be a fully qualified domain.
Option: errors_copy
Type: string-list
Default: unset
Setting this option causes Exim to send bcc copies of delivery failure reports to other addresses. The value is a colon-separated list of items; each item consists of a pattern and an address list, separated by white space. If the pattern matches the recipient of the delivery error report, the message is copied to the addresses on the list. The items are scanned in order, and once a matching one is found, no further items are examined. For example:
errors_copy = "spqr@mydomain postmaster@mydomain :\ rqps@mydomain mailmaster@mydomain,\ postmaster@mydomain"
Each pattern can be a single regular expression, indicated by starting it with a circumflex; alternatively, either portion (local part, domain) can start with an asterisk, or the domain can be in any format that is acceptable as an item in a domain list, including a file lookup. A regular expression is matched against the entire (fully qualified) recipient; non-regular expressions must contain both a local part and domain, separated by @.
The address list is a string which is expanded, and must end up as a comma-separated list of addresses. It is used to construct a `Bcc:' header which is added to the error message. The expansion variables `local_part' and `domain' are set from the original recipient of the error message, and if there was any wildcard matching, the expansion variables `$0', `$1', etc. are set in the normal way.
Option: errors_reply_to
Type: string
Default: unset
Exim's delivery error messages contain the header
From: Mail Delivery System <Mailer-Daemon@${qualify_domain}>
(where string expansion notation is used to show a variable substitution). Experience shows that a large number of people reply to such messages. If the `errors_reply_to' option is set, a `Reply-to:' header is added. The option must specify the complete header body.
Option: exim_group
Type: string
Default: "compile-time configured (can be unset)"
This option sets the gid under which Exim runs when it gives up root privilege. It is used only when `exim_user' is also set. Unless it consists entirely of digits, the string is looked up using `getgrnam()', and failure causes a configuration error. See chapter "Security considerations" for a discussion of security issues.
Option: exim_path
Type: string
Default: "see below"
This option specifies the path name of the Exim binary, which is used when Exim needs to re-exec itself. The default is set up to point to the file `exim' in the directory configured at compile time by the BIN_DIRECTORY setting. It is necessary to change `exim_path' if Exim is run from some other place.
Option: exim_user
Type: string
Default: "compile-time configured (can be unset)"
This option sets the uid under which Exim runs when it gives up root privilege. Unless it consists entirely of digits, the string is looked up using `getpwnam()', and failure causes a configuration error. If `exim_group' is not also supplied, the gid is taken from the result of `getpwnam()' if it is used. If the resulting uid is the root uid, it has the effect of unsetting this option. See chapter "Security considerations" for a discussion of security issues. Note that the ownership of the runtime configuration file is checked against the compile-time setting of this parameter, not what is set here.
Option: finduser_retries
Type: integer
Default: 0
On systems running NIS or other schemes in which user and group information is distributed from a remote system, there can be times when `getpwnam()' and related functions fail, even when given valid data, because things time out. Unfortunately these failures cannot be distinguished from genuine `not found' errors. If `finduser_retries' is set greater than zero, Exim will try that many extra times to find a user or a group, waiting for one second between tries.
Option: forbid_domain_literals
Type: boolean
Default: false
If this option is set, the RFC 822 domain literal format is not permitted in addresses.
Option: freeze_tell_mailmaster
Type: boolean
Default: false
On encountering certain errors, Exim freezes a message, which means that no further delivery attempts take place until an administrator thaws it. If this option is set, a message is sent to `errors_address' every time a message is frozen, unless the message is itself a delivery error message. (Without this exception there is the possibility of looping.) If several of the message's addresses cause freezing, only a single message is sent to the mail administrator. The reason(s) for freezing will be found in the message log.
Option: gecos_name
Type: string
Default: unset
Some operating systems, notably HP-UX, use the `gecos' field in the system password file to hold other information in addition to users' real names. Exim looks up this field for use when it is creating `Sender:' or `From:' headers. If either `gecos_pattern' or `gecos_name' are unset, the contents of the field are used unchanged, except that, if an ampersand is encountered, it is replaced by the user's login name with the first character forced to upper-case, since this is a convention that is observed on many systems.
When these options are set, `gecos_pattern' is treated as a regular expression that is to be applied to the field (again with & replaced by the login name), and if it matches, `gecos_name' is expanded and used as the user's name. Numeric variables such as `$1', `$2', etc. can be used in the expansion to pick up sub-fields that were matched by the pattern. In HP-UX, where the user's name terminates at the first comma, the following can be used:
gecos_pattern = "([^,]*)" gecos_name = $1
Option: gecos_pattern
Type: string
Default: unset
See `gecos_name' above.
Option: headers_check_syntax
Type: boolean
Default: false
This option causes Exim to check the syntax of all headers that can contain lists of addresses (`Sender:', `From:', `Reply-to:', `To:', `Cc:', and `Bcc:') on all incoming messages (both local and SMTP). This is a syntax check only, to catch real junk such as
To: user@
Like the `headers_sender_verify' options, the rejection happens after the end of the data, but it is also controlled by `headers_checks_fail'; if that is unset, the message is accepted and a warning is written to the reject log.
If the message contains any headers starting with `Resent-' then it is that set of headers which is checked.
Option: headers_checks_fail
Type: boolean
Default: true
If this option is true, failure of any header check (see below) causes the message to be rejected. If it is false, a warning message is written to the reject log.
Option: headers_sender_verify
Type: boolean
Default: false
If this option is set with `sender_verify', and the sending host does not match `sender_verify_except_hosts' or `sender_verify_except_nets', Exim insists on there being at least one verifyable address in one of the `Sender:', `Reply-to:', or `From:' headers (which are checked in that order) on all incoming SMTP messages. If one cannot be found, the message is rejected, unless `headers_checks_fail' is unset, in which case a warning entry is written to the reject log.
If there are any headers whose names start with `Resent-', then it is that set of headers which is checked. If there is more than one instance of a particular header, all of them are checked.
Unfortunately, because it has to read the message before doing this check, the rejection happens after the end of the data, and it is known that some mailers do not treat hard (5xx) errors correctly at this point -- they keep the message on their spools and try again later, but that is their problem, though it does waste some resources.
Option: headers_sender_verify_errmsg
Type: boolean
Default: false
This option acts like `headers_sender_verify', except that it applies only to messages whose envelope sender is `<>', that is, delivery error messages whose sender cannot be verified at the time the SMTP MAIL FROM command is received.
Option: helo_string_syntax
Type: boolean
Default: false
Because so many systems have been found to use underscores in the names they send in the SMTP HELO command, Exim by default permits them, though it is not in fact legal to use underscores in domain names. If `helo_strict_syntax' is set, underscores are not permitted in HELO or EHLO commands.
Option: helo_verify
Type: boolean
Default: false
The RFCs mandate that a server must not reject a message because it doesn't like the HELO or EHLO command, or indeed if there isn't a HELO or EHLO command at all. However, some sites like to be stricter. If `helo_verify' is set, Exim checks incoming calls from all hosts that do not match `helo_verify_except_hosts' or `helo_verify_except_nets', and accepts an incoming SMTP call only if:
and
If no HELO or EHLO is given, MAIL FROM commands are rejected; if a bad HELO or EHLO is given, it is rejected with a 550 error. Rejections are logged in the main and reject logs.
Option: helo_verify_except_hosts
Type: host-list
Default: unset
See `helo_verify' above.
Option: helo_verify_except_nets
Type: net-list
Default: unset
See `helo_verify' above.
Option: helo_verify_nets
Type: net-list
Default: unset
This option is an obsolete name for `host_lookup_nets' that is retained for backward compatibility.
Option: hold_domains
Type: domain-list
Default: unset
This option, together with `hold_domains_except', allows mail for particular domains to be held on the queue manually. The options are overridden if a message delivery is forced with the `-M' or `-qf' options. Otherwise, if a domain matches an item in `hold_domains' and does not match any item in `hold_domains_except', no routing or delivery for that address is done, and it is deferred every time the message is looked at. If `hold_domains_except' is set but `hold_domains' is unset, Exim acts as if `hold_domains' were set to `*', that is, all domains except those matching `hold_domains_except' are held.
These options are intended as temporary operational measures for delaying the delivery of mail while some problem is being sorted out, or some new configuration tested. They do not override Exim's message clearing away code, which removes messages from the queue if they have been there longer than the longest retry time in any retry rule. If you want to hold messages for longer than the normal retry times, insert a dummy retry rule with a long retry time.
Option: hold_domains_except
Type: domain-list
Default: unset
See `hold_domains' above.
Option: host_lookup_nets
Type: net-list
Default: unset
Exim does not look up the name of a calling host from its IP address unless it is required to compare against some host list, or `helo_verify' is set, or the address matches one of the networks in this option. The default configuration file contains
host_lookup_nets = 0.0.0.0/0
which causes a lookup to happen for all hosts. If the expense of these lookups is felt to be too great, the setting can be changed or removed. However, Exim always does a lookup if the domain name quoted in a HELO or EHLO command is the local host's own name or any of its local mail domains.
Option: ignore_errmsg_errors
Type: boolean
Default: false
If this option is set, failed addresses in error messages (that is, messages whose senders are `<>') are discarded (with a log entry). The default action is to freeze such messages for human attention.
Option: ignore_errmsg_errors_after
Type: time
Default: 0s
This option, if it is set to a non-zero time, acts as a delayed version of `ignore_errmsg_errors', which must be unset for this option to take effect. If an error message is frozen because of delivery failure, then it is unfrozen at the next queue run after the given time, and if delivery fails again, the error message is discarded. This makes it possible to keep failed error messages around for a shorter time than the normal maximum retry time.
Option: keep_malformed
Type: time
Default: 4d
This option specifies the length of time to keep messages whose spool files have been corrupted in some way. This should, of course, never happen. At the next attempt to deliver such a message, it gets removed. The incident is logged.
Option: kill_ip_options
Type: boolean
Default: true
IP packets can contain options which are source routing data that enables one host to pretend to be another. (Don't confuse IP source routing with source-routed mail addresses, which are something entirely different.) IP source routing is an obvious security risk, and many sites lock out such packets in their routers. Also, some operating systems are able to disable IP source routing at the kernel level.
If Exim receives an SMTP call with IP options set, it logs the options if `log_ip_options' is set. Then, if `refuse_ip_options' is set, it drops the call; otherwise, if `kill_ip_options' is set, it unsets the options on the outgoing socket and attempts to continue. To read the IP options, `getsockopt()' is used. On some versions of SunOS 4.1 this causes system crashes. There is a patch that fixes this problem, but it can be avoided by setting all three Exim options false.
Option: local_domains
Type: domain-list
Default: "see below"
This specifies a list of domains which are recognized as `local', that is, their delivery is handled in a special way by this MTA using directors rather than routers. If this option is not set, it defaults to the value of `qualify_recipient'.
The name of the local host is not by default recognized as a local mail domain; either it must be included in `local_domains', or the `local_domains_include_host' option must be set. If you want to accept mail addressed to your host in RFC 822 domain literal format, then `local_domains' must also include the appropriate `domains', consisting of IP addresses enclosed in square brackets. The `local_domains_include_host_literals' option can be set to add all IP addresses automatically.
It is possible to specify no local domains by specifying no data for this option, for example,
local_domains =
If there are very many local domains, then they can be stored in a file and looked up whenever this string is searched. See the discussion of domain lists in section "Domain lists" in chapter "The Exim configuration file".
Option: local_domains_include_host
Type: boolean
Default: false
If this option is set, the value of `primary_hostname' is added to the value of `local_domains', unless it is already present. This makes it possible to use the same configuration file on a number of different hosts. The same effect can be obtained by including the conventional item `@' (which matches the primary host name) in `local_domains'.
Option: local_domains_include_host_literals
Type: boolean
Default: false
If this option is set and `local_interfaces' is unset, the IP addresses of all the interfaces on the local host, with the exception of 127.0.0.1 (and ::1 on IPv6 systems), are added to the value of `local_domains', in domain literal format, that is, as dotted-quad strings enclosed in square brackets. If `local_interfaces' is set, then only those addresses it contains (again excluding 127.0.0.1 and ::1) are used.
Option: local_interfaces
Type: string-list
Default: unset
The string must contain a list of IP addresses in dotted-quad format. These are used for two different purposes:
If `local_interfaces' is unset, the daemon issues a generic `listen()' that accepts incoming calls from any interface, and it also gets a complete list of available interfaces and treats them all as local when routing mail. On most systems the default action is what is wanted. However, some systems set up large numbers of virtual interfaces in order to provide many different virtual web servers. In these cases `local_interfaces' can be used to restrict SMTP traffic to one or two interfaces only.
Option: locally_caseless
Type: boolean
Default: true
For most Unix systems it is desirable that local parts of local mail addresses be treated in a case-independent manner, since most users expect that mail to `OBailey' and `obailey', for example, will end up in the same mailbox. By default, Exim lower-cases local local parts at the start of processing them, on the assumption that account names in the password file are in lower-case. For installations that want to draw case distinctions, this option is provided. When turned off, local local parts are handled verbatim.
Option: log_all_parents
Type: boolean
Default: false
This option applies to deliveries of local addresses, where the original envelope address may be converted by (for example) an alias file into a `child' address which might itself be an alias. Thus in general there can be a chain of several addresses between the original one and the address to which the actual delivery is made. By default Exim logs the final address, followed by the original address in angle bracket.
Turning `log_all_parents' on causes all intermediate addresses between the original envelope address and the final delivery address to be included in delivery log lines in parentheses after the first address. Without this, intermediate addresses are not included, except that if the final delivery is a to pipe or file or autoreply, the immediately preceding parent address is listed.
Option: log_arguments
Type: boolean
Default: false
Setting this option causes Exim to write the arguments with which it was called to the main log. This is a debugging feature, added to make it easy to find out with what arguments certain MUAs call `/usr/lib/sendmail'. The logging does not happen if Exim has given up root privilege because it was called with the `-C' or `-D' options.
Option: log_file_path
Type: string
Default: "compile-time configured (may be unset)"
This option sets the path which is used to determine the names of Exim's log files. The string is expanded, so it can contain, for example, references to the host name. After expansion it must contain the string `%s' somewhere within it; this will be replaced with one of the strings `main', `panic', `process', or `reject' to form the final file name. For example,
log_file_path = /var/log/${primary_hostname}/exim_%slog
If this path string is fixed at your installation (contains no expansion variables) it is recommended that you do not set this option in the configuration file, but instead supply the path using LOG_FILE_PATH in `Local/Makefile' so that it is available to Exim for logging errors detected early on -- in particular failure to read the configuration file.
If no specific path is set for the log files, they are written in a sub-directory called `log' in Exim's spool directory.
Option: log_ip_options
Type: boolean
Default: true
See `kill_ip_options' above.
Option: log_level
Type: integer
Default: 5
This controls the amount of data written to the main log (see section "Log level" in chapter "Log files"). The higher the number, the more is written. At present a value of 6 or higher causes all possible messages to appear.
Option: log_received_recipients
Type: boolean
Default: false
When this option is set, the recipients of a message are listed in the main log as soon as the message is received. The list appears at the end of the log line that is written when a message is received, preceded by the word `for'. The addresses are listed after they have been qualified, but before any rewriting has taken place.
Option: log_received_sender
Type: boolean
Default: false
If this option is set, the unrewritten original sender of a message is added to the end of the log line that records the message's arrival, after the word `from' (before the recipients if `log_received_recipients' is also set).
Option: log_refused_recipients
Type: boolean
Default: false
If this option is set, an entry is written in the main and reject logs for each recipient that is refused for policy reasons. Otherwise cases where all recipients are to be refused just cause a single log entry for the message.
Option: log_rewrite
Type: boolean
Default: false
This option causes all address rewriting to get logged, as an aid to debugging rewriting rules.
Option: log_smtp_confirmation
Type: boolean
Default: false
This option causes the response to the final `.' in the SMTP dialog for outgoing messages to be added to delivery log lines in the form `C="<text>"'. A number of MTAs (including Exim from release 1.60) return an identifying string in this response, so logging this information allows messages to be tracked more easily. This global option applies to all SMTP transports.
Option: log_subject
Type: boolean
Default: false
This option causes a message's subject to be included in the arrival log line, in the form `T="<subject text>"'. T stands for `topic' (S is already used for `size').
Option: message_body_visible
Type: integer
Default: 500
This option specifies how much of a message's body is to be included in the `message_body' expansion variable.
Option: message_filter
Type: string
Default: unset
This option specifies a filter file which is applied to all messages before any routing or directing is done. This is called the `system message filter'. Details of this facility are given in chapter "System-wide message filtering".
Option: message_filter_directory_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when the `save' command in a system message filter specifies a path ending in `/', implying delivery of each message into a separate file in some directory. If this option is not set, the transport specified by the `address_directory_transport' option is used.
Option: message_filter_directory2_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when the `save' command in a system message filter specifies a path ending in `//'. The reason for having both `message_filter_directory' and `message_filter_directory2' is to allow for the rare circumstance in which both maildir and non-maildir format delivery is required. If this option is not set, the transport specified by the `address_directory2_transport' option is used.
Option: message_filter_file_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when the `save' command in a system message filter results in a path not ending in `/'. If this option is not set, the transport specified by the `address_file_transport' option is used.
Option: message_filter_group
Type: string
Default: unset
This option sets the gid under which the system message filter is run. The `seteuid()' or `setresuid()' function must be available in the operating system for a temporary change to be possible. If the filter generates any pipe, file, or reply addresses, the gid under which the filter is run is used when delivering to them. Unless the string consists entirely of digits, it is looked up using `getgrnam()', and failure causes a configuration error. If the option is not set, and either `message_filter_user' is unset or consists entirely of digits, the gid is not changed when running the filter. Otherwise the group is taken from the result of `getpwnam()'.
Option: message_filter_pipe_transport
Type: string
Default: unset 7
This sets the name of the transport driver that is to be used when a `pipe' command is used in a system message filter. If this option is not set, the transport specified by the `address_pipe_transport' option is used.
Option: message_filter_reply_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when a `mail' command is used in a system message filter. If this option is not set, the transport specified by the `address_reply_transport' option is used.
Option: message_filter_user
Type: string
Default: unset
This option sets the uid under which the system message filter is run. The `seteuid()' or `setresuid()' function must be available in the operating system for a temporary change to be possible. If the filter generates any pipe, file, or reply addresses, the uid under which the filter is run is used when delivering to them. If the option is not set, the uid is not changed when running the filter. Unless it consists entirely of digits, the string is looked up using `getpwnam()', and failure causes a configuration error.
Option: message_id_header_text
Type: string
Default: unset
If this variable is set, the string is expanded and used to augment the text of the `Message-id:' header that Exim creates if an incoming message does not have one. The text of this header is required by RFC 822 to take the form of an address. By default, Exim uses its internal message id as the local part, and the primary host name as the domain. If this option is set, it is expanded and inserted into the header immediately before the @, separated from the internal message id by a dot. Any characters that are illegal in an address are automatically converted into hyphens. This means that constructions like `${tod_log}' can be used, as the spaces and colons will become hyphens.
Option: message_size_limit
Type: integer
Default: 0
This option limits the maximum size of message that Exim will process. Zero means no limit. It should be set somewhat larger than `return_size_limit' if the latter is non-zero. Incoming SMTP messages are failed with a 552 error if the limit is exceeded; locally-generated messages either get a stderr message or a delivery failure message to the sender, depending on the `-oe' setting, in the normal way. Rejection of an oversized message is logged in both the main and the reject logs.
Option: never_users
Type: string-list
Default: unset
Local mail deliveries are run in processes that are setuid to the recipient. However, it is usually desirable to lock out root from this, as a safety precaution. If a message is to be delivered locally as any of the users on the `never_users' list, the process is run as `nobody' instead (see `nobody_user' below). A common example is
never_users = root:daemon:bin:exim
This option overrides the `pipe_as_creator' option of the `pipe' transport driver. If Exim is unable to find a uid for `nobody', it panics.
Option: nobody_group
Type: string
Default: unset
This specifies the group to use when a process is to be run as `nobody'. If it is unset, the value of the `nobody' user's default group is used.
Option: nobody_user
Type: string
Default: unset
This specifies the user to use when a process is to be run as `nobody'. If it is unset, Exim looks up the user `nobody' using `getpwnam()'. If this fails, Exim panics, writing a message to the panic log and exiting immediately.
Option: percent_hack_domains
Type: domain-list
Default: unset
The `percent hack' is the convention whereby a local part containing a percent sign is re-interpreted as a remote address, with the percent replaced by @. This is sometimes called `source routing', though that term is also applied to RFC 822 addresses that begin with an @ character. If this option is set, Exim implements the percent facility for those local domains listed, but no others. The option can be set to `*' to allow the percent hack for all local domains.
If options are set to control message relaying from incoming SMTP envelopes, they are also applied to relaying that is requested via the `percent hack'. See section "Control of relaying" in chapter "Other policy controls on incoming mail".
Option: pid_file_path
Type: string
Default: "compile-time configured (may be unset)"
This option sets the path which is used to determine the name of the file to which the Exim daemon writes its process id. The string is expanded, so it can contain, for example, references to the host name. After expansion it must contain the string `%s' somewhere within it; this will be replaced by the null string or a non-standard port number to form the final file name. For example,
pid_file_path = /var/log/${primary_hostname}/exim%s.pid
If no specific path is set for the file, it is written in Exim's spool directory.
Option: preserve_message_logs
Type: boolean
Default: false
If this option is set, message log files are not deleted when messages are completed. Instead, they are moved to a sub-directory of the spool directory called `msglog.OLD', where they remain available for statistical or debugging purposes. This is a dangerous option to set on systems with any appreciable volume of mail. Use with care!
Option: primary_hostname
Type: string
Default: "see below"
This specifies the name of the current host. This is used in the HELO command for outgoing SMTP messages, and as the default for `qualify_domain'. If it is not set, Exim calls `uname()' to find it. If this fails, Exim panics and dies. If the name returned by `uname()' contains only one component, Exim passes it to `gethostbyname()' in order to obtain the fully qualified version.
Option: print_topbitchars
Type: boolean
Default: false
By default, Exim considers only those characters whose codes lie in the range 32--126 to be printing characters. In a number of circumstances (for example, when writing log entries) non-printing characters are converted into escape sequences, primarily to avoid messing up the layout. If `print_topbitchars' is set, code values of 128 and above are also considered to be printing characters.
Option: prod_requires_admin
Type: boolean
Default: true
The `-M' and `-q' command-line options require the caller to be an admin user unless `prod_requires_admin' is set false.
Option: prohibition_message
Type: string
Default: unset
This option adds a site-specific message to the error response that is sent when an SMTP command fails for policy reasons, for example if the sending host is in a host reject list. Details of this facility are given in chapter "Other policy controls on incoming mail".
Option: qualify_domain
Type: string
Default: "see below"
This specifies the domain name that is added to any sender addresses that do not have a domain qualification. It also applies to recipient addresses if `qualify_recipient' is not set. Such addresses are accepted by default only for locally-generated messages -- messages from external sources must always contain fully qualified addresses, unless the sending host matches one of the `receiver_unqualified' or `sender_unqualified' options. If `qualify_domain' is not set, it defaults to the `primary_hostname' value.
Option: qualify_recipient
Type: string
Default: "see below"
This specifies the domain name that is added to any recipient addresses that do not have a domain qualification. Such addresses are accepted by default only for locally-generated messages -- messages from external sources must always contain fully qualified addresses, unless the sending host matches one of the `receiver_unqualified' or `sender_unqualified' options (see below). If `qualify_recipient' is not set, it defaults to the `qualify_domain' value.
Option: queue_only
Type: boolean
Default: false
If `queue_only' is set (which is equivalent to the `-odq' command line option), a delivery process is not automatically started whenever a message has been received. Instead, the message waits on the queue for the next queue run. Even if `queue_only' is false, incoming SMTP messages may not get delivered immediately if a lot of them arrive at once -- see the `queue_only_load' and `smtp_accept_queue' options.
Option: queue_only_load
Type: fixed-point
Default: unset
If the system load average is higher than this value, all incoming messages are queued, and no automatic deliveries are started. If this happens during local or remote SMTP input, all subsequent messages on the same connection are queued. Deliveries will subsequently be performed by queue running processes, unless the load is higher than `deliver_load_max'. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect. See also `smtp_accept_queue' and `smtp_load_reserve'.
Option: queue_remote
Type: boolean
Default: false
If this option (equivalent to the `-odqr' option) is set, a delivery process is started whenever a message is received, but only local addresses are handled, and only local deliveries take place, unless `queue_remote_except' is set, in which case addresses that contain matching remote domains are also handled. See also `queue_smtp', which is subtly different.
Option: queue_remote_except
Type: domain-list
Default: unset
This option lists domains for which `queue_remote' does not apply. It is checked against the domains supplied in the incoming addresses, before any widening is done (because that is part of routing).
Option: queue_run_in_order
Type: boolean
Default: false
If this option is set, queue runs happen in order of message arrival instead of in an arbitrary order.
Option: queue_run_max
Type: integer
Default: 5
This controls the maximum number of queue-running processes that the Exim daemon will run simultaneously. It does not, however, interlock with other processes, so additional queue-runners can be started by other means, or by killing and restarting the daemon.
Option: queue_smtp
Type: boolean
Default: false
If `queue_smtp' is set (which is equivalent to the `-odqs' command line option), a delivery process is started whenever a message has been received, directing and routing is performed, and local deliveries take place. However, if any SMTP deliveries are required for domains that do not match `queue_smtp_except', the message waits on the queue for the next queue run. Since routing of the message has taken place, Exim knows to which remote hosts it must be delivered, and so when the queue run happens, multiple messages for the same host are delivered over a single SMTP connection. See also `queue_remote', which is similar, but does not do the routing.
Option: queue_smtp_except
Type: domain-list
Default: unset
This option provides a list of domains to which `queue_smtp' does not apply.
Option: rbl_domains
Type: domain-list
Default: unset
This option is part of the support for Realtime Blocking Lists (RBL), details of which are given in chapter "Other policy controls on incoming mail". It can be set to a colon-separated list of DNS RBL domains in which to look up the inverted IP address of a calling host. If any lookup succeeds, and `rbl_reject_recipients' is set, mail from the host is blocked by refusing all recipients, except those listed in `recipients_reject_except'. If a lookup times out or otherwise fails to give a decisive answer, the mail is not blocked (by that entry in the list). When blocking occurs, an associated TXT record is looked up in the DNS, and if it exists, its contents are returned as part of the 550 rejection messages.
Option: rbl_except_nets
Type: net-list
Default: unset
Networks and individual hosts can be excepted from RBL checking by setting `rbl_except_nets'.
Option: rbl_reject_recipients
Type: boolean
Default: true
If this option is turned off, then any hosts that are found by searching `rbl_domains' are just logged rather than causing recipients to be rejected.
Option: rbl_warn_header
Type: boolean
Default: true
When this option is set and `rbl_reject_recipients' is false, an `X-RBL-Warning:' header is added to any message whose sending host is in any RBL. The header contains the contents of the DNS TXT record, if one was found.
Option: received_header_text
Type: string
Default: "see below"
This string defines the contents of the `Received:' message header that is added
to each message, except for the timestamp, which is automatically added on at
the end, preceded by a semicolon. The string is expanded each time it is used,
and the default is:
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
(Exim ${version_number} #${compile_number})\n\t\
${if def:received_for {for $received_for\n\t}}\
id ${message_id}"
The use of conditional expansions ensures that this works for both locally
generated messages and messages received from remote hosts, giving header lines
such as the following:
Received: from scrooge.carol.book ([240.1.12.25] ident=root)
by marley.carol.book with smtp (Exim 1.90 #1)
for cratchit@dickens.book
id E0tS3Ga-0005C5-00; Mon, 25 Dec 1995 14:43:44 +0000
Received: by scrooge.carol.book with local (Exim 1.90 #1)
id E0tS3GW-0005C2-00; Mon, 25 Dec 1995 14:43:41 +0000
Note the automatic addition of the date and time in the required format.
Option: received_headers_max
Type: integer
Default: 30
When a message is to be delivered, the number of `Received' headers is counted, and if it is greater than this parameter, a mail loop is assumed to have occurred, the delivery is abandoned, and an error message is generated. This applies to both local and remote deliveries. Earlier versions of Exim did this test only for remote deliveries, but because local deliveries (as Exim sees them) may in fact still cause a message to be transported to a remote host, it was changed.
Option: receiver_try_verify
Type: boolean
Default: false
See `receiver_verify'.
Option: receiver_unqualified_hosts
Type: host-list
Default: unset
This option lists those hosts from which Exim is prepared to accept unqualified receiver addresses. The addresses are made fully qualified by the addition of the `qualify_recipient' value. Typically the hosts are local ones, but if you want to imitate the behaviour of mailers that accept unqualified addresses from anywhere, specify
receiver_unqualified_hosts = *
Option: receiver_unqualified_nets
Type: net-list
Default: unset
This option lists those IP networks from any host on which Exim is prepared to accept unqualified receiver addresses. The addresses are made fully qualified by the addition of `qualify_domain'. Typically local networks are specified. This is a more efficient option than using a wildcarded partial entry in `receiver_unqualified_hosts', because no DNS lookup is required.
Option: receiver_verify
Type: boolean
Default: false
When this option is set, the addresses of recipients received from a remote host are verified as they are received, unless the host matches an entry in either `receiver_verify_except_hosts' or `receiver_verify_except_nets'. If `receiver_verify_addresses', is set, only those addresses that match are verified. If `receiver_verify_senders', or `receiver_verify_senders_except' is set, verification happens only for messages whose senders meet the criteria.
If an address is invalid, an incoming SMTP call gets an error response to the RCPT TO command. If an address cannot immediately be verified, a temporary error code is given. The `receiver_try_verify' option is less severe: it operates in the same way, except that an address is accepted if it cannot immediately be verified. Verification failures are logged.
Option: receiver_verify_addresses
Type: address-list
Default: unset
This option restricts receiver verification to those addresses it matches. The option is inspected only if `receiver_verify' or `receiver_try_verify' is set.
Option: receiver_verify_except_hosts
Type: host-list
Default: unset
See `receiver_verify' above.
Option: receiver_verify_except_nets
Type: net-list
Default: unset
See `receiver_verify' above.
Option: receiver_verify_senders
Type: address-list
Default: unset
This option, together with `receiver_verify_senders_except', allows receiver verification to be conditional upon the sender. These options are inspected only if `receiver_verify' or `receiver_try_verify' is set. If `receiver_verify_addresses' is also set, then the address must also match for verification to be successful.
Verification does not occur if the sender matches any item in `receiver_verify_senders_except' or if `receiver_verify_senders' is set and the sender address does not match any of its items.
If the null sender is required in the list of addresses, then it must not be the last item, as a null last item in a list is ignored. It is best placed at the start of the list. For example, to restrict receiver verification to messages with null senders and senders in the `.com' and `.org' domains, you could have
receiver_verify receiver_verify_senders = :*.com:*.org
If the null sender is the only entry required, then the list should consist of a single colon.
Option: receiver_verify_senders_except
Type: address-list
Default: unset
See `receiver_verify_senders' above.
Option: recipients_max
Type: integer
Default: 0
If this is set greater than zero, it specifies the maximum number of recipients for any message. This applies to the original list of recipients supplied with the message. SMTP messages get a 421 response for all recipients over the limit; earlier recipients are delivered as normal. Non-SMTP messages with too many recipients are failed, and no deliveries are done.
Option: recipients_max_reject
Type: boolean
Default: false
If this option is set true, then Exim rejects SMTP messages containing too many recipients by giving 550 errors to the surplus RCPT TO commands, and a 554 error to the eventual DATA command. Otherwise (the default) it gives a 421 error to the surplus RCPT TO commands and accepts the message on behalf of the initial set of recipients. The remote server should then re-send the message for the remaining recipients at a later time.
Option: recipients_reject_except
Type: address-list
Default: unset
This option lists recipient addresses which are exceptions to any policy for recipient rejection, that is, as a result of `sender_reject_recipients', etc. This option is entirely independent of any checks for unwanted message relaying. However, it does interact with the RBL options.
Option: refuse_ip_options
Type: boolean
Default: true
See `kill_ip_options' above.
Option: relay_domains
Type: domain-list
Default: unset
See `sender_host_accept_relay' and related options below.
Option: relay_domains_include_local_mx
Type: boolean
Default: false
This option permits any host to relay to any domain that has an MX record pointing at the local host. It causes any domain with an MX record pointing at the local host to be treated as if it were in `relay_domains'. See `sender_host_accept_relay' below.
Option: relay_match_host_or_sender
Type: boolean
Default: false
By default, if relaying controls are specified on both the remote host and the sender address, a message is accepted only if both conditions are met. If `relay_match_host_or_sender' is set, then either condition is good enough. It does not make sense to set this option without setting `sender_address_relay', since if that option is unset it matches all senders. Exim therefore diagnoses a configuration error in this case. See `sender_host_accept_relay' for more details.
Option: remote_max_parallel
Type: integer
Default: 1
This option controls parallel delivery to remote sites. If the value is less than 2, parallel delivery is disabled, and Exim does all the remote deliveries for a message one by one, from a single delivery process. Otherwise, if a message has to be delivered to more than one remote host, then up to `remote_max_parallel' deliveries are done simultaneously, each in a separate process. If there are more than `remote_max_parallel' hosts to be delivered to, then the maximum number of processes are started, and as each one finishes, another is begun. The order of starting processes is the same as if sequential delivery were being done, and can be controlled by the `remote_sort' option. If parallel delivery takes place while running with debugging turned on, the debugging output from each delivery process is tagged with its process id.
The overhead in doing this is a fork to set up a separate process for each delivery, and the associated management of the subprocess (including getting back the result of the delivery attempt). As well as the process overhead, there may be a small additional penalty paid for parallel delivery. If a host is found to be down, this fact cannot be communicated to any deliveries that are running in parallel, though it will be passed on to any that start afterwards. This is no worse than if there were two separate messages being delivered simultaneously.
The option controls only the maximum number of parallel deliveries from one Exim process. Since Exim has no central queue manager, there is no way of controlling the total number of simultaneous deliveries if the configuration allows a delivery attempt as soon as a message is received. If you want to control the total number of deliveries on the system, then you need to set the `queue_only' option, which ensures that all incoming messages are simply added to the queue. Then set up an Exim daemon to start queue runner processes at appropriate intervals (probably fairly often, for example, every minute), and limit the total number of queue runners by setting the `queue_run_max' parameter. As each queue runner delivers only one message at a time, the maximum number of deliveries that can then take place at once is `queue_run_max' multiplied by `remote_max_parallel'.
If it is purely remote deliveries you want to control, then use `queue_smtp' instead of `queue_only'. This has the added benefit of doing the SMTP routing before queuing, so that several messages for the same host will eventually get delivered down the same connection.
Option: remote_sort
Type: domain-list
Default: unset
When there are a number of remote deliveries for a message, they are sorted by domain into the order given by this list. For example,
remote_sort = "*.cam.ac.uk:*.uk"
would attempt to deliver to all addresses in the `cam.ac.uk' domain first, then to those in the `uk' domain, then to any others.
Option: retry_interval_max
Type: time
Default: 24h
Chapter "Retry configuration" describes Exim's mechanisms for controlling the intervals between delivery attempts for messages that cannot be delivered straight away. This option sets an overall limit to the length of time between retries.
Option: return_path_remove
Type: boolean
Default: true
RFC 822 states that the `Return-path:' header is `added by the final transport system that delivers the message to its recipient' (section 4.3.1), which implies that this header should not be present in incoming messages. If this option is true, `Return-path:' headers are removed from messages as they are read. Exim's local transports (`appendfile' and `pipe') have options for adding `Return-path:' headers at the time of local delivery.
Option: return_size_limit
Type: integer
Default: 100K
This option sets a limit in bytes on the size of messages that are returned to senders. If it is set to zero there is no limit. If the body of any message that is to be included in an error message is greater than the limit, it is truncated, and a comment pointing this out is added at the top. The actual cutoff may be greater than the value given, owing to the use of buffering for transferring the message in chunks. The idea is just to save bandwidth on those undeliverable 15-megabyte messages. If `message_size_limit' is set, the value of `return_size_limit' should be somewhat smaller.
Option: rfc1413_except_hosts
Type: host-list
Default: unset
If this option is set, RFC 1413 identification calls are not made to any host which matches an item in the list. The items in the host list should not themselves contain ident data.
Option: rfc1413_except_nets
Type: net-list
Default: unset
If this option is set, RFC 1413 identification calls are not made to any host on the listed networks.
Option: rfc1413_query_timeout
Type: time
Default: 30s
This sets the timeout on RFC 1413 identification calls. If it is set to zero, no RFC 1413 calls are ever made. This is more efficient than setting a global pattern in one of the `except' options.
Option: security
Type: string
Default: "see below"
When `exim_user' is set non-zero in the runtime configuration or an Exim uid is compiled into the binary, Exim gives up root privilege for some of the time. As there are trade-offs between increased security and efficiency, this option is provided to control exactly how this is done. The option can be set to one of the strings `seteuid', `setuid', or `setuid+seteuid', provided that a uid for Exim is defined. Otherwise it must be left unset. A full description of what these values mean is given in chapter "Security considerations". The default for this option is unset if no special Exim uid is defined, otherwise it is either `setuid+seteuid' or `setuid', depending on whether the `seteuid()' function is configured as being available or not.
Option: sender_accept
Type: address-list
Default: unset
This option requests the acceptance of incoming SMTP mail from the specified envelope senders only. It operates like `sender_reject' (see below), and is also modified by `sender_reject_except'.
Option: sender_accept_recipients
Type: address-list
Default: unset
This operates in exactly the same way as `sender_accept' except that rejection is given in the form of a 550 error code to every RCPT TO command instead of rejecting MAIL FROM. This seems to be the only way of saying `no' to some mailers.
Option: sender_address_relay
Type: address-list
Default: unset
This option specifies a set of address patterns, one which the sender of a message must match in order for the message to be accepted for relaying. If it is not set, all sender addresses are permitted. By default, this check operates in addition to any relaying checks on the sending host (see `sender_host_accept_relay' below). However, if `relay_match_host_or_sender' is set, then either a host match or a sender match is sufficient to allow the relaying to proceed. For this reason, `sender_address_relay' is required to be set if `relay_match_host_or_sender' is set.
The rewrite flag X (see section "Rewriting flags" in chapter "Address rewriting") provides a special-purpose facility we have a use for in Cambridge. It adds additional checking to `sender_address_relay'. Whenever a sender address passes the check, if there are any rewriting rules with the X flag set, the address is rewritten using those rules, and if this makes any change to the address, the new address must verify successfully for the relaying to be permitted.
Option: sender_host_accept
Type: host-list
Default: unset
If this option is set, incoming SMTP calls are accepted only from the hosts listed, possibly also qualified by an RFC 1413 identification. (Calls from networks listed in `sender_net_accept' are also accepted.) However, if a call arrives from a host (and identification) which is also listed in `sender_host_reject' or from a network listed in `sender_net_reject', the call is rejected, unless the host matches `sender_host_reject_except' or `sender_net_reject_except'. Chapter "Other policy controls on incoming mail" contains details of this facility; see also `sender_accept' and `sender_reject'.
Option: sender_host_accept_relay
Type: host-list
Default: unset
An MTA is said to relay a message if it receives it from some host and delivers it directly to another host as a result of a remote address contained in it. Expanding a local address via an alias or forward file and then passing the message to another host is not relaying, but a re-direction as a result of the `percent hack' is.
Two kinds of relaying exist, which might be termed `incoming' and `outgoing'. A host which is acting as a gateway or an MX backup is concerned with incoming relaying from arbitrary hosts to a specific set of domains. A host which is acting as a smart host for a number of clients is concerned with outgoing relaying from those known clients to the Internet at large. Often the same host is fulfilling both functions.
Incoming relaying is controlled by restricting the domains to which an arbitrary host may send via the local host; this is done by setting `relay_domains'. Outgoing relaying is controlled by restricting the set of hosts which may send via the local host to an arbitrary domain.
If any of the relaying options is set, a check is made on the domains of recipient addresses in messages received from other hosts. If the `percent hack' is in use, the test is applied to the domains of the transformed addresses.
The check is done at the time of the RCPT TO command in the SMTP dialogue. If the domain in a recipient address matches an entry either in `local_domains' or in `relay_domains', or if `relay_domains_include_local_mx' is set and the domain has an MX record pointing to the local host, the address is always accepted (at least as far as this check is concerned -- a subsequent verification check might fail it). This is the case of an incoming relay to a known domain.
Otherwise, for outgoing relaying, the address is accepted only if the host is permitted to relay to arbitrary domains, as specified by the options `sender_net_accept_relay', `sender_host_accept_relay', `sender_net_reject_relay' and `sender_host_reject_relay'. If all of these are unset then
When at least one of the host or net relay options is set, the address is accepted only if `sender_host_accept_relay' and `sender_net_accept_relay' are both null or if the host matches one of their patterns, and the host does not match any pattern in `sender_host_reject_relay' or `sender_net_reject_relay'. Thus a `reject' option acts as an exception list to an `accept' option, and not the other way round.
In addition to the tests on the host, if `sender_address_relay' is set, the sender's address from the MAIL FROM command must match one of its patterns to allow relaying to an arbitrary domain. However, if `relay_match_host_or_sender' is set, an address is accepted for relaying if either the host is acceptable or the sender matches an item in `sender_address_relay'. Chapter "Other policy controls on incoming mail" contains further details of this facility.
Option: sender_host_reject
Type: host-list
Default: unset
If this option is set, incoming SMTP calls from the hosts listed (possibly also qualified by an RFC 1413 identification) are rejected as soon as the connection is made, even if the host matches `sender_host_accept' or `sender_net_accept'. However, exceptions can be specified by `sender_host_reject_except' or `sender_net_reject_except'. See chapter "Other policy controls on incoming mail" for more details.
Option: sender_host_reject_except
Type: host-list
Default: unset
This option can be used to specify, by host, exceptions to the host rejection options. This makes it possible to lock out all hosts on a network except for those explicitly permitted.
Option: sender_host_reject_recipients
Type: host-list
Default: unset
If this option is set, all recipients in incoming SMTP calls from the hosts listed, possibly also qualified by an RFC 1413 identification, are rejected. Chapter "Other policy controls on incoming mail" contains details of this facility, which differs from `sender_host_reject' only in the point in the SMTP dialogue at which the rejection occurs.
Option: sender_host_reject_relay
Type: host-list
Default: unset
Recipient addresses in domains other than those in `local_domains' or `relay_domains' are rejected from hosts that match this list, even if they match a pattern in `sender_host_accept_relay' or `sender_net_accept_relay'. If you don't want to do any relaying at all, then `relay_domains' should be left unset, and `sender_host_reject_relay' set to *.
Option: sender_net_accept
Type: net-list
Default: unset
If this option is set, incoming SMTP calls are accepted only from the IP networks specified (and from any hosts listed in `sender_host_accept'). However, if a call arrives from a host (and identification) which is also listed in `sender_host_reject' or from a network listed in `sender_net_reject', the call is rejected, unless the host matches `sender_host_reject_except' or `sender_net_reject_except'. Chapter "Other policy controls on incoming mail" contains details of this facility; see also `sender_reject'.
Option: sender_net_accept_relay
Type: net-list
Default: unset
This operates like `sender_host_accept_relay', except that the check is done by IP network number.
Option: sender_net_reject
Type: net-list
Default: unset
If this option is set, incoming SMTP calls from the listed networks are rejected. Chapter "Other policy controls on incoming mail" contains details of this facility.
Option: sender_net_reject_except
Type: net-list
Default: unset
This option can be used to specify, by network, exceptions to the host rejection options. This makes it possible to lock out all hosts on a network except for those explicitly permitted.
Option: sender_net_reject_recipients
Type: net-list
Default: unset
If this option is set, all recipients on incoming SMTP calls from the listed networks are rejected. Chapter "Other policy controls on incoming mail" contains details of this facility, which differs from `sender_net_reject' only in the point in the SMTP dialogue at which the rejection occurs.
Option: sender_net_reject_relay
Type: net-list
Default: unset
Recipient addresses in domains other than those in `local_domains' or `relay_domains' are rejected from hosts on networks that match this list, even if they match `sender_host_accept_relay' or `sender_net_accept_relay'. Rejection happens at SMTP time, before any routers or directors are run. Chapter "Other policy controls on incoming mail" contains details of this facility.
Option: sender_reject
Type: address-list
Default: unset
This option can be set in order to reject mail from certain senders. The check is done on the sender's address as given in the MAIL FROM command in SMTP, but not for local senders where the logged-in user's address is going to override anyway.
If the sender's address is source-routed, it is the final component of the address that is checked. The check is not done for batch SMTP input. If the check fails, a 5xx return code is given to MAIL FROM. This doesn't always stop remote mailers from trying again. See `sender_reject_recipients' for an alternative. Typical examples of the use of this option might be:
sender_reject = "spamuser@some.domain:spam.domain" sender_reject = partial-dbm;/etc/mail/blocked/senders
Note that this check operates on sender address domains independently of the sending host; `sender_host_reject' and `sender_net_reject' can be used to block all mail from particular hosts or nets, while `sender_host_reject_relay', `sender_net_reject_relay' and `sender_address_relay' can be used to prevent unwanted relaying.
There is also a `sender_accept' option. A sender is rejected if either of the following statements is true:
Option: sender_reject_except
Type: address-list
Default: unset
This option allows exceptions to be listed for the sender accept and reject options (see above).
Option: sender_reject_recipients
Type: address-list
Default: unset
This operates in exactly the same way as `sender_reject' except that the rejection is given in the form of a 550 error code to every RCPT TO command instead of rejecting MAIL FROM. This seems to be the only way of saying `no' to some mailers. See also `sender_accept_recipients'.
Option: sender_try_verify
Type: boolean
Default: false
See `sender_verify'.
Option: sender_unqualified_hosts
Type: host-list
Default: unset
This option lists those hosts from which Exim is prepared to accept unqualified sender addresses. The addresses are made fully qualified by the addition of `qualify_domain'. Typically the hosts are local ones, but if you want to imitate the behaviour of mailers that accept unqualified addresses from anywhere, specify
sender_unqualified_hosts = *
Option: sender_unqualified_nets
Type: net-list
Default: unset
This option lists those IP networks from any host on which Exim is prepared to accept unqualified sender addresses. The addresses are made fully qualified by the addition of `qualify_domain'. Typically local networks are specified. This is a more efficient option than using a wildcarded partial entry in `sender_unqualified_hosts', because no DNS lookup is required.
Option: sender_verify
Type: boolean
Default: false
If this option is true, envelope sender addresses on incoming SMTP messages are checked to ensure that they are valid. Messages with invalid envelope senders are rejected with a permanent error code if `sender_verify_reject' is set (the default). Otherwise a warning is logged. See section "Sender verification" in chapter "Verification of incoming mail" for details of the rejection, which can happen at three different points in the SMTP dialogue. If a sender cannot immediately be verified, a temporary error code is returned after reading the data (so the headers can be logged). The `sender_try_verify' option is less severe: it operates in exactly the same way as `sender_verify' except that if an address cannot immediately be verified, it is accepted instead of being temporarily rejected.
Option: sender_verify_batch
Type: boolean
Default: true
If this option is unset, then the `sender_verify' options are not applied to batched SMTP input.
Option: sender_verify_except_hosts
Type: host-list
Default: unset
If `sender_verify' is true, this option specifies a list of hosts and RFC 1413 identifications which are exempt from sender verification. It also suppresses the check caused by `headers_sender_verify' for matching hosts. See chapter "Verification of incoming mail" for details.
Option: sender_verify_except_nets
Type: net-list
Default: unset
If `sender_verify' is true, this option specifies a list of IP networks which are exempt from sender checking. It also suppresses the check caused by `headers_sender_verify' for matching hosts. See chapter "Verification of incoming mail" for details.
Option: sender_verify_fixup
Type: boolean
Default: false
Experience shows that many messages are sent out onto the Internet with invalid sender addresses in the envelopes (that is, in the MAIL FROM command of the SMTP dialogue), but with valid addresses in the `Sender:', `From:', or `Reply-to:' header fields. If `sender_verify' and `sender_verify_reject' are true and this option is also true, an invalid envelope sender or one that cannot immediately be verified is replaced by a valid value from the headers. If `sender_verify_reject' is false, the envelope sender is not changed, but Exim writes a log entry giving the correction it would have made. See chapter "Verification of incoming mail" for details.
Option: sender_verify_log_details
Type: boolean
Default: false
Setting this option causes additional information about sender verification to be written to the reject log. It is intended to help sort out problems concerned with sender verification, and is more for debugging Exim than for regular use. Some of the information is about messages that are not rejected, that is, they passed the test.
Option: sender_verify_reject
Type: boolean
Default: true
When this is set, a message is rejected if sender verification fails. If it is not set, a warning message is written to the main and reject logs, and the message is accepted (unless some other error occurs).
Option: smtp_accept_max
Type: integer
Default: 20
This specifies the maximum number of simultaneous incoming SMTP calls that Exim will accept. It applies only to the listening daemon; there is no control (in Exim) when incoming SMTP is being handled by `inetd'. If the value is set to zero, no limit is applied.
Option: smtp_accept_queue
Type: integer
Default: 0
If the number of simultaneous incoming SMTP calls handled via the listening daemon exceeds this value, then messages received are simply placed on the queue, and no delivery processes are started automatically. A value of zero implies no limit, and clearly any non-zero value is useful only if it is less than the `smtp_accept_max' value (unless that is zero). See also `queue_only', `queue_only_load', `queue_smtp', and the various `-od' command line options.
Option: smtp_accept_reserve
Type: integer
Default: 0
When `smtp_accept_max' is set greater than zero, this option specifies a number of SMTP connections that are reserved for connections from the hosts or networks that are specified in `smtp_reserve_hosts' and `smtp_reserve_nets'. The value set in `smtp_accept_max' includes this reserve pool. For example, if `smtp_accept_max' is set to 50 and `smtp_accept_reserve' is set to 5, then once there are 45 active connections, new ones are accepted only from hosts listed in `smtp_reserve_hosts' or from networks listed in `smtp_reserve_nets'.
Option: smtp_banner
Type: string
Default: "see below"
This string, which is expanded every time it is used, is output as the initial positive response to an SMTP connection. The default setting is:
smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \ #${compile_number} ${tod_full}"
Failure to expand the string causes a panic error. If you want to create a multiline response to the initial SMTP connection, use `\n' in the string at appropriate points, but not at the end. Note that the 220 code is not included in this string. Exim adds it automatically (several times in the case of a multiline response).
Option: smtp_connect_backlog
Type: integer
Default: 5
This specifies a maximum number of waiting SMTP connections. Exim passes this value to the TCP/IP system when it sets up its listener. Once this number of connections are waiting for the daemon's attention, subsequent connection attempts are refused at the TCP/IP level. At least, that is what the manuals say. In Solaris 2.4 such connection attempts have been observed to time out. The default value of 5 is a conservative one, suitable for older and smaller systems. For large systems is it probably a good idea to increase this, possibly substantially (to 50, say). It also gives some protection against denial-of-service attacks by SYN flooding.
Option: smtp_etrn_hosts
Type: host-list
Default: unset
RFC 1985 describes a new SMTP command called ETRN which is designed to overcome the security problems of the TURN command (which has fallen into disuse). Exim recognizes ETRN if the calling host matches an entry in this option or in `smtp_etrn_nets'. The ETRN command is concerned with `releasing' messages that are awaiting delivery to certain hosts. As Exim does not organize its message queue by host, the only form of ETRN that is supported is the one where the text starts with the `#' prefix, where the remainder of the text is specific to the SMTP server. A valid ETRN command causes a run of Exim with the `-R' option to happen, with the remainder of the ETRN text as its argument. For example,
ETRN #brigadoon
causes a delivery attempt on all messages with undelivered addresses containing the text `brigadoon'. Because a separate delivery process is run to do the delivery, there is no security risk with ETRN.
Option: smtp_etrn_nets
Type: net-list
Default: unset
See `smtp_etrn_hosts' above.
Option: smtp_etrn_serialize
Type: boolean
Default: true
When this option is set, it prevents the simultaneous execution of more than one queue run for the same argument string as a result of an ETRN command. Exim implements serialization by means of a hints database in which a record is written whenever a queue run is started by ETRN, and deleted when such a queue run completes. Obviously there is scope for records to get left lying around if there is a system or program crash. To guard against this, Exim ignores any records that are more than six hours old, but you should normally arrange to delete any files in the `spool/db' directory whose names begin with `serialize-' after a reboot.
Option: smtp_expn_hosts
Type: host-list
Default: unset
The SMTP EXPN command is supported only if the calling host matches `smtp_expn_hosts' or `smtp_expn_nets'. You must add `localhost' explicitly if you want calls to 127.0.0.1 to be able to use it. A single-level expansion of the address is done. If an unqualified local part is given, it is qualified with `qualify_domain'. There is a generic option for directors which permits them to be skipped when processing an EXPN command (compare with verification).
Option: smtp_expn_nets
Type: net-list
Default: unset
See `smtp_expn_hosts' above.
Option: smtp_load_reserve
Type: fixed-point
Default: unset
If the system load average ever gets higher than this, incoming SMTP calls are accepted only from those hosts that match an entry in `smtp_reserve_hosts' or `smtp_reserve_nets'. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect.
Option: smtp_receive_timeout
Type: time
Default: 5m
This sets a timeout value for SMTP reception. If a line of input (either an SMTP command or a data line) is not received within this time, the SMTP connection is dropped and the message abandoned.
Option: smtp_reserve_hosts
Type: host-list
Default: unset
This option lists hosts for which SMTP connections are reserved; see `smtp_accept_reserve' and `smtp_load_reserve' above.
Option: smtp_reserve_nets
Type: net-list
Default: unset
This option lists IP networks for which SMTP connections are reserved; see `smtp_accept_reserve' and `smtp_load_reserve' above.
Option: smtp_verify
Type: boolean
Default: false
If this option is true, the SMTP command VRFY is supported on incoming SMTP connections; otherwise it is not.
Option: split_spool_directory
Type: boolean
Default: false
If this option is set, it causes Exim to split its input directory into 62 subdirectories, each with a single alphanumeric character as its name. The fifth character of the message id is used to allocate messages to subdirectories; this is the least significant base-62 digit of the time of arrival of the message.
Splitting up the spool in this way may provide better performance on systems where there are long mail queues, by reducing the number of files in any one directory. The msglog directory is also split up in a similar way to the input directory; however, if `preserve_message_logs' is set, all old msglog files are still placed in the single directory `msglog.OLD'.
It is not necessary to take any special action for existing messages when changing `split_spool_directory'. Exim notices messages that are in the `wrong' place, and continues to process them. If the option is turned off after a period of being on, the subdirectories will eventually empty and get deleted.
Option: spool_directory
Type: string
Default: "compile-time configured (may be unset)"
This defines the directory in which Exim keeps its mail spool. The default value is taken from the compile-time configuration setting, if there is one. If not, this option must be set. The string is expanded, so it can contain, for example, a reference to `${primary_hostname}'.
If the spool directory name is fixed on your installation, it is recommended that you set it at build time rather than from this option, particularly if the log files are being written to the spool directory (see `log_file_path'). Otherwise log files cannot be used for errors that are detected early on, such as failures in the configuration file.
Even with a compiled-in path, however, this option makes it possible to run testing configurations of Exim without using the standard spool.
Option: strip_excess_angle_brackets
Type: boolean
Default: false
If this option is set, then redundant pairs of angle brackets round `route-addr' items in addresses are stripped. For example, `<<xxx@a.b.c.d>>' is treated as `<xxx@a.b.c.d>'. If this is in the envelope and the message is passed on to another MTA, the excess angle brackets are not passed on. If this option is not set, multiple pairs of angle brackets cause a syntax error.
Option: strip_trailing_dot
Type: boolean
Default: false
If this option is set, a trailing dot at the end of a domain in an address is ignored. If this is in the envelope and the message is passed on to another MTA, the dot is not passed on. If this option is not set, a dot at the end of a domain causes a syntax error.
Option: trusted_groups
Type: string-list
Default: unset
If this option is set, then any process that is running in one of the listed groups may pass a message to Exim and specify the sender's address using the `-f' command line option, without Exim's adding a `Sender:' header. If neither `trusted_groups' nor `trusted_users' is set, then only root and the Exim user can do this.
Option: trusted_users
Type: string-list
Default: unset
If this option is set, then any process that is running as one of the listed users may pass a message to Exim and specify the sender's address using the `-f' command line option, without Exim's adding a `Sender:' header. If neither `trusted_users' nor `trusted_groups' is set, then only root and the Exim user can do this.
Option: unknown_login
Type: string
Default: unset
This is a specialized feature for use in unusual configurations. By default, if the uid of the caller of Exim cannot be looked up using `getpwuid()', Exim gives up. The `unknown_login' option can be used to set a login name to be used in this circumstance. It is expanded, so values like `user$caller_uid' can be set. When `unknown_login' is used, the value of `unknown_username' is used for the user's real name (gecos field), unless this has been set by the `-F' option.
Option: unknown_username
Type: string
Default: unset
See `unknown_login'.
Option: uucp_from_pattern
Type: string
Default: "see below"
Some applications that pass messages to an MTA via a command line interface use an initial line starting with `From' to pass the envelope sender. In particular, this is used by UUCP software. Exim recognizes such a line by means of a regular expression that is set in `uucp_from_pattern', and when the pattern matches, the sender address is constructed by expanding the contents of `uucp_from_sender', provided that the caller of Exim is a trusted user. The default pattern recognizes lines in the following two forms:
From ph10 Fri Jan 5 12:35 GMT 1996 From ph10 Fri, 7 Jan 97 14:00:00 GMT
It checks only up to the hours and minutes, and allows for a 2-digit or 4-digit year in the second case. The first word after `From' is matched in the regular expression by a parenthesized subpattern. The default value for `uucp_from_sender' is `$1', which therefore just uses this first word (`ph10' in the example above) as the message's sender.
Option: uucp_from_sender
Type: string
Default: "$1"
See `uucp_from_pattern' above.
Option: warnmsg_file
Type: string
Default: unset
This option defines a template file containing paragraphs of text to be used for constructing the warning message which is sent by Exim when a message has been on the queue for a specified amount of time, as specified by `delay_warning'. Details of the file's contents are given in chapter "Customizing error and warning messages". See also `errmsg_file'.
Go to the first, previous, next, last section, table of contents.