Previous
Next
Contents
(Exim 4.40 Specification)
Access Control Lists (ACLs) are defined in a separate section of the run time
configuration file, headed by “begin acl”. Each ACL definition starts with a
name, terminated by a colon. Here is a complete ACL section which contains just
one very small ACL:
begin acl
small_acl:
accept hosts = one.host.only
You can have as many lists as you like in the ACL section, and the order in
which they appear does not matter. The lists are self-terminating.
The majority of ACLs are used to control Exim's behaviour when it receives
certain SMTP commands. This applies both to incoming TCP/IP connections, and
when a local process submits a message over a pipe (using the -bs option).
The most common use is for controlling which recipients are accepted in
incoming messages. In addition, you can also define an ACL that is used to
check local non-SMTP messages. The default configuration file contains an
example of a realistic ACL for checking RCPT commands. This is discussed in
chapter 7.
The -bh command line option provides a way of testing your ACL configuration
locally by running a fake SMTP session with which you interact. The host
relay-test.mail-abuse.org provides a service for checking your relaying
configuration (see section 38.27 for more details).
In order to cause an ACL to be used, you have to name it in one of the relevant
options in the main part of the configuration. These options are:
| acl_not_smtp | ACL for non-SMTP messages |
| acl_smtp_auth | ACL for AUTH |
| acl_smtp_connect | ACL for start of SMTP connection |
| acl_smtp_data | ACL after DATA |
| acl_smtp_etrn | ACL for ETRN |
| acl_smtp_expn | ACL for EXPN |
| acl_smtp_helo | ACL for HELO or EHLO |
| acl_smtp_mail | ACL for MAIL |
| acl_smtp_mailauth | ACL for the AUTH parameter of MAIL |
| acl_smtp_rcpt | ACL for RCPT |
| acl_smtp_starttls | ACL for STARTTLS |
| acl_smtp_vrfy | ACL for VRFY |
For example, if you set
acl_smtp_rcpt = small_acl
the little ACL defined above is used whenever Exim receives a RCPT command
in an SMTP dialogue. The majority of policy tests on incoming messages can be
done when RCPT commands arrive. A rejection of RCPT should cause the
sending MTA to give up on the recipient address contained in the
Exim 4.40 Specification Concepts
Concepts
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Z
“
$1, $2, etc. see numerical variables
$bheader_
$header_
$host [2]
$host_address [2]
$rheader_
$value [2] [3]
*@ with single-key lookup [2]
+caseful [2]
+defer_unknown
+exclude_unknown
+ignore_unknown
+include_unknown [2]
-be option [2]
-bF option
-bf option
-bh option [2]
-bi option
-bp option
-bt option
-bv option [2]
-C option
-D option
-f option
-f option:for address testing
-f option:for filter testing
-f option:overriding “From” line
-M option [2]
-os option
-q option [2]
-R option
-t option
.ifdef
.include in configuration file
.include_if_exists in configuration file
/dev/null
/etc/aliases
/etc/mail/mailer.conf
/etc/userdbshadow.dat
8-bit characters [2] [3]
8BITMIME
@ in a domain list [2]
@ in a host list
@@ with single-key lookup
@[] in a domain list
@[] in a host list
@mx_any
@mx_primary
@mx_secondary
A
abandoning mail [2]
accept router
ACL:certificate verification
ACL:conditions, list of
ACL:conditions, processing
ACL:customized test
ACL:data for message ACL
ACL:data for non-message ACL
ACL:default configuration
ACL:description
ACL:for non-SMTP messages
ACL:format of
ACL:indirect
ACL:introduction
ACL:modifiers, list of
ACL:modifiers, processing
ACL:nested
ACL:on SMTP connection
ACL:options for specifying
ACL:relay control
ACL:return codes
ACL:rewriting addresses in
ACL:setting up for SMTP commands
ACL:specifying which to use
ACL:testing a DNS list [2]
ACL:testing a local part
ACL:testing a recipient
ACL:testing a recipient domain
ACL:testing a sender
ACL:testing a sender domain
ACL:testing for authentication
ACL:testing for encryption
ACL:testing the client host
ACL:unset options
ACL:variables
ACL:verbs, definition of
ACL:verifying header syntax
ACL:verifying HELO/EHLO
ACL:verifying host reverse lookup
ACL:verifying recipient
ACL:verifying sender
ACL:verifying sender in the header
adding drivers
additional groups [2]
address list:@@ lookup type
address list:case forcing
address list:empty item
address list:in a rewriting pattern
address list:in expansion condition
address list:local part starting with !
address list:lookup for complete address
address list:patterns
address list:regular expression in
address list:split local part and domain
address redirection:broken files
address redirection:disabling rewriting
address redirection:domain, preserving
address redirection:errors
address redirection:included external list
address redirection:local part without domain
address redirection:non-filter list items
address redirection:one-time expansion
address redirection:redirect router
address redirection:repeated for each delivery attempt
address redirection:to black hole
address redirection:to file
address redirection:to local mailbox
address redirection:to pipe
address redirection:while verifying [2]
address:constructed
address:copying routing [2]
address:duplicate, discarding [2]
address:qualification [2]
address:qualification, suppressing
address:sender
address:source-routed
address:testing [2]
address:verification
address:without domain
address||rewriting see rewriting
admin user [2] [3]
admin user:definition of
alias file:backslash in
alias file:broken
alias file:building [2]
alias file:exception to default
alias file:in a redirect router
alias file:one-time expansion
alias file:ownership
alias file:per-domain default
alias for host
alternate configuration file
angle brackets, excess
appendfile transport
appending to a file
asterisk:after IP address
asterisk:in address list
asterisk:in domain list
asterisk:in host list [2]
asterisk:in lookup type
asterisk:in search type
Athena
AUTH:ACL for [2]
AUTH:advertising
AUTH:advertising when encrypted
AUTH:argument
AUTH:configuration [2]
AUTH:description of
AUTH:in plaintext authenticator
AUTH:logging
AUTH:on bounce message
AUTH:on MAIL command [2] [3] [4]
AUTH:testing a server
AUTH:with PAM
authentication
authentication:ACL checking
authentication:advertising
authentication:bounce message
authentication:CRAM-MD5 mechanism
authentication:failure
authentication:generic options
authentication:id
authentication:id, specifying for local message
authentication:logging
authentication:LOGIN mechanism
authentication:Microsoft Secure Password
authentication:name, specifying for local message
authentication:NTLM
authentication:on an Exim client
authentication:on an Exim server
authentication:optional in client
authentication:PLAIN mechanism
authentication:required by client
authentication:sender
authentication:sender, authenticated
authentication:sender, specifying for local message
authentication:testing a server
authenticators:cram_md5
authenticators:plaintext
authenticators:spa
auto_thaw
autoreply transport
autoreply transport:for system filter
B
background delivery
backlog of connections
backslash in alias file
bang paths:not handled by Exim
bang paths:rewriting
banner for SMTP
base36
base62 [2] [3] [4]
base64 encoding:conversion from hex
base64 encoding:creating authentication test data
base64 encoding:functions for local_scan() use
base64 encoding:in encrypted password
base64 encoding:in header lines
base64 encoding:in plaintext authenticator
batch_id
batch_max
batched local delivery
batched SMTP input [2]
batched SMTP output
batched SMTP output example
Bcc: header line [2]
Berkeley DB library
Berkeley DB library:file format
BIN_DIRECTORY
binary zero:in authentication data
binary zero:in header line
binary zero:in lookup key [2] [3] [4] [5]
binary zero:in message body [2]
binary zero:in plaintext authenticator [2]
binary zero:in RFC 2047 decoding
bind IP address
black hole
black list (DNS) [2] [3] [4]
body of message:binary zero count
body of message:definition of
body of message:expansion variable [2]
body of message:line count
body of message:size
body of message:transporting
body of message:visible size
books about Exim
boolean configuration values
bounce message:copy to other address
bounce message:customizing [2]
bounce message:definition of
bounce message:discarding
bounce message:failure to deliver
bounce message:generating
bounce message:including body
bounce message:including original
bounce message:recipient of
bounce message:redirection details, suppressing
bounce message:Reply-to: in
bounce message:sender authentication
bounce message:size limit
bounce message:when generated
broken alias or forward files
BSD, DBM library for
bug reports
build directory
build-time options, overriding
building alias file
building DBM files
building Exim
building Exim:architecture type
building Exim:multiple OS/architectures
building Exim:operating system type
building Exim:OS-specific C header files
building Exim:overriding default settings
building Exim:pre-building configuration
building Eximon:overriding default options
C
caching:callout
caching:callout, suppressing
caching:callout, timeouts
caching:lookup data
caching:named lists
callout:cache, suppressing
callout:caching
callout:caching timeouts
callout:defer, action on
callout:postmaster, checking
callout:sender for recipient check
callout:timeout, specifying
callout:verification
callout:“random” check
carriage return [2] [3] [4] [5]
case forcing in address lists
case forcing in strings [2]
case of local parts [2] [3] [4]
Cc: header line
cdb:acknowledgement
cdb:description of
cdb:including support for
certificate:for client, location of
certificate:for server, location of
certificate:references to discussion
certificate:revocation list
certificate:revocation list for client
certificate:revocation list for server
certificate:self-signed
certificate:verification of client [2] [3] [4] [5]
certificate:verification of server
change log
checking access
checking disk space [2]
CIDR notation
CIDR notation
cipher:logging [2]
cipher:requiring specific [2]
command line:addresses with -t
command line:options
common option syntax
configuration file:alternate [2]
configuration file:common option syntax
configuration file:conditional skips
configuration file:default, “walk through”
configuration file:editing
configuration file:errors in
configuration file:format of
configuration file:general description
configuration file:including other files
configuration file:macros
configuration file:main section
configuration file:ownership
configuration file:retry section
configuration for building Exim
configuration options, extracting
CONFIGURE_FILE [2] [3]
connection backlog
constructed address
contributed material
control of incoming mail
copy of bounce message
copy of message (unseen option)
Courier
CR character see carriage return
CRAM-MD5 authentication mechanism
cram_md5 authenticator
creating directories
CRL see certificate revocation list
crypt()
crypt16()
current directory for local transport [2]
customizing: Received: header
customizing:ACL condition
customizing:ACL failure message
customizing:batching condition
customizing:bounce message [2]
customizing:failure message
customizing:input scan using C function
customizing:precondition
customizing:SMTP banner
customizing:warning message [2]
customizing:“cannot route” message
cycling logs [2]
Cygwin
Cyrus [2] [3] [4] [5] [6]
D
daemon [2]
daemon:listening IP addresses
daemon:pid file path
daemon:process id (pid) [2] [3]
daemon:starting
daemon:TCP_NODELAY on sockets
Darwin
DATA, ACL for [2]
database lookups
Date: header line
DBM:building dbm files
DBM:libraries, configuration for building [2]
DBM:libraries, discussion of
DBM:lookup type
debugging:-bh option
debugging:-d option
debugging:-N option
debugging:from embedded Perl
debugging:list of selectors
debugging:suppressing delivery
default:ACLs
default:configuration file “walk through”
default:in single-key lookups
default:retry rule
default:routers
default:transports
defer in system filter
deferred delivery, forcing
delay warning, specifying
delay_after_cutoff
delay_warning_condition
delayed delivery, logging
Delivery-date: header line [2] [3]
delivery:abandoning further attempts
delivery:by external agent
delivery:cancelling all
delivery:cancelling by address
delivery:deferral
delivery:delaying certain domains
delivery:discarded, logging
delivery:failure, logging
delivery:failure, long-term
delivery:fake, logging
delivery:first
delivery:forcing attempt
delivery:forcing deferral
delivery:forcing failure [2]
delivery:forcing in queue run
delivery:from given sender
delivery:in detail
delivery:in the background
delivery:in the foreground
delivery:log line format
delivery:manually started, not forced
delivery:maximum number of
delivery:parallelism for remote
delivery:permanent failure
delivery:problems with
delivery:procmail
delivery:retry in remote transports
delivery:retry mechanism
delivery:sorting remote
delivery:suppressing immediate
delivery:temporary failure
delivery:to file, forbidding
delivery:to given domain
delivery:to pipe, forbidding
delivery:to single file
delivery:unprivileged
delivery_date_remove
delivery||failure report see bounce message
design philosophy
dialup see intermittently connected hosts
directories, multiple
directory creation [2] [3] [4]
discarded messages
discarding bounce message
disk space, checking [2]
distribution:ftp site
distribution:public key
distribution:signing details
dmbnz lookup type
DNS list:in ACL [2]
DNS list:logging defer
DNS:as a lookup type [2]
DNS:IPv6 lookup for AAAA records
DNS:pre-check of name syntax
DNS:qualifying single-component names
DNS:resolver options [2] [3]
DNS:resolver, debugging output
DNS:reverse lookup [2] [3]
DNS:“try again” response, overriding
dnsdb lookup
dnslookup router
doc/ChangeLog
doc/NewStuff
doc/spec.txt
documentation
documentation:available formats
domain list:asterisk in
domain list:in expansion condition
domain list:matching by lookup
domain list:matching literal domain name
domain list:matching local IP interfaces
domain list:matching MX pointers to local host
domain list:matching primary host name
domain list:matching regular expression
domain list:matching “ends with”
domain list:patterns for
domain literal [2]
domain literal:default router
domain literal:recognizing format
domain literal:routing
domain:ACL checking
domain:definition of
domain:delaying delivery
domain:delivery to
domain:extraction
domain:for qualifying addresses
domain:in redirection, preserving
domain:manually routing
The Exim FAQ
The Exim FAQ
This is the FAQ for the Exim Mail Transfer Agent. Many thanks to the many
people who provided the original information. This file would be amazingly
cluttered if I tried to list them all. Suggestions for corrections,
improvements, and additions are always welcome.
This version of the FAQ applies to Exim 4.43 and later releases.
References of the form Cnnn, Fnnn, Lnnn, and Snnn are to the sample
configuration, filter, local_scan(), and “useful script” files. These
are hyperlinked from the HTML version of this FAQ. They can also be found in
the separately distributed directory called config.samples. The primary
location is
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/config.samples.tar.gz
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/config.samples.tar.bz2
There are brief descriptions of these files at the end of this document.
Philip Hazel
Last update: 14-October-2004
Index
A Keyword-in-context index to the questions is available. This is usually the quickest way to find information in the FAQ.
Contents
The FAQ is divided into the following sections: