Filter files, especially the more complicated ones, should always be tested, as
it is easy to make mistakes. Exim provides a facility for preliminary testing
of a filter file before installing it. This tests the syntax of the file and
its basic operation, and can also be used with ordinary `.forward'
The Exim Mail Transport Agent
Date: 10 July 1997
Exim is a mail transport agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more extensive, and in particular it has some defences against mail bombs and unsolicited junk mail, in the form of options for refusing messages from particular hosts, networks, or senders.
Exim is in production use on a number of sites that move tens of thousands of messages per day. This document contains an overview description of the way Exim works, with a certain amount of omission and simplification to keep it fairly short. Please address any enquiries about Exim to Philip Hazel:
Email: <ph10@cus.cam.ac.uk> Phone: +44 1223 334714 Fax: +44 1223 334679University of Cambridge Computer Laboratory Pembroke Street Cambridge CB2 3QG United Kingdom
This document is copyright (c) University of Cambridge 1997, but copying
permission is granted to all.
-------------------------------------------------------------------------
"If I have seen further it is by standing on the shoulders of giants."
(Isaac Newton)
Exim owes a great deal to Smail 3 and its author, Ron Karr. Without the experience of running and working on the Smail 3 code, I could never have contemplated starting to write a new mailer. Many of the ideas and configuration interfaces are taken from Smail 3, though the actual code of Exim is entirely new.
My intention was to write a mailer that had more functionality than Smail 3, but which retained the simple lightweight approach, as this seemed to me to be all that was needed for systems directly connected to the Internet, where most messages are delivered almost immediately.
The current distribution of Exim is available from
$st{ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/exim-$si{n.nn}.tar.gz}
where n.nn is the version number. The distribution contains an ASCII copy of the documentation; other formats are available from
$st{ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/exim-postscript-$si{n.nn}.tar.gz}
$st{ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/exim-texinfo-$si{n.nn}.tar.gz}
The following operating systems are currently supported: AIX, BSDI, DGUX, FreeBSD, HI-OSF (Hitachi), HP-UX, IRIX, Linux, MIPS RISCOS, NetBSD, OpenBSD, DEC OSF1 (aka Digital UNIX), SCO, SCO SVR4.2 (aka UNIX-SV), SunOS4, SunOS5, Ultrix, and Unixware.
For the benefit of those reading this overview to see whether Exim is of interest to them, its limitations are listed first.
Exim follows the same general approach of decentralized control that Smail 3 does. There is no central process doing overall management of mail delivery. However, unlike Smail, the independent delivery processes share data in the form of `hints', which makes delivery more efficient in some cases. The hints are kept in a number of DBM files. If any of these files are lost, the only effect is to change the pattern of delivery attempts and retries.
Here is a summary of Exim's main features. More details are given in the sections which follow.
Although I did not specifically set out to write a high-performance MTA, Exim does seem to be fairly efficient. The busiest site I know of is an mailing list exploder that sometimes handles over 100,000 deliveries a day on a big Linux box, the record being 177,000 deliveries (791MB in total). Up to 13,000 deliveries in an hour have been reported.
Like many MTAs, Exim has adopted the Sendmail interface so that it can be a straight replacement for `/usr/lib/sendmail'. All the relevant Sendmail options are implemented. There are also some additional options that are compatible with Smail 3, and some further options that are new to Exim.
The runtime configuration interface is a single file which is divided into a number of sections. The entries in this file consist of keywords and values, in the style of Smail 3 configuration files.
Control of messages on the queue can be done via certain privileged command line options. There is also an optional monitor program called `eximon', which displays current information in an X window and contains interfaces to the command line options.
When Exim receives a message, it writes two files in its spool directory. The first contains the envelope information, the current status of the message, and the headers, while the second contains the body of the message. The status of the message includes a complete list of recipients and a list of those that have already received the message. The header file gets updated during the course of delivery if necessary.
A message remains in the spool directory until it is completely delivered to its recipients or to an error address, or until it is deleted by an administrator or by the user who originally created it. In cases when delivery cannot proceed -- for example, when a message can neither be delivered to its recipients nor returned to its sender, the message is marked `frozen' on the spool, and no more deliveries are attempted. The administrator can thaw such messages when the problem has been corrected, and can also freeze individual messages by hand if necessary.
As delivery proceeds, Exim writes timestamped information about each address to a per-message log file; this includes any delivery error messages. This log is solely for the benefit of the administrator. All the information Exim itself needs for delivery is kept in the header spool file. The message log file is deleted with the spool files. If a message is delayed for more than a configured time, a warning message is sent to the sender. This is repeated whenever the same time elapses again without delivery being complete.
The main delivery processing elements of Exim are called directors, routers, and transports. Code for a number of these is provided, and compile-time options specify which ones are actually included in the binary. Directors handle addresses that include one of the local domains, routers handle remote addresses, and transports do actual deliveries.
When a message is to be delivered, the sequence of events is roughly as follows:
Exim can be configured to allow users to set up filter files as an alternative to the traditional `.forward' files. A filter file can test various characteristics of a message, including the contents of the headers and the start of the body, and direct delivery to specified addresses, files, or pipes according to what it finds. The system-wide filter file uses the same control syntax.
The existing directors are listed below. I use the RFC 822 term local-part to mean that portion of an address that comes before the @ character.
foo: uid=1234 gid=5678 mailbox=/home_1/foo/inboxcould be used on a
The first part of the run time configuration file contains the main configuration settings. Each setting occupies one line of the file, possibly continued by a terminating backslash. If any setting is preceded by the word `hide', the -bP option displays its value to admin users only (see section 7.3).
All macro definitions must be in this part of the file -- they differ from options settings by starting with an upper-case letter (see section 7.2).
The available options are listed in alphabetical order below, along with their types and default values.
Type: boolean
Default: false
This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.
Type: time
Default: 0s
This sets the timeout for accepting a non-SMTP message, that is, the maximum time that Exim waits when reading a message on the standard input. If the value is zero, it will wait for ever. This setting is overridden by the -or command option. The timeout for incoming SMTP messages is controlled by smtp_receive_timeout.
Type: string list
Default: unset
If the current group or any of the supplementary groups of the caller is in this list, the caller has admin privileges. If all your system programmers are in a specific group, for example, you can give them all Exim admin privileges by putting that group in admin_groups. However, this does not permit them to read Exim's spool files (whose group owner is the Exim gid). To permit this, you have to add individuals to the Exim group.
Type: boolean
Default: false
It appears that more and more DNS zones are breaking the rules and putting IP addresses on the right hand side of MX records. Exim follows the rules and rejects this, giving an error message that explains the mis-configuration. However, some other MTAs support this practice, so to avoid `Why can't Exim do this?' complaints, allow_mx_to_ip exists, in order to enable this heinous activity. It is not recommended, except when you have no other choice.
Type: boolean
Default: false
Exim adds a To: header to messages whose recipients are given on the command line when there is no To:, Cc:, or Bcc: in the message. In other cases of missing recipient headers, it just adds an empty Bcc: header to make the message conform with RFC 822. Setting always_bcc causes it to add an empty Bcc: in all cases. This can be helpful in conjunction with mailing list software that passes recipient addresses on the command line.
Type: boolean
Default: true
This option is available only when Exim is compiled with authentication support. Normally, if any server authentication mechanisms are configured, Exim advertises them in response to any EHLO command. However, if auth_always_advertise is set false, Exim advertises availability of the AUTH command only if the calling host is in auth_hosts, or if it is in host_auth_accept_relay and not in host_accept_relay. In other words, it advertises only when the host is required always to authenticate or to authenticate in order to relay.
Otherwise, Exim does not advertise AUTH, though it is always prepared to accept it. Certain mail clients (for example, Netscape) require the user to provide a name and password for authentication if AUTH is advertised, even though it may not be needed (the host may be in host_accept_relay). Unsetting auth_always_advertise makes these clients more friendly in these circumstances, while still allowing you to use combinations such as
host_auth_accept_relay = * host_accept_relay = 10.9.8.0/24
without needing to fill up host_auth_accept_relay with exceptions.
Type: host list
Default: unset
Any hosts in this list that connect to an Exim server as clients are required to authenticate themselves using the SMTP AUTH command before any commands other than HELO, EHLO, HELP, AUTH, NOOP, RSET, or QUIT are accepted. See chapter 35 for details of SMTP authentication.
Type: host list
Any hosts in this list must start an encrypted TLS session before issuing an
SMTP AUTH command, but it does not of itself require them to authenticate.
See chapter 38 for details of SMTP encryption.
auth_over_tls_hosts
Default: unset
Type: time
Default: 0s
If this option is set to a time greater than zero, a queue runner will try a new delivery attempt on any frozen message if this much time has passed since it was frozen. This may result in the message being re-frozen if nothing has changed since the last attempt. It is a way of saying `keep on trying, even though there are big problems'. See also timeout_frozen_after, ignore_errmsg_errors, and ignore_errmsg_errors_after.
Type: string
Default: unset
This option supplies the name of a command that is run when Exim is called with the -bi option (see chapter 5). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the -oA command line option.
Type: integer
Default: 0
See check_spool_space below.
Type: integer
Default: 0
See check_spool_space below.
Type: integer
Default: 0
See check_spool_space below.
Type: integer
Default: 0
The four check_... options allow for checking of disc resources before a message is accepted: check_spool_space and check_spool_inodes check the spool partition if either value is greater than zero, for example:
check_spool_space = 10M check_spool_inodes = 100
The spool partition is the one which contains the directory defined by SPOOL_DIRECTORY in `Local/Makefile'.
check_log_space and check_log_inodes check the partition in which log files are written if either is greater than zero. These should be set only if log_file_path and spool_directory refer to different partitions.
If there is less space or fewer inodes than requested, Exim refuses to accept incoming mail. In the case of SMTP input this is done by giving a 452 temporary error response to the MAIL command. If ESMTP is in use and there was a SIZE parameter on the MAIL command, its value is added to the check_spool_space value, and the check is performed even if check_spool_space is zero, unless no_smtp_check_spool_space is set.
For non-SMTP input and for batched SMTP input, the test is done at start-up; on failure a message is written to stderr and Exim exits with a non-zero code, as it obviously cannot send an error message of any kind.
Type: boolean
Default: false
From version 3.10, this option is obsolete and does nothing. Formerly, it caused source-routed mail addresses to be stripped down to their final components. This now happens automatically, and cannot be suppressed.
Type: string
Default: unset
This option specifies the numerical port number or the service name equivalent on which the daemon is to listen for incoming SMTP calls. It is overridden by -oX on the command line. If this option is not set, the service name `smtp' is used.
Type: string
Default: unset
This option is a synonym for daemon_smtp_port.
Type: integer
Default: 0
This option sets the debug level, thus enabling it to be set when calling Exim from an MUA, but it is overridden by the use of -d on the command line.
Type: time list
Default: 24h
When a message is delayed, Exim sends a warning message to the sender at intervals specified by this option. If it is set to a zero, no warnings are sent. The data is a colon-separated list of times after which to send warning messages. Up to 10 times may be given. If a message has been on the queue for longer than the last time, the last interval between the times is used to compute subsequent warning times. For example, with
delay_warning = 4h:8h:24h
the first message is sent after 4 hours, the second after 8 hours, and subsequent ones every 16 hours thereafter. To stop warnings after a given time, set a huge subsequent time.
Type: string, expanded
Default: see below
The string is expanded at the time a warning message might be sent. If all the deferred addresses have the same domain, it is set in $domain during the expansion. Otherwise $domain is empty. If the result of the expansion is a forced failure, an empty string, or a string matching any of `0', `no' or `false' (the comparison being done caselessly) then the warning message is not sent. The default is
delay_warning_condition = \
${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}
which suppresses the sending of warnings about messages that have `bulk', `list' or `junk' in a Precedence: header. Note that the colon to terminate the header name cannot be omitted, because brace characters may legally occur in header names.
Type: fixed-point
Default: unset
When this option is set, no message deliveries are ever done if the system load average is greater than its value, except for deliveries forced with the -M option. If deliver_queue_load_max is not set and the load gets this high during a queue run, the run is abandoned. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect.
Type: fixed-point
Default: unset
If this option is set, its value is used to determine whether to abandon a queue run, instead of the value of deliver_load_max.
Type: boolean
Default: true
Exim's transports have an option for adding a Delivery-date: header to a message when it is delivered -- in exactly the same way as Return-path: is handled. Delivery-date: records the actual time of delivery. Such headers should not be present in incoming messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.
Type: domain list
Default: unset
DNS lookups give a `try again' response for the DNS error `non-Authoritive host found or SERVERFAIL'. This can cause Exim to keep trying to deliver a message, or to give repeated temporary errors to incoming mail. Sometimes the effect is caused by a badly set up nameserver and may persist for a long time. If a domain which exhibits this problem matches anything in dns_again_means_nonexist then it is treated as if it did not exist. This option should be used with care.
Type: boolean
Default: true
This option causes Exim to check domain names for illegal characters before handing them to the DNS resolver, because some resolvers give temporary errors for bad names. If a domain name contains any illegal characters, a `not found' result is forced. The check is done by matching the domain name against the regular expression specified by the dns_check_names_pattern option.
Type: string
Default: see below
This option defines the regular expression that is used when the dns_check_names option is set. The default value is
dns_check_names_pattern = \ (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9-]*[^\W_])?)+$
which permits only letters, digits, and hyphens in components, but they may not start or end with a hyphen.
Type: time
Default: 0s
The options dns_retrans and dns_retry can be used to set the retransmission and retry parameters for DNS lookups. Values of zero (the defaults) leave the system default settings unchanged. The first value is the time between retries, and the second is the number of retries. It isn't totally clear exactly how these settings affect the total time a DNS lookup may take. I haven't found any documentation about timeouts on DNS lookups; these parameter values are available in the external resolver interface structure, but nowhere does it seem to describe how they are used or what you might want to set in them.
Type: boolean
Default: false
When Exim is compiled with IPv6 support, it looks for IPv6 address records (AAAA and A6) as well as IPv4 address records when trying to find IP addresses for hosts. However, if dns_ipv4_lookup is set, it disables DNS lookups for AAAA and A6 records. This is a fudge to help with name servers that give big delays or otherwise do not work for these new record types. If Exim is handed either of these record types as part of an MX lookup (for example), it still handles them, and may as a result make outgoing IPv6 calls. All this option does is to make it look only for IPv4-style A records when it needs to find an IP address for a host name. In due course, when the world's name servers have all been upgraded, there should be no need for this option.
Type: integer
Default: 0
See dns_retrans above.
Type: boolean
Default: true
Exim's transports have an option for adding an Envelope-to: header to a message when it is delivered -- in exactly the same way as Return-path: is handled. Envelope-to: records the original recipient address in the envelope that caused the delivery. Such headers should not be present in incoming messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.
Type: string
Default: unset
If errmsg_text is set, its contents are included in the default error message immediately after `This message was created automatically by mail delivery software.' It is not used if errmsg_file is set.
Type: string
Default: unset
This option defines a template file containing paragraphs of text to be used for constructing the message which is sent by Exim in the case of a delivery failure. Details of the file's contents are given in chapter 39. See also warnmsg_file.
Type: string
Default: "postmaster"
The mail address to which Exim will send certain error reports. As the default is specified without a domain, it will be sent to the domain specified by the qualify_recipient option. If this address is specified with a domain, it must be a fully qualified domain. There are actually only a few situations where this address is used:
Type: string list, expanded
Default: unset
Setting this option causes Exim to send bcc copies of delivery failure reports that it generates to other addresses. The value is a colon-separated list of items; each item consists of a pattern and an address list, separated by white space. If the pattern matches the recipient of the delivery error report, the message is copied to the addresses on the list. The items are scanned in order, and once a matching one is found, no further items are examined. For example:
errors_copy = spqr@mydomain postmaster@mydomain :\
rqps@mydomain mailmaster@mydomain,\
postmaster@mydomain
Each pattern can be a single regular expression, indicated by starting it with a circumflex; alternatively, either portion (local part, domain) can start with an asterisk, or the domain can be in any format that is acceptable as an item in a domain list, including a file lookup. A regular expression is matched against the entire (fully qualified) recipient; non-regular expressions must contain both a local part and domain, separated by @.
The address list is a string which is expanded, and must end up as a comma-separated list of addresses. It is used to construct a Bcc: header which is added to the error message. The expansion variables $local_part and $domain are set from the original recipient of the error message, and if there was any wildcard matching, the expansion variables $0, $1, etc. are set in the normal way.
Type: string
Default: unset
Exim's delivery error messages contain the header
From: Mail Delivery System <Mailer-Daemon@${qualify_domain}>
(where string expansion notation is used to show a variable substitution). Experience shows that a large number of people reply to such messages. If the errors_reply_to option is set, a Reply-To: header is added. The option must specify the complete header body.
Type: string
Default: compile-time configured (can be unset)
This option sets the gid under which Exim runs when it gives up root privilege. It is used only when exim_user is also set. Unless it consists entirely of digits, the string is looked up using getgrnam(), and failure causes a configuration error. See chapter 55 for a discussion of security issues.
Type: string
Default: see below
This option specifies the path name of the Exim binary, which is used when Exim needs to re-exec itself. The default is set up to point to the file exim in the directory configured at compile time by the BIN_DIRECTORY setting. It is necessary to change exim_path if Exim is run from some other place.
Type: string
Default: compile-time configured (can be unset)
This option sets the uid under which Exim runs when it gives up root privilege. However, unless there is some compelling reason for not doing so, it is best to specify the uid by setting EXIM_UID in `Local/Makefile' rather than using this option, because ownership of the run time configuration file and the use of the -C and -D command line options is checked against the compile-time setting of this parameter, not what is set here.
Unless it consists entirely of digits, the string is looked up using getpwnam(), and failure causes a configuration error. If exim_group is not also supplied, the gid is taken from the result of getpwnam() if it is used. If the resulting uid is the root uid, it has the effect of unsetting this option. See chapter 55 for a discussion of security issues.
Type: boolean
Default: true
According to Sendmail documentation, if any addresses are present on the command line when the -t option is used to build an envelope from a message's headers, they are removed from the recipients list. This is also how Smail behaves. However, it has been reported that some versions of Sendmail in fact add the argument addresses to the recipients list. By default Exim follows the documented behaviour, but if this option is set false it adds rather than removes argument addresses.
Type: integer
Default: 0
On systems running NIS or other schemes in which user and group information is distributed from a remote system, there can be times when getpwnam() and related functions fail, even when given valid data, because things time out. Unfortunately these failures cannot be distinguished from genuine `not found' errors. If finduser_retries is set greater than zero, Exim will try that many extra times to find a user or a group, waiting for one second between tries.
Type: boolean
Default: false
If this option is set, the RFC 822 domain literal format is not permitted in addresses. The option is set in the default configuration file, because the domain literal format is not normally required these days, and few people know about it. It has, however, been exploited by mail abusers.
Type: boolean
Default: false
On encountering certain errors, Exim freezes a message, which means that no further delivery attempts take place until an administrator thaws it. If this option is set, a message is sent to errors_address every time a message is frozen, unless the message is itself a delivery error message. (Without this exception there is the possibility of looping.) If several of the message's addresses cause freezing, only a single message is sent to the mail administrator. The reason(s) for freezing will be found in the message log.
Type: string, expanded
Default: unset
Some operating systems, notably HP-UX, use the `gecos' field in the system password file to hold other information in addition to users' real names. Exim looks up this field for use when it is creating Sender: or From: headers. If either gecos_pattern or gecos_name are unset, the contents of the field are used unchanged, except that, if an ampersand is encountered, it is replaced by the user's login name with the first character forced to upper-case, since this is a convention that is observed on many systems.
When these options are set, gecos_pattern is treated as a regular expression that is to be applied to the field (again with & replaced by the login name), and if it matches, gecos_name is expanded and used as the user's name. Numeric variables such as $1, $2, etc. can be used in the expansion to pick up sub-fields that were matched by the pattern. In HP-UX, where the user's name terminates at the first comma, the following can be used:
gecos_pattern = ([^,]*) gecos_name = $1
Type: string
Default: unset
See gecos_name above.
Type: boolean
Default: false
This option causes Exim to check the syntax of all headers that can contain lists of addresses (Sender:, From:, Reply-To:, To:, Cc:, and Bcc:) on all incoming messages (both local and SMTP). This is a syntax check only, to catch real junk such as
To: user@
Like the headers_sender_verify options, the rejection happens after the end of the data, but it is also controlled by headers_checks_fail; if that is unset, the message is accepted and a warning is written to the reject log.
If the message contains any headers starting with `Resent-' then it is that set of headers which is checked.
Type: boolean
Default: true
If this option is true, failure of any header check (see below) causes the message to be rejected. If it is false, a warning message is written to the reject log.
Type: boolean
Default: false
If this option is set with sender_verify, and the sending host matches sender_verify_hosts, Exim insists on there being at least one verifyable address in one of the Sender:, Reply-To:, or From: headers (which are checked in that order) on all incoming SMTP messages. If one cannot be found, the message is rejected, unless headers_checks_fail is unset, in which case a warning entry is written to the reject log.
If there are any headers whose names start with `Resent-', it is that set of headers which is checked. If there is more than one instance of a particular header, all of them are checked.
Unfortunately, because it has to read the message before doing this check, the rejection happens after the end of the data, and it is known that some mailers do not treat hard (5xx) errors correctly at this point -- they keep the message on their spools and try again later, but that is their problem, though it does waste some resources.
Type: boolean
Default: false
This option acts like headers_sender_verify, except that it applies only to messages whose envelope sender is `<>', that is, delivery error messages whose sender cannot be verified at the time the SMTP MAIL command is received.
Type: host list
Default: unset
Exim checks the syntax of HELO and EHLO commands for incoming SMTP mail, and gives an error response for invalid data. Unfortunately, there are some SMTP clients that send syntactic junk. They can be accommodated by setting this option.
Type: boolean
Default: false
Because so many systems have been found to use underscores in the names they send in the SMTP HELO command, Exim by default permits them, though it is not in fact legal to use underscores in domain names in SMTP. If helo_strict_syntax is set, underscores are not permitted in HELO or EHLO commands.
Type: host list
Default: unset
The RFCs mandate that a server must not reject a message because it doesn't like the HELO or EHLO command. However, some sites like to be stricter. If helo_verify is set, Exim checks each incoming call from any host that matches it, and accepts the call only if:
and
If no HELO or EHLO is given, MAIL commands are rejected; if a bad HELO or EHLO is given, it is rejected with a 550 error. Rejections are logged in the main and reject logs.
Type: domain list
Default: unset
This option allows mail for particular domains to be held on the queue manually. The option is overridden if a message delivery is forced with the -M, -qf, -Rf or -Sf options. Otherwise, if a domain matches an item in hold_domains, no routing or delivery for that address is done, and it is deferred every time the message is looked at.
This option is intended as a temporary operational measure for delaying the delivery of mail while some problem is being sorted out, or some new configuration tested. It does not override Exim's message clearing away code, which removes messages from the queue if they have been there longer than the longest retry time in any retry rule. If you want to hold messages for longer than the normal retry times, insert a dummy retry rule with a long retry time.
Type: host list
Default: unset
This option provides a list of hosts that are permitted to relay via the local host to any arbitrary domains. Section 46.4 contains a discussion of relay control.
Type: host list
Default: unset 7
This option provides a list of hosts that are permitted to relay via the local host to any arbitrary domains, provided the calling host has authenticated itself. Section 46.4 contains a discussion of relay control, and chapter 35 discusses authentication.
Type: host list
Default: unset
Exim does not look up the name of a calling host from its IP address unless it is required to compare against some host list, or helo_verify is set, or the address matches this option (which normally contains IP addresses rather than host names, since the presence of names in itself implies a DNS lookup). The default configuration file contains
host_lookup = *
which causes a lookup to happen for all hosts. If the expense of these lookups is felt to be too great, the setting can be changed or removed. However, Exim always does a lookup if the domain name quoted in a HELO or EHLO command is the local host's own name or any of its local mail domains.
Type: host list
Default: unset
If this option is set, incoming SMTP calls from the hosts listed (possibly also qualified by an RFC 1413 identification) are rejected as soon as the connection is made. See chapter 46 for more details.
Type: host list
Default: unset
If this option is set, all recipients in incoming SMTP calls from the hosts listed, possibly also qualified by an RFC 1413 identification, are rejected. Chapter 46 contains details of this facility, which differs from host_reject only in the point in the SMTP dialogue at which the rejection occurs.
Type: domain list
Default: unset
If this option is set, any host names that match the domain list are treated as if they were the local host when Exim is scanning host lists obtained from MX records, and also at other times when it is checking whether a host to which a message has been routed is the local host. If it is required that the matching host names also be treated as local domains for mail delivery, they must appear in local_domains as well as in this option.
See also the allow_localhost option in the smtp transport. Both these options are needed in a setup with different hosts for incoming and outgoing mail if the resulting system is used for MX backup.
Type: boolean
Default: false
If this option is set, failed addresses in error reports (that is, bounce messages, whose senders are `<>') are discarded (with a log entry). The default action is to freeze such messages for human attention.
Type: time
Default: 0s
This option, if it is set to a non-zero time, acts as a delayed version of ignore_errmsg_errors, which must be unset for this option to take effect. When an error message that was frozen because of delivery failure has been on the queue for more than the given time, it is unfrozen at the next queue r