Exim Internet Mailer

Specification of the Exim Mail Transfer Agent

Copyright © 2009 University of Cambridge
Revision 4.72 - 29 May 2010

• 1. Introduction
  • 1. Exim documentation
  • 2. FTP and web sites
  • 3. Mailing lists
  • 4. Exim training
  • 5. Bug reports
  • 6. Where to find the Exim distribution
  • 7. Limitations
  • 8. Run time configuration
  • 9. Calling interface
  • 10. Terminology
• 2. Incorporated code
• 3. How Exim receives and delivers mail
  • 1. Overall philosophy
  • 2. Policy control
  • 3. User filters
  • 4. Message identification
  • 5. Receiving mail
  • 6. Handling an incoming message
  • 7. Life of a message
  • 8. Processing an address for delivery
  • 9. Processing an address for verification
  • 10. Running an individual router
  • 11. Duplicate addresses
  • 12. Router preconditions
  • 13. Delivery in detail
  • 14. Retry mechanism
  • 15. Temporary delivery failure
  • 16. Permanent delivery failure
  • 17. Failures to deliver bounce messages
• 4. Building and installing Exim
  • 1. Unpacking
  • 2. Multiple machine architectures and operating systems
  • 3. PCRE library
  • 4. DBM libraries
  • 5. Pre-building configuration
  • 6. Support for iconv()
  • 7. Including TLS/SSL encryption support
  • 8. Use of tcpwrappers
  • 9. Including support for IPv6
  • 10. The building process
  • 11. Output from “make”
  • 12. Overriding build-time options for Exim
  • 13. OS-specific header files
  • 14. Overriding build-time options for the monitor
  • 15. Installing Exim binaries and scripts
  • 16. Installing info documentation
  • 17. Setting up the spool directory
  • 18. Testing
  • 19. Replacing another MTA with Exim
  • 20. Upgrading Exim
  • 21. Stopping the Exim daemon on Solaris
• 5. The Exim command line
  • 1. Setting options by program name
  • 2. Trusted and admin users
  • 3. Command line options
• 6. The Exim run time configuration file
  • 1. Using a different configuration file
  • 2. Configuration file format
  • 3. File inclusions in the configuration file
  • 4. Macros in the configuration file
  • 5. Macro substitution
  • 6. Redefining macros
  • 7. Overriding macro values
  • 8. Example of macro usage
  • 9. Conditional skips in the configuration file
  • 10. Common option syntax
  • 11. Boolean options
  • 12. Integer values
  • 13. Octal integer values
  • 14. Fixed point numbers
  • 15. Time intervals
  • 16. String values
  • 17. Expanded strings
  • 18. User and group names
  • 19. List construction
  • 20. Changing list separators
  • 21. Empty items in lists
  • 22. Format of driver configurations
• 7. The default configuration file
  • 1. Main configuration settings
  • 2. ACL configuration
  • 3. Router configuration
  • 4. Transport configuration
  • 5. Default retry rule
  • 6. Rewriting configuration
  • 7. Authenticators configuration
• 8. Regular expressions
• 9. File and database lookups
  • 1. Examples of different lookup syntax
  • 2. Lookup types
  • 3. Single-key lookup types
  • 4. Query-style lookup types
  • 5. Temporary errors in lookups
  • 6. Default values in single-key lookups
  • 7. Partial matching in single-key lookups
  • 8. Lookup caching
  • 9. Quoting lookup data
  • 10. More about dnsdb
  • 11. Pseudo dnsdb record types
  • 12. Multiple dnsdb lookups
  • 13. More about LDAP
  • 14. Format of LDAP queries
  • 15. LDAP quoting
  • 16. LDAP connections
  • 17. LDAP authentication and control information
  • 18. Format of data returned by LDAP
  • 19. More about NIS+
  • 20. SQL lookups
  • 21. More about MySQL, PostgreSQL, Oracle, and InterBase
  • 22. Specifying the server in the query
  • 23. Special MySQL features
  • 24. Special PostgreSQL features
  • 25. More about SQLite
• 10. Domain, host, address, and local part lists
  • 1. Expansion of lists
  • 2. Negated items in lists
  • 3. File names in lists
  • 4. An lsearch file is not an out-of-line list
  • 5. Named lists
  • 6. Named lists compared with macros
  • 7. Named list caching
  • 8. Domain lists
  • 9. Host lists
  • 10. Special host list patterns
  • 11. Host list patterns that match by IP address
  • 12. Host list patterns for single-key lookups by host address
  • 13. Host list patterns that match by host name
  • 14. Behaviour when an IP address or name cannot be found
  • 15. Temporary DNS errors when looking up host information
  • 16. Host list patterns for single-key lookups by host name
  • 17. Host list patterns for query-style lookups
  • 18. Mixing wildcarded host names and addresses in host lists
  • 19. Address lists
  • 20. Case of letters in address lists
  • 21. Local part lists
• 11. String expansions
  • 1. Literal text in expanded strings
  • 2. Character escape sequences in expanded strings
  • 3. Testing string expansions
  • 4. Forced expansion failure
  • 5. Expansion items
  • 6. Expansion operators
  • 7. Expansion conditions
  • 8. Combining expansion conditions
  • 9. Expansion variables
• 12. Embedded Perl
  • 1. Setting up so Perl can be used
  • 2. Calling Perl subroutines
  • 3. Calling Exim functions from Perl
  • 4. Use of standard output and error by Perl
• 13. Starting the daemon and the use of network interfaces
  • 1. Starting a listening daemon
  • 2. Special IP listening addresses
  • 3. Overriding local_interfaces and daemon_smtp_ports
  • 4. Support for the obsolete SSMTP (or SMTPS) protocol
  • 5. IPv6 address scopes
  • 6. Disabling IPv6
  • 7. Examples of starting a listening daemon
  • 8. Recognizing the local host
  • 9. Delivering to a remote host
• 14. Main configuration
  • 1. Miscellaneous
  • 2. Exim parameters
  • 3. Privilege controls
  • 4. Logging
  • 5. Frozen messages
  • 6. Data lookups
  • 7. Message ids
  • 8. Embedded Perl Startup
  • 9. Daemon
  • 10. Resource control
  • 11. Policy controls
  • 12. Callout cache
  • 13. TLS
  • 14. Local user handling
  • 15. All incoming messages (SMTP and non-SMTP)
  • 16. Non-SMTP incoming messages
  • 17. Incoming SMTP messages
  • 18. SMTP extensions
  • 19. Processing messages
  • 20. System filter
  • 21. Routing and delivery
  • 22. Bounce and warning messages
  • 23. Alphabetical list of main options
• 15. Generic options for routers
• 16. The accept router
• 17. The dnslookup router
  • 1. Problems with DNS lookups
  • 2. Private options for dnslookup
  • 3. Effect of qualify_single and search_parents
• 18. The ipliteral router
• 19. The iplookup router
• 20. The manualroute router
  • 1. Private options for manualroute
  • 2. Routing rules in route_list
  • 3. Routing rules in route_data
  • 4. Format of the list of hosts
  • 5. Format of one host item
  • 6. How the list of hosts is used
  • 7. How the options are used
  • 8. Manualroute examples
• 21. The queryprogram router
• 22. The redirect router
  • 1. Redirection data
  • 2. Forward files and address verification
  • 3. Interpreting redirection data
  • 4. Items in a non-filter redirection list
  • 5. Redirecting to a local mailbox
  • 6. Special items in redirection lists
  • 7. Duplicate addresses
  • 8. Repeated redirection expansion
  • 9. Errors in redirection lists
  • 10. Private options for the redirect router
• 23. Environment for running local transports
  • 1. Concurrent deliveries
  • 2. Uids and gids
  • 3. Current and home directories
  • 4. Expansion variables derived from the address
• 24. Generic options for transports
• 25. Address batching in local transports
• 26. The appendfile transport
  • 1. The file and directory options
  • 2. Private options for appendfile
  • 3. Operational details for appending
  • 4. Operational details for delivery to a new file
  • 5. Maildir delivery
  • 6. Using tags to record message sizes
  • 7. Using a maildirsize file
  • 8. Mailstore delivery
  • 9. Non-special new file delivery
• 27. The autoreply transport
  • 1. Private options for autoreply
• 28. The lmtp transport
• 29. The pipe transport
  • 1. Concurrent delivery
  • 2. Returned status and data
  • 3. How the command is run
  • 4. Environment variables
  • 5. Private options for pipe
  • 6. Using an external local delivery agent
• 30. The smtp transport
  • 1. Multiple messages on a single connection
  • 2. Use of the $host and $host_address variables
  • 3. Use of $tls_cipher and $tls_peerdn
  • 4. Private options for smtp
  • 5. How the limits for the number of hosts to try are used
• 31. Address rewriting
  • 1. Explicitly configured address rewriting
  • 2. When does rewriting happen?
  • 3. Testing the rewriting rules that apply on input
  • 4. Rewriting rules
  • 5. Rewriting patterns
  • 6. Rewriting replacements
  • 7. Rewriting flags
  • 8. Flags specifying which headers and envelope addresses to rewrite
  • 9. The SMTP-time rewriting flag
  • 10. Flags controlling the rewriting process
  • 11. Rewriting examples
• 32. Retry configuration
  • 1. Changing retry rules
  • 2. Format of retry rules
  • 3. Choosing which retry rule to use for address errors
  • 4. Choosing which retry rule to use for host and message errors
  • 5. Retry rules for specific errors
  • 6. Retry rules for specified senders
  • 7. Retry parameters
  • 8. Retry rule examples
  • 9. Timeout of retry data
  • 10. Long-term failures
  • 11. Deliveries that work intermittently
• 33. SMTP authentication
  • 1. Generic options for authenticators
  • 2. The AUTH parameter on MAIL commands
  • 3. Authentication on an Exim server
  • 4. Testing server authentication
  • 5. Authentication by an Exim client
• 34. The plaintext authenticator
  • 1. Plaintext options
  • 2. Using plaintext in a server
  • 3. The PLAIN authentication mechanism
  • 4. The LOGIN authentication mechanism
  • 5. Support for different kinds of authentication
  • 6. Using plaintext in a client
• 35. The cram_md5 authenticator
  • 1. Using cram_md5 as a server
  • 2. Using cram_md5 as a client
• 36. The cyrus_sasl authenticator
  • 1. Using cyrus_sasl as a server
• 37. The dovecot authenticator
• 38. The spa authenticator
  • 1. Using spa as a server
  • 2. Using spa as a client
• 39. Encrypted SMTP connections using TLS/SSL
  • 1. Support for the legacy “ssmtp” (aka “smtps”) protocol
  • 2. OpenSSL vs GnuTLS
  • 3. GnuTLS parameter computation
  • 4. Requiring specific ciphers in OpenSSL
  • 5. Requiring specific ciphers or other parameters in GnuTLS
  • 6. Configuring an Exim server to use TLS
  • 7. Requesting and verifying client certificates
  • 8. Revoked certificates
  • 9. Configuring an Exim client to use TLS
  • 10. Multiple messages on the same encrypted TCP/IP connection
  • 11. Certificates and all that
  • 12. Certificate chains
  • 13. Self-signed certificates
• 40. Access control lists
  • 1. Testing ACLs
  • 2. Specifying when ACLs are used
  • 3. The non-SMTP ACLs
  • 4. The SMTP connect ACL
  • 5. The EHLO/HELO ACL
  • 6. The DATA ACLs
  • 7. The SMTP MIME ACL
  • 8. The QUIT ACL
  • 9. The not-QUIT ACL
  • 10. Finding an ACL to use
  • 11. ACL return codes
  • 12. Unset ACL options
  • 13. Data for message ACLs
  • 14. Data for non-message ACLs
  • 15. Format of an ACL
  • 16. ACL verbs
  • 17. ACL variables
  • 18. Condition and modifier processing
  • 19. ACL modifiers
  • 20. Use of the control modifier
  • 21. Summary of message fixup control
  • 22. Adding header lines in ACLs
  • 23. ACL conditions
  • 24. Using DNS lists
  • 25. Specifying the IP address for a DNS list lookup
  • 26. DNS lists keyed on domain names
  • 27. Multiple explicit keys for a DNS list
  • 28. Data returned by DNS lists
  • 29. Variables set from DNS lists
  • 30. Additional matching conditions for DNS lists
  • 31. Negated DNS matching conditions
  • 32. Handling multiple DNS records from a DNS list
  • 33. Detailed information from merged DNS lists
  • 34. DNS lists and IPv6
  • 35. Rate limiting incoming messages
  • 36. Ratelimit options for what is being measured
  • 37. Ratelimit options for handling fast clients
  • 38. Using rate limiting
  • 39. Reading ratelimit data without updating
  • 40. Address verification
  • 41. Callout verification
  • 42. Additional parameters for callouts
  • 43. Callout caching
  • 44. Sender address verification reporting
  • 45. Redirection while verifying
  • 46. Client SMTP authorization (CSA)
  • 47. Bounce address tag validation
  • 48. Using an ACL to control relaying
  • 49. Checking a relay configuration
• 41. Content scanning at ACL time
  • 1. Scanning for viruses
  • 2. Scanning with SpamAssassin
  • 3. Calling SpamAssassin from an Exim ACL
  • 4. Scanning MIME parts
  • 5. Scanning with regular expressions
  • 6. The demime condition
• 42. Adding a local scan function to Exim
  • 1. Building Exim to use a local scan function
  • 2. API for local_scan()
  • 3. Configuration options for local_scan()
  • 4. Available Exim variables
  • 5. Structure of header lines
  • 6. Structure of recipient items
  • 7. Available Exim functions
  • 8. More about Exim’s memory handling
• 43. System-wide message filtering
  • 1. Specifying a system filter
  • 2. Testing a system filter
  • 3. Contents of a system filter
  • 4. Additional variable for system filters
  • 5. Defer, freeze, and fail commands for system filters
  • 6. Adding and removing headers in a system filter
  • 7. Setting an errors address in a system filter
  • 8. Per-address filtering
• 44. Message processing
  • 1. Submission mode for non-local messages
  • 2. Line endings
  • 3. Unqualified addresses
  • 4. The UUCP From line
  • 5. Resent- header lines
  • 6. The Auto-Submitted: header line
  • 7. The Bcc: header line
  • 8. The Date: header line
  • 9. The Delivery-date: header line
  • 10. The Envelope-to: header line
  • 11. The From: header line
  • 12. The Message-ID: header line
  • 13. The Received: header line
  • 14. The References: header line
  • 15. The Return-path: header line
  • 16. The Sender: header line
  • 17. Adding and removing header lines in routers and transports
  • 18. Constructed addresses
  • 19. Case of local parts
  • 20. Dots in local parts
  • 21. Rewriting addresses
• 45. SMTP processing
  • 1. Outgoing SMTP and LMTP over TCP/IP
  • 2. Errors in outgoing SMTP
  • 3. Incoming SMTP messages over TCP/IP
  • 4. Unrecognized SMTP commands
  • 5. Syntax and protocol errors in SMTP commands
  • 6. Use of non-mail SMTP commands
  • 7. The VRFY and EXPN commands
  • 8. The ETRN command
  • 9. Incoming local SMTP
  • 10. Outgoing batched SMTP
  • 11. Incoming batched SMTP
• 46. Customizing bounce and warning messages
  • 1. Customizing bounce messages
  • 2. Customizing warning messages
• 47. Some common configuration settings
  • 1. Sending mail to a smart host
  • 2. Using Exim to handle mailing lists
  • 3. Syntax errors in mailing lists
  • 4. Re-expansion of mailing lists
  • 5. Closed mailing lists
  • 6. Variable Envelope Return Paths (VERP)
  • 7. Virtual domains
  • 8. Multiple user mailboxes
  • 9. Simplified vacation processing
  • 10. Taking copies of mail
  • 11. Intermittently connected hosts
  • 12. Exim on the upstream server host
  • 13. Exim on the intermittently connected client host
• 48. Using Exim as a non-queueing client
• 49. Log files
  • 1. Where the logs are written
  • 2. Logging to local files that are periodically “cycled”
  • 3. Datestamped log files
  • 4. Logging to syslog
  • 5. Log line flags
  • 6. Logging message reception
  • 7. Logging deliveries
  • 8. Discarded deliveries
  • 9. Deferred deliveries
  • 10. Delivery failures
  • 11. Fake deliveries
  • 12. Completion
  • 13. Summary of Fields in Log Lines
  • 14. Other log entries
  • 15. Reducing or increasing what is logged
  • 16. Message log
• 50. Exim utilities
  • 1. Finding out what Exim processes are doing (exiwhat)
  • 2. Selective queue listing (exiqgrep)
  • 3. Summarizing the queue (exiqsumm)
  • 4. Extracting specific information from the log (exigrep)
  • 5. Selecting messages by various criteria (exipick)
  • 6. Cycling log files (exicyclog)
  • 7. Mail statistics (eximstats)
  • 8. Checking access policy (exim_checkaccess)
  • 9. Making DBM files (exim_dbmbuild)
  • 10. Finding individual retry times (exinext)
  • 11. Hints database maintenance
  • 12. exim_dumpdb
  • 13. exim_tidydb
  • 14. exim_fixdb
  • 15. Mailbox maintenance (exim_lock)
• 51. The Exim monitor
  • 1. Running the monitor
  • 2. The stripcharts
  • 3. Main action buttons
  • 4. The log display
  • 5. The queue display
  • 6. The queue menu
• 52. Security considerations
  • 1. Building a more “hardened” Exim
  • 2. Root privilege
  • 3. Running Exim without privilege
  • 4. Delivering to local files
  • 5. IPv4 source routing
  • 6. The VRFY, EXPN, and ETRN commands in SMTP
  • 7. Privileged users
  • 8. Spool files
  • 9. Use of argv[0]
  • 10. Use of %f formatting
  • 11. Embedded Exim path
  • 12. Use of sprintf()
  • 13. Use of debug_printf() and log_write()
  • 14. Use of strcat() and strcpy()
• 53. Format of spool files
  • 1. Format of the -H file
• 54. Support for DKIM (DomainKeys Identified Mail) - RFC4871
  • 1. Signing outgoing messages
  • 2. Verifying DKIM signatures in incoming mail
• 55. Adding new drivers or lookup types
• 56. Concept Index
  • 1. Symbols
  • 2. A
  • 3. B
  • 4. C
  • 5. D
  • 6. E
  • 7. F
  • 8. G
  • 9. H
  • 10. I
  • 11. J
  • 12. K
  • 13. L
  • 14. M
  • 15. N
  • 16. O
  • 17. P
  • 18. Q
  • 19. R
  • 20. S
  • 21. T
  • 22. U
  • 23. V
  • 24. W
  • 25. X
  • 26. Z
• 57. Option Index
  • 1. Symbols
  • 2. A
  • 3. B
  • 4. C
  • 5. D
  • 6. E
  • 7. F
  • 8. G
  • 9. H
  • 10. I
  • 11. K
  • 12. L
  • 13. M
  • 14. N
  • 15. O
  • 16. P
  • 17. Q
  • 18. R
  • 19. S
  • 20. T
  • 21. U
  • 22. V
  • 23. W
• 58. Variable Index
  • 1. Symbols