The first part of the run time configuration file contains three types of item:
Macro definitions: These lines start with an upper case letter. See section 6.4 for details of macro processing.
Named list definitions: These lines start with one of the words ``domainlist'', ``hostlist'', ``addresslist'', or ``localpartlist''. Their use is described in section 10.5.
Main configuration settings: Each setting occupies one line of the file (including possible continuations). If any setting is preceded by the word ``hide'', the -bP option displays its value to admin users only (see section 6.5).
This chapter lists all the main configuration options, along with their types and default values, in alphabetical order.
This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.
This option defines the ACL that is run when an SMTP AUTH command is received. See chapter 37 for further details.
This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgement is sent. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP ETRN command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP EXPN command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP RCPT command is received. See chapter 37 for further details.
This option defines the ACL that is run when an SMTP VRFY command is received. See chapter 37 for further details.
If the current group or any of the supplementary groups of the caller is in this colon-separated list, the caller has admin privileges. If all your system programmers are in a specific group, for example, you can give them all Exim admin privileges by putting that group in admin_groups. However, this does not permit them to read Exim's spool files (whose group owner is the Exim gid). To permit this, you have to add individuals to the Exim group.
Exim's command line takes the standard Unix form of a sequence of options, each starting with a hyphen character, followed by a number of arguments. The options are compatible with the main options of Sendmail, and there are also some additional options, some of which are compatible with Smail 3. Certain combinations of options do not make sense, and provoke an error if used. The form of the arguments depends on which options are set.
If Exim is called under the name mailq, it behaves as if the option -bp were present before any other options. The -bp option requests a listing of the contents of the mail queue on the standard output. This feature is for compatibility with some systems that contain a command of that name in one of the standard libraries, symbolically linked to /usr/sbin/sendmail or /usr/lib/sendmail.
If Exim is called under the name rsmtp it behaves as if the option -bS were present before any other options, for compatibility with Smail. The -bS option is used for reading in a number of messages in batched SMTP format.
If Exim is called under the name rmail it behaves as if the -i and -oee options were present before any other options, for compatibility with Smail. The name rmail is used as an interface by some UUCP systems.
If Exim is called under the name runq it behaves as if the option -q were present before any other options, for compatibility with Smail. The -q option causes a single queue runner process to be started.
If Exim is called under the name newaliases it behaves as if the option -bi were present before any other options, for compatibility with Sendmail. This option is used for rebuilding Sendmail's alias file. Exim does not have the concept of a single alias file, but can be configured to run a given command if called with the -bi option.
Some Exim options are available only to trusted users and others are available only to admin users. In the description below, the phrases ``Exim user'' and ``Exim group'' mean the user and group defined by EXIM_USER and EXIM_GROUP in Local/Makefile or set by the exim_user and exim_group options. These do not necessarily have to use the name ``exim''.
The trusted users are root, the Exim user, any user listed in the trusted_users configuration option, and any user whose current group or any supplementary group is one of those listed in the trusted_groups configuration option. Note that the Exim group is not automatically trusted.
Trusted users are always permitted to use the -f option or a leading ``From '' line to specify the envelope sender of a message that is passed to Exim through the local interface (see the -bm and -f options below). See the untrusted_set_sender option for a way of permitting non-trusted users to set envelope senders. For a trusted user, there is never any check on the contents of the From: header line, and a Sender: line is never added. Furthermore, any existing Sender: line in incoming local (non-TCP/IP) messages is not removed.
Trusted users may also specify a host name, host address, interface address, protocol name, ident value, and authentication data when submitting a message locally. Thus, they are able to insert messages into Exim's queue locally that have the characteristics of messages received from a remote host. Untrusted users may in some circumstances use -f, but can never set the other values that are available to trusted users.
The admin users are root, the Exim user, and any user that is a member of the Exim group or of any group listed in the admin_groups configuration option. The current group does not have to be one of these groups.
Admin users are permitted to list the queue, and to carry out certain operations on messages, for example, to force delivery failures. It is also necessary to be an admin user in order to see the full information provided by the Exim monitor, and full debugging output.
By default, the use of the -M, -q, -R, and -S options to cause Exim to attempt delivery of messages on its queue is restricted to admin users. However, this restriction can be relaxed by setting the prod_requires_admin option false (that is, specifying no_prod_requires_admin).
Similarly, the use of the -bp option to list all the messages in the queue is restricted to admin users unless queue_list_requires_admin is set false.
Warning: If you configure your system so that admin users are able to edit Exim's configuration file, you are giving those users an easy way of getting root. There is further discussion of this issue at the start of chapter 6.
The command options are described in alphabetical order below.
This is a pseudo-option whose only purpose is to terminate the options and therefore to cause subsequent command line items to be treated as arguments rather than options, even if they begin with hyphens.
This option causes Exim to output a few sentences stating what it is. The same output is generated if the Exim binary is called with no options and no arguments.
This is a Sendmail option for selecting 7 or 8 bit processing. Exim is 8-bit clean; it ignores this option.
This option runs Exim as a daemon, awaiting incoming SMTP connections. Usually the -bd option is combined with the -q<time> option, to specify that the daemon should also initiate periodic queue runs.
The -bd option can be used only by an admin user. If either of the -d (debugging) or -v (verifying) options are set, the daemon does not disconnect from the controlling terminal. When running this way, it can be stopped by pressing ctrl-C.
By default, Exim listens for incoming connections to the standard SMTP port on all the host's interfaces. The port can be varied by means of the daemon_smtp_port option. The daemon can also be restricted to specific interfaces by setting the local_interfaces option in the configuration file. This option is also able to specify a different port for each interface it lists, making it possible to listen on multiple ports. The -oX command line option can be used to override local_interfaces.
When a listening daemon is started without the use of -oX (that is, without overriding the normal configuration), it writes its process id to a file called exim-daemon.pid in Exim's spool directory. This location can be overridden by setting PID_FILE_PATH in Local/Makefile. The file is written while Exim is still running as root.
When -oX is used on the command line to start a listening daemon, the process id is not written to the normal pid file path. However, -oP can be used to specify a path on the command line if a pid file is required.
The SIGHUP signal can be used to cause the daemon to re-exec itself. This should be done whenever Exim's configuration file, or any file that is incorporated into it by means of the .include facility, is changed, and also whenever a new version of Exim is installed. It is not necessary to do this when other files that are referenced from the configuration (for example, alias files) are changed, because these are reread each time they are used.
This option has the same effect as -bd except that it never disconnects from the controlling terminal, even when no debugging is specified.
Run Exim in expansion testing mode. Exim discards its root privilege, to prevent ordinary users from using this mode to read otherwise inaccessible files. If no arguments are given, Exim runs interactively, prompting for lines of data. Long expressions can be split over several lines by using backslash continuations. As in Exim's run time configuration, whitespace at the start of continuation lines is ignored.
Each argument or data line is passed through the string expansion mechanism, and the result is output. Variable values from the configuration file (for example, $qualify_domain) are available, but no message-specific values (such as $domain) are set, because no message is being processed.
This option is the same as -bf except that it assumes that the filter being tested is a system filter. The additional commands that are available only in system filters are recognized.
This option runs Exim in filter testing mode; the file is the filter file to be tested, and a test message must be supplied on the standard input. If there are no message-dependent tests in the filter, an empty file can be supplied. If a system filter file is being tested, -bF should be used instead of -bf. If the test file does not begin with the special line
# Exim filter
it is taken to be a normal .forward file, and is tested for validity under that interpretation. The result of this command, provided no errors are detected, is a list of the actions that Exim would try to take if presented with the message for real. More details of filter testing are given in the separate document entitled Exim's interface to mail filtering.
When testing a filter file, the envelope sender can be set by the -f option, or by a ``From '' line at the start of the test message. Various parameters that would normally be taken from the envelope recipient address of the message can be set by means of additional command line options. These are:
| -bfd | <domain> | default is the qualify domain |
| -bfl | <local_part> | default is the logged in user |
| -bfp | <local_part_prefix> | default is null |
| -bfs | <local_part_suffix> | default is null |
The local part should always be set to the incoming address with any prefix or suffix stripped, because that is how it appears to the filter when a message is actually being delivered.
This option runs a fake SMTP session as if from the given IP address, using the standard input and output. The IP address may include a port number at the end, after a full stop. For example:
exim -bh 10.9.8.7.1234 exim -bh fe80::a00:20ff:fe86:a061.5678
Comments as to what is going on are written to the standard error file. These include lines beginning with ``LOG'' for anything that would have been logged. This facility is for testing configuration options for blocking hosts and/or senders and for checking on relaying control.
Warning: You canno
A B C D E F G H I J K L M N O P Q R S T U V W X
$header_
$host [2]
$host_address [2]
$value [2] [3]
*@ with single-key lookup
+caseful
+defer_unknown
+exclude_unknown
+include_unknown [2]
-be option [2]
-bF option
-bf option
-bh option
-bi option
-bp option
-bt option
-bv option [2]
Many strings in Exim's run time configuration are expanded before use. Some of them are expanded every time they are used; others are expanded only once.
When a string is being expanded it is copied verbatim from left to right except when a dollar or backslash character is encountered. A dollar specifies the start of a portion of the string which is interpreted and replaced as described below in section 11.4 onwards. Backslash is used as an escape character, as described in the following section.
An uninterpreted dollar can be included in an expanded string by putting a backslash in front of it. A backslash can be used to prevent any special character being treated specially in an expansion, including itself. If the string appears in quotes in the configuration file, two backslashes are required because the quotes themselves cause interpretation of backslashes when the string is read in (see section 6.12).
A portion of the string can specified as non-expandable by placing it between two occurrences of \N. This is particularly useful for protecting regular expressions, which often contain backslashes and dollar signs. For example:
deny senders = \N^\d{8}[a-z]@some\.site\.example$\N
On encountering the first \N, the expander copies subsequent characters without interpretation until it reaches the next \N or the end of the string.
A backslash followed by one of the letters “n”, “r”, or “t” in an expanded string is recognized as an escape sequence for the character newline, carriage return, or tab, respectively. A backslash followed by up to three octal digits is recognized as an octal encoding for a single character, and a backslash followed by “x” and up to two hexadecimal digits is a hexadecimal encoding.
These escape sequences are also recognized in quoted strings when they are read in. Their interpretation in expansions as well is useful for unquoted strings, and for other cases such as looked-up strings that are then expanded.
Many expansions can be tested by calling Exim with the -be option. This takes the command arguments, or lines from the standard input if there are no arguments, runs them through the string expansion code, and writes the results to the standard output. Variables based on configuration values are set up, but since no message is being processed, variables such as $local_part have no value. Nevertheless the -be option can be useful for checking out file and database lookups, and the use of expansion operators such as sg, substr and nhash.
Exim gives up its root privilege when it is called with the -be option, and instead runs under the uid and gid it was called with, to prevent users from using -be for reading files to which they do not have access.
The following items are recognized in expanded strings. White space may be used between sub-items that are keywords or substrings enclosed in braces inside an outer set of braces, to improve readability. Warning: Within braces, white space is significant.
$<variable name> or ${<variable name>}
Substitute the contents of the named variable, for example
$local_part
${domain}
The second form can be used to separate the name from subsequent alphanumeric characters. This form (using curly brackets) is available only for variables; it does not apply to message headers. The names of the variables are given in section 11.8 below. If the name of a non-existent variable is given, the expansion fails.
The string is first itself expanded, and then the operation specified by <op> is applied to it. For example,
${lc:$local_part}
The string starts with the first character after the colon, which may be leading white space. A list of operators is given in section 11.5 below. The operator notation is used for simple expansion items that have just one argument, because it reduces the number of braces and therefore makes the string easier to understand.
${extract{<key>}{<string1>}{<string2>}{<string3>}}
The key and <string1> are first expanded separately. Leading and trailing whitespace is removed from the key (but not from any of the strings). The key must not consist entirely of digits. The expanded <string1> must be of the form:
<key1> = <value1> <key2> = <value2> ...
where the equals signs and spaces (but not both) are optional. If any of the values contain white space, they must be enclosed in double quotes, and any values that are enclosed in double quotes are subject to escape processing as described in section 6.12. The expanded <string1> is searched for the value that corresponds to the key. The search is case-insensitive. If the key is found, <string2> is expanded, and replaces the whole item; otherwise <string3> is used. During the expansion of <string2> the variable $value contains the value that has been extracted. Afterwards, it is restored to any previous value it might have had.
If {<string3>} is omitted, the item is replaced by an empty string if the key is not found. If {<string2>} is also omitted, the value that was extracted is used. Thus, for example, these two expansions are identical, and yield “2001”:
${extract{gid}{uid=1984 gid=2001}}
${extract{gid}{uid=1984 gid=2001}{$value}}
Instead of {<string3>} the word “fail” (not in curly brackets) can appear, for example:
${extract{Z}{A=... B=...}{$value} fail }
{<string2>} must be present for “fail” to be recognized. When this syntax is used, if the extraction fails, the entire string expansion fails in a way that can be detected by the code in Exim which requested the expansion. This is called “forced expansion failure”, and its consequences depend on the circumstances. In some cases it is no different from any other expansion failure, but in others a different action may be taken. Such variations are mentioned in the documentation of the option which is expanded.
${extract{<number>}{<separators>}{<string1>}{<string2>}{<string3>}}
The <number> argument must consist entirely of decimal digits,
apart from leading and trailing whitespace, which is ignored.
This is what distinguishes this form of extract
14. Main configuration
The first part of the run time configuration file contains three types of item:
Macro definitions: These lines start with an upper case letter. See section 6.4 for details of macro processing.
Named list definitions: These lines start with one of the words “domainlist”, “hostlist”, “addresslist”, or “localpartlist”. Their use is described in section 10.5.
Main configuration settings: Each setting occupies one line of the file (with possible continuations). If any setting is preceded by the word “hide”, the -bP command line option displays its value to admin users only. See section 6.6 for a description of the syntax of these option settings.
This chapter specifies all the main configuration options, along with their types and default values. For ease of finding a particular option, they appear in alphabetical order in section 14.23 below. However, because there are now so many options, they are first listed briefly in functional groups, as an aid to finding the name of the option you are looking for. Some options are listed in more than one group.
| bi_command | to run for -bi command line option |
| keep_malformed | for broken files – should not happen |
| localhost_number | for unique message ids in clusters |
| message_body_visible | how much to show in $message_body |
| print_topbitchars | top-bit characters are printing |
| timezone | force time zone |
| exim_group | override compiled-in value |
| exim_path | override compiled-in value |
| exim_user | override compiled-in value |
| primary_hostname | default from uname() |
| split_spool_directory | use multiple directories |
| spool_directory | override compiled-in value |
| admin_groups | groups that are Exim admin users |
| deliver_drop_privilege | drop root for delivery processes |
| local_from_check | insert Sender: if necessary |
| local_from_prefix | for testing From: for local sender |
| local_from_suffix | for testing From: for local sender |
| local_sender_retain | keep Sender: from untrusted user |
| never_users | do not run deliveries as these |
| prod_requires_admin | forced delivery requires admin user |
| queue_list_requires_admin | queue listing requires admin user |
| trusted_groups | groups that are trusted |
| trusted_users | users that are trusted |
| log_file_path | override compiled-in value |
| log_selector | set/unset optional logging |
| log_timezone | add timezone to log lines |
| message_logs | keep per-message logs |
| preserve_message_logs | in another directory |
| process_log_path | for SIGUSR1 and exiwhat |
| syslog_duplication | controls duplicate log lines on syslog |
| syslog_facility | set syslog “facility” field |
| syslog_processname | set syslog “ident” field |
| syslog_timestamp | timestamp syslog lines |
| auto_thaw | sets time for retrying frozen messages |
| freeze_tell | send message when freezing |
| move_frozen_messages | to another directory |
| timeout_frozen_after | keep frozen messages only so long |
| ldap_default_servers | used if no server in query |
| ldap_version | set protocol version |
| lookup_open_max | lookup files held open |
| mysql_servers | as it says |
| oracle_servers | as it says |
| pgsql_servers | as it says |
| message_id_header_domain | used to build Message-ID: header |
| message_id_header_text | ditto |
| perl_at_start | always start the interpreter |
| perl_startup | code to obey when starting Perl |
| daemon_smtp_ports | default ports |
| extra_local_interfaces | not necessarily listened on |
| local_interfaces | on which to listen, with optional ports |
| pid_file_path | override compiled-in value |
| queue_run_max | maximum number of simultaneous queue runners |
| check_log_inodes | before accepting a message |
| check_log_space | before accepting a message |
| check_spool_inodes | before accepting a message |
| check_spool_space | before accepting a message |
| deliver_queue_load_max | no queue deliveries if load high |
| queue_only_load | queue incoming if load high |
| queue_run_max | maximum number of simultaneous queue runners |
| remote_max_parallel | parallel SMTP delivery per message |
| smtp_accept_max | simultaneous incoming connections |
| smtp_accept_max_nommail | non-mail commands |
| smtp_accept_max_nonmail_hosts | hosts to which the limit applies |
| smtp_accept_max_per_connection | messages per connection |
| smtp_accept_max_per_host | connections from one host |
| smtp_accept_queue | queue mail if more connections |
| smtp_accept_queue_per_connection | queue if more messages per connection |
| smtp_accept_reserve | only reserve hosts if more connections |
| smtp_check_spool_space | from SIZE on MAIL command |
| smtp_connect_backlog | passed to TCP/IP stack |
| smtp_load_reserve | SMTP from reserved hosts if load high |
| smtp_reserve_hosts | these are the reserve hosts |
| acl_not_smtp | set ACL for non-SMTP messages |
| acl_smtp_auth | set ACL for AUTH |
| acl_smtp_connect | set ACL for connection |
| acl_smtp_data | set ACL for DATA |
| acl_smtp_etrn | set ACL for ETRN |
| acl_smtp_expn | set ACL for EXPN |
| acl_smtp_helo | set ACL for EHLO or HELO |
| acl_smtp_mail | set ACL for MAIL |
| acl_smtp_mailauth | set ACL for AUTH on MAIL command |
| acl_smtp_rcpt | set ACL for RCPT |
| acl_smtp_starttls | set ACL for STARTTLS |
| acl_smtp_vrfy | set ACL for VRFY |
| header_maxsize | total size of message header |
| header_line_maxsize | individual header line limit |
| helo_accept_junk_hosts | allow syntactic junk from these hosts |
| helo_allow_chars | allow illegal chars in HELO names |
| helo_lookup_domains | lookup hostname for these HELO names |
| helo_try_verify_hosts | HELO soft-checked for these hosts |
| helo_verify_hosts | HELO hard-checked for these hosts |
| host_lookup | host name looked up for these hosts |
| host_lookup_order | order of DNS and local name lookups |
| host_reject_connection | reject connection from these hosts |
| hosts_treat_as_local | useful in some cluster configurations |
| local_scan_timeout | timeout for local_scan() |
| message_size_limit | for all messages |
| percent_hack_domains | recognize %-hack for these domains |
| callout_domain_negative_expire | timeout for negative domain cache item |
| callout_domain_positive_expire | timeout for positive domain cache item |
| callout_negative_expire | timeout for negative address cache item |
| callout_positive_expire | timeout for positive address cache item |
| callout_random_local_part | string to use for “random” testing |
| tls_advertise_hosts | advertise TLS to these hosts |
| tls_certificate | location of server certificate |
| tls_dhparam | DH parameters for server |
| tls_privatekey | location of server private key |
| tl |