Go to the first, previous, next, last section, table of contents.


Common generic options for directors and routers

Directors and routers have sufficiently many generic options in common to make it worth documenting them jointly in this chapter, to save duplication. Any of these options can be used on any director or router. Subsequent chapters describe the generic options that are specific either to directors or to routers.

condition (director or router) option

Option: condition
Type: string
Default: unset

This option specifies a test that has to succeed for the driver to be called. The string is expanded, and if the result is a forced failure or an empty string or one of the strings `0' or `no' or `false' (checked without regard to the case of the letters), the driver is not run. This provides a means of applying special-purpose conditions to the running of directors and routers. The `$home' variable is available in the expansion for directors that set it up. If the expansion fails, it causes Exim to panic. Some of the other options below are common special cases that could in fact be specified using `condition'.

debug_print (director or router) option

Option: debug_print
Type: string
Default: unset

If this option is set and debugging is enabled (see `-d', `-v', and `debug_level'), then the string is expanded and included in the debugging output. This is to help with checking out the values of variables and so on when debugging driver configurations. For example, if a `condition' option appears not to be working, `debug_print' could be used to output the variables it references. The output happens after checks for `domains', `local_parts', `suffix' and `prefix', but before checking `require_files' and `condition'. A newline is added to the text if it does not end with one.

domains (director or router) option

Option: domains
Type: domain-list
Default: unset

If this option is set, the string is expanded, and is then interpreted as a colon-separated list. The driver is skipped unless the current domain matches one of the entries in the list, and does not match `except_domains'. If the match is achieved by means of a file lookup, then the data that the lookup returned for the domain is placed in the `$domain_data' variable for use in string expansions of the driver's private options. For directors, this option is the means by which a host can handle several independent local domains. For routers, it can be used to reduce the use of an expensive router such as `queryprogram' by doing a preliminary plausibility check on the domain. Note that the current domain may change as routing proceeds, as a router may replace the original with a different one for subsequent routers to use.

driver (director or router) option

Option: driver
Type: string
Default: unset

This option must always be set. It specifies the name of the director or router driver.

errors_to (director or router) option

Option: errors_to
Type: string
Default: unset

Delivery errors for any addresses handled or generated by the director or router are sent to the address that results from expanding this string, if it is set, and if it verifies as valid. In other words, this option sets the value of the envelope sender address to be used for deliveries associated with the driver. If it is unset, or fails to verify, the errors address associated with the incoming address (normally the sender) is used. A typical use might be


errors_to = "aliasmaster"

The `errors_to' setting associated with an address can be overridden if it subsequently passes through other directors or routers that have their own `errors_to' settings.

except_domains (director or router) option

Option: except_domains
Type: domain-list
Default: unset

If this option is set, the string is expanded, and is then interpreted as a colon-separated list. The driver is skipped if the domain matches anything in the list. If both `domains' and `except_domains' are set, the driver is run only if the domain matches `domains' and does not match `except_domains'.

except_local_parts (director or router) option

Option: except_local_parts
Type: string-list
Default: unset

If this option is set, the string is expanded, and is then interpreted as a colon-separated list. The driver is skipped if the local part matches anything in the list, which is tested in the same way as a domain list, and which may therefore contain file lookups. If both `local_parts' and `except_local_parts' are set, the driver is run only if the local part matches `local_parts' and does not match `except_local_parts'.

except_senders (director or router) option

Option: except_senders
Type: address-list
Default: unset

If this option is set, the string is expanded, and is then interpreted as a colon-separated list. See the `senders' option below for its use.

fail_verify (director or router) option

Option: fail_verify
Type: boolean
Default: false

Setting this option has the effect of setting both `fail_verify_sender' and `fail_verify_recipient' to the same value.

fail_verify_recipient (director or router) option

Option: fail_verify_recipient
Type: boolean
Default: false

If this option is true and an address is accepted by this driver when verifying a recipient, then verification fails. This option has no effect if the `verify_recipient' option is false.

fail_verify_sender (director or router) option

Option: fail_verify_sender
Type: boolean
Default: false

If this option is true and an address is accepted by this driver when verifying a sender, then verification fails. This option has no effect if the `verify_sender' option is false.

fallback_hosts (director or router) option

Option: fallback_hosts
Type: string-list
Default: unset

String expansion is not applied to this option. The argument must be a colon-separated list of host names or IP addresses. If a driver queues an address for a remote transport, this host list is associated with the address, and used instead of the transport's fallback host list. See the `fallback_hosts' option of the `smtp' transport for further details.

group (director or router) option

Option: group
Type: string
Default: "see below"

If a driver queues an address for a local transport, and the transport does not specify a group, then the group given here is used when running the delivery process. If the string contains no $ characters, it is resolved when Exim starts up. Otherwise, the string is expanded at the time the director or router is run, and must yield either a digit string or a name which can be looked up using `getgrnam()'. For most directors and routers the default is unset, but for the `forwardfile' director with `check_local_user' set, and for the `localuser' director, the default is taken from the `passwd' file. See also `initgroups' and `user' and the discussion in chapter "Environment for running local transports".

headers_add (director or router) option

Option: headers_add
Type: string
Default: unset

This option specifies a string of text which is expanded at directing or routing time, and associated with any addresses that are processed by the driver. If the expanded string is empty, or if the expansion is forced to fail, the option has no effect. Other expansion failures are treated as configuration errors. At transport time, for each address, all original headers listed in `headers_remove' are removed, and those specified by `headers_add' are added. It is not possible to remove headers added to an address by `headers_add'.

The expanded string must be in the form of one or more RFC 822 header lines, separated by newlines (coded as `\n' inside a quoted string). For example:


headers_add = "X-added-header:"

Exim does not check the syntax of these added headers. A newline is supplied at the end if one is not present. The text is added at the end of any existing headers, but before any headers added by the transport.

If an address passes through several directors and/or routers, any `headers_add' or `headers_remove' specifications are cumulative, and any such specifications on the transport are also honoured. Addresses with different `headers_add' or `headers_remove' settings cannot be batched.

headers_remove (director or router) option

Option: headers_remove
Type: string
Default: unset

The string is expanded at directing or routing time and is then associated with any addresses that are processed by the driver. If the expansion is forced to fail, the option has no effect. Other expansion failures are treated as configuration errors. After expansion, the string must consist of a colon-separated list of header names, not including the terminating colon, for example:


remove_headers = "return-receipt-to:acknowledge-to"

It is used at transport time as described under `headers_add' above.

initgroups (director or router) option

Option: initgroups
Type: boolean
Default: false

If the driver queues an address for a local transport, and this option is true, and the uid supplied by the router or director is not overridden by the transport, then the `initgroups()' function is called when running the transport to ensure that any additional groups associated with the uid are set up. See also `group' and `user' and the discussion in chapter "Environment for running local transports".

local_parts (director or router) option

Option: local_parts
Type: string-list
Default: unset

If this option is set, the string is expanded, and is then interpreted as a colon-separated list. The driver is run only if the local part of the address matches an item in the list, which is tested in the same way as a domain list and which may therefore include file lookups. Because the string is expanded, it is possible to make it depend on the domain, for example:


local_parts = lookup;/usr/local/specials/$domain

If the match is achieved by a lookup, then the data that the lookup returned for the local part is placed in the variable `$local_part_data' for use in expansions of the driver's private options. You might use this option, for example, if you have a large number of local virtual domains, and you want to send all postmaster mail to the same place without having to set up an alias in each virtual domain:


postmaster:
  local_parts = postmaster
  driver = smartuser
  new_address = postmaster@real.dom.ain

If both `local_parts' and `except_local_parts' are set, the driver is run only if the local part matches `local_parts' and does not match `except_local_parts'.

more (director or router) option

Option: more
Type: boolean
Default: true

If this option is false, then if the driver fails to handle an address, no further drivers are tried, and directing or routing fails. This applies even in the case of address verification where the driver was not run because the `verify' option was off.

require_files (director or router) option

Option: require_files
Type: string-list
Default: unset

The value of this option is first expanded and then interpreted as a colon-separated list of strings. If the option is used on a `localuser' director, or on a `forwardfile' director that has either of the `check_local_user' or `file_directory' options set, then the expansion variable `$home' may appear in the list, referring to the home directory of the user whose name is that of the local part of the address.

If any string is empty, it is ignored. Otherwise, except as described below, each string must be a fully qualified file path, optionally preceded by `!'. The paths are passed to the `stat()' function to test for the existence of the files or directories. The driver is skipped if any paths not preceded by `!' do not exist, or if any paths preceded by `!' do exist.

The `stat()' function is normally run under the exim uid (or root if such is not defined). However, it is possible to arrange for this test to be run under a specific uid and gid (which is set by means of `seteuid()' and `setegid()'). If an item in a `require_files' list does not contain any forward slash characters, it is taken to be the user (and optional group, separated by a comma) to be used for testing subsequent files in the list. If no group is specified but the user is specified symbolically, then the gid associated with the uid is used; otherwise the gid is not changed. For example:


require_files = mail:/some/file
require_files = ${local_part}:${home}/.procmailrc

The second example works because the `require_files' string is expanded before use.

If `stat()' cannot determine whether a file exists or not, delivery of the message is deferred. This can happen when NFS-mounted filesystems are unavailable.

Sometimes `stat()' yields the error EACCES (`Permission denied'). This means that the user is not permitted to read one of the directories on the file's path. The default action is to consider this a configuration error, and delivery is deferred because the existence or non-existence of the file cannot be determined. However, in some circumstances it may be desirable to treat this condition as if the file did not exist. If the file name (or the exclamation mark that precedes the file name for non-existence) is preceded by a plus sign, then the EACCES error is treated as if the file did not exist. For example:


require_files = +/some/file

This option provides a general mechanism for predicating the running of a director or router on the existence or non-existence of certain files or directories. A failure to expand the string, or the presence of a path within it that is not fully qualified causes a panic error. This includes forced failure, because the whole string is expanded once, before being interpreted as a list. If you want a particular variant of the expansion to specify that no files are to be checked, you should cause it to yield an empty string rather than forcing failure.

senders (director or router) option

Option: senders
Type: address-list
Default: unset

The values of this option and `except_senders' are expanded, and the results of the expansions must be colon-separated address lists, in the same format as used for general options like `sender_reject'. The driver is run only if the sender address matches something in the `senders' list, if set, and does not match anything in `except_senders', if set. Using this option on a director makes it possible to implement closed mailing lists (see chapter "Using Exim to handle mailing lists").

There are issues concerning verification when the running of directors or routers is dependent on the sender. When Exim is verifying an `errors_to' setting in either `forwardfile' or `aliasfile', it sets the sender to the null string. If using the `-bt' option to check a configuration file, it is necessary also to use the `-f' option to set an appropriate sender. For incoming mail, the sender is unset when verifying the sender, but is available when verifying any recipients. If the SMTP VRFY command is enabled, it must be used after MAIL FROM if the sender address matters.

transport (director or router) option

Option: transport
Type: string
Default: unset

Some directors and routers require a transport to be supplied, except when `verify_only' is set, where it is not relevant. Others require that a transport not be supplied, and for some it is optional. The string must be the name of a configured transport instance, or an expandable string, thus allowing transports to be dynamically selected. At directing or routing time, when a driver decides to accept an address, the string is expanded, and must yield the name of an available transport. If it does not, delivery is deferred. This isn't as safe as fixed transports, whose existence is checked at initialization time. See also chapter "Default transports".

unseen (director or router) option

Option: unseen
Type: boolean
Default: false

Setting this option has a similar effect to the `unseen' command qualifier in filter files. It causes an address to be passed on to subsequent drivers, even if the current one succeeds in handling it, and can be used to cause copies of messages to be delivered elsewhere.

user (director or router) option

Option: user
Type: string
Default: "see below"

If the driver queues an address for a local transport, and the transport does not specify a user, then the user given here is used when running the delivery process. If the string contains no $ characters, it is resolved when Exim starts up. Otherwise, the string is expanded at the time the director or router is run, and must yield either a digit string or a name which can be looked up using `getpwnam()'. In the latter case, the group associated with the user is used as a default for the `group' option.

For most directors and routers the default for `user' is unset, but for the `forwardfile' director with `check_local_user' set, and for the `localuser' director, the default is taken from the `passwd' file. See also `initgroups' and `group' and the discussion in chapter "Environment for running local transports".

verify (director or router) option

Option: verify
Type: boolean
Default: true

Setting this option has the effect of setting `verify_sender' and `verify_recipient' to the same value.

verify_only (director or router) option

Option: verify_only
Type: boolean
Default: false

If this option is set, the driver is used only when verifying an address or testing the the `-bv' option, not when actually doing a delivery, testing with the `-bt' option, or running the SMTP EXPN command (see the `expn' generic option for directors). It can be further restricted to verifying only senders or recipients by means of `verify_sender' and `verify_recipient'.

verify_recipient (director or router) option

Option: verify_recipient
Type: boolean
Default: true

If this option is false, then this driver is skipped when verifying recipient addresses. It is usual to set it false for instances of the `smartuser' director.

verify_sender (director or router) option

Option: verify_sender
Type: boolean
Default: true

If this option is false, then this driver is skipped when verifying sender addresses. It is usual to set it false for instances of the `smartuser' director.

Skipping directors and routers

A number of the generic options that are common to directors and routers are concerned with controlling which drivers are run in particular circumstances. They interact with each other in the following way:

If the domain and local part of an address are not in agreement with `domains', `except_domains', `local_parts', and `except_local_parts' (when set), or if the `condition' option fails, or if `verify_only' is set and verification is not happening, then the director or router is skipped and the next one is tried. None of the other options are inspected.

Otherwise, if the `more' option is not set, no subsequent drivers are ever called, in any circumstances. The current driver is itself called unless

In the case of directors, there are some additional conditions that are tested here (see section "Skipping directors" in chapter "Additional generic options for directors").

The `unseen' option causes directing or routing to continue when it would otherwise cease. This is the complementary action to `no_more', which causes it to cease when it would otherwise continue.

The `verify', `fail_verify', and `verify_only' options make it possible to separate those addresses which correspond to a real delivery from those which are recognized, but which do something else if actually encountered in a message.

For example, a `smartuser' director might be used to pass all unrecognized local parts to a script that tries to generate a helpful error message, or to a different machine that might be able to handle them. This means that no local part will ever cause a delivery failure. However, if (for example) verification of senders is taking place (the `sender_verify' main configuration option), you probably don't want <random-local-part@your.domain> to be accepted. The solution is to set `no_verify' or `no_verify_sender' on the `smartuser' director.

On our systems in Cambridge we can identify users whose accounts have recently been cancelled, and their mail is piped to a script which sends back a more helpful message than `user unknown'. Verification of such local parts as senders should fail, but just setting `no_verify' on the director doesn't work, because the local part is then passed to a `localuser' director that may still find it in the password file. (Initially, cancellation just resets the password.) This is the sort of case for which `fail_verify' was invented. It makes it possible to fail a set of local parts that is defined by what a specific director matches.


Go to the first, previous, next, last section, table of contents.