The first part of the run time configuration file contains three types of item:
Macro definitions: These lines start with an upper case letter. See section 6.4 for details of macro processing.
Named list definitions: These lines start with one of the words ``domainlist'', ``hostlist'', ``addresslist'', or ``localpartlist''. Their use is described in section 10.5.
Main configuration settings: Each setting occupies one line of the file (including possible continuations). If any setting is preceded by the word ``hide'', the -bP option displays its value to admin users only (see section 6.5).
This chapter lists all the main configuration options, along with their types and default values, in alphabetical order.
This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.
This option defines the ACL that is run when an SMTP AUTH command is received. See chapter 37 for further details.
This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgement is sent. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP ETRN command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP EXPN command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP RCPT command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP VRFY command is received. See chapter 37 for further details.
If the current group or any of the supplementary groups of the caller is in this colon-separated list, the caller has admin privileges. If all your system programmers are in a specific group, for example, you can give them all Exim admin privileges by putting that group in admin_groups. However, this does not permit them to read Exim's spool files (whose group owner is the Exim gid). To permit this, you have to add individuals to the Exim group.
If this option is set, the RFC 2822 domain literal format is permitted in email addresses. The option is not set by default, because the domain literal format is not normally required these days, and few people know about it. It has, however, been exploited by mail abusers.
Unfortunately, it seems that some DNS black list maintainers are using this format to report black listing to postmasters. If you want to accept messages addressed to your hosts by IP address, you need to set allow_domain_literals true, and also to add @[] to the list of local domains (defined in the named domain list local_domains in the default configuration). This ``magic string'' matches the domain literal form of all the local host's IP addresses.
It appears that more and more DNS zone administrators are breaking the rules and putting domain names that look like IP addresses on the right hand side of MX records. Exim follows the rules and rejects this, giving an error message that explains the mis-configuration. However, some other MTAs support this practice, so to avoid ``Why can''t Exim do this?' complaints, allow_mx_to_ip exists, in order to enable this heinous activity. It is not recommended, except when you have no other choice.
If any server authentication mechanisms are configured, Exim advertises them in response to an EHLO command only if the calling host matches this list. Otherwise, Exim does not advertise AUTH, though it is always prepared to accept it.
Certain mail clients (for example, Netscape) require the user to provide a name and password for authentication if AUTH is advertised, even though it may not be needed (the host may accept messages from hosts on its local LAN without authentication, for example). The auth_advertise_hosts option can be used to make these clients more friendly by excluding them from the set of hosts to which Exim advertises AUTH.
If you want to advertise the availability of AUTH only when the the
connection is encrypted using TLS, you can make use of the fact that the value
of this option is expanded, with a setting like this:
auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}
If $tls_cipher is empty, the session is not encrypted, and the result of the expansion is empty, thus matching no hosts. Otherwise, the result of the expansion is *, which matches all hosts.
If this option is set to a time greater than zero, a queue runner will try a new delivery attempt on any frozen message if this much time has passed since it was frozen. This may result in the message being re-frozen if nothing has changed since the last attempt. It is a way of saying ``keep on trying, even though there are big problems''. See also timeout_frozen_after and ignore_bounce_errors_after.
This option supplies the name of a command that is run when Exim is called with the -bi option (see chapter 5). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the -oA command line option.
This option defines a template file containing paragraphs of text to be used for constructing bounce messages. Details of the file's contents are given in chapter 40. See also warn_message_file.
When this option is set, its contents are included in the default bounce message immediately after ``This message was created automatically by mail delivery software.'' It is not used if bounce_message_file is set.
If this option is set false, the original message is not included in bounce messages generated by Exim. See also return_size_limit.
This option provides an authenticated sender address that is sent with any bounce messages generated by Exim that are sent over an authenticated SMTP connection. A typical setting might be:
bounce_sender_authentication = mailer-daemon@my.domain.example
which would cause bounce messages to be sent using the SMTP command:
MAIL FROM:<> AUTH=mailer-daemon@my.domain.example
The value of bounce_sender_authentication must always be a complete email address.
See check_spool_space below.
See check_spool_space below.
See check_spool_space below.
The four check_... options allow for checking of disc resources before a message is accepted: check_spool_space and check_spool_inodes check the spool partition if either value is greater than zero, for example:
check_spool_space = 10M check_spool_inodes = 100
The spool partition is the one which contains the directory defined by SPOOL_DIRECTORY in Local/Makefile. It is used for holding messages in transit.
check_log_space and check_log_
Concepts
A B C D E F G H I J K L M N O P Q R S T U V W X
$header_
Many strings in Exim's run time configuration are expanded before use. Some of
them are expanded every time they are used; others are expanded only once.
When a string is being expanded it is copied verbatim from left to right except
when a dollar or backslash character is encountered. A dollar specifies the
start of a portion of the string which is interpreted and replaced as described
below in section 11.4 onwards. Backslash is used as an escape
character, as described in the following section.
An uninterpreted dollar can be included in an expanded string by putting a
backslash in front of it. A backslash can be used to prevent any special
character being treated specially in an expansion, including itself. If the
string appears in quotes in the configuration file, two backslashes are
required because the quotes themselves cause interpretation of backslashes when
the string is read in (see section 6.12).
A portion of the string can specified as non-expandable by placing it between
two occurrences of \N. This is particularly useful for protecting regular
expressions, which often contain backslashes and dollar signs. For example:
$value [2] [3]
*@
+caseful
+defer_unknown
+exclude_unknown
+include_unknown [2]
/dev/null
8-bit characters [2] [3]
8BITMIME
@ in a domain list
@ in a host list
@[] in a domain list
@[] in a host list
@mx_any
@mx_primary
@mx_secondary
A
abandoning mail [2]
accept router
ACL: condition processing
ACL: conditions, definition of
ACL: description
ACL: format
ACL: indirect
ACL: modifier processing
ACL: modifiers, definition of
ACL: nested
ACL: options for specifying
ACL: relay control
ACL: setting up for SMTP commands
ACL: specifying
ACL: unset
ACL: verbs, definition of
ACL: verifying header syntax
ACL: verifying HELO/EHLO
ACL: verifying host reverse lookup
ACL: verifying recipient
ACL: verifying sender [2]
adding drivers
additional groups [2]
address list: case forcing
address list: empty item
address list: in a rewriting pattern
address list: patterns
address rewriting
address: constructed
address: copying routing [2]
address: duplicated
address: qualification
address: rewriting [2]
address: sender
address: source-routed
address: testing [2]
address: verification
admin user [2] [3] [4] [5] [6] [7] [8]
admin user, definition of
alias file: backslash in
alias file: broken
alias file: building [2]
alias file: exception to default
alias file: in a redirect router
alias file: one-time expansion
alias file: ownership
alias file: per-domain default
alias for host
alternate configuration file
``and'' expansion condition
angle brackets, excess
appendfile transport
appending to a file
architecture type
asterisk after IP address
Athena
AUTH: ACL for
AUTH: advertising
AUTH: advertising when encrypted
AUTH: argument
AUTH: configuration [2]
AUTH: how it works
AUTH: in plaintext authenticator
AUTH: logging
AUTH: on bounce message
AUTH: on MAIL
11. String expansions
11.1. Literal text in expanded strings
deny senders = \N^\d{8}[a-z]@some\.site\.example$\N
On encountering the first \N, the expander copies subsequent characters without interpretation until it reaches the next \N or the end of the string.
A backslash followed by one of the letters ``n'', ``r'', or ``t'' in an expanded string is recognized as an escape sequence for the character newline, carriage return, or tab, respectively. A backslash followed by up to three octal digits is recognized as an octal encoding for a single character, and a backslash followed by ``x'' and up to two hexadecimal digits is a hexadecimal encoding.
These escape sequences are also recognized in quoted strings when they are read in. Their interpretation in expansions as well is useful for unquoted strings, and for other cases such as looked-up strings that are then expanded.
The first part of the run time configuration file contains three types of item:
Macro definitions: These lines start with an upper case letter. See section 6.4 for details of macro processing.
Named list definitions: These lines start with one of the words ``domainlist'', ``hostlist'', ``addresslist'', or ``localpartlist''. Their use is described in section 10.5.
Main configuration settings: Each setting occupies one line of the file (with possible continuations). If any setting is preceded by the word ``hide'', the -bP command line option displays its value to admin users only. See section 6.6 for a description of the syntax of these option settings.
This chapter specifies all the main configuration options, along with their types and default values. For ease of finding a particular option, they appear in alphabetical order in section 13.22 below. However, because there are now so many options, they are first listed briefly in functional groups, as an aid to finding the name of the option you are looking for.
| bi_command | to run for -bi command line option |
| keep_malformed | for broken files - should not happen |
| localhost_number | for unique message ids in clusters |
| message_logs | keep per-message logs |
| message_body_visible | how much to show in $message_body |
| print_topbitchars | top-bit characters are printing |
| split_spool_directory | use multiple directories |
| timezone | force time zone |
| exim_group | override compiled-in value |
| exim_path | override compiled-in value |
| exim_user | override compiled-in value |
| primary_hostname | default from uname() |
| spool_directory | override compiled-in value |
| admin_groups | groups that are Exim admin users |
| deliver_drop_privilege | drop root for delivery processes |
| local_from_check | insert Sender: if necessary |
| local_from_prefix | for testing From: for local sender |
| local_from_suffix | for testing From: for local sender |
| never_users | do not run deliveries as these |
| prod_requires_admin | forced delivery requires admin user |
| queue_list_requires_admin | queue listing requires admin user |
| trusted_groups | groups that are trusted |
| trusted_users | users that are trusted |
| log_file_path | override compiled-in value |
| log_selector | set/unset optional logging |
| log_timezone | add timezone to log lines |
| preserve_message_logs | in another directory |
| syslog_facility | set syslog ``facility'' field |
| syslog_processname | set syslog ``ident'' field |
| syslog_timestamp | timestamp syslog lines |
| auto_thaw | sets time for retrying frozen messages |
| freeze_tell | send message when freezing |
| move_frozen_messages | to another directory |
| timeout_frozen_after | keep frozen messages only so long |
| ldap_default_servers | used if no server in query |
| ldap_version | set protocol version |
| lookup_open_max | lookup files held open |
| mysql_servers | as it says |
| oracle_servers | as it says |
| pgsql_servers | as it says |
| message_id_header_domain | used to build Message-ID: header |
| message_id_header_text | ditto |
| perl_at_start | always start the interpreter |
| perl_startup | code to obey when starting Perl |
| daemon_smtp_port | default port |
| local_interfaces | on which to listen, with optional ports |
| pid_file_path | override compiled-in value |
| check_log_inodes | before accepting a message |
| check_log_space | before accepting a message |
| check_spool_inodes | before accepting a message |
| check_spool_space | before accepting a message |
| deliver_queue_load_max | no queue deliveries if load high |
| smtp_load_reserve | SMTP from reserved hosts if load high |
| queue_only_load | queue incoming if load high |
| acl_not_smtp | set ACL for non-SMTP messages |
| acl_smtp_auth | set ACL for AUTH |
| acl_smtp_connect | set ACL for connection |
| acl_smtp_data | set ACL for DATA |
| acl_smtp_etrn | set ACL for ETRN |
| acl_smtp_expn | set ACL for EXPN |
| acl_smtp_helo | set ACL for EHLO or HELO |
| acl_smtp_mail | set ACL for MAIL |
| acl_smtp_rcpt | set ACL for RCPT |
| acl_smtp_starttls | set ACL for STARTTLS |
| acl_smtp_vrfy | set ACL for VRFY |
| header_maxsize | total size of message header |
| header_line_maxsize | individual header line limit |
| helo_verify_hosts | HELO checked for these hosts |
| host_lookup | host name looked up for these hosts |
| host_reject_connection | reject connection from these hosts |
| hosts_treat_as_local | useful in some cluster configurations |
| local_scan_timeout | timeout for local_scan() |
| message_size_limit | for all messages |
| percent_hack_domains | recognize %-hack for these domains |
| callout_domain_negative_expire | timeout for negative domain cache item |
| callout_domain_positive_expire | timeout for positive domain cache item |
| callout_negative_expire | timeout for negative address cache item |
| callout_positive_expire | timeout for positive address cache item |
| callout_random_local_part | string to use for ``random'' testing |
| tls_advertise_hosts | advertise TLS to these hosts |
| tls_certificate | location of server certificate |
| tls_dhparam | DH parameters for server |
| tls_privatekey | location of server private key |
| tls_try_verify_hosts | try to verify client certificate |
| tle_verify_certificates | expected client certificates |
| tls_verify_hosts | insist on client certificate verify |
| finduser_retries | useful in NIS environments |
| gecos_name | used when creating Sender: |
| gecos_pattern | ditto |
| max_username_length | for systems that truncate |
| unknown_login | used when no login name found |
| unknown_username | ditto |
| uucp_from_pattern | for recognizing ``From '' lines |
| uucp_from_sender | ditto |
| header_maxsize | total size of message header |
| header_line_maxsize | individual header line limit |
| percent_hack_domains | recognize %-hack for these domains |
| receive_timeout | for non-SMTP messages |
| received_header_text | expanded to make Received: |
| received_headers_max | for mail loop detection |
| recipient_unqualified_hosts | may send unqualified recipients |
| recipients_max | limit per message |
| recipients_max_reject | permantely reject excess |
| rfc1413_hosts | make ident calls to these hosts |
| rfc1413_query_timeout | zero disables ident calls |
| sender_unqualified_hosts | may send unqualified senders |
| smtp_accept_keepalive | some TCP/IP magic |
| smtp_accept_max | simultaneous incoming connections |
| smtp_accept_max_nommail | non-mail commands |
| smtp_accept_max_nonmail_hosts | hosts to which the limit applies |
| smtp_accept_max_per_connection | messages per connection |
| smtp_accept_max_per_host | connections from one host |
| smtp_accept_queue | queue mail if more connections |
| smtp_accept_queue_per_connection | queue if more messages per connection |
| smtp_accept_reserve | only reserve hosts if more connections |
| smtp_banner | text for welcome banner |
| smtp_check_spool_space | from SIZE on MAIL command |
| smtp_connect_backlog | passed to TCP/IP stack |
| smtp_enforce_sync | of SMTP command/responses |
| smtp_etrn_command | what to run for ETRN |
| smtp_etrn_serialize | only one at once |
| smtp_load_reserve | only reserve hosts if this load |
| smtp_max_unknown_commands | before dropping connection |
| smtp_ratelimit_hosts | apply ratelimiting to these hosts |
| smtp_ratelimit_mail | ratelimit for MAIL commands |
| smtp_ratelimit_rcpt | ratelimit for RCPT commands |
| smtp_receive_timeout | per command or data line |
| smtp_reserve_hosts | these are the reserve hosts |
| smtp_return_error_details | give detail on rejections |
| accept_8bitmime | advertise 8BITMIME |
| auth_advertise_hosts | advertise AUTH to these hosts |
| ignore_fromline_hosts | allow ``From '' from these hosts |
| ignore_fromline_local | allow ``From '' from local SMTP |
| pipelining_advertise_hosts | advertise pipelining to these hosts |
| tls_advertise_hosts | advertise TLS to these hosts |
| allow_domain_literals | recognize domain literal syntax |
| allow_mx_to_ip | allow MX to point to IP address |
| allow_utf8_domains | in addresses |
| delivery_date_remove | from incoming messages |
| drop_cr | from local incoming messages |
| envelope_to_remote | from incoming messages |
| extract_addresses_remove_arguments | affects -t processing |
| qualify_domain | default for senders |
| qualify_recipient | default for recipients |
| return_path_remove | from incoming messages |
| strip_excess_angle_brackets | in addresses |
| strip_trailing_dot | at end of addresses |
| untrusted_set_sender | untrusted can set envelope sender |
| system_filter | locate system filter |
| system_filter_directory_transport | transport for delivery to a directory |
| system_filter_file_transport | transport for delivery to a file |
| system_filter_group | group for filter running |
| system_filter_pipe_transport | transport for delivery to a pipe |
| system_filter_reply_transport | transport for autoreply delivery |
| system_filter_user | user for filter running |
| dns_again_means_nonexist | for broken domains |
| dns_check_names_pattern | pre-DNS syntax check |
| dns_ipv4_lookup | only v4 lookup for these domains |
| dns_retrans | parameter for resolver |
| dns_retry | parameter for resolver |
| hold_domains | hold delivery for these domains |
| local_interfaces | for routing checks |
| queue_domains | no immediate delivery for these |
| queue_only | no immediate delivery at all |
| queue_only_file | no immediate deliveryif file exists |
| que |