Access Control Lists (ACLs) are defined in a separate section of the run time
configuration file, headed by “begin acl”. Each ACL definition starts with a
name, terminated by a colon. Here is a complete ACL section which contains just
one very small ACL:
You can have as many lists as you like in the ACL section, and the order in
which they appear does not matter. The lists are self-terminating.
The majority of ACLs are used to control Exim's behaviour when it receives
certain SMTP commands. This applies both to incoming TCP/IP connections, and
when a local process submits a message over a pipe (using the -bs option).
The most common use is for controlling which recipients are accepted in
incoming messages. In addition, you can also define an ACL that is used to
check local non-SMTP messages. The default configuration file contains an
example of a realistic ACL for checking RCPT commands. This is discussed in
chapter 7.
| acl_not_smtp | ACL for non-SMTP messages |
| acl_smtp_auth | ACL for AUTH |
| acl_smtp_connect | ACL for start of SMTP connection |
| acl_smtp_data | ACL after DATA |
| acl_smtp_etrn | ACL for ETRN |
| acl_smtp_expn | ACL for EXPN |
| acl_smtp_helo | ACL for HELO or EHLO |
| acl_smtp_mail | ACL for MAIL |
| acl_smtp_mailauth | ACL for the AUTH parameter of MAIL |
| acl_smtp_rcpt | ACL for RCPT |
| acl_smtp_starttls | ACL for STARTTLS |
| acl_smtp_vrfy | ACL for VRFY |
For example, if you set
acl_smtp_rcpt = small_acl
the little ACL defined above is used whenever Exim receives a RCPT command
in an SMTP dialogue. The majority of policy tests on incoming messages can be
done when RCPT commands arrive. A rejection of RCPT should cause the
sending MTA to give up on the recipient address contained in the RCPT
command, whereas rejection at other times may cause the client MTA to keep on
trying to deliver the message. It is therefore recommended that you do as much
testing as possible at RCPT time.
However, you cannot test the contents of the message, for example, to verify
addresses in the headers, at RCPT time. Such tests have to appear in the
ACL that is run after the message has been received, before the final response
to the DATA command is sent. This is the ACL specified by
acl_smtp_data. At this time, it is no longer possible to reject individual
recipients. An error response should reject the entire message. Unfortunately,
it is known that some MTAs do not treat hard (5xx) errors correctly at
this point – they keep the message on their queues and try again later, but
that is their problem, though it does waste some of your resources.
The ACL test specified by acl_smtp_connect happens after the test specified
by host_reject_connection (which is now an anomaly) and any TCP Wrappers
testing (if configured).
The non-SMTP ACL applies to all non-interactive incoming messages, that is, it
applies to batch SMTP as well as to non-SMTP messages. (Batch SMTP is not
really SMTP.) This ACL is run just before the local_scan() function. Any
kind of rejection is treated as permanent, because there is no way of sending a
temporary error for these kinds of message. Many of the ACL conditions (for
example, host tests, and tests on the state of the SMTP connection such as
encryption and authentication) are not relevant and are forbidden in this ACL.
The result of running an ACL is either “accept” or “deny”, or, if some test
cannot be completed (for example, if a database is down), “defer”. These
results cause 2xx, 5xx, and 4xx return codes, respectively, to
be used in the SMTP dialogue. A fourth return, “error”, occurs when there is an
error such as invalid syntax in the ACL. This also causes a 4xx return
code.
The ACLs that are relevant to message reception may also return “discard”. This
has the effect of “accept”, but causes either the entire message or an
individual recipient address to be discarded. In other words, it is a
blackholing facility. Use it with great care.
If the ACL for MAIL returns “discard”, all recipients are discarded, and no
ACL is run for subsequent RCPT commands. The effect of “discard” in a
RCPT ACL is to discard just the one address. If there are no recipients
left when the message's data is received, the DATA ACL is not run. A
“discard” return from the DATA or the non-SMTP ACL discards all the
remaining recipients.
The local_scan() function is always run, even if there are no remaining
recipients; it may create new recipients.
The default actions when any of the acl_smtp_xxx options are unset are
not all the same.
For acl_not_smtp, acl_smtp_auth, acl_smtp_connect,
acl_smtp_data, acl_smtp_helo, acl_smtp_mail,
acl_smtp_mailauth,
and acl_smtp_starttls, the default action is “accept”.
For the others (acl_smtp_etrn, acl_smtp_expn, acl_smtp_rcpt, and
acl_smtp_vrfy), the default action is “deny”. This means that
acl_smtp_rcpt must be defined in order to receive any messages over an SMTP
connection. For an example, see the ACL in the default configuration file.
When an ACL for MAIL, RCPT, or DATA is being run, the variables
that contain information about the host and the message's sender (for example,
$sender_host_address and $sender_address) are set, and can be used in
ACL statements. In the case of RCPT (but not MAIL or DATA),
$domain and $local_part are set from the argument address.
When an ACL for the AUTH parameter of MAIL is being run, the variables
that contain information about the host are set, but $sender_address is not
yet set.
The $message_size variable is set to the value of the SIZE parameter on
the MAIL command at MAIL and RCPT time, or -1 if that parameter was
not given.
Its value is updated to the true message size by the time the ACL after
DATA is run.
The $rcpt_count variable increases by one for each RCPT command
received. The $recipients_count variable increases by one each time a
RCPT command is accepted, so while an ACL for RCPT is being processed,
it contains the number of previously accepted recipients. At DATA time,
$rcpt_count contains the total number of RCPT commands, and
$recipients_count contains the total number of accepted recipients.
When an ACL for AUTH, ETRN, EXPN,
STARTTLS,
or VRFY is being run, the remainder of the SMTP command line is placed in
$smtp_command_argument. This can be tested using a condition condition.
For example, here is an ACL for use with AUTH, which insists that either
the session is encrypted, or the CRAM-MD5 authentication method is used. In
other words, it does not permit authentication methods that use cleartext
passwords on unencrypted connections.
acl_check_auth:
accept encrypted = *
accept condition = ${if eq{${uc:$smtp_command_argument}}\
{CRAM-MD5}{yes}{no}}
deny message = TLS encryption or CRAM-MD5 required
(Another way of applying this restriction is to arrange for the authenticators
that use cleartext passwords not to be advertised when the connection is not
encrypted. You can use the generic server_advertise_condition authenticator
option to do this.)
The value of an acl_smtp_xxx option is expanded before use, so you can
use different ACLs in different circumstances, and in fact the resulting string
does not have to be the name of a configured list. Having expanded the string,
Exim searches for an ACL as follo
Exim 4.30 Specification Concepts
Concepts
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
“
$bheader_
$header_
$host [2]
$host_address [2]
$rheader_
$value [2] [3]
*@ with single-key lookup
+caseful
+defer_unknown
+exclude_unknown
+include_unknown [2]
-be option [2]
-bF option
-bf option
-bh option
-bi option
-bp option
-bt option
-bv option [2]
-C option
-D option
-f option
-f option:for address testing
-f option:for filter testing
-f option:overriding “From” line
-M option [2]
-os option
-q option
-q optioni
-R option
-t option
.ifdef
.include in configuration file
.include_if_exists in configuration file
/dev/null
/etc/aliases
/etc/mail/mailer.conf
/etc/userdbshadow.dat
8-bit characters [2] [3]
8BITMIME
@ in a domain list [2]
@ in a host list
@@ with single-key lookup
@[] in a domain list
@[] in a host list
@mx_any
@mx_primary
@mx_secondary
A
abandoning mail [2]
accept router
ACL:certificate verification
ACL:conditions, list of
ACL:conditions, processing
ACL:customized test
ACL:data for message ACL
ACL:data for non-message ACL
ACL:default configuration
ACL:description
ACL:for non-SMTP messages
ACL:format of
ACL:indirect
ACL:introduction
ACL:modifiers, list of
ACL:modifiers, processing
ACL:nested
ACL:on SMTP connection
ACL:options for specifying
ACL:relay control
ACL:return codes
ACL:setting up for SMTP commands
ACL:specifying which to use
ACL:testing a DNS list [2]
ACL:testing a local part
ACL:testing a recipient
ACL:testing a recipient domain
ACL:testing a sender
ACL:testing a sender domain
ACL:testing for authentication
ACL:testing for encryption
ACL:testing the client host
ACL:unset options
ACL:variables
ACL:verbs, definition of
ACL:verifying header syntax
ACL:verifying HELO/EHLO
ACL:verifying host reverse lookup
ACL:verifying recipient
ACL:verifying sender
ACL:verifying sender in the header
adding drivers
additional groups [2]
address list:@@ lookup type
address list:case forcing
address list:empty item
address list:in a rewriting pattern
address list:local part starting with !
address list:lookup for complete address
address list:patterns
address list:regular expression in
address list:split local part and domain
address redirection:broken files
address redirection:disabling rewriting
address redirection:domain, preserving
address redirection:errors
address redirection:included external list
address redirection:local part without domain
address redirection:non-filter list items
address redirection:one-time expansion
address redirection:redirect router
address redirection:repeated for each delivery attempt
address redirection:to black hole
address redirection:to file
address redirection:to local mailbox
address redirection:to pipe
address redirection:while verifying [2]
address:constructed
address:copying routing [2]
address:duplicate, discarding [2]
address:qualification [2]
address:qualification, suppressing
address:rewriting [2] [3]
address:sender
address:source-routed
address:testing [2]
address:verification
address:without domain
admin user [2] [3]
admin user:definition of
alias file:backslash in
alias file:broken
alias file:building [2]
alias file:exception to default
alias file:in a redirect router
alias file:one-time expansion
alias file:ownership
alias file:per-domain default
alias for host
alternate configuration file
angle brackets, excess
appendfile transport
appending to a file
asterisk:after IP address
asterisk:in address list
asterisk:in domain list
asterisk:in host list [2]
asterisk:in lookup type
asterisk:in search type
Athena
AUTH:ACL for [2]
AUTH:advertising
AUTH:advertising when encrypted
AUTH:argument
AUTH:configuration [2]
AUTH:description of
AUTH:in plaintext authenticator
AUTH:logging
AUTH:on bounce message
AUTH:on MAIL command [2] [3] [4]
AUTH:testing a server
AUTH:with PAM
authentication
authentication:ACL checking
authentication:advertising
authentication:bounce message
authentication:CRAM-MD5 mechanism
authentication:failure
authentication:generic options
authentication:id
authentication:id, specifying for local message
authentication:logging
authentication:LOGIN mechanism
authentication:Microsoft Secure Password
authentication:name, specifying for local message
authentication:NTLM
authentication:on an Exim client
authentication:on an Exim server
authentication:optional in client
authentication:PLAIN mechanism
authentication:required by client
authentication:sender
authentication:sender, authenticated
authentication:sender, specifying for local message
authentication:testing a server
authenticators:cram_md5
authenticators:plaintext
authenticators:spa
auto_thaw
autoreply transport
autoreply transport:for system filter
B
background delivery
backlog of connections
backslash in alias file
bang paths:not handled by Exim
bang paths:rewriting
banner for SMTP
base36
base62 [2] [3]
base64
batch_id
batch_max
batched local delivery
batched SMTP input [2]
batched SMTP output
batched SMTP output example
Bcc: header line [2]
Berkeley DB library
Berkeley DB library:file format
BIN_DIRECTORY
bind IP address
black hole
black list (DNS) [2] [3] [4]
body of message:definition of
body of message:expansion variable [2]
body of message:line count
body of message:size
body of message:transporting
body of message:visible size
books about Exim
boolean configuration values
bounce message:copy to other address
bounce message:customizing [2]
bounce message:definition of
bounce message:discarding
bounce message:failure to deliver
bounce message:generating
bounce message:including body
bounce message:including original
bounce message:recipient of
bounce message:Reply-to: in
bounce message:sender authentication
bounce message:size limit
bounce message:when generated
broken alias or forward files
BSD, DBM library for
bug reports
build directory
build-time options, overriding
building alias file
building DBM files
building Exim
building Exim:architecture type
building Exim:multiple OS/architectures
building Exim:operating system type
building Exim:OS-specific C header files
building Exim:overriding default settings
building Exim:pre-building configuration
building Eximon:overriding default options
C
caching:callout
caching:callout, suppressing
caching:callout, timeouts
caching:lookup data
callout:cache, suppressing
callout:caching
callout:caching timeouts
callout:defer, action on
callout:postmaster, checking
callout:timeout, specifying
callout:verification
callout:“random” check
carriage return [2] [3] [4]
case forcing in address lists
case forcing in strings [2]
case of local parts [2] [3] [4]
Cc: header line
cdb:acknowledgement
cdb:description of
cdb:including support for
certificate:for client, location of
certificate:for server, location of
certificate:references to discussion
certificate:self-signed
certificate:verification of client [2] [3] [4] [5]
certificate:verification of server
change log
checking access
checking disk space [2]
CIDR notation
CIDR notation
cipher, logging [2]
command line:addresses with -t
command line:options
common option syntax
configuration file:alternate
configuration file:common option syntax
configuration file:conditional skips
configuration file:editing
configuration file:errors in
configuration file:format of
configuration file:including other files
configuration file:macros
configuration file:ownership
configuration options, extracting
configuration:alternate
configuration:default file, “walk through”
configuration:for building Exim
configuration:main
configuration:retry
configuration:run time
CONFIGURE_FILE [2] [3]
connection backlog
constructed address
contributed material
control of incoming mail
copy of bounce message
copy of message (unseen option)
Courier
CR [2] [3] [4] [5]
CRAM-MD5 authentication mechanism
cram_md5 authenticator
creating directories
crypt()
crypt16()
current directory for local transport [2]
customizing: Received: header
customizing:ACL condition
customizing:ACL failure message
customizing:batching condition
customizing:bounce message [2]
customizing:failure message
customizing:input scan using C function
customizing:precondition
customizing:SMTP banner
customizing:warning message [2]
customizing:“cannot route” message
cycling logs [2]
Cygwin
Cyrus [2] [3] [4] [5] [6]
D
daemon [2]
daemon:listening IP addresses
daemon:pid file path
daemon:process id (pid) [2] [3]
daemon:starting
daemon:TCP_NODELAY on sockets
Darwin
DATA, ACL for [2]
database lookups
Date: header line
DBM:building dbm files
DBM:libraries, configuration for building [2]
DBM:libraries, discussion of
DBM:lookup
DBM:lookup type
debugging:-bh option
debugging:-d option
debugging:-N option
debugging:from embedded Perl
debugging:list of selectors
debugging:suppressing delivery
default:ACLs
default:configuration file “walk through”
default:in single-key lookups
default:retry rule
default:routers
default:transports
defer in system filter
deferred delivery, forcing
delay warning, specifying
delay_after_cutoff
delay_warning_condition
delayed delivery, logging
Delivery-date: header line [2] [3]
delivery:abandoning further attempts
delivery:by external agent
delivery:cancelling all
delivery:cancelling by address
delivery:deferral
delivery:delaying certain domains
delivery:discarded, logging
delivery:failure, logging
delivery:failure, long-term
delivery:fake, logging
delivery:first
delivery:forcing attempt
delivery:forcing deferral
delivery:forcing failure [2]
delivery:forcing in queue run
delivery:from given sender
delivery:in detail
delivery:in the background
delivery:in the foreground
delivery:log line format
delivery:manually started, not forced
delivery:maximum number of
delivery:parallelism for remote
delivery:permanent failure
delivery:problems with
delivery:procmail
delivery:retry in remote transports
delivery:retry mechanism
delivery:sorting remote
delivery:suppressing immediate
delivery:temporary failure
delivery:to file, forbidding
delivery:to given domain
delivery:to pipe, forbidding
delivery:to single file
delivery:unprivileged
delivery_date_remove
delivery||failure report see bounce message
design philosophy
dialup see intermittently connected hosts
directories, multiple
directory creation [2] [3] [4]
discarded messages
discarding bounce message
disk space, checking [2]
distribution:ftp site
distribution:public key
distribution:signing details
dmbnz lookup type
DNS list:in ACL [2]
DNS list:logging defer
DNS:as a lookup type [2]
DNS:IPv6 lookup for AAAA records
DNS:pre-check of name syntax
DNS:resolver options [2] [3]
DNS:reverse lookup [2] [3]
DNS:“try again” response, overriding
dnsdb lookup
dnslookup router
doc/ChangeLog
doc/NewStuff
doc/spec.txt
documentation
documentation:available formats
domain list:asterisk in
domain list:matching by lookup
domain list:matching literal domain name
domain list:matching local IP interfaces
domain list:matching MX pointers to local host
domain list:matching primary host name
domain list:matching regular expression
domain list:matching “ends with”
domain list:patterns for
domain literal