The first part of the runtime configuration file contains the main configuration settings. Each setting occupies one line of the file, except that string values can be continued onto multiple lines as described in section "String" in chapter "The Exim configuration file". All macro definitions must be in this part of the file -- they differ from options settings by starting with an upper-case letter (see section "Macros in the configuration file" in chapter "The Exim configuration file"). The available options are as follows:
Option: accept_8bitmime
Type: boolean
Default: false
This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.
Option: accept_timeout
Type: time
Default: 0s
This sets the timeout for accepting a non-SMTP message, that is, the maximum time that Exim waits when reading a message on the standard input. If the value is zero, it will wait for ever. This setting is overridden by the `-or' command option. The timeout for incoming SMTP messages is controlled by `smtp_receive_timeout'.
Option: always_bcc
Type: boolean
Default: false
Exim adds a `To:' header to messages whose recipients are given on the command line when there is no `To:', `Cc:', or `Bcc:' in the message. In other cases of missing recipient headers, it just adds an empty `Bcc:' header to make the message conform with RFC 822. Setting `always_bcc' causes it to add an empty `Bcc:' in all cases. This can be helpful in conjunction with mailing list software that passes recipient addresses on the command line.
Option: auto_thaw
Type: time
Default: 0s
If this option is set to a non-zero time, a new delivery is attempted on frozen messages if this much time has passed since the message was frozen.
Option: bi_command
Type: string
Default: unset
This option supplies the name of a command that is run when Exim is called with the `-bi' option (see chapter "The Exim command line"). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the `-oA' command line option.
Option: check_log_inodes
Type: integer
Default: 0
See `check_spool_space' below.
Option: check_log_space
Type: integer
Default: 0
See `check_spool_space' below.
Option: check_spool_inodes
Type: integer
Default: 0
See `check_spool_space' below.
Option: check_spool_space
Type: integer
Default: 0
The four `check_...' options allow for checking of disc resources before a message is accepted: `check_spool_space' and `check_spool_inodes' check the spool partition if either value is greater than zero, for example:
check_spool_space = 10M check_spool_inodes = 100
The spool partition is the one which contains the directory defined by SPOOL_DIRECTORY in `Local/Makefile'.
`check_log_space' and `check_log_inodes' check the partition in which log files are written if either is greater than zero. These should be set only if `log_file_path' is set to point to a different partition to the spool directory.
If there is less space or fewer inodes than requested, Exim refuses to accept incoming mail. In the case of SMTP input this is done by giving a 452 temporary error response to the MAIL command. If ESMTP is in use and there was a SIZE parameter on the MAIL command, its value is added to the `check_spool_space' value, and the check is performed even if `check_spool_space' is zero, unless `no_smtp_check_spool_space' is set.
For non-SMTP input and for batched SMTP input, the test is done at start-up; on failure a message is written to stderr and Exim exits with a non-zero code, as it obviously cannot send an error message of any kind.
Option: collapse_source_routes
Type: boolean
Default: false
If this option is set, then source-routed mail addresses are stripped down to their final components.
Option: daemon_smtp_port
Type: string
Default: unset
This option specifies the numerical port number or the service name equivalent on which the daemon is to listen for incoming SMTP calls. It is overridden by `-oX' on the command line. If this option is not set, the service name `smtp' is used.
Option: daemon_smtp_service
Type: string
Default: unset
This option is a synonym for `daemon_smtp_port'.
Option: debug_level
Type: integer
Default: 0
This option sets the debug level, thus enabling it to be set when calling Exim from an MUA, but it is overridden by the use of `-d' on the command line.
Option: delay_warning
Type: time-list
Default: 24h
When a message is delayed, Exim sends a warning message to the sender at intervals specified by this option. If it is set to a zero, no warnings are sent. The data is a colon-separated list of times after which to send warning messages. Up to 10 times may be given. If a message has been on the queue for longer than the last time, the last interval between the times is used to compute subsequent warning times. For example, with
delay_warning = 4h:8h:24h
the first message is sent after 4 hours, the second after 8 hours, and subsequent ones every 16 hours thereafter. To stop warnings after a given time, set a huge subsequent time.
Option: delay_warning_condition
Type: string
Default: unset
The string is expanded at the time a warning message might be sent. If the result of the expansion is a forced failure, an empty string, or a string matching any of `0', `no' or `false' (the comparison being done caselessly) then the warning message is not sent. For example
delay_warning_condition = "\ ${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}"
suppresses the sending of warnings about messages that have `bulk' or `list' or `junk' in a `Precedence:' header. Note that the colon to terminate the header name is necessary because } may legally occur in header names.
Option: deliver_load_max
Type: fixed-point
Default: unset
When this option is set, no message deliveries are ever done if the system load average is greater than its value, except for deliveries forced with the `-M' option. If `deliver_queue_load_max' is not set and the load gets this high during a queue run, the run is abandoned. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect.
Option: deliver_queue_load_max
Type: fixed-point
Default: unset
If this option is set, its value is used to determine whether to abandon a queue run, instead of the value of `deliver_load_max'.
Option: delivery_date_remove
Type: boolean
Default: true
Exim's transports have an option for adding a `Delivery-date:' header to a message when it is delivered -- in exactly the same way as `Return-path:' is handled. `Delivery-date:' records the actual time of delivery. Such headers should not be present in incoming messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.
Option: dns_again_means_nonexist
Type: domain-list
Default: unset
DNS lookups give a `try again' response for the DNS error `non-Authoritive host found or SERVERFAIL'. This can cause Exim to keep trying to deliver a message, or to give repeated temporary errors to incoming mail. Sometimes the effect is caused by a badly set up nameserver and may persist for a long time. If a domain which exhibits this problem matches anything in `dns_again_means_nonexist' then it is treated as if it did not exist. This option should be used with care.
Option: dns_check_names
Type: boolean
Default: true
This option causes Exim to check domain names for illegal characters before handing them to the DNS resolver, because some resolvers give temporary errors for bad names. If a domain name contains any illegal characters, a `not found' result is forced. The check is done by matching the domain name against the regular expression specified by the `dns_check_names_pattern' option.
Option: dns_check_names_pattern
Type: string
Default: "see below"
This option defines the regular expression that is used when the `dns_check_names' option is set. The default value is
dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9-]*[^\W_])?)+$
which permits only letters, digits, and hyphens in components, but they may not start or end with a hyphen.
Option: dns_retrans
Type: time
Default: 0s
The options `dns_retrans' and `dns_retry' can be used to set the retransmission and retry parameters for DNS lookups. Values of zero (the defaults) leave the system default settings unchanged. The first value is the time between retries, and the second is the number of retries. It isn't totally clear exactly how these settings affect the total time a DNS lookup may take. I haven't found any documentation about timeouts on DNS lookups; these parameter values are available in the external resolver interface structure, but nowhere does it seem to describe how they are used or what you might want to set in them.
Option: dns_retry
Type: integer
Default: 0
See `dns_retrans' above.
Option: envelope_to_remove
Type: boolean
Default: true
Exim's transports have an option for adding an `Envelope-to:' header to a message when it is delivered -- in exactly the same way as `Return-path:' is handled. `Envelope-to:' records the original recipient address in the envelope that caused the delivery. Such headers should not be present in incoming messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.
Option: errmsg_text
Type: string
Default: unset
If `errmsg_text' is set, its contents are included in the default error message immediately after `This message was created automatically by mail delivery software.' It is not used if `errmsg_file' is set.
Option: errmsg_file
Type: string
Default: unset
This option defines a template file containing paragraphs of text to be used for constructing the message which is sent by Exim in the case of a delivery failure. Details of the file's contents are given in chapter "Customizing error and warning messages". See also `warnmsg_file'.
Option: errors_address
Type: string
Default: "postmaster" 7
The mail address to which Exim will send certain error reports. As the default is specified without a domain, it will be sent to the domain specified by the `qualify_recipient' option. If this address is specified with a domain, it must be a fully qualified domain.
Option: errors_copy
Type: string-list
Default: unset
Setting this option causes Exim to send bcc copies of delivery failure reports that it generates to other addresses. The value is a colon-separated list of items; each item consists of a pattern and an address list, separated by white space. If the pattern matches the recipient of the delivery error report, the message is copied to the addresses on the list. The items are scanned in order, and once a matching one is found, no further items are examined. For example:
errors_copy = "spqr@mydomain postmaster@mydomain :\ rqps@mydomain mailmaster@mydomain,\ postmaster@mydomain"
Each pattern can be a single regular expression, indicated by starting it with a circumflex; alternatively, either portion (local part, domain) can start with an asterisk, or the domain can be in any format that is acceptable as an item in a domain list, including a file lookup. A regular expression is matched against the entire (fully qualified) recipient; non-regular expressions must contain both a local part and domain, separated by @.
The address list is a string which is expanded, and must end up as a comma-separated list of addresses. It is used to construct a `Bcc:' header which is added to the error message. The expansion variables `local_part' and `domain' are set from the original recipient of the error message, and if there was any wildcard matching, the expansion variables `$0', `$1', etc. are set in the normal way.
Option: errors_reply_to
Type: string
Default: unset
Exim's delivery error messages contain the header
From: Mail Delivery System <Mailer-Daemon@${qualify_domain}>
(where string expansion notation is used to show a variable substitution). Experience shows that a large number of people reply to such messages. If the `errors_reply_to' option is set, a `Reply-to:' header is added. The option must specify the complete header body.
Option: exim_group
Type: string
Default: "compile-time configured (can be unset)"
This option sets the gid under which Exim runs when it gives up root privilege. It is used only when `exim_user' is also set. Unless it consists entirely of digits, the string is looked up using `getgrnam()', and failure causes a configuration error. See chapter "Security considerations" for a discussion of security issues.
Option: exim_path
Type: string
Default: "see below"
This option specifies the path name of the Exim binary, which is used when Exim needs to re-exec itself. The default is set up to point to the file `exim' in the directory configured at compile time by the BIN_DIRECTORY setting. It is necessary to change `exim_path' if Exim is run from some other place.
Option: exim_user
Type: string
Default: "compile-time configured (can be unset)"
This option sets the uid under which Exim runs when it gives up root privilege. Unless it consists entirely of digits, the string is looked up using `getpwnam()', and failure causes a configuration error. If `exim_group' is not also supplied, the gid is taken from the result of `getpwnam()' if it is used. If the resulting uid is the root uid, it has the effect of unsetting this option. See chapter "Security considerations" for a discussion of security issues. Note that the ownership of the runtime configuration file is checked against the compile-time setting of this parameter, not what is set here.
Option: extract_addresses_remove_arguments
Type: boolean
Default: true
According to Sendmail documentation, if any addresses are present on the command line when the `-t' option is used to build an envelope from a message's headers, they are removed from the recipients list. This is also how Smail behaves. However, it has been reported that some versions of Sendmail in fact add the argument addresses to the recipients list. By default Exim follows the documented behaviour, but if this option is set false it adds rather than removes argument addresses.
Option: finduser_retries
Type: integer
Default: 0
On systems running NIS or other schemes in which user and group information is distributed from a remote system, there can be times when `getpwnam()' and related functions fail, even when given valid data, because things time out. Unfortunately these failures cannot be distinguished from genuine `not found' errors. If `finduser_retries' is set greater than zero, Exim will try that many extra times to find a user or a group, waiting for one second between tries.
Option: forbid_domain_literals
Type: boolean
Default: false
If this option is set, the RFC 822 domain literal format is not permitted in addresses.
Option: freeze_tell_mailmaster
Type: boolean
Default: false
On encountering certain errors, Exim freezes a message, which means that no further delivery attempts take place until an administrator thaws it. If this option is set, a message is sent to `errors_address' every time a message is frozen, unless the message is itself a delivery error message. (Without this exception there is the possibility of looping.) If several of the message's addresses cause freezing, only a single message is sent to the mail administrator. The reason(s) for freezing will be found in the message log.
Option: gecos_name
Type: string
Default: unset
Some operating systems, notably HP-UX, use the `gecos' field in the system password file to hold other information in addition to users' real names. Exim looks up this field for use when it is creating `Sender:' or `From:' headers. If either `gecos_pattern' or `gecos_name' are unset, the contents of the field are used unchanged, except that, if an ampersand is encountered, it is replaced by the user's login name with the first character forced to upper-case, since this is a convention that is observed on many systems.
When these options are set, `gecos_pattern' is treated as a regular expression that is to be applied to the field (again with & replaced by the login name), and if it matches, `gecos_name' is expanded and used as the user's name. Numeric variables such as `$1', `$2', etc. can be used in the expansion to pick up sub-fields that were matched by the pattern. In HP-UX, where the user's name terminates at the first comma, the following can be used:
gecos_pattern = "([^,]*)" gecos_name = $1
Option: gecos_pattern
Type: string
Default: unset
See `gecos_name' above.
Option: headers_check_syntax
Type: boolean
Default: false
This option causes Exim to check the syntax of all headers that can contain lists of addresses (`Sender:', `From:', `Reply-to:', `To:', `Cc:', and `Bcc:') on all incoming messages (both local and SMTP). This is a syntax check only, to catch real junk such as
To: user@
Like the `headers_sender_verify' options, the rejection happens after the end of the data, but it is also controlled by `headers_checks_fail'; if that is unset, the message is accepted and a warning is written to the reject log.
If the message contains any headers starting with `Resent-' then it is that set of headers which is checked.
Option: headers_checks_fail
Type: boolean
Default: true
If this option is true, failure of any header check (see below) causes the message to be rejected. If it is false, a warning message is written to the reject log.
Option: headers_sender_verify
Type: boolean
Default: false
If this option is set with `sender_verify', and the sending host matches `sender_verify_hosts', Exim insists on there being at least one verifyable address in one of the `Sender:', `Reply-to:', or `From:' headers (which are checked in that order) on all incoming SMTP messages. If one cannot be found, the message is rejected, unless `headers_checks_fail' is unset, in which case a warning entry is written to the reject log.
If there are any headers whose names start with `Resent-', then it is that set of headers which is checked. If there is more than one instance of a particular header, all of them are checked.
Unfortunately, because it has to read the message before doing this check, the rejection happens after the end of the data, and it is known that some mailers do not treat hard (5xx) errors correctly at this point -- they keep the message on their spools and try again later, but that is their problem, though it does waste some resources.
Option: headers_sender_verify_errmsg
Type: boolean
Default: false
This option acts like `headers_sender_verify', except that it applies only to messages whose envelope sender is `<>', that is, delivery error messages whose sender cannot be verified at the time the SMTP MAIL command is received.
Option: helo_accept_junk_hosts
Type: host-list
Default: unset
Exim checks the syntax of HELO and EHLO commands for incoming SMTP mail, and gives an error response for invalid data. Unfortunately, there are some SMTP clients that send syntactic junk. They can be accommodated by setting this option.
Option: helo_strict_syntax
Type: boolean
Default: false
Because so many systems have been found to use underscores in the names they send in the SMTP HELO command, Exim by default permits them, though it is not in fact legal to use underscores in domain names. If `helo_strict_syntax' is set, underscores are not permitted in HELO or EHLO commands.
Option: helo_verify
Type: host-list
Default: unset
The RFCs mandate that a server must not reject a message because it doesn't like the HELO or EHLO command. However, some sites like to be stricter. If `helo_verify' is set, Exim checks each incoming call from any host that matches it, and accepts the call only if:
and
If no HELO or EHLO is given, MAIL commands are rejected; if a bad HELO or EHLO is given, it is rejected with a 550 error. Rejections are logged in the main and reject logs.
Option: hold_domains
Type: domain-list
Default: unset
This option allows mail for particular domains to be held on the queue manually. The option is overridden if a message delivery is forced with the `-M' or `-qf' options. Otherwise, if a domain matches an item in `hold_domains', no routing or delivery for that address is done, and it is deferred every time the message is looked at.
This option is intended as a temporary operational measure for delaying the delivery of mail while some problem is being sorted out, or some new configuration tested. It does not override Exim's message clearing away code, which removes messages from the queue if they have been there longer than the longest retry time in any retry rule. If you want to hold messages for longer than the normal retry times, insert a dummy retry rule with a long retry time.
Option: host_accept_relay
Type: host-list
Default: unset
An MTA is said to relay a message if it receives it from some host and delivers it directly to another host as a result of a remote address contained in it. Expanding a local address via an alias or forward file and then passing the message to another host is not relaying, but a re-direction as a result of the `percent hack' is.
Two kinds of relaying exist, which might be termed `incoming' and `outgoing'. A host which is acting as a gateway or an MX backup is concerned with incoming relaying from arbitrary hosts to a specific set of domains. A host which is acting as a smart host for a number of clients is concerned with outgoing relaying from those known clients to the Internet at large. Often the same host is fulfilling both functions, but they are in principle entirely independent, and are therefore controlled by separate Exim options.
Incoming relaying is controlled by restricting the domains to which an arbitrary host may send via the local host; this is done by setting `relay_domains'. Outgoing relaying is controlled by restricting the set of hosts which may send via the local host to an arbitrary domain, by setting `host_accept_relay'.
A check for unwanted relaying is made on the domains of recipient addresses in messages received from other hosts. If the `percent hack' is in use, the test is applied to the domains of the transformed addresses. The check is done at the time of the RCPT command in the SMTP dialogue.
If the domain in a recipient address matches `local_domains' or `relay_domains', or if `relay_domains_include_local_mx' is set and the domain has an MX record pointing to the local host, the address is always accepted (at least as far as this check is concerned -- a subsequent verification check might fail it). This is the case of an incoming message to a local domain or an incoming relay to a permitted domain.
Otherwise this is a case of outgoing relaying, and the address is accepted only if the host is permitted to relay to arbitrary domains, as specified by `host_accept_relay', and, if `sender_address_relay' is set, the sender's address from the MAIL command matches it. In other words, both the host and the sender address must be acceptable. However, some installations are prepared to accept relaying on the basis of either the host or the sender address, and to permit this, `relay_match_host_or_sender' can be set. As it is very easy to forge sender addresses, this option should be used with caution.
Chapter "Other policy controls on incoming mail" contains further discussion of relay control.
Option: host_lookup
Type: host-list
Default: unset
Exim does not look up the name of a calling host from its IP address unless it is required to compare against some host list, or `helo_verify' is set, or the address matches this option (which normally contains IP addresses rather than host names, since the presence of names in itself implies a DNS lookup). The default configuration file contains
host_lookup = 0.0.0.0/0
which causes a lookup to happen for all hosts. If the expense of these lookups is felt to be too great, the setting can be changed or removed. However, Exim always does a lookup if the domain name quoted in a HELO or EHLO command is the local host's own name or any of its local mail domains.
Option: host_reject
Type: host-list
Default: unset
If this option is set, incoming SMTP calls from the hosts listed (possibly also qualified by an RFC 1413 identification) are rejected as soon as the connection is made. See chapter "Other policy controls on incoming mail" for more details.
Option: host_reject_recipients
Type: host-list
Default: unset
If this option is set, all recipients in incoming SMTP calls from the hosts listed, possibly also qualified by an RFC 1413 identification, are rejected. Chapter "Other policy controls on incoming mail" contains details of this facility, which differs from `host_reject' only in the point in the SMTP dialogue at which the rejection occurs.
Option: hosts_treat_as_local
Type: domain-list
Default: unset
If this option is set, any host names that match the domain list are treated as if they were the local host when Exim is scanning host lists obtained from MX records, and also at other times when it is checking whether a host to which a message has been routed is the local host. If it is required that the matching host names also be treated as local domains for mail delivery, they must appear in `local_domains' as well as in this option.
See also the `allow_localhost' option in the `smtp' transport. Both these options are needed in a setup with different hosts for incoming and outgoing mail if the resulting system is used for MX backup.
Option: ignore_errmsg_errors
Type: boolean
Default: false
If this option is set, failed addresses in error reports (that is, messages whose senders are `<>') are discarded (with a log entry). The default action is to freeze such messages for human attention.
Option: ignore_errmsg_errors_after
Type: time
Default: 0s
This option, if it is set to a non-zero time, acts as a delayed version of `ignore_errmsg_errors', which must be unset for this option to take effect. If an error message is frozen because of delivery failure, then once the given time has elapsed after the freezing took place, the message is unfrozen at the next queue run. If delivery fails again, the error message is discarded. This makes it possible to keep failed error messages around for a shorter time than the normal maximum retry time.
Option: ignore_fromline_hosts
Type: host-list
Default: unset
Some broken SMTP clients insist on sending a UUCP-like `From' line before the headers of a message. By default this is treated as the start of the message's body, which means that any following headers are not recognized as such. Exim can be made to ignore it by setting `ignore_fromline_hosts' to match those hosts that insist on sending it. If the sender is actually a local process rather than a remote host, and is using `-bs' to inject the messages, then `ignore_fromline_local' can be set to deal with this case.
Option: ignore_fromline_local
Type: boolean
Default: false
See `ignore_fromline_hosts' above.
Option: keep_malformed
Type: time
Default: 4d
This option specifies the length of time to keep messages whose spool files have been corrupted in some way. This should, of course, never happen. At the next attempt to deliver such a message, it gets removed. The incident is logged.
Option: kill_ip_options
Type: boolean
Default: true
IP packets can contain options which are source routing data that enables one host to pretend to be another. (Don't confuse IP source routing with source-routed mail addresses, which are something entirely different.) IP source routing is an obvious security risk, and many sites lock out such packets in their routers. Also, some operating systems are able to disable IP source routing at the kernel level.
If Exim receives an SMTP call with IP options set, it logs the options if `log_ip_options' is set. Then, if `refuse_ip_options' is set, it drops the call; otherwise, if `kill_ip_options' is set, it unsets the options on the outgoing socket and attempts to continue. To read the IP options, `getsockopt()' is used. On some versions of SunOS 4.1 this causes system crashes. There is a patch that fixes this problem, but it can be avoided by setting all three Exim options false.
Option: local_domains
Type: domain-list
Default: "see below"
This specifies a list of domains which are recognized as `local', that is, their delivery is handled in a special way by this MTA using directors rather than routers. If this option is not set, it defaults to the value of `qualify_recipient'.
The name of the local host is not by default recognized as a local mail domain; either it must be included in `local_domains', or the `local_domains_include_host' option must be set. If you want to accept mail addressed to your host in RFC 822 domain literal format, then `local_domains' must also include the appropriate `domains', consisting of IP addresses enclosed in square brackets. The `local_domains_include_host_literals' option can be set to add all IP addresses automatically.
It is possible to specify no local domains by specifying no data for this option, for example,
local_domains =
If there are very many local domains, then they can be stored in a file and looked up whenever this string is searched. See the discussion of domain lists in section "Domain lists" in chapter "The Exim configuration file".
Option: local_domains_include_host
Type: boolean
Default: false
If this option is set, the value of `primary_hostname' is added to the value of `local_domains', unless it is already present. This makes it possible to use the same configuration file on a number of different hosts. The same effect can be obtained by including the conventional item `@' (which matches the primary host name) in `local_domains'.
Option: local_domains_include_host_literals
Type: boolean
Default: false
If this option is set and `local_interfaces' is unset, the IP addresses of all the interfaces on the local host, with the exception of 127.0.0.1 (and ::1 on IPv6 systems), are added to the value of `local_domains', in domain literal format, that is, as strings enclosed in square brackets. If `local_interfaces' is set, then only those addresses it contains (again excluding 127.0.0.1 and ::1) are used.
Option: local_interfaces
Type: string-list
Default: unset
The string must contain a list of IP addresses, in dotted-quad format for IPv4 addresses, or in colon-separated format (with colons doubled) for IPv6 addresses. These are used for two different purposes:
If `local_interfaces' is unset, the daemon issues a generic `listen()' that accepts incoming calls from any interface, and it also gets a complete list of available interfaces and treats them all as local when routing mail. On most systems the default action is what is wanted. However, some systems set up large numbers of virtual interfaces in order to provide many different virtual web servers. In these cases `local_interfaces' can be used to restrict SMTP traffic to one or two interfaces only. See also `hosts_treat_as_local'.
Option: localhost_number
Type: string
Default: unset
Exim's message ids are normally unique only within the local host. If uniqueness among a set of hosts is required, then each host must set a different value for the `localhost_number' option. The string is expanded immediately after reading the configuration file (so that a number can be computed from the host name, for example) and the result of the expansion must be a number in the range 0--255. This is available in subsequent string expansions via the variable `$localhost_number'. The final two characters of the message id, instead of just being a sequence count of the number of messages received by one process in one second, are the base 62 encoding of
<sequence count> * 256 + <local host number>
This reduces the possible range of the sequence count to 0--14. If the count ever reaches 14 in a receiving process, a delay of one second is imposed to allow the clock to tick, thereby allowing the count to be reset to zero.
Option: locally_caseless
Type: boolean
Default: true
For most Unix systems it is desirable that local parts of local mail addresses be treated in a case-independent manner, since most users expect that mail to `OBailey' and `obailey', for example, will end up in the same mailbox. By default, Exim lower-cases local local parts at the start of processing them, on the assumption that account names in the password file are in lower-case.
For installations that want to draw case distinctions, this option is provided. When turned off, local local parts are handled verbatim during delivery. If there are names containing upper case letters in the password file, the most convenient way to provide for caseless mail delivery is to set up a `smartuser' director as the first director, and to make it do a lowercased lookup of the local part, in order to translate it to the correctly cased version, using the `new_address' option.
Option: log_all_parents
Type: boolean
Default: false
This option applies to deliveries of local addresses, where the original envelope address may be converted by (for example) an alias file into a `child' address which might itself be an alias. Thus in general there can be a chain of several addresses between the original one and the address to which the actual delivery is made. By default Exim logs the final address, followed by the original address in angle bracket.
Turning `log_all_parents' on causes all intermediate addresses between the original envelope address and the final delivery address to be included in delivery log lines in parentheses after the first address. Without this, intermediate addresses are not included, except that if the final delivery is to a pipe or file or autoreply, the immediately preceding parent address is listed.
Option: log_arguments
Type: boolean
Default: false
Setting this option causes Exim to write the arguments with which it was called to the main log. This is a debugging feature, added to make it easy to find out with what arguments certain MUAs call `/usr/lib/sendmail'. The logging does not happen if Exim has given up root privilege because it was called with the `-C' or `-D' options.
Option: log_file_path
Type: string
Default: "compile-time configured (may be unset)"
This option sets the path which is used to determine the names of Exim's log files. The string is expanded, so it can contain, for example, references to the host name. After expansion it must contain the string `%s' somewhere within it; this will be replaced with one of the strings `main', `panic', `process', or `reject' to form the final file name. For example,
log_file_path = /var/log/${primary_hostname}/exim_%slog
If this path string is fixed at your installation (contains no expansion variables) it is recommended that you do not set this option in the configuration file, but instead supply the path using LOG_FILE_PATH in `Local/Makefile' so that it is available to Exim for logging errors detected early on -- in particular failure to read the configuration file.
If no specific path is set for the log files, they are written in a sub-directory called `log' in Exim's spool directory.
Option: log_ip_options
Type: boolean
Default: true
See `kill_ip_options' above.
Option: log_level
Type: integer
Default: 5
This controls the amount of data written to the main log and to the individual message logs (see section "Log level" in chapter "Log files"). The higher the number, the more is written. At present a value of 6 or higher causes all possible messages to appear.
Option: log_received_recipients
Type: boolean
Default: false
When this option is set, the recipients of a message are listed in the main log as soon as the message is received. The list appears at the end of the log line that is written when a message is received, preceded by the word `for'. The addresses are listed after they have been qualified, but before any rewriting has taken place.
Option: log_received_sender
Type: boolean
Default: false
If this option is set, the unrewritten original sender of a message is added to the end of the log line that records the message's arrival, after the word `from' (before the recipients if `log_received_recipients' is also set).
Option: log_refused_recipients
Type: boolean
Default: false
If this option is set, an entry is written in the main and reject logs for each recipient that is refused for policy reasons. Otherwise cases where all recipients are to be refused just cause a single log entry for the message.
Option: log_rewrites
Type: boolean
Default: false
This option causes all address rewriting to get logged, as an aid to debugging rewriting rules.
Option: log_smtp_confirmation
Type: boolean
Default: false
This option causes the response to the final `.' in the SMTP dialog for outgoing messages to be added to delivery log lines in the form `C="<text>"'. A number of MTAs (including Exim from release 1.60) return an identifying string in this response, so logging this information allows messages to be tracked more easily. This global option applies to all SMTP transports.
Option: log_smtp_connections
Type: boolean
Default: false
This option turns on more verbose logging of incoming SMTP connections, at log level 4. This does not apply to batch SMTP, but it does apply to SMTP connections from local processes that use the `-bs' option, including incoming calls using `inetd'. A log line is written whenever a connection is established or closed. If a connection is dropped in the middle of a message, a log line is always written, but otherwise nothing is written at the start and end of connections unless `log_smtp_connections' is set.
Option: log_smtp_syntax_errors
Type: boolean
Default: false
If this option is set, syntax errors in incoming SMTP commands are logged at level 4. An unrecognized command is treated as a syntax error. For an external connection, the host identity is given; for an internal connection using `-bs' the sender identification (normally the calling user) is given.
Option: log_subject
Type: boolean
Default: false
This option causes a message's subject to be included in the arrival log line, in the form `T="<subject text>"'. T stands for `topic' (S is already used for `size').
Option: lookup_open_max
Type: integer
Default: 25
This option limits the number of simultaneously open lookup files. Exim normally keeps files open during directing and routing, since often the same file is required several times. This limit applies only to those lookup types which use regular files, namely lsearch, dbm, and cdb. If the limit is reached, Exim closes the least recently used file. Note that if you are using the NDBM library, it actually opens two files for each logical DBM database, though it still counts as one for the purposes of `lookup_open_max'. If you are getting `too many open files' errors with NDBM, you need to reduce the value of `lookup_open_max'.
Option: max_user_name_length
Type: integer
Default: 0
Some operating systems are broken in that they truncate the argument to `getpwnam()' to eight characters, instead of returning `no such user'. If this option is set greater than zero, any attempt to call `getpwnam()' with an argument that is longer behaves as if `getpwnam()' failed.
Option: message_body_visible
Type: integer
Default: 500
This option specifies how much of a message's body is to be included in the `message_body' expansion variable.
Option: message_filter
Type: string
Default: unset
This option specifies a filter file which is applied to all messages before any routing or directing is done. This is called the `system message filter'. If the filter generates any deliveries to files or pipes, or any new mail messages, then the appropriate `message_filter_..._transport' option(s) must be set, to define which transports are to be used. Details of this facility are given in chapter "System-wide message filtering".
Option: message_filter_directory_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when the `save' command in a system message filter specifies a path ending in `/', implying delivery of each message into a separate file in some directory.
Option: message_filter_directory2_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when the `save' command in a system message filter specifies a path ending in `//'. The reason for having both `message_filter_directory' and `message_filter_directory2' is to allow for the rare circumstance in which both maildir and non-maildir format delivery is required.
Option: message_filter_file_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when the `save' command in a system message filter results in a path not ending in `/'.
Option: message_filter_group
Type: string
Default: unset
This option sets the gid under which the system message filter is run. The `seteuid()' or `setresuid()' function must be available in the operating system for a temporary change to be possible. If the filter generates any pipe, file, or reply addresses, the gid under which the filter is run is used when delivering to them. Unless the string consists entirely of digits, it is looked up using `getgrnam()', and failure causes a configuration error. If the option is not set, and either `message_filter_user' is unset or consists entirely of digits, the gid is not changed when running the filter. Otherwise the group is taken from the result of `getpwnam()'.
Option: message_filter_pipe_transport
Type: string
Default: unset 7
This sets the name of the transport driver that is to be used when a `pipe' command is used in a system message filter.
Option: message_filter_reply_transport
Type: string
Default: unset
This sets the name of the transport driver that is to be used when a `mail' command is used in a system message filter.
Option: message_filter_user
Type: string
Default: unset
This option sets the uid under which the system message filter is run. The `seteuid()' or `setresuid()' function must be available in the operating system for a temporary change to be possible. If the filter generates any pipe, file, or reply addresses, the uid under which the filter is run is used when delivering to them. Unless it consists entirely of digits, the string is looked up using `getpwnam()', and failure causes a configuration error. If the option is not set, the uid is not changed from the Exim user (or root if there is no Exim user) when running the system filter.
Option: message_id_header_text
Type: string
Default: unset
If this variable is set, the string is expanded and used to augment the text of the `Message-id:' header that Exim creates if an incoming message does not have one. The text of this header is required by RFC 822 to take the form of an address. By default, Exim uses its internal message id as the local part, and the primary host name as the domain. If this option is set, it is expanded and provided the expansion does not yield an empty string, is is inserted into the header immediately before the @, separated from the internal message id by a dot. Any characters that are illegal in an address are automatically converted into hyphens. This means that constructions like `${tod_log}' can be used, as the spaces and colons will become hyphens.
Option: message_size_limit
Type: integer
Default: 0
This option limits the maximum size of message that Exim will process. Zero means no limit. It should be set somewhat larger than `return_size_limit' if the latter is non-zero. Incoming SMTP messages are failed with a 552 error if the limit is exceeded; locally-generated messages either get a stderr message or a delivery failure message to the sender, depending on the `-oe' setting, in the normal way. Rejection of an oversized message is logged in both the main and the reject logs. See also the generic transport option `message_size_limit', which limits the size of message that an individual transport can process.
Option: message_size_limit_count_recipients
Type: boolean
Default: false
If this option is set, then the value of `message_size_limit' is a maximum for the size of a message times the number of envelope recipients it has. For example, if `message_size_limit' is set to 10M, then a message with 4 recipients can be no bigger than 2.5M, and a message with 100 recipients is limited to around 100K.
Option: never_users
Type: string-list
Default: unset
Local mail deliveries are run in processes that are setuid to the recipient. However, it is usually desirable to lock out root from this, as a safety precaution. If a message is to be delivered locally as any of the users on the `never_users' list, the process is run as `nobody' instead (see `nobody_user' below). A common example is
never_users = root:daemon:bin:exim
This option overrides the `pipe_as_creator' option of the `pipe' transport driver. If Exim is unable to find a uid for `nobody', it panics.
Option: nobody_group
Type: string
Default: unset
This specifies the group to use when a process is to be run as `nobody'. If it is unset, the value of the `nobody' user's default group is used.
Option: nobody_user
Type: string
Default: unset
This specifies the user to use when a process is to be run as `nobody'. If it is unset, Exim looks up the user `nobody' using `getpwnam()'. If this fails, Exim panics, writing a message to the panic log and exiting immediately.
Option: percent_hack_domains
Type: domain-list
Default: unset
The `percent hack' is the convention whereby a local part containing a percent sign is re-interpreted as a remote address, with the percent replaced by @. This is sometimes called `source routing', though that term is also applied to RFC 822 addresses that begin with an @ character. If this option is set, Exim implements the percent facility for those local domains listed, but no others. The option can be set to `*' to allow the percent hack for all local domains.
If options are set to control message relaying from incoming SMTP envelopes, they are also applied to relaying that is requested via the `percent hack'. See section "Control of relaying" in chapter "Other policy controls on incoming mail".
Option: perl_at_start
Type: boolean
Default: false
This option is available only when Exim is built with an embedded Perl interpreter. See chapter "Embedded Perl" for details of its use.
Option: perl_startup
Type: string
Default: unset
This option is available only when Exim is built with an embedded Perl interpreter. See chapter "Embedded Perl" for details of its use.
Option: pid_file_path
Type: string
Default: "compile-time configured (may be unset)"
This option sets the path which is used to determine the name of the file to which the Exim daemon writes its process id. The string is expanded, so it can contain, for example, references to the host name. After expansion it must contain the string `%s' somewhere within it; this will be replaced by the null string or a non-standard port number to form the final file name. For example,
pid_file_path = /var/log/${primary_hostname}/exim%s.pid
If no specific path is set for the file, it is written in Exim's spool directory.
Option: preserve_message_logs
Type: boolean
Default: false
If this option is set, message log files are not deleted when messages are completed. Instead, they are moved to a sub-directory of the spool directory called `msglog.OLD', where they remain available for statistical or debugging purposes. This is a dangerous option to set on systems with any appreciable volume of mail. Use with care!
Option: primary_hostname
Type: string
Default: "see below"
This specifies the name of the current host. This is used in the HELO command for outgoing SMTP messages, and as the default for `qualify_domain'. If it is not set, Exim calls `uname()' to find it. If this fails, Exim panics and dies. If the name returned by `uname()' contains only one component, Exim passes it to `gethostbyname()' in order to obtain the fully qualified version.
Option: print_topbitchars
Type: boolean
Default: false
By default, Exim considers only those characters whose codes lie in the range 32--126 to be printing characters. In a number of circumstances (for example, when writing log entries) non-printing characters are converted into escape sequences, primarily to avoid messing up the layout. If `print_topbitchars' is set, code values of 128 and above are also considered to be printing characters.
Option: prod_requires_admin
Type: boolean
Default: true
The `-M', `-R', and `-q' command-line options require the caller to be an admin user unless `prod_requires_admin' is set false. See also `queue_list_requires_admin'.
Option: prohibition_message
Type: string
Default: unset
This option adds a site-specific message to the error response that is sent when an SMTP command fails for policy reasons, for example if the sending host is in a host reject list. Details of this facility are given in chapter "Other policy controls on incoming mail".
Option: qualify_domain
Type: string
Default: "see below"
This specifies the domain name that is added to any sender addresses that do not have a domain qualification. It also applies to recipient addresses if `qualify_recipient' is not set. Such addresses are accepted by default only for locally-generated messages -- messages from external sources must always contain fully qualified addresses, unless the sending host matches one of the `receiver_unqualified' or `sender_unqualified' options. If `qualify_domain' is not set, it defaults to the `primary_hostname' value.
Option: qualify_recipient
Type: string
Default: "see below"
This specifies the domain name that is added to any recipient addresses that do not have a domain qualification. Such addresses are accepted by default only for locally-generated messages -- messages from external sources must always contain fully qualified addresses, unless the sending host matches one of the `receiver_unqualified' or `sender_unqualified' options (see below). If `qualify_recipient' is not set, it defaults to the `qualify_domain' value.
Option: queue_list_requires_admin
Type: boolean
Default: true
The `-bp' command-line option requires the caller to be an admin user unless `queue_list_requires_admin' is set false. Otherwise, only messages that the caller submitted are displayed. See also `prod_requires_admin'.
Option: queue_only
Type: boolean
Default: false
If `queue_only' is set (which is equivalent to the `-odq' command line option), a delivery process is not automatically started whenever a message has been received. Instead, the message waits on the queue for the next queue run. Even if `queue_only' is false, incoming SMTP messages may not get delivered immediately if a lot of them arrive at once -- see the `queue_only_load' and `smtp_accept_queue' options.
Option: queue_only_file
Type: string
Default: unset
This option can be set to a colon-separated list of absolute path names, each one optionally preceded by `remote' or `smtp'. When it is receiving a message, Exim tests for the existence of each listed path using a call to `stat()', and if this succeeds, the corresponding queuing option is set. If there is no prefix to the path, `queue_only' is set; `remote' corresponds to `queue_remote' and `smtp' to `queue_smtp'. So, for example,
queue_only_file = remote/some/file
causes Exim to behave as if `queue_remote' were set to `*' whenever `/some/file' exists.
Option: queue_only_load
Type: fixed-point
Default: unset
If the system load average is higher than this value, all incoming messages are queued, and no automatic deliveries are started. If this happens during local or remote SMTP input, all subsequent messages on the same connection are queued. Deliveries will subsequently be performed by queue running processes, unless the load is higher than `deliver_load_max'. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect. See also `smtp_accept_queue' and `smtp_load_reserve'.
Option: queue_remote_domains
Type: domain-list
Default: unset
This option lists domains for which local delivery is not immediately required. It is checked against the domains supplied in the incoming addresses, before any widening is done (because that is part of routing). The `-odqr' option is equivalent to setting `queue_remote_domains' to `*'. A delivery process is started whenever a message is received, but only local addresses are handled, and only local deliveries take place. All remote deliveries wait until the next queue run. See also `queue_smtp_domains', which is subtly different.
Option: queue_run_in_order
Type: boolean
Default: false
If this option is set, queue runs happen in order of message arrival instead of in an arbitrary order.
Option: queue_run_max
Type: integer
Default: 5
This controls the maximum number of queue-running processes that an Exim daemon will run simultaneously. This does not mean that it starts them all at once, but rather that if the maximum number are still running when the time comes to start another one, it refrains from starting it. This can happen with very large queues and/or very sluggish deliveries. This option does not, however, interlock with other processes, so additional queue-runners can be started by other means, or by killing and restarting the daemon.
Option: queue_smtp_domains
Type: domain-list
Default: unset
When this option is set, a delivery process is started whenever a message is received, directing and routing is performed, and local deliveries take place. However, if any SMTP deliveries are required for domains that match `queue_smtp_domains', they are not immediately delivered, but instead the message waits on the queue for the next queue run. Since routing of the message has taken place, Exim knows to which remote hosts it must be delivered, and so when the queue run happens, multiple messages for the same host are delivered over a single SMTP connection. This option is checked against the domains supplied in the incoming addresses, before any widening is done (because that is part of routing). The `-odqs' command line option causes all SMTP deliveries to be queued in this way, and is equivalent to setting `queue_smtp_domains' to `*'. See also `queue_remote_domains', which is subtly different.
Option: rbl_domains
Type: string-list
Default: unset
This option is part of the support for Realtime Blocking Lists (RBL), details of which are given in chapter "Other policy controls on incoming mail". It can be set to a colon-separated list of DNS RBL domains in which to look up the inverted IP address of a calling host. An RBL domain name may be followed by `/warn' or `/reject' to specify what is to be done if the host is found, for example:
rbl_domains = dul.maps.vix.com/warn : rbl.maps.vix.com/reject
If neither is present, the action is controlled by the setting of `rbl_reject_recipients'. When a lookup succeeds, and the action is `reject', mail from the host is blocked by refusing all recipients, except those listed in `recipients_reject_except'. When the action is `warn', the incident is just logged, and a header may be added to the message (see `rbl_warn_header').
If a lookup times out or otherwise fails to give a decisive answer, the address is not blocked (by that entry in the list). When blocking occurs, an associated TXT record is looked up in the DNS, and if it exists, its contents are returned as part of the 550 rejection message.
Option: rbl_hosts
Type: host-list
Default: *
This option specifies the set of hosts for which RBL checking is to be performed when `rbl_domains' is set. The default matches all hosts. The normal usage of this option is to specify exceptions to RBL checking by means of negated items in the host list.
Option: rbl_log_headers
Type: boolean
Default: false
When this option is set, the headers of each message received from a host that matches an RBL domain are written to the reject log. This can occur only if the recipients of the message are not rejected, that is, if the RBL check is configured to warn only.
Option: rbl_log_rcpt_count
Type: boolean
Default: false
When this option is set and `rbl_reject_recipients' is false, the number of RCPT commands for each message received from a host that is in the RBL is written to the reject log. This may be greater than the number of valid recipients in the message.
Option: rbl_reject_recipients
Type: boolean
Default: true
This option controls the action taken when a remote host is found in an RBL domain that has neither `/warn' nor `/reject' following it. The default value specifies rejection.
Option: rbl_warn_header
Type: boolean
Default: true
When this option is set and a message from an RBL-matching host is not rejected, an `X-RBL-Warning:' header is added. The header contains the contents of the DNS TXT record, if one was found. Scanning of further RBL domains continues, which means that more than one `X-RBL-Warning:' header may be added to a message.
Option: received_header_text
Type: string
Default: "see below"
This string defines the contents of the `Received:' message header that is added to each message, except for the timestamp, which is automatically added on at the end, preceded by a semicolon. The string is expanded each time it is used, and the default is:
received_header_text = "Received: \ ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\ {${if def:sender_ident {from ${sender_ident} }}\ ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\ by ${primary_hostname} \ ${if def:received_protocol {with ${received_protocol}}} \ (Exim ${version_number} #${compile_number})\n\t\ id ${message_id} ${if def:received_for {\n\tfor $received_for}}"
The use of conditional expansions ensures that this works for both locally generated messages and messages received from remote hosts, giving header lines such as the following:
Received: from scrooge.carol.book ([240.1.12.25] ident=root) by marley.carol.book with smtp (Exim 1.90 #1) id E0tS3Ga-0005C5-00 for cratchit@dickens.book; Mon, 25 Dec 1995 14:43:44 +0000 Received: by scrooge.carol.book with local (Exim 1.90 #1) id E0tS3GW-0005C2-00; Mon, 25 Dec 1995 14:43:41 +0000
Note the automatic addition of the date and time in the required format.
Option: received_headers_max
Type: integer
Default: 30
When a message is to be delivered, the number of `Received:' headers is counted, and if it is greater than this parameter, a mail loop is assumed to have occurred, the delivery is abandoned, and an error message is generated. This applies to both local and remote deliveries. Earlier versions of Exim did this test only for remote deliveries, but because local deliveries (as Exim sees them) may in fact still cause a message to be transported to a remote host, it was changed.
Option: receiver_try_verify
Type: boolean
Default: false
See `receiver_verify'.
Option: receiver_unqualified_hosts
Type: host-list
Default: unset
This option lists those hosts from which Exim is prepared to accept unqualified receiver addresses. The addresses are made fully qualified by the addition of the `qualify_recipient' value. Typically the hosts are local ones, but if you want to imitate the behaviour of mailers that accept unqualified addresses from anywhere, specify
receiver_unqualified_hosts = *
Option: receiver_verify
Type: boolean
Default: false
When this option is set, the addresses of recipients received from a remote host are verified as they are received, provided the sending host matches `receiver_verify_hosts', the incoming address matches `receiver_verify_addresses', and the sender address matches `receiver_verify_senders', if either of the last two are set.
If an address is invalid, an incoming SMTP call gets an error response to the RCPT command. If an address cannot immediately be verified, a temporary error code is given. The `receiver_try_verify' option is less severe: it operates in the same way, except that an address is accepted if it cannot immediately be verified. Verification failures are logged.
Option: receiver_verify_addresses
Type: address-list
Default: unset
If set,
this option restricts receiver verification to those addresses it matches. The option is inspected only if `receiver_verify' or `receiver_try_verify' is set.
Option: receiver_verify_hosts
Type: host-list
Default: *
See `receiver_verify' above.
Option: receiver_verify_senders
Type: address-list
Default: unset
This option, if set, allows receiver verification to be conditional upon the sender. It is inspected only if `receiver_verify' or `receiver_try_verify' is set.
If the null sender is required in the list of addresses, then it must not be the last item, as a null last item in a list is ignored. It is best placed at the start of the list. For example, to restrict receiver verification to messages with null senders and senders in the `.com' and `.org' domains, you could have
receiver_verify receiver_verify_senders = :*.com:*.org
If the null sender is the only entry required, then the list should consist of a single colon.
Option: recipients_max
Type: integer
Default: 0
If this is set greater than zero, it specifies the maximum number of recipients for any message. This applies to the original list of recipients supplied with the message. SMTP messages get a 452 response for all recipients over the limit; earlier recipients are delivered as normal. Non-SMTP messages with too many recipients are failed, and no deliveries are done. Note that the RFCs specify that an SMTP server should accept at least 100 RCPT commands in a single message.
Option: recipients_max_reject
Type: boolean
Default: false
If this option is set true, then Exim rejects SMTP messages containing too many recipients by giving 552 errors to the surplus RCPT commands, and a 554 error to the eventual DATA command. Otherwise (the default) it gives a 452 error to the surplus RCPT commands and accepts the message on behalf of the initial set of recipients. The remote server should then re-send the message for the remaining recipients at a later time.
Option: recipients_reject_except
Type: address-list
Default: unset
This option lists recipient addresses which are exceptions to any policy for recipient rejection, that is, as a result of `sender_reject_recipients', etc. This option is entirely independent of any checks for unwanted message relaying. However, it does interact with the RBL options.
Option: refuse_ip_options
Type: boolean
Default: true
See `kill_ip_options' above.
Option: relay_domains
Type: domain-list
Default: unset
See `host_accept_relay' and related options above.
Option: relay_domains_include_local_mx
Type: boolean
Default: false
This option permits any host to relay to any domain that has an MX record pointing at the local host. It causes any domain with an MX record pointing at the local host to be treated as if it were in `relay_domains'. See `host_accept_relay' above. `Warning:' Turning on this option opens your server to the possibility of abuse in that anyone with access to a DNS zone can list your server in a secondary MX record as a backup for their domain without your permission. This is not a huge exposure because firstly, it requires the cooperation of a hostmaster to set up, and secondly, since their mail is passing through your server, they run the risk of your noticing and (for example) throwing all their mail away.
Option: relay_match_host_or_sender
Type: boolean
Default: false
By default, if relaying controls are specified on both the remote host and the sender address, a message is accepted only if both conditions are met. If `relay_match_host_or_sender' is set, then either condition is good enough. It does not make sense to set this option without setting `sender_address_relay', since if that option is unset it matches all senders. Exim therefore diagnoses a configuration error in this case. See `sender_host_accept_relay' for more details.
Option: remote_max_parallel
Type: integer
Default: 1
This option controls parallel delivery to remote sites. If the value is less than 2, parallel delivery is disabled, and Exim does all the remote deliveries for a message one by one, from a single delivery process. Otherwise, if a message has to be delivered to more than one remote host, or if several copies have to be sent to the same remote host, then up to `remote_max_parallel' deliveries are done simultaneously, each in a separate process. If more than `remote_max_parallel' deliveries are required, then the maximum number of processes are started, and as each one finishes, another is begun. The order of starting processes is the same as if sequential delivery were being done, and can be controlled by the `remote_sort' option. If parallel delivery takes place while running with debugging turned on, the debugging output from each delivery process is tagged with its process id.
The overhead in doing this is a fork to set up a separate process for each delivery, and the associated management of the subprocess (including getting back the result of the delivery attempt). As well as the process overhead, there may be a small additional penalty paid for parallel delivery. If a host is found to be down, this fact cannot be communicated to any deliveries that are running in parallel, though it will be passed on to any that start afterwards. This is no worse than if there were two separate messages being delivered simultaneously.
The option controls only the maximum number of parallel deliveries from one Exim process. Since Exim has no central queue manager, there is no way of controlling the total number of simultaneous deliveries if the configuration allows a delivery attempt as soon as a message is received. If you want to control the total number of deliveries on the system, then you need to set the `queue_only' option, which ensures that all incoming messages are simply added to the queue. Then set up an Exim daemon to start queue runner processes at appropriate intervals (probably fairly often, for example, every minute), and limit the total number of queue runners by setting the `queue_run_max' parameter. As each queue runner delivers only one message at a time, the maximum number of deliveries that can then take place at once is `queue_run_max' multiplied by `remote_max_parallel'.
If it is purely remote deliveries you want to control, then use `queue_smtp' instead of `queue_only'. This has the added benefit of doing the SMTP routing before queuing, so that several messages for the same host will eventually get delivered down the same connection.
Option: remote_sort
Type: domain-list
Default: unset
When there are a number of remote deliveries for a message, they are sorted by domain into the order given by this list. For example,
remote_sort = "*.cam.ac.uk:*.uk"
would attempt to deliver to all addresses in the `cam.ac.uk' domain first, then to those in the `uk' domain, then to any others.
Option: retry_interval_max
Type: time
Default: 24h
Chapter "Retry configuration" describes Exim's mechanisms for controlling the intervals between delivery attempts for messages that cannot be delivered straight away. This option sets an overall limit to the length of time between retries.
Option: return_path_remove
Type: boolean
Default: true
RFC 822 states that the `Return-path:' header is `added by the final transport system that delivers the message to its recipient' (section 4.3.1), which implies that this header should not be present in incoming messages. If this option is true, `Return-path:' headers are removed from messages as they are read. Exim's transports have options for adding `Return-path:' headers at the time of delivery. They are normally used only for final local deliveries.
Option: return_size_limit
Type: integer
Default: 100K
This option sets a limit in bytes on the size of messages that are returned to senders. If it is set to zero there is no limit. If the body of any message that is to be included in an error report is greater than the limit, it is truncated, and a comment pointing this out is added at the top. The actual cutoff may be greater than the value given, owing to the use of buffering for transferring the message in chunks. The idea is just to save bandwidth on those undeliverable 15-megabyte messages. If either the global or generic transport `message_size_limit' is set, the value of `return_size_limit' should be somewhat smaller.
Option: rfc1413_hosts
Type: host-list
Default: *
RFC 1413 identification calls are made to any host which matches an item in the list. The items in the host list should not themselves contain ident data.
Option: rfc1413_query_timeout
Type: time
Default: 30s
This sets the timeout on RFC 1413 identification calls. If it is set to zero, no RFC 1413 calls are ever made.
Option: security
Type: string
Default: "see below"
When `exim_user' is set non-zero in the runtime configuration or an Exim uid is compiled into the binary, Exim gives up root privilege for some of the time. As there are trade-offs between increased security and efficiency, this option is provided to control exactly how this is done. The option can be set to one of the strings `seteuid', `setuid', or `setuid+seteuid', provided that a uid for Exim is defined. Otherwise it must be left unset. A full description of what these values mean is given in chapter "Security considerations". The default for this option is unset if no special Exim uid is defined, otherwise it is either `setuid+seteuid' or `setuid', depending on whether the `seteuid()' function is configured as being available or not.
Option: sender_address_relay
Type: address-list
Default: unset
This option specifies a set of address patterns, one of which the sender of a message must match in order for the message to be accepted for relaying. If it is not set, all sender addresses are permitted. By default, this check operates in addition to any relaying checks on the sending host (see `host_accept_relay' above). However, if `relay_match_host_or_sender' is set, then either a host match or a sender match is sufficient to allow the relaying to proceed. For this reason, `sender_address_relay' is required to be set if `relay_match_host_or_sender' is set.
The rewrite flag X (see section "The additional relay checking flag" in chapter "Address rewriting") provides a special-purpose facility we have a use for in Cambridge. It adds additional checking to `sender_address_relay'. Whenever a sender address passes the check, if there are any rewriting rules with the X flag set, the address is rewritten using those rules, and if this makes any change to the address, the new address must verify successfully for the relaying to be permitted.
Option: sender_reject
Type: address-list
Default: unset
This option can be set in order to reject mail from certain senders. The check is done on the sender's address as given in the MAIL command in SMTP, but not for local senders where the logged-in user's address is going to override anyway.
If the sender's address is source-routed, it is the final component of the address that is checked. The check is not done for batch SMTP input. If the check fails, a 550 return code is given to MAIL. This doesn't always stop remote mailers from trying again. See `sender_reject_recipients' for an alternative. Typical examples of the use of this option might be:
sender_reject = "spamuser@some.domain:spam.domain" sender_reject = partial-dbm;/etc/mail/blocked/senders
Note that this check operates on sender address domains independently of the sending host; `host_reject' can be used to block all mail from particular hosts, while `host_accept_relay', and `sender_address_relay' can be used to prevent unwanted relaying.
Option: sender_reject_recipients
Type: address-list
Default: unset
This operates in exactly the same way as `sender_reject' except that the rejection is given in the form of a 550 error code to every RCPT command instead of rejecting MAIL. This seems to be the only way of saying `no' to some mailers. Note that this is not an option for rejecting specific recipients. The way to do that is to set `receiver_verify' and arrange for those recipients to fail verification.
Option: sender_try_verify
Type: boolean
Default: false
See `sender_verify'.
Option: sender_unqualified_hosts
Type: host-list
Default: unset
This option lists those hosts from which Exim is prepared to accept unqualified sender addresses. The addresses are made fully qualified by the addition of `qualify_domain'. Typically the hosts are local ones, but if you want to imitate the behaviour of mailers that accept unqualified addresses from anywhere, specify
sender_unqualified_hosts = *
Option: sender_verify
Type: boolean
Default: false
If this option is true, envelope sender addresses on incoming SMTP messages are checked to ensure that they are valid. Messages with invalid envelope senders are rejected with a permanent error code if `sender_verify_reject' is set (the default). Otherwise a warning is logged. See section "Sender verification" in chapter "Verification of incoming mail" for details of the rejection, which can happen at three different points in the SMTP dialogue. If a sender cannot immediately be verified, a temporary error code is returned after reading the data (so the headers can be logged). The `sender_try_verify' option is less severe: it operates in exactly the same way as `sender_verify' except that if an address cannot immediately be verified, it is accepted instead of being temporarily rejected.
Option: sender_verify_batch
Type: boolean
Default: false
If this option is unset, then the `sender_verify' options are not applied to batched SMTP input.
Option: sender_verify_hosts
Type: host-list
Default: *
If `sender_verify' or `sender_try_verify' is true, this option specifies a list of hosts and RFC 1413 identifications to which sender verification applies. The check caused by `headers_sender_verify' also happens only for matching hosts. See chapter "Verification of incoming mail" for further details.
Option: sender_verify_fixup
Type: boolean
Default: false
Experience shows that many messages are sent out onto the Internet with invalid sender addresses in the envelopes (that is, in the MAIL command of the SMTP dialogue), but with valid addresses in the `Sender:', `From:', or `Reply-to:' header fields. If `sender_verify' and `sender_verify_reject' are true and this option is also true, an invalid envelope sender or one that cannot immediately be verified is replaced by a valid value from the headers. If `sender_verify_reject' is false, the envelope sender is not changed, but Exim writes a log entry giving the correction it would have made. See chapter "Verification of incoming mail" for details.
Option: sender_verify_max_retry_rate
Type: integer
Default: 12
If this option is greater than zero, and the rate of temporary rejection of a specific incoming sender address from a specific host, in units of rejections per hour, exceeds it, the temporary error is converted into a permanent verification error. Temporary rejections most commonly occur when a sender address cannot be verified because a DNS lookup fails to complete.
The intent of this option is to stop hosts hammering too frequently with temporarily failing sender addresses. The default value of 12 means that a sender address that has a temporary verification error more than once every 5 minutes will eventually get permanently rejected. Once permanent rejection has been triggered, subsequent temporary failures all cause permanent errors, until there has been an interval of at least 24 hours since the last failure. After 24 hours, the hint expires.
Option: sender_verify_reject
Type: boolean
Default: true
When this is set, a message is rejected if sender verification fails. If it is not set, a warning message is written to the main and reject logs, and the message is accepted (unless some other error occurs).
Option: smtp_accept_keepalive
Type: boolean
Default: true
This option controls the setting of the SO_KEEPALIVE option on incoming TCP/IP socket connections. This causes the kernel periodically to send some OOB (out-of-band) data on idle connections. The reason for doing this is that it has the beneficial effect of freeing up certain types of connection that can get stuck when the remote host is disconnected without tidying up the TCP/IP call properly.
Option: smtp_accept_max
Type: integer
Default: 20
This specifies the maximum number of simultaneous incoming SMTP calls that Exim will accept. It applies only to the listening daemon; there is no control (in Exim) when incoming SMTP is being handled by `inetd'. If the value is set to zero, no limit is applied. However, it is required to be non-zero if `smtp_accept_max_per_host' or `smtp_accept_queue' is set.
Option: smtp_accept_max_per_host
Type: integer
Default: 0
This option restricts the number of simultaneous IP connections from a single host (strictly, from a single IP address) to the Exim daemon. The default value of zero imposes no limit. If this option is set, it is required that `smtp_accept_max' be set non-zero.
Option: smtp_accept_queue
Type: integer
Default: 0
If the number of simultaneous incoming SMTP calls handled via the listening daemon exceeds this value, then messages received are simply placed on the queue, and no delivery processes are started automatically. A value of zero implies no limit, and clearly any non-zero value is useful only if it is less than the `smtp_accept_max' value (unless that is zero). See also `queue_only', `queue_only_load', `queue_smtp', and the various `-od' command line options.
Option: smtp_accept_queue_per_connection
Type: integer
Default: 10
This option limits the number of delivery processes that Exim starts automatically when receiving messages via SMTP, whether via the daemon or by the use of `-bs' or `-bS'. If the value of the option is greater than zero, and the number of messages received in a single SMTP session exceeds this number, subsequent messages are placed on the spool, but no delivery process is started. This helps to limit the number of Exim processes when a server restarts after downtime and there is a lot of mail waiting for it on other systems. On large systems the default should probably be increased.
Option: smtp_accept_reserve
Type: integer
Default: 0
When `smtp_accept_max' is set greater than zero, this option specifies a number of SMTP connections that are reserved for connections from the hosts that are specified in `smtp_reserve_hosts'. The value set in `smtp_accept_max' includes this reserve pool. For example, if `smtp_accept_max' is set to 50 and `smtp_accept_reserve' is set to 5, then once there are 45 active connections, new ones are accepted only from hosts listed in `smtp_reserve_hosts'.
Option: smtp_banner
Type: string
Default: "see below"
This string, which is expanded every time it is used, is output as the initial positive response to an SMTP connection. The default setting is:
smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \ #${compile_number} ${tod_full}"
Failure to expand the string causes a panic error. If you want to create a multiline response to the initial SMTP connection, use `\n' in the string at appropriate points, but not at the end. Note that the 220 code is not included in this string. Exim adds it automatically (several times in the case of a multiline response).
Option: smtp_check_spool_space
Type: boolean
Default: true
When this option is set, if an incoming SMTP session encounters the SIZE option on a MAIL command, it checks that there is enough space in the spool directory's partition to accept a message of that size, while still leaving free the amount specified by `check_spool_space' (even if that value is zero). If there isn't enough space, a temporary error code is returned.
Option: smtp_connect_backlog
Type: integer
Default: 5
This specifies a maximum number of waiting SMTP connections. Exim passes this value to the TCP/IP system when it sets up its listener. Once this number of connections are waiting for the daemon's attention, subsequent connection attempts are refused at the TCP/IP level. At least, that is what the manuals say. In Solaris 2.4 such connection attempts have been observed to time out. The default value of 5 is a conservative one, suitable for older and smaller systems. For large systems is it probably a good idea to increase this, possibly substantially (to 50, say). It also gives some protection against denial-of-service attacks by SYN flooding.
Option: smtp_etrn_command
Type: string
Default: unset
If this option is set, the given command is run whenever an SMTP ETRN command is received from a host that is permitted to issue such commands (see `smtp_etrn_hosts' below). The string is split up into separate arguments which are independently expanded. The expansion variable `$domain' is set to the argument of the ETRN command, and no syntax checking is done on it. For example:
smtp_etrn_command = /etc/etrn_command $domain $sender_host_address
A new process is created to run the command, and Exim does not wait for it to complete. Consequently, its status cannot be checked. As Exim is normally running under its own uid when receiving SMTP, it is not possible for it to change the uid before running the command.
You must disable `smtp_etrn_serialize' if you use this option to run something other than a call of Exim with the `-R' option, because otherwise the serialization lock never gets removed.
Option: smtp_etrn_hosts
Type: host-list
Default: unset
RFC 1985 describes an SMTP command called ETRN which is designed to overcome the security problems of the TURN command (which has fallen into disuse). Exim recognizes ETRN if the calling host matches an entry in `smtp_etrn_hosts'. The ETRN command is concerned with `releasing' messages that are awaiting delivery to certain hosts. As Exim does not organize its message queue by host, the only form of ETRN that is supported by default is the one where the text starts with the `#' prefix, where the remainder of the text is specific to the SMTP server.
However, if the `smtp_etrn_command' option is set, the given command is run for every ETRN command, whatever the form of the argument. In the absence of `smtp_etrn_command', a valid ETRN command causes a run of Exim with the `-R' option to happen, with the remainder of the ETRN text (following the `#') as its argument. For example,
ETRN #brigadoon
causes a delivery attempt on all messages with undelivered addresses containing the text `brigadoon'. Because a separate delivery process is run to do the delivery, there is no security risk with ETRN.
Option: smtp_etrn_serialize
Type: boolean
Default: true
When this option is set, it prevents the simultaneous execution of more than one queue run for the same argument string as a result of an ETRN command. Exim implements serialization by means of a hints database in which a record is written whenever a process is started by ETRN, and deleted when a `-R' queue run completes. If you use `smtp_etrn_command' to do something other than run Exim with the `-R' option, you must disable `smtp_etrn_serialize' because otherwise the hints will never get deleted.
Obviously there is scope for hints records to get left lying around if there is a system or program crash. To guard against this, Exim ignores any records that are more than six hours old, but you should normally arrange to delete any files in the `spool/db' directory whose names begin with `serialize-' after a reboot.
Option: smtp_expn_hosts
Type: host-list
Default: unset
The SMTP EXPN command is supported only if the calling host matches `smtp_expn_hosts'. You must add `localhost' explicitly if you want calls to 127.0.0.1 to be able to use it. A single-level expansion of the address is done, as if the address were being tested using the `-bt' option. If an unqualified local part is given, it is qualified with `qualify_domain'. There is a generic option for directors which permits them to be skipped when processing an EXPN command (compare with verification).
Option: smtp_load_reserve
Type: fixed-point
Default: unset
If the system load average ever gets higher than this, incoming SMTP calls are accepted only from those hosts that match an entry in `smtp_reserve_hosts'. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect.
Option: smtp_receive_timeout
Type: time
Default: 5m
This sets a timeout value for SMTP reception. If a line of input (either an SMTP command or a data line) is not received within this time, the SMTP connection is dropped and the message is abandoned. For non-SMTP input, the reception timeout is controlled by `accept_timeout'.
Option: smtp_reserve_hosts
Type: host-list
Default: unset
This option defines hosts for which SMTP connections are reserved; see `smtp_accept_reserve' and `smtp_load_reserve' above.
Option: smtp_verify
Type: boolean
Default: false
If this option is true, the SMTP command VRFY is supported on incoming SMTP connections; otherwise it is not.
Option: split_spool_directory
Type: boolean
Default: false
If this option is set, it causes Exim to split its input directory into 62 subdirectories, each with a single alphanumeric character as its name. The fifth character of the message id is used to allocate messages to subdirectories; this is the least significant base-62 digit of the time of arrival of the message.
Splitting up the spool in this way may provide better performance on systems where there are long mail queues, by reducing the number of files in any one directory. The msglog directory is also split up in a similar way to the input directory; however, if `preserve_message_logs' is set, all old msglog files are still placed in the single directory `msglog.OLD'.
It is not necessary to take any special action for existing messages when changing `split_spool_directory'. Exim notices messages that are in the `wrong' place, and continues to process them. If the option is turned off after a period of being on, the subdirectories will eventually empty and get deleted.
Option: spool_directory
Type: string
Default: "compile-time configured (may be unset)"
This defines the directory in which Exim keeps its mail spool. The default value is taken from the compile-time configuration setting, if there is one. If not, this option must be set. The string is expanded, so it can contain, for example, a reference to `${primary_hostname}'.
If the spool directory name is fixed on your installation, it is recommended that you set it at build time rather than from this option, particularly if the log files are being written to the spool directory (see `log_file_path'). Otherwise log files cannot be used for errors that are detected early on, such as failures in the configuration file.
Even with a compiled-in path, however, this option makes it possible to run testing configurations of Exim without using the standard spool.
Option: strip_excess_angle_brackets
Type: boolean
Default: false
If this option is set, then redundant pairs of angle brackets round `route-addr' items in addresses are stripped. For example, `<<xxx@a.b.c.d>>' is treated as `<xxx@a.b.c.d>'. If this is in the envelope and the message is passed on to another MTA, the excess angle brackets are not passed on. If this option is not set, multiple pairs of angle brackets cause a syntax error.
Option: strip_trailing_dot
Type: boolean
Default: false
If this option is set, a trailing dot at the end of a domain in an address is ignored. If this is in the envelope and the message is passed on to another MTA, the dot is not passed on. If this option is not set, a dot at the end of a domain causes a syntax error.
Option: trusted_groups
Type: string-list
Default: unset
If this option is set, then any process that is running in one of the listed groups may pass a message to Exim and specify the sender's address using the `-f' command line option, without Exim's adding a `Sender:' header. If neither `trusted_groups' nor `trusted_users' is set, then only root and the Exim user can do this.
Option: trusted_users
Type: string-list
Default: unset
If this option is set, then any process that is running as one of the listed users may pass a message to Exim and specify the sender's address using the `-f' command line option, without Exim's adding a `Sender:' header. If neither `trusted_users' nor `trusted_groups' is set, then only root and the Exim user can do this.
Option: unknown_login
Type: string
Default: unset
This is a specialized feature for use in unusual configurations. By default, if the uid of the caller of Exim cannot be looked up using `getpwuid()', Exim gives up. The `unknown_login' option can be used to set a login name to be used in this circumstance. It is expanded, so values like `user$caller_uid' can be set. When `unknown_login' is used, the value of `unknown_username' is used for the user's real name (gecos field), unless this has been set by the `-F' option.
Option: unknown_username
Type: string
Default: unset
See `unknown_login'.
Option: uucp_from_pattern
Type: string
Default: "see below"
Some applications that pass messages to an MTA via a command line interface use an initial line starting with `From' to pass the envelope sender. In particular, this is used by UUCP software. Exim recognizes such a line by means of a regular expression that is set in `uucp_from_pattern', and when the pattern matches, the sender address is constructed by expanding the contents of `uucp_from_sender', provided that the caller of Exim is a trusted user. The default pattern recognizes lines in the following two forms:
From ph10 Fri Jan 5 12:35 GMT 1996 From ph10 Fri, 7 Jan 97 14:00:00 GMT
The pattern can be seen by running `exim -bP uucp_from_pattern'. It checks only up to the hours and minutes, and allows for a 2-digit or 4-digit year in the second case. The first word after `From' is matched in the regular expression by a parenthesized subpattern. The default value for `uucp_from_sender' is `$1', which therefore just uses this first word (`ph10' in the example above) as the message's sender. See also `ignore_fromline_hosts'.
Option: uucp_from_sender
Type: string
Default: "$1"
See `uucp_from_pattern' above.
Option: warnmsg_file
Type: string
Default: unset
This option defines a template file containing paragraphs of text to be used for constructing the warning message which is sent by Exim when a message has been on the queue for a specified amount of time, as specified by `delay_warning'. Details of the file's contents are given in chapter "Customizing error and warning messages". See also `errmsg_file'.
Go to the first, previous, next, last section, table of contents.