html,body,div,span,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,code,del,dfn,em,img,q,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td{margin:0;padding:0;border:0;font-weight:inherit;font-style:inherit;font-size:100%;font-family:inherit;vertical-align:baseline}body{font-size:62.5%;font-family:Verdana,Arial,Helvetica,Sans-Serif}h1,h2,h3,h4,h5,h6{font-family:serif;line-height:1.7;font-weight:bold}h1{font-size:3.0em;text-align:center}h2{font-size:2.2em;text-align:center}h3{font-size:1.7em}h4{font-size:1.5em}h5{font-size:1.3em}h6{font-size:1.1em}@media all and (max-width:640px){h1{font-size:2.4em}h2{font-size:1.4em}h3{font-size:1.25em}h4{font-size:1.2em}h5{font-size:1.15em}h6{font-size:1.1em}}a{color:#037094}a:visited{color:#335024}a:hover,a:visited:hover{color:#000}html,body{height:100%;background-color:#fff}.hidden{display:none}#inner ul,#inner ol{padding:0 0 1em 4em}#inner p,#inner pre{margin-bottom:1em}#inner pre{font-family:monospace;white-space:pre-wrap;white-space:-moz-pre-wrap;white-space:-pre-wrap;white-space:-o-pre-wrap;word-wrap:break-word}#content{padding:0 1em}@media all and (max-width:640px){#content{padding:0}}#header{position:absolute;top:0;left:0;height:2em;width:100%;line-height:2;background-color:#000;z-index:1000;background-color:#1f3c5a;filter:progid:DXImageTransform.Microsoft.gradient(startColorstr='#032044',endColorstr='#1f3c5a');background:-webkit-gradient(linear,left top,left bottom,from(#032044),to(#1f3c5a));background:-moz-linear-gradient(top,#032044,#1f3c5a)}@media all and (max-width:640px){#header{height:2.5em;line-height:2.5}}body > #header.fixed{position:fixed}#header a{color:#fff;white-space:nowrap}#header a:hover{color:#aaf}#header,.nav{opacity:0.925}#outer{position:absolute;top:0;left:0;width:100%;min-height:100%;height:auto !important;height:100%;background-color:#fff}#outer .left_bar,#outer .right_bar{display:none}#outer > .left_bar.display,#outer > .right_bar.display{display:block;position:absolute;top:0;width:10%;height:100%;background-color:#ddd}#outer > .left_bar{left:0}#outer > .right_bar{right:0}@media all and (max-width:640px){#outer > .left_bar.display,#outer > .right_bar.display{display:none}}.nav{position:relative;top:0;left:0;margin-top:6em;padding:0 0 0.5em 0;width:100%;text-align:center;list-style:none;background-color:#1f3c5a;z-index:1000}.nav li{display:inline;font-size:1.2em;padding:0 0.3em}.nav li a{color:#fff}.nav li a:hover{color:#aaf}.nav li a:visited{color:#aaf}.nav li a:visited:hover{color:#fff}#outer > #nav_float{position:fixed;top:0;left:0;width:100%;display:none;margin-top:0}.nav li.search,.nav form{display:inline;padding-top:4px}.nav .search_field_container.roundit .search_field{border:0;padding:0;margin:0}.nav .search_field_container.roundit{background-color:#fff;-moz-border-radius:1em;-webkit-border-radius:1em;padding:0.1em 1em;font-size:1.2em}.nav .search_field_container{cursor:text}#inner{z-index:1000;width:80%;min-width:50%;max-width:65em;padding:0.71429em 0 1.42857em 0;margin:0 auto;font-size:1.4em;line-height:2;background-color:#fff}@media all and (max-width:640px){#inner{width:auto}}#branding{display:block;visibility:hidden;width:80%;margin:-1.42857em auto 1.42857em auto;overflow:hidden;border:0;outline:0}#footer{position:absolute;bottom:0;left:0;height:1.4em;width:100%;z-index:1000;line-height:1.4;text-align:center;text-align:center}#footer,#footer a{color:#999}#footer:hover,#footer:hover a{color:#444}#footer a:hover{color:#000}.docbook_filename,.docbook_emphasis,.docbook_function{font-style:italic}.docbook_option,.docbook_command{font-weight:bold}.docbook_literal{font-family:monospace}.docbook_literallayout{background-color:#e8e8d0}.docbook_literallayout pre{padding:1em;margin-bottom:1em}(function($){var $nav_float=$('#nav_flow').clone().attr('id','nav_float').appendTo('#outer');var floating=false;$(window).bind('load resize scroll',function(){var header_height=$('#header').height();var top=$(this).scrollTop();if(top>header_height){if(!floating){$nav_float.show();$('#nav_flow').css('visibility','hidden');floating=true;}}else{if(floating){$nav_float.hide();$('#nav_flow').css('visibility','visible');floating=false;}}});$('#outer > .right_bar, #outer > .left_bar').addClass('display');})(jQuery);if(document.location.href.match(/^https?:\/\/([^\/]+\.)*exim\.org\//)){$('#branding').remove();}else{$('#branding').ready(function(){try{var doc=$('#branding')[0].contentWindow.document;if(doc.title.match(/\b(found|404)\b/i)){$('#branding').remove();}else{$(doc).find('a').each(function(){if($(this).attr('title')=='')$(this).attr('title','Sponsor of this mirror');$(this).css('opacity',0.8).mouseover(function(){$(this).css('opacity',1)}).mouseout(function(){$(this).css('opacity',0.8)});});$('#branding').height($(doc).find('img').height()?$(doc).find('img').height()+16+'px':'auto').hide().css('visibility','visible').fadeIn(2000);}}catch(e){$('#branding').remove();}});} (function(){$('#footer').hide();setTimeout(function(){$('#footer').fadeIn('slow')},2000);})();(function(){if(!('placeholder' in document.createElement('input')))$('.nav li.search input.search_field').focus(function(e){if($(this).val()===' '+$(this).attr('placeholder'))$(this).val('').css('color','#000');}).blur(function(e){if($(this).val()===' '+$(this).attr('placeholder')||$(this).val()==='')$(this).css('color','#666').val(' '+$(this).attr('placeholder'));}).blur();if(document.body.style.MozBorderRadius!==undefined)$('.search_field_container').addClass('roundit').click(function(){$(this).find('input').focus()});})();(function($){var jump=function(id){if($('#'+id).length==0)return false;document.location.href=document.location.href.replace(/#.+/,'')+'#'+id;$('html,body').animate({scrollTop:$('#'+id).position()['top']-$('.nav').height()-5},100);return true;};var uri=document.location.pathname;var uri_end=uri.replace(/^.*\//,'');if(document.location.href.match(/#./))jump(document.location.href.replace(/^.*#(.+)$/,'$1'));$('a').live('click',function(e){var href=$(this).attr('href');if(!href.match(/^.*#.+$/))return true;var href_uri=href Exim 4.10 Specification chapter 13 Previous   Next   Contents       (Exim 4.10 Specification)

13. Main configuration

The first part of the run time configuration file contains three types of item:

This chapter lists all the main configuration options, along with their types and default values, in alphabetical order.

accept_8bitmime

Type:  boolean
Default:  false

This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.

acl_smtp_auth

Type:  string, expanded
Default:  unset

This option defines the ACL that is run when an SMTP AUTH command is received. See chapter 37 for further details.

acl_smtp_data

Type:  string, expanded
Default:  unset

This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgement is sent. See chapter 37 for further details.

acl_smtp_etrn

Type:  string, expanded
Default:  unset

This option defines the ACL that is run when an SMTP ETRN command is received. See chapter 37 for further details.

acl_smtp_expn

Type:  string, expanded
Default:  unset

This option defines the ACL that is run when an SMTP EXPN command is received. See chapter 37 for further details.

acl_smtp_rcpt

Type:  string, expanded
Default:  unset

This option defines the ACL that is run when an SMTP RCPT command is received. See chapter 37 for further details.

acl_smtp_vrfy

Type:  string, expanded
Default:  unset

This option defines the ACL that is run when an SMTP VRFY command is received. See chapter 37 for further details.

admin_groups

Type:  string
Default:  unset

If the current group or any of the supplementary groups of the caller is in this colon-separated list, the caller has admin privileges. If all your system programmers are in a specific group, for example, you can give them all Exim admin privileges by putting that group in admin_groups. However, this does not permit them to read Exim's spool files (whose group owner is the Exim gid). To permit this, you have to add individuals to the Exim group.

allow_domain_literals

Type:  boolean
Default:  false

If this option is set, the RFC 2822 domain literal format is permitted in email addresses. The option is not set by default, because the domain literal format is not normally required these days, and few people know about it. It has, however, been exploited by mail abusers.

Unfortunately, it seems that some DNS black list maintainers are using this format to report black listing to postmasters. If you want to accept messages addressed to your hosts by IP address, you need to set allow_domain_literals true, and also to add @[] to the list of local domains (defined in the named domain list local_domains in the default configuration). This ``magic string'' matches the domain literal form of all the local host's IP addresses.

allow_mx_to_ip

Type:  boolean
Default:  false

It appears that more and more DNS zone administrators are breaking the rules and putting domain names that look like IP addresses on the right hand side of MX records. Exim follows the rules and rejects this, giving an error message that explains the mis-configuration. However, some other MTAs support this practice, so to avoid ``Why can''t Exim do this?' complaints, allow_mx_to_ip exists, in order to enable this heinous activity. It is not recommended, except when you have no other choice.

auth_advertise_hosts

Type:  host list, expanded
Default:  *

If any server authentication mechanisms are configured, Exim advertises them in response to an EHLO command only if the calling host matches this list. Otherwise, Exim does not advertise AUTH, though it is always prepared to accept it.

Certain mail clients (for example, Netscape) require the user to provide a name and password for authentication if AUTH is advertised, even though it may not be needed (the host may accept messages from hosts on its local LAN without authentication, for example). The auth_advertise_hosts option can be used to make these clients more friendly by excluding them from the set of hosts to which Exim advertises AUTH.

If you want to advertise the availability of AUTH only when the the connection is encrypted using TLS, you can make use of the fact that the value of this option is expanded, with a setting like this: 

  auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

If $tls_cipher is empty, the session is not encrypted, and the result of the expansion is empty, thus matching no hosts. Otherwise, the result of the expansion is *, which matches all hosts.

auto_thaw

Type:  time
Default:  0s

If this option is set to a time greater than zero, a queue runner will try a new delivery attempt on any frozen message if this much time has passed since it was frozen. This may result in the message being re-frozen if nothing has changed since the last attempt. It is a way of saying ``keep on trying, even though there are big problems''. See also timeout_frozen_after and ignore_bounce_errors_after.

bi_command

Type:  string
Default:  unset

This option supplies the name of a command that is run when Exim is called with the -bi option (see chapter 5). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the -oA command line option.

bounce_message_file

Type:  string
Default:  unset

This option defines a template file containing paragraphs of text to be used for constructing bounce messages. Details of the file's contents are given in chapter 40. See also warn_message_file.

bounce_message_text

Type:  string
Default:  unset

When this option is set, its contents are included in the default bounce message immediately after ``This message was created automatically by mail delivery software.'' It is not used if bounce_message_file is set.

bounce_return_message

Type:  boolean
Default:  true

If this option is set false, the original message is not included in bounce messages generated by Exim. See also return_size_limit.

bounce_sender_authentication

Type:  string
Default:  unset

This option provides an authenticated sender address that is sent with any bounce messages generated by Exim that are sent over an authenticated SMTP connection. A typical setting might be: 

  bounce_sender_authentication = mailer-daemon@my.domain.example

which would cause bounce messages to be sent using the SMTP command: 

  MAIL FROM:<> AUTH=mailer-daemon@my.domain.example

The value of bounce_sender_authentication must always be a complete email address.

check_log_inodes

Type:  integer
Default:  0

See check_spool_space below.

check_log_space

Type:  integer
Default:  0

See check_spool_space below.

check_spool_inodes

Type:  integer
Default:  0

See check_spool_space below.

check_spool_space

Type:  integer
Default:  0

The four check_... options allow for checking of disc resources before a message is accepted: check_spool_space and check_spool_inodes check the spool partition if either value is greater than zero, for example: 

  check_spool_space = 10M
  check_spool_inodes = 100

The spool partition is the one which contains the directory defined by SPOOL_DIRECTORY in Local/Makefile. It is used for holding messages in transit.

check_log_space and check_log_ Exim 4.10 Specification Concepts

Concepts

 A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X

$header_
$value  [2]  [3]
*@
+caseful
+defer_unknown
+exclude_unknown
+include_unknown  [2]
/dev/null
8-bit characters  [2]  [3]
8BITMIME
@ in a domain list
@ in a host list
@[] in a domain list
@[] in a host list
@mx_any
@mx_primary
@mx_secondary

A
abandoning mail  [2]
accept router
ACL: condition processing
ACL: conditions, definition of
ACL: description
ACL: format
ACL: indirect
ACL: modifier processing
ACL: modifiers, definition of
ACL: nested
ACL: options for specifying
ACL: relay control
ACL: setting up for SMTP commands
ACL: specifying
ACL: unset
ACL: verbs, definition of
ACL: verifying header syntax
ACL: verifying HELO/EHLO
ACL: verifying host reverse lookup
ACL: verifying recipient
ACL: verifying sender  [2]
adding drivers
additional groups  [2]
address list: case forcing
address list: empty item
address list: in a rewriting pattern
address list: patterns
address rewriting
address: constructed
address: copying routing  [2]
address: duplicated
address: qualification
address: rewriting  [2]
address: sender
address: source-routed
address: testing  [2]
address: verification
admin user  [2]  [3]  [4]  [5]  [6]  [7]  [8]
admin user, definition of
alias file: backslash in
alias file: broken
alias file: building  [2]
alias file: exception to default
alias file: in a redirect router
alias file: one-time expansion
alias file: ownership
alias file: per-domain default
alias for host
alternate configuration file
``and'' expansion condition
angle brackets, excess
appendfile transport
appending to a file
architecture type
asterisk after IP address
Athena
AUTH: ACL for
AUTH: advertising
AUTH: advertising when encrypted
AUTH: argument
AUTH: configuration  [2]
AUTH: how it works
AUTH: in plaintext authenticator
AUTH: logging
AUTH: on bounce message
AUTH: on MAIL Exim 4.20 Specification chapter 11 Previous   Next   Contents       (Exim 4.20 Specification)

11. String expansions

Many strings in Exim's run time configuration are expanded before use. Some of them are expanded every time they are used; others are expanded only once.

When a string is being expanded it is copied verbatim from left to right except when a dollar or backslash character is encountered. A dollar specifies the start of a portion of the string which is interpreted and replaced as described below in section 11.4 onwards. Backslash is used as an escape character, as described in the following section.

11.1. Literal text in expanded strings

An uninterpreted dollar can be included in an expanded string by putting a backslash in front of it. A backslash can be used to prevent any special character being treated specially in an expansion, including itself. If the string appears in quotes in the configuration file, two backslashes are required because the quotes themselves cause interpretation of backslashes when the string is read in (see section 6.12).

A portion of the string can specified as non-expandable by placing it between two occurrences of \N. This is particularly useful for protecting regular expressions, which often contain backslashes and dollar signs. For example: 

  deny senders = \N^\d{8}[a-z]@some\.site\.example$\N

On encountering the first \N, the expander copies subsequent characters without interpretation until it reaches the next \N or the end of the string.

11.2. Character escape sequences in expanded strings

A backslash followed by one of the letters ``n'', ``r'', or ``t'' in an expanded string is recognized as an escape sequence for the character newline, carriage return, or tab, respectively. A backslash followed by up to three octal digits is recognized as an octal encoding for a single character, and a backslash followed by ``x'' and up to two hexadecimal digits is a hexadecimal encoding.

These escape sequences are also recognized in quoted strings when they are read in. Their interpretation in expansions as well is useful for unquoted strings, and for other cases such as looked-up strings that are then expanded.

11.3. Testing string expansions

Many expansions can be tested by calling Exim with the -be option. This takes the command arguments, or lines from the standard input if there are no arguments, runs them through the string expansion code, and writes the results to the standard output. Variables based on configuration values are set up, but since no message is being processed, variables such as $local_part have no value. Nevertheless the -be option can be useful for checking out file and database lookups, and the use of expansion operators such as sg, substr and nhash.

Exim gives up its root privilege when it is called with the -be option, and instead runs under the uid and gid it was called with, to prevent users from using -be for reading files to which they do not have access.

11.4. Expansion items

The following items are recognized in expanded strings. White space may be used between sub-items that are keywords or substrings enclosed in braces inside an outer set of braces, to improve readability. Warning: Within braces, white space is significant.

$<variable name> or ${<variable name>}

Substitute the contents of the named variable, for example 

  $local_part
  ${domain}

The second form can be used to separate the name from subsequent alphanumeric characters. This form (using curly brackets) is available only for variables; it does not apply to message headers. The names of the variables are given in section 11.8 below. If the name of a non-existent variable is given, the expansion fails.

${<op>:<string>}

The string is first itself expanded, and then the operation specified by <op> is applied to it. For example, 

  ${lc:$local_part}

The string starts with the first character after the colon, which may be leading white space. A list of operators is given in section 11.5 below. The operator notation is used for simple expansion items that have just one argument, because it reduces the number of braces and therefore makes the string easier to understand.

${extract{<key>}{<string1>}{<string2>}{<string3>}}

The key and <string1> are first expanded separately. The key must not consist entirely of digits. The expanded <string1> must be of the form:

  <key1> = <value1> <key2> = <value2> ...

where the equals signs and spaces (but not both) are optional. If any of the values contain white space, they must be enclosed in double quotes, and any values that are enclosed in double quotes are subject to escape processing as described in section 6.12. The expanded <string1> is searched for the value that corresponds to the key. The search is case-insensitive. If the key is found, <string2> is expanded, and replaces the whole item; otherwise <string3> is used. During the expansion of <string2> the variable $value contains the value that has been extracted. Afterwards, it is restored to any previous value it might have had.

If {<string3>} is omitted, the item is replaced by an empty string if the key is not found. If {<string2>} is also omitted, the value that was extracted is used. Thus, for example, these two expansions are identical, and yield ``2001'':

  ${extract{gid}{uid=1984 gid=2001}}
  ${extract{gid}{uid=1984 gid=2001}{$value}}

Instead of {<string3>} the word ``fail'' (not in curly brackets) can appear, for example:

  ${extract{Z}{A=... B=...}{$value} fail }

{<string2>} must be present for ``fail'' to be recognized. When this syntax is used, if the extraction fails, the entire string expansion fails in a way that can be detected by the code in Exim which requested the expansion. This is called ``forced expansion failure'', and its consequences depend on the circumstances. In some cases it is no different from any other expansion failure, but in others a different action may be taken. Such variations are mentioned in the documentation of the option which is expanded.

${extract{<number>}{<separators>}{<string1>}{<string2>}{<string3>}}

The <number> argument must consist entirely of decimal digits. This is what distinguishes this form of extract from the previous kind. It behaves in the same way, except that, instead of extracting a named field, it extracts from <string1> the field whose number is given as the first argument. You can use $value in <string2> or fail instead of <string3> as before.

The first field is numbered one. If the number is negative, the fields are counted from the end of the string, with the rightmost one numbered -1. If the number given is zero, the entire string is returned. If the modulus of the number is greater than the number of fields in the string, the result is the expansion of <string3>, or the empty string if <string3> is not provided. The fields in the string are separated by any one of the characters in the separator string. For example: 

  ${extract{2}{:}{x:42:99:& Mailer::/bin/bash}}

yields ``42'', and 

  ${extract{-4}{:}{x:42:99:& Mailer::/bin/bash}}

yields ``99''. Two successive separators mean that the field between them is empty (for example, the fifth field above).

${hash{<string1>}{<string2>}{<string3>}}

This is a textual hashing function, and was the first to be implemented in early versions of Exim. In current releases, there are other hashing functions (numeric, MD5, and SHA-1), which are described below.

The first two strings, after expansion, must be numbers. Call them <m> and <n>. If you are using fixed values for these numbers, that is, if <string1> and <string2> do not change when they are expanded, you can use the simpler operator notation that avoids some of the braces:

  ${hash_<n>_<m>:<string>}

The second number is optional (in both notations).

If <n> is greater than or equal to the length of the string, the expansion item returns the string. Otherwise it computes a new string of length <n> by applying a hashing function to the string. The new string consists of characters taken from the first <m> characters of the string 

  abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQWRSTUVWXYZ0123456789

If <m> is not present the value 26 is used, so that only lower case letters appear. For example:

  ${hash{3}{monty}} yields jmg
  ${hash{5}{monty}} yields monty
  ${hash{4}{62}{monty python}} yields fbWx

$header_<header name>: or $h_<header name>:
$rheader_<header name>: or $rh_<header name>:

Substitute the contents of the named message header line, for example 

  $header_reply-to:

The newline that terminates a header line is not included in the expansion, but internal newlines (caused by splitting the header line over several physical lines) may be present. The difference between header and rheader is that the latter inserts the ``raw'' contents of header lines without the removal of leading and trailing whitespace.

Header names follow the syntax of RFC 2822, which states that they may contain any printing characters except space and colon. Consequently, curly brackets do not terminate header names, and should not be used to enclose them as if they were variables. Attempting to do so causes a syntax error.

Only header lines that are common to all copies of a message are visible to this mechanism. These are the original header lines that are received with the message, and any that are added by an ACL warn statement or by a system filter. Header lines that are added to a particular copy of a message by a router or transport are not accessible.

For incoming SMTP messages, no header lines are visible in ACLs that are obeyed before the DATA ACL, because the header structure is not set up until the message is received. Header lines that are added by warn statements in a RCPT ACL (for example) are saved until the message's incoming header lines are available, at which point they are added. When a DATA ACL is running, however, header lines added by earlier ACLs are visible.

Upper case and lower case letters are synonymous in header names. If the following character is white space, the terminating colon may be omitted, but this is not recommended, because you may then forget it when it is needed. When white space terminates the header name, it is included in the expanded string. If the message does not contain the given header, the expansion item is replaced by an empty string. (See the def condition in section 11.6 for a means of testing for the existence of a header.)

If there is more than one header with the same name, they are all concatenated to form the substitution string, up to a maximum length of 64K. A newline character is inserted between each line. For the header expansion, for those headers that contain lists of addresses, a comma is also inserted at the junctions between lines. This does not happen for the rheader expansion.

${hmac{<hashname>}{<secret>}{<string>}}

This function uses cryptographic hashing (either MD5 or SHA-1) to convert a shared secret and some text into a message authentication code, as specified in RFC 2104. You could produce a similar effect using ${md5:secret_text...}, but allegedly HMAC provides better defence against deducing the secret.

The hash name must expand to either md5 or sha1 at present. For example: 

  ${hmac{md5}{somesecret}{$primary_hostname $tod_log}}

For the hostname mail.example.com and time 2002-10-17 11:30:59, this produces: 

  dd97e3ba5d1a61b5006108f8c8252953

As an example of how this might be used, you might put in the main part of an Exim configuration: 

  SPAMSCAN_SECRET=cohgheeLei2thahw

In a router or a transport you could then have: 

  headers_add = \
    X-Spam-Scanned: ${primary_hostname} ${message_id} \
    ${hmac{md5}{SPAMSCAN_SECRET}\
    {${primary_hostname},${message_id},$h_message-id:}}

Then given a message, you can check where it was scanned by looking at the X-Spam-Scanned: header line. If you know the secret, you can check that this header line is authentic by recomputing the authentication code from the host name, message ID and the Message-id: header line. This can be done using Exim's -be option, or by other means, for example by using the hmac_md5_hex() function in Perl.

${if <condition> {<string1>}{<string2>}}

If <condition> is true, <string1> is expanded and replaces the whole item; otherwise <string2> is used. For example, 

  ${if eq {$local_part}{postmaster} {yes}{no} }

The second string need not be present; if it is not and the condition is not true, the item is replaced with nothing. Alternatively, the word ``fail'' may be present instead of the second string (without any curly brackets). In this case, the expansion is forced to fail if the condition is not true. The available conditions are described in section 11.6 below.

${length{<string1>}{<string2>}}

The length item is used to extract the initial portion of a string. Both strings are expanded, and the first one must yield a number, <n>, say. If you are using a fixed value for the number, that is, if <string1> does not change when expanded, you can use the simpler operator notation that avoids some of the braces:

  ${length_<n>:<string>}

The result of this item is either the first <n> characters or the whole of <string2>, whichever is the shorter. Do not confuse length with strlen, which gives the length of a string.

${lookup{<key>} <search type> {<file>} {<string1>} {<string2>}}
${lookup <search type> {<query>} {<string1>} {<string2>}}

These items specify data lookups in files and databases, as discussed in chapter 9. The first form is used for single-key lookups, and the second is used for query-style lookups. The <key>, <file>, and <query> strings are expanded before use.

If there is any white space in a lookup item which is part of a filter command, a retry or rewrite rule, a routing rule for the manualroute router, or any other place where white space is significant, the lookup item must be enclosed in double quotes. The use of data lookups in users' filter files may be locked out by the system administrator.

If the lookup succeeds, <string1> is expanded and replaces the entire item. During its expansion, the variable $value contains the data returned by the lookup. Afterwards it reverts to the value it had previously (at the outer level it is empty). If the lookup fails, <string2> is expanded and replaces the entire item. If {<string2>} is omitted, the replacement is null on failure. Alternatively, <string2> can itself be a nested lookup, thus providing a mechanism for looking up a default value when the original lookup fails.

If a nested lookup is used as part of <string1>, $value contains the data for the outer lookup while the parameters of the second lookup are expanded, and also while <string2> of the second lookup is expanded, should the second lookup fail.

Instead of {<string2>} the word ``fail'' can appear, and in this case, if the lookup fails, the entire expansion is forced to fail. If both {<string1>} and {<string2>} are omitted, the result is the looked up value in the case of a successful lookup, and nothing in the case of failure.

For single-key lookups, the string ``partial'' is permitted to precede the search type in order to do partial matching, and * or *@ may follow a search type to request default lookups if the key does not match (see sections 9.5 and 9.6 for details).

If a partial search is used, the variables $1 and $2 contain the wild and non-wild parts of the key during the expansion of the replacement text. They return to their previous values at the end of the lookup item.

This example looks up the postmaster alias in the conventional alias file: 

  ${lookup {postmaster} lsearch {/etc/aliases} {$value}}

This example uses NIS+ to look up the full name of the user corresponding to the local part of an address, forcing the expansion to fail if it is not found: 

  ${lookup nisplus {[name=$local_part],passwd.org_dir:gcos} \
    {$value}fail}

${nhash}{<string1>}{<string2>}{<string3>}}

The three strings are expanded; the first two must yield numbers. Call them <n> and <m>. If you are using fixed values for these numbers, that is, if <string1> and <string2> do not change when they are expanded, you can use the simpler operator notation that avoids some of the braces:

  ${nhash_<n>_<m>:<string>}

The second number is optional (in both notations). If there is only one number, the result is a number in the range 0--<n>-1. Otherwise, the