The first part of the run time configuration file contains three types of item:
Macro definitions: These lines start with an upper case letter. See section 6.4 for details of macro processing.
Named list definitions: These lines start with one of the words ``domainlist'', ``hostlist'', ``addresslist'', or ``localpartlist''. Their use is described in section 10.5.
Main configuration settings: Each setting occupies one line of the file (including possible continuations). If any setting is preceded by the word ``hide'', the -bP option displays its value to admin users only (see section 6.5).
This chapter lists all the main configuration options, along with their types and default values, in alphabetical order.
This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.
This option defines the ACL that is run when an SMTP AUTH command is received. See chapter 37 for further details.
This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgement is sent. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP ETRN command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP EXPN command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP RCPT command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP VRFY command is received. See chapter 37 for further details.
If the current group or any of the supplementary groups of the caller is in this colon-separated list, the caller has admin privileges. If all your system programmers are in a specific group, for example, you can give them all Exim admin privileges by putting that group in admin_groups. However, this does not permit them to read Exim's spool files (whose group owner is the Exim gid). To permit this, you have to add individuals to the Exim group.
If this option is set, the RFC 2822 domain literal format is permitted in email addresses. The option is not set by default, because the domain literal format is not normally required these days, and few people know about it. It has, however, been exploited by mail abusers.
Unfortunately, it seems that some DNS black list maintainers are using this format to report black listing to postmasters. If you want to accept messages addressed to your hosts by IP address, you need to set allow_domain_literals true, and also to add @[] to the list of local domains (defined in the named domain list local_domains in the default configuration). This ``magic string'' matches the domain literal form of all the local host's IP addresses.
It appears that more and more DNS zone administrators are breaking the rules and putting domain names that look like IP addresses on the right hand side of MX records. Exim follows the rules and rejects this, giving an error message that explains the mis-configuration. However, some other MTAs support this practice, so to avoid ``Why can''t Exim do this?' complaints, allow_mx_to_ip exists, in order to enable this heinous activity. It is not recommended, except when you have no other choice.
If any server authentication mechanisms are configured, Exim advertises them in response to an EHLO command only if the calling host matches this list. Otherwise, Exim does not advertise AUTH, though it is always prepared to accept it.
Certain mail clients (for example, Netscape) require the user to provide a name and password for authentication if AUTH is advertised, even though it may not be needed (the host may accept messages from hosts on its local LAN without authentication, for example). The auth_advertise_hosts option can be used to make these clients more friendly by excluding them from the set of hosts to which Exim advertises AUTH.
If you want to advertise the availability of AUTH only when the the
connection is encrypted using TLS, you can make use of the fact that the value
of this option is expanded, with a setting like this:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
If $tls_cipher is empty, the session is not encrypted, and the result of the expansion is empty, thus matching no hosts. Otherwise, the result of the expansion is *, which matches all hosts.
If this option is set to a time greater than zero, a queue runner will try a new delivery attempt on any frozen message if this much time has passed since it was frozen. This may result in the message being re-frozen if nothing has changed since the last attempt. It is a way of saying ``keep on trying, even though there are big problems''. See also timeout_frozen_after and ignore_bounce_errors_after.
This option supplies the name of a command that is run when Exim is called with the -bi option (see chapter 5). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the -oA command line option.
This option defines a template file containing paragraphs of text to be used for constructing bounce messages. Details of the file's contents are given in chapter 40. See also warn_message_file.
When this option is set, its contents are included in the default bounce message immediately after ``This message was created automatically by mail delivery software.'' It is not used if bounce_message_file is set.
If this option is set false, the original message is not included in bounce messages generated by Exim. See also return_size_limit.
This option provides an authenticated sender address that is sent with any bounce messages generated by Exim that are sent over an authenticated SMTP connection. A typical setting might be:
bounce_sender_authentication = mailer-daemon@my.domain.example
which would cause bounce messages to be sent using the SMTP command:
MAIL FROM:<> AUTH=mailer-daemon@my.domain.example
The value of bounce_sender_authentication must always be a complete email address.
See check_spool_space below.
See check_spool_space below.
See check_spool_space below.
The four check_... options allow for checking of disc resources before a message is accepted: check_spool_space and check_spool_inodes check the spool partition if either value is greater than zero, for example:
check_spool_space = 10M check_spool_inodes = 100
The spool partition is the one which contains the directory defined by SPOOL_DIRECTORY in Local/Makefile. It is used for holding messages in transit.
check_log_space and check_log_
Concepts
A B C D E F G H I J K L M N O P Q R S T U V W X
$header_
This is the FAQ for the Exim Mail Transfer Agent. Many thanks to the many
people who provided the original information. This file would be amazingly
cluttered if I tried to list them all. Suggestions for corrections,
improvements, and additions are always welcome.
This version of the FAQ applies to Exim 4.00 and later releases. It has been
extensively revised, and material that was relevant only to earlier releases
has been removed. As this caused some whole sections to disappear, I've taken
the opportunity to re-arrange the sections and renumber everything except the
configuration samples.
References of the form Cnnn, Fnnn, and Lnnn are to the sample configuration,
filter, and local_scan() files. These are hyperlinked from the HTML
version of this FAQ. They can also be found in the separately distributed
directory called config.samples. The primary location is
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/config.samples.tar.gz
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/config.samples.tar.bz2
There are brief descriptions of these files at the end of this document.
Philip Hazel <ph10@cus.cam.ac.uk>
$value [2] [3]
*@
+caseful
+defer_unknown
+exclude_unknown
+include_unknown [2]
/dev/null
8-bit characters [2] [3]
8BITMIME
@ in a domain list
@ in a host list
@[] in a domain list
@[] in a host list
@mx_any
@mx_primary
@mx_secondary
A
abandoning mail [2]
accept router
ACL: condition processing
ACL: conditions, definition of
ACL: description
ACL: format
ACL: indirect
ACL: modifier processing
ACL: modifiers, definition of
ACL: nested
ACL: options for specifying
ACL: relay control
ACL: setting up for SMTP commands
ACL: specifying
ACL: unset
ACL: verbs, definition of
ACL: verifying header syntax
ACL: verifying HELO/EHLO
ACL: verifying host reverse lookup
ACL: verifying recipient
ACL: verifying sender [2]
adding drivers
additional groups [2]
address list: case forcing
address list: empty item
address list: in a rewriting pattern
address list: patterns
address rewriting
address: constructed
address: copying routing [2]
address: duplicated
address: qualification
address: rewriting [2]
address: sender
address: source-routed
address: testing [2]
address: verification
admin user [2] [3] [4] [5] [6] [7] [8]
admin user, definition of
alias file: backslash in
alias file: broken
alias file: building [2]
alias file: exception to default
alias file: in a redirect router
alias file: one-time expansion
alias file: ownership
alias file: per-domain default
alias for host
alternate configuration file
``and'' expansion condition
angle brackets, excess
appendfile transport
appending to a file
architecture type
asterisk after IP address
Athena
AUTH: ACL for
AUTH: advertising
AUTH: advertising when encrypted
AUTH: argument
AUTH: configuration [2]
AUTH: how it works
AUTH: in plaintext authenticator
AUTH: logging
AUTH: on bounce message
AUTH: on MAIL command [2] [3]
AUTH: testing
AUTH: with PAM
authentication: [2] [3]
authentication: ACL checking
authentication: advertising
authentication: bounce message
authentication: client
authentication: generic options
authentication: id
authentication: logging
authentication: sender [2] [3]
authentication: server
authentication: testing
authenticator name
auto_thaw
autoreply transport [2]
B
background delivery
backlog of connections
backslash in alias file
bang paths:
bang paths: rewriting
banner for SMTP
base36
base62 [2] [3] [4]
batch_id
batch_max
batched local delivery
batched SMTP input [2]
batched SMTP output [2]
Bcc: header [2]
Berkeley DB:
Berkeley DB: file format
BIN_DIRECTORY
bind IP address [2]
black hole
black list (DNS) [2] [3]
body of message: definition of
body of message: expansion variable [2]
body of message: line count
body of message: size
body of message: transporting
body of message: visible size
bounce message:
bounce message: copy to other address
bounce message: customizing [2]
bounce message: definition of
bounce message: discarding
bounce message: failure to deliver
bounce message: generating
bounce message: including original
bounce message: sender authentication
bounce message: size limit
broken alias or forward files
bug reports
build directory
building DBM files
building Exim
C
C header files
caching lookup data
callout timeout
callout verification
carriage return [2] [3] [4] [5] [6]
case forcing in address lists
case forcing in strings [2]
case of local parts [2] [3] [4]
cc compiler
Cc: header
cdb [2] [3]
certificate:
certificate: verifying [2]
character code
checking access
checking disc space [2]
CIDR notation [2]
cipher, logging [2]
command line options
common option syntax
compiler name
configuration file: alternate
configuration file: common option syntax
configuration file: editing
configuration file: errors
configuration file: format
configuration file: including other files
configuration file: macros
configuration file: ownership
configuration options
configuration: default
configuration: main
configuration: pre-building
configuration: retry
configuration: run time [2]
CONFIGURE_FILE [2] [3]
connection backlog
constructed address
control of incoming mail
copy of bounce message
copy of message (unseen option)
Courier
CR [2] [3] [4] [5] [6]
cram_md5 authenticator
creating directories
current directory
customizing: ACL condition
customizing: ACL failure message
customizing: batching condition
customizing: bounce message [2]
customizing: failure message
customizing: input scan using C function
customizing: pre-condition
customizing: Received: header
customizing: SMTP banner
customizing: warning message [2]
cycling logs [2]
The Exim FAQ
Last update: 13-May-2003
Index
A Keyword-in-context index to the questions is available. This is usually the quickest way to find information in the FAQ.
The FAQ is divided into the following sections:
Q0001: Exim is crashing. What is wrong?
A0001: Exim should never crash. The author is always keen to know about crashes, so that they can be diagnosed and fixed. However, before you start sending me email, please check that you are running the latest release of Exim, in case the problem has already been fixed. The techniques described below can also be useful in trying to pin down exactly which circumstances caused the crash and what Exim was trying to do at the time. If the crash is reproducable (by a particular message, say) keep a copy of that message.
Q0002: Exim is not working. What is wrong? How can I check what it is doing?
A0002: Exactly how is it not working? Check the more specific questions in the other sections of this FAQ. Some general techniques for debugging are:
(1) Look for information in Exim's log files. These are in the log directory in Exim's spool directory, unless you have configured a different path for them. Serious operational problems are reported in paniclog.
(2) If the problem involves the delivery of one or more messages, try forcing a delivery with the -M option and also set the -d option, to cause Exim to output debugging information. For example:
exim -d -M 0z6CXU-0005RR-00
The output is written to the standard error stream. You need to have admin privileges to use -M and -d.
(3) If the problem involves incoming SMTP mail, try using the -bh option to simulate an incoming connection from a specific host, for example:
exim -bh 10.9.8.7
This goes through the motions of an SMTP session, without actually accepting a message. Information about various policy checks is output. You will need to know how to pretend to be an SMTP client.
(4) If the problem involves lack of recognition or incorrect handling of local addresses, try using the -bt option with debugging turned on, to see how Exim is handling the address. For example,
exim -d -bt z6abc
shows you how it would handle the local part z6abc.
Q0003: What does the error Child process of address_pipe transport returned 69 from command xxx mean?
A0003: It means that when a transport called address_pipe was run to pass an email message by means of a pipe to another process running the command xxx, the return code from that command was 69, which indicates some kind of error (the success return code is 0).
The most common meaning of exit code 69 is ``unavailable'', and this often means that when Exim tried to run the command xxx, it failed. One cause of this might be incorrect permissions on the file containing the command. See also Q0026.
Q0004: My virtual domain setup isn't working. How can I debug it?
A0004: You can use an exim command with -d to get it to show you how it is processing addresses. You don't actually need to send a message; use the -bt option like this:
exim -d -bt localpart@virtualhost
This will show you which routers it is using. If the problem appears to be with the expansion of an option setting, you can use the debug_print option on a router to get Exim to output the expanded string values as it goes along.
Q0005: Why is Exim not rejecting incoming messages addressed to non-existent users at SMTP time?
A0005: This is controlled by the ACL that is run for each incoming RCPT command. It is defined by the acl_smtp_rcpt option. You can check this part of your configuration by using the -bh option to run a simulated SMTP session, during which Exim will tell you what things it is checking.
Q0006: I've put an entry for *.my.domain in a DBM lookup file, but it isn't getting recognized.
A0006: You need to request ``partial matching'' by setting the search type to partial-dbm in order for this to work.
Q0007: I've put the entry *@domain.com in a lookup database, but it isn't working. The expansion I'm using is:
${lookup{${lc:$sender_address}}dbm{/the/file} ...
A0007: As no sender address will ever be *@domain.com this will indeed have no effect as it stands. You need to tell Exim that you want it to look for defaults after the normal lookup has failed. In this case, change the search type from dbm to dbm*@. See the section on Default values in single-key lookups in the chapter entitled File and database lookups in the Exim manual.
Q0008: If I run ./exim -d -bt user@domain all seems well, but when I send a message from my User Agent, it does not arrive at its destination.
A0008: Try sending a message directly to Exim by typing this:
exim -v user@domain <some message, could be empty> .
If the message gets delivered to a remote host, but never arrives at its final destination, then the problem is at the remote host. If, however, the message gets through correctly, then the problem may be between your User Agent and Exim. Try setting Exim's log_selector option to include +arguments, to see with which arguments the UA is calling Exim.
Q0009: What does no immediate delivery: too many messages received in one SMTP connection mean?
A0009: An SMTP client may send any number of messages down a single SMTP connection to a server. Initially, an Exim server starts up a delivery process as soon as a message is received. However, in order not to start up too many processes when lots of messages are arriving (typically after a period of downtime), it stops doing immediate delivery after a certain number of messages have arrived down the same connection. The threshold is set by smtp_accept_queue_per_connection, and the default value is 10. On large systems, the value should be increased. If you are running a dial-in host and expecting to get all your mail down a single SMTP connection, then you can disable the limit altogether by setting the value to zer