Go to the first, previous, next, last section, table of contents.


11. Main configuration

The first part of the run time configuration file contains the main configuration settings. Each setting occupies one line of the file, possibly continued by a terminating backslash. If any setting is preceded by the word `hide', the -bP option displays its value to admin users only (see section 7.3).

All macro definitions must be in this part of the file -- they differ from options settings by starting with an upper-case letter (see section 7.2).

The available options are listed in alphabetical order below, along with their types and default values.

accept_8bitmime

Type: boolean
Default: false

This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.

accept_timeout

Type: time
Default: 0s

This sets the timeout for accepting a non-SMTP message, that is, the maximum time that Exim waits when reading a message on the standard input. If the value is zero, it will wait for ever. This setting is overridden by the -or command option. The timeout for incoming SMTP messages is controlled by smtp_receive_timeout.

admin_groups

Type: string list
Default: unset

If the current group or any of the supplementary groups of the caller is in this list, the caller has admin privileges. If all your system programmers are in a specific group, for example, you can give them all Exim admin privileges by putting that group in admin_groups. However, this does not permit them to read Exim's spool files (whose group owner is the Exim gid). To permit this, you have to add individuals to the Exim group.

allow_mx_to_ip

Type: boolean
Default: false

It appears that more and more DNS zones are breaking the rules and putting IP addresses on the right hand side of MX records. Exim follows the rules and rejects this, giving an error message that explains the mis-configuration. However, some other MTAs support this practice, so to avoid `Why can't Exim do this?' complaints, allow_mx_to_ip exists, in order to enable this heinous activity. It is not recommended, except when you have no other choice.

always_bcc

Type: boolean
Default: false

Exim adds a To: header to messages whose recipients are given on the command line when there is no To:, Cc:, or Bcc: in the message. In other cases of missing recipient headers, it just adds an empty Bcc: header to make the message conform with RFC 822. Setting always_bcc causes it to add an empty Bcc: in all cases. This can be helpful in conjunction with mailing list software that passes recipient addresses on the command line.

auth_always_advertise

Type: boolean
Default: true

This option is available only when Exim is compiled with authentication support. Normally, if any server authentication mechanisms are configured, Exim advertises them in response to any EHLO command. However, if auth_always_advertise is set false, Exim advertises availability of the AUTH command only if the calling host is in auth_hosts, or if it is in host_auth_accept_relay and not in host_accept_relay. In other words, it advertises only when the host is required always to authenticate or to authenticate in order to relay.

Otherwise, Exim does not advertise AUTH, though it is always prepared to accept it. Certain mail clients (for example, Netscape) require the user to provide a name and password for authentication if AUTH is advertised, even though it may not be needed (the host may be in host_accept_relay). Unsetting auth_always_advertise makes these clients more friendly in these circumstances, while still allowing you to use combinations such as

host_auth_accept_relay = *
host_accept_relay = 10.9.8.0/24

without needing to fill up host_auth_accept_relay with exceptions.

auth_hosts

Type: host list
Default: unset

Any hosts in this list that connect to an Exim server as clients are required to authenticate themselves using the SMTP AUTH command before any commands other than HELO, EHLO, HELP, AUTH, NOOP, RSET, or QUIT are accepted. See chapter 35 for details of SMTP authentication.

auth_over_tls_hosts

Type: host list
Default: unset

Any hosts in this list must start an encrypted TLS session before issuing an SMTP AUTH command, but it does not of itself require them to authenticate. See chapter 38 for details of SMTP encryption.

auto_thaw

Type: time
Default: 0s

If this option is set to a time greater than zero, a queue runner will try a new delivery attempt on any frozen message if this much time has passed since it was frozen. This may result in the message being re-frozen if nothing has changed since the last attempt. It is a way of saying `keep on trying, even though there are big problems'. See also timeout_frozen_after, ignore_errmsg_errors, and ignore_errmsg_errors_after.

bi_command

Type: string
Default: unset

This option supplies the name of a command that is run when Exim is called with the -bi option (see chapter 5). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the -oA command line option.

check_log_inodes

Type: integer
Default: 0

See check_spool_space below.

check_log_space

Type: integer
Default: 0

See check_spool_space below.

check_spool_inodes

Type: integer
Default: 0

See check_spool_space below.

check_spool_space

Type: integer
Default: 0

The four check_... options allow for checking of disc resources before a message is accepted: check_spool_space and check_spool_inodes check the spool partition if either value is greater than zero, for example:

check_spool_space = 10M
check_spool_inodes = 100

The spool partition is the one which contains the directory defined by SPOOL_DIRECTORY in `Local/Makefile'.

check_log_space and check_log_inodes check the partition in which log files are written if either is greater than zero. These should be set only if log_file_path and spool_directory refer to different partitions.

If there is less space or fewer inodes than requested, Exim refuses to accept incoming mail. In the case of SMTP input this is done by giving a 452 temporary error response to the MAIL command. If ESMTP is in use and there was a SIZE parameter on the MAIL command, its value is added to the check_spool_space value, and the check is performed even if check_spool_space is zero, unless no_smtp_check_spool_space is set.

For non-SMTP input and for batched SMTP input, the test is done at start-up; on failure a message is written to stderr and Exim exits with a non-zero code, as it obviously cannot send an error message of any kind.

collapse_source_routes

Type: boolean
Default: false

From version 3.10, this option is obsolete and does nothing. Formerly, it caused source-routed mail addresses to be stripped down to their final components. This now happens automatically, and cannot be suppressed.

daemon_smtp_port

Type: string
Default: unset

This option specifies the numerical port number or the service name equivalent on which the daemon is to listen for incoming SMTP calls. It is overridden by -oX on the command line. If this option is not set, the service name `smtp' is used.

daemon_smtp_service

Type: string
Default: unset

This option is a synonym for daemon_smtp_port.

debug_level

Type: integer
Default: 0

This option sets the debug level, thus enabling it to be set when calling Exim from an MUA, but it is overridden by the use of -d on the command line.

delay_warning

Type: time list
Default: 24h

When a message is delayed, Exim sends a warning message to the sender at intervals specified by this option. If it is set to a zero, no warnings are sent. The data is a colon-separated list of times after which to send warning messages. Up to 10 times may be given. If a message has been on the queue for longer than the last time, the last interval between the times is used to compute subsequent warning times. For example, with

delay_warning = 4h:8h:24h

the first message is sent after 4 hours, the second after 8 hours, and subsequent ones every 16 hours thereafter. To stop warnings after a given time, set a huge subsequent time.

delay_warning_condition

Type: string, expanded
Default: see below

The string is expanded at the time a warning message might be sent. If all the deferred addresses have the same domain, it is set in $domain during the expansion. Otherwise $domain is empty. If the result of the expansion is a forced failure, an empty string, or a string matching any of `0', `no' or `false' (the comparison being done caselessly) then the warning message is not sent. The default is

delay_warning_condition = \
  ${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}

which suppresses the sending of warnings about messages that have `bulk', `list' or `junk' in a Precedence: header. Note that the colon to terminate the header name cannot be omitted, because brace characters may legally occur in header names.

deliver_load_max

Type: fixed-point
Default: unset

When this option is set, no message deliveries are ever done if the system load average is greater than its value, except for deliveries forced with the -M option. If deliver_queue_load_max is not set and the load gets this high during a queue run, the run is abandoned. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect.

deliver_queue_load_max

Type: fixed-point
Default: unset

If this option is set, its value is used to determine whether to abandon a queue run, instead of the value of deliver_load_max.

delivery_date_remove

Type: boolean
Default: true

Exim's transports have an option for adding a Delivery-date: header to a message when it is delivered -- in exactly the same way as Return-path: is handled. Delivery-date: records the actual time of delivery. Such headers should not be present in incoming messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.

dns_again_means_nonexist

Type: domain list
Default: unset

DNS lookups give a `try again' response for the DNS error `non-Authoritive host found or SERVERFAIL'. This can cause Exim to keep trying to deliver a message, or to give repeated temporary errors to incoming mail. Sometimes the effect is caused by a badly set up nameserver and may persist for a long time. If a domain which exhibits this problem matches anything in dns_again_means_nonexist then it is treated as if it did not exist. This option should be used with care.

dns_check_names

Type: boolean
Default: true

This option causes Exim to check domain names for illegal characters before handing them to the DNS resolver, because some resolvers give temporary errors for bad names. If a domain name contains any illegal characters, a `not found' result is forced. The check is done by matching the domain name against the regular expression specified by the dns_check_names_pattern option.

dns_check_names_pattern

Type: string
Default: see below

This option defines the regular expression that is used when the dns_check_names option is set. The default value is

dns_check_names_pattern = \
  (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9-]*[^\W_])?)+$

which permits only letters, digits, and hyphens in components, but they may not start or end with a hyphen.

dns_retrans

Type: time
Default: 0s

The options dns_retrans and dns_retry can be used to set the retransmission and retry parameters for DNS lookups. Values of zero (the defaults) leave the system default settings unchanged. The first value is the time between retries, and the second is the number of retries. It isn't totally clear exactly how these settings affect the total time a DNS lookup may take. I haven't found any documentation about timeouts on DNS lookups; these parameter values are available in the external resolver interface structure, but nowhere does it seem to describe how they are used or what you might want to set in them.

dns_ipv4_lookup

Type: boolean
Default: false

When Exim is compiled with IPv6 support, it looks for IPv6 address records (AAAA and A6) as well as IPv4 address records when trying to find IP addresses for hosts. However, if dns_ipv4_lookup is set, it disables DNS lookups for AAAA and A6 records. This is a fudge to help with name servers that give big delays or otherwise do not work for these new record types. If Exim is handed either of these record types as part of an MX lookup (for example), it still handles them, and may as a result make outgoing IPv6 calls. All this option does is to make it look only for IPv4-style A records when it needs to find an IP address for a host name. In due course, when the world's name servers have all been upgraded, there should be no need for this option.

dns_retry

Type: integer
Default: 0

See dns_retrans above.

envelope_to_remove

Type: boolean
Default: true

Exim's transports have an option for adding an Envelope-to: header to a message when it is delivered -- in exactly the same way as Return-path: is handled. Envelope-to: records the original recipient address in the envelope that caused the delivery. Such headers should not be present in incoming messages, and this option causes them to be removed, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.

errmsg_text

Type: string
Default: unset

If errmsg_text is set, its contents are included in the default error message immediately after `This message was created automatically by mail delivery software.' It is not used if errmsg_file is set.

errmsg_file

Type: string
Default: unset

This option defines a template file containing paragraphs of text to be used for constructing the message which is sent by Exim in the case of a delivery failure. Details of the file's contents are given in chapter 39. See also warnmsg_file.

errors_address

Type: string
Default: "postmaster"

The mail address to which Exim will send certain error reports. As the default is specified without a domain, it will be sent to the domain specified by the qualify_recipient option. If this address is specified with a domain, it must be a fully qualified domain. There are actually only a few situations where this address is used:

errors_copy

Type: string list, expanded
Default: unset

Setting this option causes Exim to send bcc copies of delivery failure reports that it generates to other addresses. The value is a colon-separated list of items; each item consists of a pattern and an address list, separated by white space. If the pattern matches the recipient of the delivery error report, the message is copied to the addresses on the list. The items are scanned in order, and once a matching one is found, no further items are examined. For example:

errors_copy = spqr@mydomain   postmaster@mydomain :\
              rqps@mydomain   mailmaster@mydomain,\
                              postmaster@mydomain

Each pattern can be a single regular expression, indicated by starting it with a circumflex; alternatively, either portion (local part, domain) can start with an asterisk, or the domain can be in any format that is acceptable as an item in a domain list, including a file lookup. A regular expression is matched against the entire (fully qualified) recipient; non-regular expressions must contain both a local part and domain, separated by @.

The address list is a string which is expanded, and must end up as a comma-separated list of addresses. It is used to construct a Bcc: header which is added to the error message. The expansion variables $local_part and $domain are set from the original recipient of the error message, and if there was any wildcard matching, the expansion variables $0, $1, etc. are set in the normal way.

errors_reply_to

Type: string
Default: unset

Exim's delivery error messages contain the header

From: Mail Delivery System <Mailer-Daemon@${qualify_domain}>

(where string expansion notation is used to show a variable substitution). Experience shows that a large number of people reply to such messages. If the errors_reply_to option is set, a Reply-To: header is added. The option must specify the complete header body.

exim_group

Type: string
Default: compile-time configured (can be unset)

This option sets the gid under which Exim runs when it gives up root privilege. It is used only when exim_user is also set. Unless it consists entirely of digits, the string is looked up using getgrnam(), and failure causes a configuration error. See chapter 55 for a discussion of security issues.

exim_path

Type: string
Default: see below

This option specifies the path name of the Exim binary, which is used when Exim needs to re-exec itself. The default is set up to point to the file exim in the directory configured at compile time by the BIN_DIRECTORY setting. It is necessary to change exim_path if Exim is run from some other place.

exim_user

Type: string
Default: compile-time configured (can be unset)

This option sets the uid under which Exim runs when it gives up root privilege. However, unless there is some compelling reason for not doing so, it is best to specify the uid by setting EXIM_UID in `Local/Makefile' rather than using this option, because ownership of the run time configuration file and the use of the -C and -D command line options is checked against the compile-time setting of this parameter, not what is set here.

Unless it consists entirely of digits, the string is looked up using getpwnam(), and failure causes a configuration error. If exim_group is not also supplied, the gid is taken from the result of getpwnam() if it is used. If the resulting uid is the root uid, it has the effect of unsetting this option. See chapter 55 for a discussion of security issues.

extract_addresses_remove_arguments

Type: boolean
Default: true

According to Sendmail documentation, if any addresses are present on the command line when the -t option is used to build an envelope from a message's headers, they are removed from the recipients list. This is also how Smail behaves. However, it has been reported that some versions of Sendmail in fact add the argument addresses to the recipients list. By default Exim follows the documented behaviour, but if this option is set false it adds rather than removes argument addresses.

finduser_retries

Type: integer
Default: 0

On systems running NIS or other schemes in which user and group information is distributed from a remote system, there can be times when getpwnam() and related functions fail, even when given valid data, because things time out. Unfortunately these failures cannot be distinguished from genuine `not found' errors. If finduser_retries is set greater than zero, Exim will try that many extra times to find a user or a group, waiting for one second between tries.

forbid_domain_literals

Type: boolean
Default: false

If this option is set, the RFC 822 domain literal format is not permitted in addresses. The option is set in the default configuration file, because the domain literal format is not normally required these days, and few people know about it. It has, however, been exploited by mail abusers.

freeze_tell_mailmaster

Type: boolean
Default: false

On encountering certain errors, Exim freezes a message, which means that no further delivery attempts take place until an administrator thaws it. If this option is set, a message is sent to errors_address every time a message is frozen, unless the message is itself a delivery error message. (Without this exception there is the possibility of looping.) If several of the message's addresses cause freezing, only a single message is sent to the mail administrator. The reason(s) for freezing will be found in the message log.

gecos_name

Type: string, expanded
Default: unset

Some operating systems, notably HP-UX, use the `gecos' field in the system password file to hold other information in addition to users' real names. Exim looks up this field for use when it is creating Sender: or From: headers. If either gecos_pattern or gecos_name are unset, the contents of the field are used unchanged, except that, if an ampersand is encountered, it is replaced by the user's login name with the first character forced to upper-case, since this is a convention that is observed on many systems.

When these options are set, gecos_pattern is treated as a regular expression that is to be applied to the field (again with & replaced by the login name), and if it matches, gecos_name is expanded and used as the user's name. Numeric variables such as $1, $2, etc. can be used in the expansion to pick up sub-fields that were matched by the pattern. In HP-UX, where the user's name terminates at the first comma, the following can be used:

gecos_pattern = ([^,]*)
gecos_name = $1

gecos_pattern

Type: string
Default: unset

See gecos_name above.

headers_check_syntax

Type: boolean
Default: false

This option causes Exim to check the syntax of all headers that can contain lists of addresses (Sender:, From:, Reply-To:, To:, Cc:, and Bcc:) on all incoming messages (both local and SMTP). This is a syntax check only, to catch real junk such as

To: user@

Like the headers_sender_verify options, the rejection happens after the end of the data, but it is also controlled by headers_checks_fail; if that is unset, the message is accepted and a warning is written to the reject log.

If the message contains any headers starting with `Resent-' then it is that set of headers which is checked.

headers_checks_fail

Type: boolean
Default: true

If this option is true, failure of any header check (see below) causes the message to be rejected. If it is false, a warning message is written to the reject log.

headers_sender_verify

Type: boolean
Default: false

If this option is set with sender_verify, and the sending host matches sender_verify_hosts, Exim insists on there being at least one verifyable address in one of the Sender:, Reply-To:, or From: headers (which are checked in that order) on all incoming SMTP messages. If one cannot be found, the message is rejected, unless headers_checks_fail is unset, in which case a warning entry is written to the reject log.

If there are any headers whose names start with `Resent-', it is that set of headers which is checked. If there is more than one instance of a particular header, all of them are checked.

Unfortunately, because it has to read the message before doing this check, the rejection happens after the end of the data, and it is known that some mailers do not treat hard (5xx) errors correctly at this point -- they keep the message on their spools and try again later, but that is their problem, though it does waste some resources.

headers_sender_verify_errmsg

Type: boolean
Default: false

This option acts like headers_sender_verify, except that it applies only to messages whose envelope sender is `<>', that is, delivery error messages whose sender cannot be verified at the time the SMTP MAIL command is received.

helo_accept_junk_hosts

Type: host list
Default: unset

Exim checks the syntax of HELO and EHLO commands for incoming SMTP mail, and gives an error response for invalid data. Unfortunately, there are some SMTP clients that send syntactic junk. They can be accommodated by setting this option.

helo_strict_syntax

Type: boolean
Default: false

Because so many systems have been found to use underscores in the names they send in the SMTP HELO command, Exim by default permits them, though it is not in fact legal to use underscores in domain names in SMTP. If helo_strict_syntax is set, underscores are not permitted in HELO or EHLO commands.

helo_verify

Type: host list
Default: unset

The RFCs mandate that a server must not reject a message because it doesn't like the HELO or EHLO command. However, some sites like to be stricter. If helo_verify is set, Exim checks each incoming call from any host that matches it, and accepts the call only if:

and

If no HELO or EHLO is given, MAIL commands are rejected; if a bad HELO or EHLO is given, it is rejected with a 550 error. Rejections are logged in the main and reject logs.

hold_domains

Type: domain list
Default: unset

This option allows mail for particular domains to be held on the queue manually. The option is overridden if a message delivery is forced with the -M, -qf, -Rf or -Sf options. Otherwise, if a domain matches an item in hold_domains, no routing or delivery for that address is done, and it is deferred every time the message is looked at.

This option is intended as a temporary operational measure for delaying the delivery of mail while some problem is being sorted out, or some new configuration tested. It does not override Exim's message clearing away code, which removes messages from the queue if they have been there longer than the longest retry time in any retry rule. If you want to hold messages for longer than the normal retry times, insert a dummy retry rule with a long retry time.

host_accept_relay

Type: host list
Default: unset

This option provides a list of hosts that are permitted to relay via the local host to any arbitrary domains. Section 46.4 contains a discussion of relay control.

host_auth_accept_relay

Type: host list
Default: unset 7

This option provides a list of hosts that are permitted to relay via the local host to any arbitrary domains, provided the calling host has authenticated itself. Section 46.4 contains a discussion of relay control, and chapter 35 discusses authentication.

host_lookup

Type: host list
Default: unset

Exim does not look up the name of a calling host from its IP address unless it is required to compare against some host list, or helo_verify is set, or the address matches this option (which normally contains IP addresses rather than host names, since the presence of names in itself implies a DNS lookup). The default configuration file contains

host_lookup = *

which causes a lookup to happen for all hosts. If the expense of these lookups is felt to be too great, the setting can be changed or removed. However, Exim always does a lookup if the domain name quoted in a HELO or EHLO command is the local host's own name or any of its local mail domains.

host_reject

Type: host list
Default: unset

If this option is set, incoming SMTP calls from the hosts listed (possibly also qualified by an RFC 1413 identification) are rejected as soon as the connection is made. See chapter 46 for more details.

host_reject_recipients

Type: host list
Default: unset

If this option is set, all recipients in incoming SMTP calls from the hosts listed, possibly also qualified by an RFC 1413 identification, are rejected. Chapter 46 contains details of this facility, which differs from host_reject only in the point in the SMTP dialogue at which the rejection occurs.

hosts_treat_as_local

Type: domain list
Default: unset

If this option is set, any host names that match the domain list are treated as if they were the local host when Exim is scanning host lists obtained from MX records, and also at other times when it is checking whether a host to which a message has been routed is the local host. If it is required that the matching host names also be treated as local domains for mail delivery, they must appear in local_domains as well as in this option.

See also the allow_localhost option in the smtp transport. Both these options are needed in a setup with different hosts for incoming and outgoing mail if the resulting system is used for MX backup.

ignore_errmsg_errors

Type: boolean
Default: false

If this option is set, failed addresses in error reports (that is, bounce messages, whose senders are `<>') are discarded (with a log entry). The default action is to freeze such messages for human attention.

ignore_errmsg_errors_after

Type: time
Default: 0s

This option, if it is set to a non-zero time, acts as a delayed version of ignore_errmsg_errors, which must be unset for this option to take effect. When an error message that was frozen because of delivery failure has been on the queue for more than the given time, it is unfrozen at the next queue run, and a further delivery is attempted. If delivery fails again, the error message is discarded. This makes it possible to keep failed error messages around for a shorter time than the normal maximum retry time for frozen messages. For example,

ignore_errmsg_errors_after = 12h

retries failed error message deliveries after 12 hours, discarding any further failures. For ways of automatically dealing with other kinds of frozen message, see auto_thaw and timeout_frozen_after.

ignore_fromline_hosts

Type: host list
Default: unset

Some broken SMTP clients insist on sending a UUCP-like `From' line before the headers of a message. By default this is treated as the start of the message's body, which means that any following headers are not recognized as such. Exim can be made to ignore it by setting ignore_fromline_hosts to match those hosts that insist on sending it. If the sender is actually a local process rather than a remote host, and is using -bs to inject the messages, ignore_fromline_local can be set to deal with this case.

ignore_fromline_local

Type: boolean
Default: false

See ignore_fromline_hosts above.

keep_malformed

Type: time
Default: 4d

This option specifies the length of time to keep messages whose spool files have been corrupted in some way. This should, of course, never happen. At the next attempt to deliver such a message, it gets removed. The incident is logged.

kill_ip_options

Type: boolean
Default: true

IP packets can contain options which are source routing data that enables one host to pretend to be another. (Don't confuse IP source routing with source-routed mail addresses, which are something entirely different.) IP source routing is an obvious security risk, and many sites lock out such packets in their routers. Also, some operating systems are able to disable IP source routing at the kernel level.

If Exim receives an SMTP call with IP options set, it logs the options if log_ip_options is set. Then, if refuse_ip_options is set, it drops the call; otherwise, if kill_ip_options is set, it unsets the options on the outgoing socket and attempts to continue. To read the IP options, getsockopt() is used. On some versions of SunOS 4.1 this causes system crashes. There is a patch that fixes this problem, but it can be avoided by setting all three Exim options false.

ldap_default_servers

Type: string list
Default: unset

This option provides a list of LDAP servers which are tried in turn when an LDAP query does not contain a server. See section 6.11. The option is available only when Exim has been built with LDAP support.

local_domains

Type: domain list
Default: see below

This specifies a list of domains which are recognized as `local', that is, their delivery is handled in a special way by this MTA using directors rather than routers. If this option is not set, it defaults to the value of qualify_recipient.

The name of the local host is not by default recognized as a local mail domain; either it must be included in local_domains, or the local_domains_include_host option must be set. If you want to accept mail addressed to your host in RFC 822 domain literal format, local_domains must also include the appropriate `domains', consisting of IP addresses enclosed in square brackets. The local_domains_include_host_literals option can be set to add all IP addresses automatically.

It is possible to specify no local domains by specifying no data for this option, for example,

local_domains =

If there are very many local domains, they can be stored in a file and looked up whenever this string is searched. See the discussion of domain lists in section 7.12.

local_domains_include_host

Type: boolean
Default: false

If this option is set, the value of primary_hostname is added to the value of local_domains, unless it is already present. This makes it possible to use the same configuration file on a number of different hosts. The same effect can be obtained by including the conventional item `@' (which matches the primary host name) in local_domains.

local_domains_include_host_literals

Type: boolean
Default: false

If this option is set and local_interfaces is unset, the IP addresses of all the interfaces on the local host, with the exception of 127.0.0.1 (and ::1 on IPv6 systems), are added to the value of local_domains, in domain literal format, that is, as strings enclosed in square brackets. If local_interfaces is set, only those addresses it contains (again excluding 127.0.0.1 and ::1) are used.

local_from_check

Type: boolean
Default: true

When a message is submitted locally (that is, not over a TCP/IP connection) by a non-trusted user, Exim checks that the From: header line matches the login of the calling user, and if not, it adds a Sender: header. If local_from_check is set false, this checking is disabled, and no Sender: header is ever added. Nevertheless, the envelope sender is still forced to be the login id at the qualify domain.

local_from_prefix

Type: string
Default: unset

When Exim checks the From: header line of locally submitted messages for matching the login id (see local_from_check above), it can be configured to ignore certain prefixes and suffixes in the local part of the address. This is done by setting local_from_prefix and/or local_from_suffix to appropriate lists, in the same form as the prefix and suffix options of directors (see chapter 21). For example, if

local_from_prefix = *-

is set, then a From: line containing

From: anything-user@your.domain

will not cause a Sender: header to be added if user@your.domain matches the actual sender address that is constructed from the login name and qualify domain.

local_from_suffix

Type: string
Default: unset

See local_from_prefix above.

local_interfaces

Type: string list
Default: unset

The string must contain a list of IP addresses, in dotted-quad format for IPv4 addresses, or in colon-separated format (with colons doubled) for IPv6 addresses. These are used for two different purposes:

If local_interfaces is unset, the daemon issues a generic listen() that accepts incoming calls from any interface, and it also gets a complete list of available interfaces and treats them all as local when routing mail. On most systems the default action is what is wanted. However, some systems set up large numbers of virtual interfaces in order to provide many different virtual web servers. In these cases local_interfaces can be used to restrict SMTP traffic to one or two interfaces only. See also hosts_treat_as_local.

localhost_number

Type: string
Default: unset

Exim's message ids are normally unique only within the local host. If uniqueness among a set of hosts is required, each host must set a different value for the localhost_number option. The string is expanded immediately after reading the configuration file (so that a number can be computed from the host name, for example) and the result of the expansion must be a number in the range 0--255. This is available in subsequent string expansions via the variable $localhost_number. The final two characters of the message id, instead of just being a sequence count of the number of messages received by one process in one second, are the base 62 encoding of

<sequence count> * 256 + <local host number>

This reduces the possible range of the sequence count to 0--14. If the count ever reaches 14 in a receiving process, a delay of one second is imposed to allow the clock to tick, thereby allowing the count to be reset to zero.

locally_caseless

Type: boolean
Default: true

Domains in mail addresses are specified as being case-independent, but this it not true of local parts. For most Unix systems, however, it is desirable that local parts of local mail addresses be treated in a case-independent manner, since most users expect that mail to OBailey and obailey, for example, will end up in the same mailbox. By default, when it is processing an address whose domain is local, Exim lower-cases the local part at the start of processing, on the assumption that account names in the password file are in lower-case.

For installations that want to draw case distinctions, this option is provided. When turned off, local local parts are handled verbatim during delivery. If there are names containing upper case letters in the password file, the most convenient way to provide for caseless mail delivery is to set up a smartuser director as the first director, and to make it do a lowercased lookup of the local part, in order to translate it to the correctly cased version, using the new_address option.

log_all_parents

Type: boolean
Default: false

This option applies to deliveries of local addresses, where the original envelope address may be converted by (for example) an alias file into a `child' address which might itself be an alias. Thus in general there can be a chain of several addresses between the original one and the address to which the actual delivery is made. By default Exim logs the final address, followed by the original address in angle bracket.

Turning log_all_parents on causes all intermediate addresses between the original envelope address and the final delivery address to be included in delivery log lines in parentheses after the first address. Without this, intermediate addresses are not included, except that if the final delivery is to a pipe or file or autoreply, the immediately preceding parent address is listed.

log_arguments

Type: boolean
Default: false

Setting this option causes Exim to write the arguments with which it was called to the main log. This is a debugging feature, added to make it easy to find out with what arguments certain MUAs call /usr/lib/sendmail. The logging does not happen if Exim has given up root privilege because it was called with the -C or -D options. This facility cannot log illegal arguments, because the arguments are checked before the configuration file is read. The only way to log such cases is to interpose a script such as util/logargs.sh between the caller and Exim.

log_file_path

Type: string list
Default: set at compile time

This option sets the path which is used to determine the names of Exim's log files, or indicates that logging is to be to syslog, or both. Chapter 51 contains further details. If this string is fixed at your installation (contains no expansion variables) it is recommended that you do not set this option in the configuration file, but instead supply the path using LOG_FILE_PATH in `Local/Makefile' so that it is available to Exim for logging errors detected early on -- in particular failure to read the configuration file.

If no specific path is set for the log files, they are written in a sub-directory called log in Exim's spool directory.

log_incoming_port

Type: boolean
Default: false

If this option is set, the remote port number (separated by a dot) is added to the IP address of incoming calls in all log entries, and in Received: header lines. For example:

127.0.0.1.48433
::1.48433

This is implemented by changing the value that is put in the $sender_fullhost and $sender_rcvhost variables. Recording the remote port number has become more important with the widening use of NAT (see RFC 2505).

log_ip_options

Type: boolean
Default: true

See kill_ip_options above.

log_level

Type: integer
Default: 5

This controls the amount of data written to the main log and to the individual message logs (see section 51.10). The higher the number, the more is written. At present a value of 6 or higher causes all possible messages to appear.

log_queue_run_level

Type: integer
Default: 0

This option specifies the log level for the messages `start queue run' and `end queue run'. Setting it higher than the value of log_level causes them to be suppressed.

log_received_recipients

Type: boolean
Default: false

When this option is set, the recipients of a message are listed in the main log as soon as the message is received. The list appears at the end of the log line that is written when a message is received, preceded by the word `for'. The addresses are listed after they have been qualified, but before any rewriting has taken place.

log_received_sender

Type: boolean
Default: false

If this option is set, the unrewritten original sender of a message is added to the end of the log line that records the message's arrival, after the word `from' (before the recipients if log_received_recipients is also set).

log_refused_recipients

Type: boolean
Default: false

If this option is set, an entry is written in the main and reject logs for each recipient that is refused for policy reasons. Otherwise cases where all recipients are to be refused just cause a single log entry for the message.

log_rewrites

Type: boolean
Default: false

This option causes all address rewriting to get logged, as an aid to debugging rewriting rules.

log_sender_on_delivery

Type: boolean
Default: false

Setting log_sender_on_delivery causes Exim to add an `F=<sender>' item to delivery and bounce log lines (F is for `envelope from' -- the same letter as is used in rewriting rules). By default, the sender is not shown on these lines.

log_smtp_confirmation

Type: boolean
Default: false

This option causes the response to the final `.' in the SMTP dialog for outgoing messages to be added to delivery log lines in the form `C="<text>"'. A number of MTAs (including Exim from release 1.60) return an identifying string in this response, so logging this information allows messages to be tracked more easily. This global option applies to all SMTP transports.

log_smtp_connections

Type: boolean
Default: false

This option turns on more verbose logging of incoming SMTP connections, at log level 4. This does not apply to batch SMTP, but it does apply to SMTP connections from local processes that use the -bs option, including incoming calls using inetd. A log line is written whenever a connection is established or closed. If a connection is dropped in the middle of a message, a log line is always written, but otherwise nothing is written at the start and end of connections unless log_smtp_connections is set.

log_smtp_syntax_errors

Type: boolean
Default: false

If this option is set, syntax errors in incoming SMTP commands are logged at level 4. An unrecognized command is treated as a syntax error. For an external connection, the host identity is given; for an internal connection using -bs the sender identification (normally the calling user) is given.

log_subject

Type: boolean
Default: false

This option causes a message's subject to be included in the arrival log line, in the form `T="<subject text>"'. T stands for `topic' (S is already used for `size').

lookup_open_max

Type: integer
Default: 25

This option limits the number of simultaneously open lookup files. Exim normally keeps files open during directing and routing, since often the same file is required several times. This limit applies only to those lookup types which use regular files, namely lsearch, dbm, and cdb. If the limit is reached, Exim closes the least recently used file. Note that if you are using the NDBM library, it actually opens two files for each logical DBM database, though it still counts as one for the purposes of lookup_open_max. If you are getting `too many open files' errors with NDBM, you need to reduce the value of lookup_open_max.

max_username_length

Type: integer
Default: 0

Some operating systems are broken in that they truncate the argument to getpwnam() to eight characters, instead of returning `no such user'. If this option is set greater than zero, any attempt to call getpwnam() with an argument that is longer behaves as if getpwnam() failed.

message_body_visible

Type: integer
Default: 500

This option specifies how much of a message's body is to be included in the message_body expansion variable.

message_filter

Type: string
Default: unset

This option specifies a filter file which is applied to all messages before any routing or directing is done. This is called the `system message filter'. If the filter generates any deliveries to files or pipes, or any new mail messages, the appropriate message_filter_..._transport option(s) must be set, to define which transports are to be used. Details of this facility are given in chapter 47.

message_filter_directory_transport

Type: string
Default: unset

This sets the name of the transport driver that is to be used when the save command in a system message filter specifies a path ending in `/', implying delivery of each message into a separate file in some directory.

message_filter_directory2_transport

Type: string
Default: unset

This sets the name of the transport driver that is to be used when the save command in a system message filter specifies a path ending in `//'. The reason for having both message_filter_directory and message_filter_directory2 is to allow for the rare circumstance in which both maildir and non-maildir format delivery is required.

message_filter_file_transport

Type: string
Default: unset

This sets the name of the transport driver that is to be used when the save command in a system message filter specifies a path not ending in `/'.

message_filter_group

Type: string
Default: unset

This option sets the gid under which the system message filter is run. The seteuid() or setresuid() function must be available in the operating system for a temporary change to be possible. If the filter generates any pipe, file, or reply addresses, the gid under which the filter is run is used when delivering to them. Unless the string consists entirely of digits, it is looked up using getgrnam(), and failure causes a configuration error. If the option is not set, and either message_filter_user is unset or consists entirely of digits, the gid is not changed when running the filter. Otherwise the group is taken from the result of getpwnam().

message_filter_pipe_transport

Type: string
Default: unset 7

This sets the name of the transport driver that is to be used when a pipe command is used in a system message filter.

message_filter_reply_transport

Type: string
Default: unset

This sets the name of the transport driver that is to be used when a mail command is used in a system message filter.

message_filter_user

Type: string
Default: unset

This option sets the uid under which the system message filter is run. The seteuid() or setresuid() function must be available in the operating system for a temporary change to be possible. If the filter generates any pipe, file, or reply addresses, the uid under which the filter is run is used when delivering to them. Unless it consists entirely of digits, the string is looked up using getpwnam(), and failure causes a configuration error. If the option is not set, the uid is not changed from the Exim user (or root if there is no Exim user) when running the system filter.

message_id_header_text

Type: string, expanded
Default: unset

If this variable is set, the string is expanded and used to augment the text of the Message-id: header that Exim creates if an incoming message does not have one. The text of this header is required by RFC 822 to take the form of an address. By default, Exim uses its internal message id as the local part, and the primary host name as the domain. If this option is set, it is expanded and provided the expansion does not yield an empty string, is is inserted into the header immediately before the @, separated from the internal message id by a dot. Any characters that are illegal in an address are automatically converted into hyphens. This means that constructions like ${tod_log} can be used, as the spaces and colons will become hyphens.

message_size_limit

Type: integer
Default: 0

This option limits the maximum size of message that Exim will process. Zero means no limit. It should be set somewhat larger than return_size_limit if the latter is non-zero. Incoming SMTP messages are failed with a 552 error if the limit is exceeded; locally-generated messages either get a stderr message or a delivery failure message to the sender, depending on the -oe setting, in the normal way. Rejection of an oversized message is logged in both the main and the reject logs. See also the generic transport option message_size_limit, which limits the size of message that an individual transport can process.

message_size_limit_count_recipients

Type: boolean
Default: false

If this option is set, the value of message_size_limit is a maximum for the size of a message times the number of envelope recipients it has. For example, if message_size_limit is set to 10M, a message with 4 recipients can be no bigger than 2.5M, and a message with 100 recipients is limited to around 100K.

move_frozen_messages

Type: boolean
Default: false

This option, which is available only if Exim has been built with the setting

SUPPORT_MOVE_FROZEN_MESSAGES=yes

in `Local/Makefile', causes frozen messages and their message logs to be moved from the input and msglog directories on the spool to Finput and Fmsglog. There is currently no support in Exim or the standard utilities for handling such moved messages, and they do not show up in lists generated by -bp or by the Exim monitor.

mysql_servers

Type: string list
Default: unset

This option provides a list of MySQL servers and associated connection data, to be used in conjunction with mysql lookups (see section 6.12). The option is available only if Exim has been built with MySQL support.

never_users

Type: string list
Default: unset

Local mail deliveries are run in processes that are setuid to the recipient. However, it is usually desirable to lock out root from this, as a safety precaution. If a message is to be delivered locally as any of the users on the never_users list, the process is run as `nobody' instead (see nobody_user below). A common example is

never_users = root:daemon:bin:exim

This option overrides the pipe_as_creator option of the pipe transport driver. If Exim is unable to find a uid for `nobody', it panics.

nobody_group

Type: string
Default: unset

This specifies the group to use when a process is to be run as `nobody'. If it is unset, the value of the `nobody' user's default group is used.

nobody_user

Type: string
Default: unset

This specifies the user to use when a process is to be run as `nobody'. If it is unset, Exim looks up the user `nobody' using getpwnam(). If this fails, Exim panics, writing a message to the panic log and exiting immediately.

percent_hack_domains

Type: domain list
Default: unset

The `percent hack' is the convention whereby a local part containing a percent sign is re-interpreted as a remote address, with the percent replaced by @. This is sometimes called `source routing', though that term is also applied to RFC 822 addresses that begin with an @ character. If this option is set, Exim implements the percent facility for those local domains listed, but no others. The option can be set to `*' to allow the percent hack for all local domains.

If options are set to control message relaying from incoming SMTP envelopes, they are also applied to relaying that is requested via the `percent hack'. See section 46.4.

perl_at_start

Type: boolean
Default: false

This option is available only when Exim is built with an embedded Perl interpreter. See chapter 10 for details of its use.

perl_startup

Type: string
Default: unset

This option is available only when Exim is built with an embedded Perl interpreter. See chapter 10 for details of its use.

pgsql_servers

Type: string list
Default: unset

This option provides a list of PostgreSQL servers and associated connection data, to be used in conjunction with pgsql lookups (see section 6.12). The option is available only if Exim has been built with PostgreSQL support.

pid_file_path

Type: string
Default: set at compile time

This option sets the path which is used to determine the name of the file to which the Exim daemon writes its process id. The string is expanded, so it can contain, for example, references to the host name. After expansion it must contain the string `%s' somewhere within it; this will be replaced by the null string or a non-standard port number to form the final file name. For example,

pid_file_path = /var/log/${primary_hostname}/exim%s.pid

If no specific path is set for the file, it is written in Exim's spool directory.

preserve_message_logs

Type: boolean
Default: false

If this option is set, message log files are not deleted when messages are completed. Instead, they are moved to a sub-directory of the spool directory called msglog.OLD, where they remain available for statistical or debugging purposes. This is a dangerous option to set on systems with any appreciable volume of mail. Use with care!

primary_hostname

Type: string
Default: see below

This specifies the name of the current host. This is used in the HELO command for outgoing SMTP messages, and as the default for qualify_domain. If it is not set, Exim calls uname() to find it. If this fails, Exim panics and dies. If the name returned by uname() contains only one component, Exim passes it to gethostbyname() in order to obtain the fully qualified version.

print_topbitchars

Type: boolean
Default: false

By default, Exim considers only those characters whose codes lie in the range 32--126 to be printing characters. In a number of circumstances (for example, when writing log entries) non-printing characters are converted into escape sequences, primarily to avoid messing up the layout. If print_topbitchars is set, code values of 128 and above are also considered to be printing characters.

prod_requires_admin

Type: boolean
Default: true

The -M, -R, and -q command-line options require the caller to be an admin user unless prod_requires_admin is set false. See also queue_list_requires_admin.

prohibition_message

Type: string, expanded
Default: unset

This option adds a site-specific message to the error response that is sent when an SMTP command fails for policy reasons, for example if the sending host is in a host reject list. Details of this facility are given in chapter 46.

qualify_domain

Type: string
Default: see below

This specifies the domain name that is added to any sender addresses that do not have a domain qualification. It also applies to recipient addresses if qualify_recipient is not set. Such addresses are accepted by default only for locally-generated messages -- messages from external sources must always contain fully qualified addresses, unless the sending host matches one of the receiver_unqualified or sender_unqualified options. If qualify_domain is not set, it defaults to the primary_hostname value.

qualify_recipient

Type: string
Default: see below

This specifies the domain name that is added to any recipient addresses that do not have a domain qualification. Such addresses are accepted by default only for locally-generated messages -- messages from external sources must always contain fully qualified addresses, unless the sending host matches one of the receiver_unqualified or sender_unqualified options (see below). If qualify_recipient is not set, it defaults to the qualify_domain value.

queue_list_requires_admin

Type: boolean
Default: true

The -bp command-line option requires the caller to be an admin user unless queue_list_requires_admin is set false. Otherwise, only messages that the caller submitted are displayed. See also prod_requires_admin.

queue_only

Type: boolean
Default: false

If queue_only is set (which is equivalent to the -odq command line option), a delivery process is not automatically started whenever a message has been received. Instead, the message waits on the queue for the next queue run. Even if queue_only is false, incoming SMTP messages may not get delivered immediately if a lot of them arrive at once -- see the queue_only_load and smtp_accept_queue options.

queue_only_file

Type: string
Default: unset

This option can be set to a colon-separated list of absolute path names, each one optionally preceded by `remote' or `smtp'. When it is receiving a message, Exim tests for the existence of each listed path using a call to stat(), and if this succeeds, the corresponding queuing option is set. If there is no prefix to the path, queue_only is set; `remote' corresponds to queue_remote_domains and `smtp' to queue_smtp_domains. So, for example,

queue_only_file = remote/some/file

causes Exim to behave as if queue_remote_domains were set to `*' whenever /some/file exists.

queue_only_load

Type: fixed-point
Default: unset

If the system load average is higher than this value, all incoming messages are queued, and no automatic deliveries are started. If this happens during local or remote SMTP input, all subsequent messages on the same connection are queued. Deliveries will subsequently be performed by queue running processes, unless the load is higher than deliver_load_max. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect. See also smtp_accept_queue and smtp_load_reserve.

queue_remote_domains

Type: domain list
Default: unset

This option lists domains for which local delivery is not immediately required. It is checked against the domains supplied in the incoming addresses, before any widening is done (because that is part of routing). The -odqr option is equivalent to setting queue_remote_domains to `*'. A delivery process is started whenever a message is received, but only local addresses are handled, and only local deliveries take place. All remote deliveries wait until the next queue run. See also queue_smtp_domains, which is subtly different.

queue_run_in_order

Type: boolean
Default: false

If this option is set, queue runs happen in order of message arrival instead of in an arbitrary order. In order for this to happen, a complete list of the entire queue must be set up before the deliveries start. When the queue is all in a single directory (the default), this happens anyway, but if split_spool_directory is set it does not -- for delivery in random order, the sub-directories are processed one at a time (in random order), to avoid setting up one huge list. Thus, setting queue_run_in_order with split_spool_directory may degrade performance when the queue is large. In most situations, queue_run_in_order should not be set.

queue_run_max

Type: integer
Default: 5

This controls the maximum number of queue-running processes that an Exim daemon will run simultaneously. This does not mean that it starts them all at once, but rather that if the maximum number are still running when the time comes to start another one, it refrains from starting it. This can happen with very large queues and/or very sluggish deliveries. This option does not, however, interlock with other processes, so additional queue-runners can be started by other means, or by killing and restarting the daemon.

queue_smtp_domains

Type: domain list
Default: unset

When this option is set, a delivery process is started whenever a message is received, directing and routing is performed, and local deliveries take place. However, if any SMTP deliveries are required for domains that match queue_smtp_domains, they are not immediately delivered, but instead the message waits on the queue for the next queue run. Since routing of the message has taken place, Exim knows to which remote hosts it must be delivered, and so when the queue run happens, multiple messages for the same host are delivered over a single SMTP connection. This option is checked against the domains supplied in the incoming addresses, before any widening is done (because that is part of routing). The -odqs command line option causes all SMTP deliveries to be queued in this way, and is equivalent to setting queue_smtp_domains to `*'. See also queue_remote_domains, which is subtly different.

rbl_domains

Type: string list
Default: unset

This option is part of the support for Realtime Blackhole Lists (RBL). It can be set to a colon-separated list of DNS domains in which to look up the IP address of a calling host. A full description of how this is used is given in section 46.1.

rbl_hosts

Type: host list
Default: *

This option specifies the set of hosts for which RBL checking is to be performed when rbl_domains is set. The default matches all hosts. The normal usage of this option is to specify exceptions to RBL checking by means of negated items in the host list.

rbl_log_headers

Type: boolean
Default: false

When this option is set, the headers of each message received from a host that matches an RBL domain are written to the reject log. This can occur only if the recipients of the message are not rejected, that is, if the RBL check is configured to warn only.

rbl_log_rcpt_count

Type: boolean
Default: false

When this option is set and rbl_reject_recipients is false, the number of RCPT commands for each message received from a host that is in the RBL is written to the reject log. This may be greater than the number of valid recipients in the message.

rbl_reject_recipients

Type: boolean
Default: true

This option controls the action taken when a remote host is found in an RBL domain that has neither `/warn' nor `/reject' following it. The default value specifies rejection.

rbl_warn_header

Type: boolean
Default: true

When this option is set and a message from an RBL-matching host is not rejected, an X-RBL-Warning: header is added. The header contains the contents of the DNS TXT record, if one was found. Scanning of further RBL domains continues, which means that more than one X-RBL-Warning: header may be added to a message.

received_header_text

Type: string, expanded
Default: see below

This string defines the contents of the Received: message header that is added to each message, except for the timestamp, which is automatically added on at the end, preceded by a semicolon. The string is expanded each time it is used, and the default is:

received_header_text = "Received: \
    ${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
    {${if def:sender_ident {from ${sender_ident} }}\
    ${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
    by ${primary_hostname} \
    ${if def:received_protocol {with ${received_protocol}}} \
    ${if def:tls_cipher {($tls_cipher)\n\t}}\
    (Exim ${version_number} #${compile_number})\n\t\
    id ${message_id}\
    ${if def:received_for {\n\tfor $received_for}}"

Note the use of quotes, to allow the sequences `\n' and `\t' to be used for newlines and tabs, respectively. The reference to the TLS cipher is omitted when Exim is built without TLS support. The use of conditional expansions ensures that this works for both locally generated messages and messages received from remote hosts, giving header lines such as the following:

Received: from scrooge.carol.book ([240.1.12.25] ident=root)
        by marley.carol.book with smtp (Exim 3.30 #1)
        id E0tS3Ga-0005C5-00
        for cratchit@dickens.book; Mon, 25 Dec 2000 14:43:44 +0000
Received: by scrooge.carol.book with local (Exim 3.30 #1)
        id E0tS3GW-0005C2-00; Mon, 25 Dec 2000 14:43:41 +0000

Note the automatic addition of the date and time in the required format.

received_headers_max

Type: integer
Default: 30

When a message is to be delivered, the number of Received: headers is counted, and if it is greater than this parameter, a mail loop is assumed to have occurred, the delivery is abandoned, and an error message is generated. This applies to both local and remote deliveries. Earlier versions of Exim did this test only for remote deliveries, but because local deliveries (as Exim sees them) may in fact still cause a message to be transported to a remote host, it was changed.

receiver_try_verify

Type: boolean
Default: false

See receiver_verify.

receiver_unqualified_hosts

Type: host list
Default: unset

This option lists those hosts from which Exim is prepared to accept unqualified receiver addresses in message envelopes. The addresses are made fully qualified by the addition of the qualify_recipient value. Typically the hosts are local ones, but if you want to imitate the behaviour of mailers that accept unqualified addresses from anywhere, specify

receiver_unqualified_hosts = *

This option also affects message header lines. Exim does not reject unqualified receiver addresses in headers, but qualifies them only if the message came from a host that matches receiver_unqualified_hosts.

receiver_verify

Type: boolean
Default: false

When this option is set, the addresses of recipients received from a remote host are verified as they are received, provided the sending host matches receiver_verify_hosts, the incoming address matches receiver_verify_addresses, and the sender address matches receiver_verify_senders, if either of the last two are set.

If an address is invalid, an incoming SMTP call gets an error response to the RCPT command. If an address cannot immediately be verified, a temporary error code is given. The receiver_try_verify option is less severe: it operates in the same way, except that an address is accepted if it cannot immediately be verified. Verification failures are logged.

receiver_verify_addresses

Type: address list
Default: unset

If set, this option restricts receiver verification to those addresses it matches. The option is inspected only if receiver_verify or receiver_try_verify is set.

receiver_verify_hosts

Type: host list
Default: *

See receiver_verify above.

receiver_verify_senders

Type: address list
Default: unset

This option, if set, allows receiver verification to be conditional upon the sender. It is inspected only if receiver_verify or receiver_try_verify is set.

If the null sender is required in the list of addresses, it must not be the last item, as a null last item in a list is ignored. It is best placed at the start of the list. For example, to restrict receiver verification to messages with null senders and senders in the .com and .org domains, you could have

receiver_verify
receiver_verify_senders = :*.com:*.org

If the null sender is the only entry required, the list should consist of a single colon.

recipients_max

Type: integer
Default: 0

If this is set greater than zero, it specifies the maximum number of recipients for any message. This applies to the original list of recipients supplied with the message. SMTP messages get a 452 response for all recipients over the limit; earlier recipients are delivered as normal. Non-SMTP messages with too many recipients are failed, and no deliveries are done. Note that the RFCs specify that an SMTP server should accept at least 100 RCPT commands in a single message.

recipients_max_reject

Type: boolean
Default: false

If this option is set true, Exim rejects SMTP messages containing too many recipients by giving 552 errors to the surplus RCPT commands, and a 554 error to the eventual DATA command. Otherwise (the default) it gives a 452 error to the surplus RCPT commands and accepts the message on behalf of the initial set of recipients. The remote server should then re-send the message for the remaining recipients at a later time.

recipients_reject_except

Type: address list
Default: unset

This option lists recipient addresses which are exceptions to any policy for recipient rejection, that is, as a result of sender_reject_recipients, etc. This option is entirely independent of any checks for unwanted message relaying. However, it does interact with the RBL options.

recipients_reject_except_senders

Type: address list
Default: unset

This option lists sender addresses for which recipients are excepted from any policy rejections. That is, if a message comes from any of these senders, all its recipients are excepted from policy rejections.

refuse_ip_options

Type: boolean
Default: true

See kill_ip_options above.

relay_domains

Type: domain list
Default: unset

This option lists domains for which the local host is prepared to relay. See section 46.4 for details of relay control.

relay_domains_include_local_mx

Type: boolean
Default: false

This option permits any host to relay to any domain that has an MX record pointing at the local host. It causes any domain with an MX record pointing at the local host to be treated as if it were in relay_domains. See section 46.4 for details of relay control.

relay_match_host_or_sender

Type: boolean
Default: false

By default, if relaying controls are specified on both the remote host and the sender address, a message is accepted only if both conditions are met. If relay_match_host_or_sender is set, either condition is good enough. It does not make sense to set this option without setting sender_address_relay, since if that option is unset it matches all senders. Exim therefore diagnoses a configuration error in this case. See section 46.4 for details of relay control.

remote_max_parallel

Type: integer
Default: 1

This option controls parallel delivery to remote sites. If the value is less than 2, parallel delivery is disabled, and Exim does all the remote deliveries for a message one by one, from a single delivery process. Otherwise, if a message has to be delivered to more than one remote host, or if several copies have to be sent to the same remote host, then up to remote_max_parallel deliveries are done simultaneously, each in a separate process. If more than remote_max_parallel deliveries are required, the maximum number of processes are started, and as each one finishes, another is begun. The order of starting processes is the same as if sequential delivery were being done, and can be controlled by the remote_sort option. If parallel delivery takes place while running with debugging turned on, the debugging output from each delivery process is tagged with its process id.

The overhead in doing this is a fork to set up a separate process for each delivery, and the associated management of the subprocess (including getting back the result of the delivery attempt). As well as the process overhead, there may be a small additional penalty paid for parallel delivery. If a host is found to be down, this fact cannot be communicated to any deliveries that are running in parallel, though it will be passed on to any that start afterwards. This is no worse than if there were two separate messages being delivered simultaneously.

The option controls only the maximum number of parallel deliveries from one Exim process. Since Exim has no central queue manager, there is no way of controlling the total number of simultaneous deliveries if the configuration allows a delivery attempt as soon as a message is received. If you want to control the total number of deliveries on the system, you need to set the queue_only option, which ensures that all incoming messages are simply added to the queue. Then set up an Exim daemon to start queue runner processes at appropriate intervals (probably fairly often, for example, every minute), and limit the total number of queue runners by setting the queue_run_max parameter. Because each queue runner delivers only one message at a time, the maximum number of deliveries that can then take place at once is queue_run_max multiplied by remote_max_parallel.

If it is purely remote deliveries you want to control, use queue_smtp instead of queue_only. This has the added benefit of doing the SMTP routing before queuing, so that several messages for the same host will eventually get delivered down the same connection.

remote_sort

Type: domain list
Default: unset

When there are a number of remote deliveries for a message, they are sorted by domain into the order given by this list. For example,

remote_sort = *.cam.ac.uk:*.uk

would attempt to deliver to all addresses in the cam.ac.uk domain first, then to those in the uk domain, then to any others.

retry_data_expire

Type: time
Default: 7d

This option sets a `use before' time on retry information in Exim's hints database. Any older retry data is ignored. This means that, for example, once a host has not been tried for 7 days, Exim behaves as if it has no knowledge of past failures.

retry_interval_max

Type: time
Default: 24h

Chapter 33 describes Exim's mechanisms for controlling the intervals between delivery attempts for messages that cannot be delivered straight away. This option sets an overall limit to the length of time between retries.

return_path_remove

Type: boolean
Default: true

RFC 822 states that the Return-path: header is `added by the final transport system that delivers the message to its recipient' (section 4.3.1), which implies that this header should not be present in an incoming message, where the return path is carried in the envelope. If this option is true, any existing Return-path: headers are removed from messages as they are read. Exim's transports have options for adding Return-path: headers at the time of delivery. They are normally used only for final local deliveries.

return_size_limit

Type: integer
Default: 100K

This option sets a limit in bytes on the size of messages that are returned to senders. If it is set to zero there is no limit. If the body of any message that is to be included in an error report is greater than the limit, it is truncated, and a comment pointing this out is added at the top. The actual cutoff may be greater than the value given, owing to the use of buffering for transferring the message in chunks. The idea is just to save bandwidth on those undeliverable 15-megabyte messages. If either the global or generic transport message_size_limit is set, the value of return_size_limit should be somewhat smaller.

rfc1413_hosts

Type: host list
Default: *

RFC 1413 identification calls are made to any host which matches an item in the list. The items in the host list should not themselves contain ident data.

rfc1413_query_timeout

Type: time
Default: 30s

This sets the timeout on RFC 1413 identification calls. If it is set to zero, no RFC 1413 calls are ever made.

security

Type: string
Default: see below

When exim_user is set non-zero in the run time configuration or an Exim uid is compiled into the binary, Exim gives up root privilege for some of the time. As there are trade-offs between increased security and efficiency, this option is provided to control exactly how this is done. The option can be set to one of the strings `seteuid', `setuid', `setuid+seteuid' or `unprivileged', provided that a uid for Exim is defined. Otherwise it must be left unset. A full description of what these values mean is given in chapter 55. The default for this option is unset if no special Exim uid is defined, otherwise it is either `setuid+seteuid' or `setuid', depending on whether the seteuid() function is configured as being available or not.

sender_address_relay

Type: address list
Default: unset

This option specifies a set of address patterns, one of which the sender of a message must match in order for the message to be accepted for outgoing relaying, that is, relaying from specified hosts to arbitrary domains. The check does not operate for incoming relaying, that is, for addresses that match relay_domains.

If this option is not set, all sender addresses are permitted. By default, the check operates in addition to any relaying checks on the sending host (see host_accept_relay above). However, if relay_match_host_or_sender is set, either a host match or a sender match is sufficient to allow the relaying to proceed. For this reason, sender_address_relay is required to be set if relay_match_host_or_sender is set.

Warning: Sender addresses can be trivially forged. For this reason, setting relay_match_host_or_sender is strongly discouraged.

The rewrite flag X (see section 34.9) provides a special-purpose facility we have a use for in Cambridge. It adds additional checking to sender_address_relay. Whenever a sender address passes the check, if there are any rewriting rules with the X flag set, the address is rewritten using those rules, and if this makes any change to the address, the new address must verify successfully for the relaying to be permitted.

sender_address_relay_hosts

Type: host list
Default: *

The hosts to which sender_address_relay is applied can be controlled by this option. This is useful in a cluster where one host is delegated as a fallback to hold all the delayed deliveries. It needs to be able to relay from the other hosts without sender checking (for example, for messages forwarded by local users) but might want to check senders in messages relayed from other hosts.

sender_reject

Type: address list
Default: unset

This option can be set in order to reject mail from certain senders. The check is done on the sender's address as given in the MAIL command in SMTP, but not for local senders where the logged-in user's address is going to override anyway.

The check is not done for batch SMTP input. If the check fails, a 550 return code is given to MAIL. This doesn't always stop remote mailers from trying again. See sender_reject_recipients for an alternative. Typical examples of the use of this option might be:

sender_reject = spamuser@some.domain:spam.domain
sender_reject = partial-dbm;/etc/mail/blocked/senders

Note that this check operates on sender address domains independently of the sending host; host_reject can be used to block all mail from particular hosts, while host_accept_relay, and sender_address_relay can be used to prevent unwanted relaying.

sender_reject_recipients

Type: address list
Default: unset

This operates in exactly the same way as sender_reject except that the rejection is given in the form of a 550 error code to every RCPT command instead of rejecting MAIL. This seems to be the only way of saying `no' to some mailers. Note that this is not an option for rejecting specific recipients. The way to do that is to set receiver_verify and arrange for those recipients to fail verification.

sender_try_verify

Type: boolean
Default: false

See sender_verify.

sender_unqualified_hosts

Type: host list
Default: unset

This option lists those hosts from which Exim is prepared to accept unqualified sender addresses. The addresses are made fully qualified by the addition of qualify_domain. Typically the hosts are local ones, but if you want to imitate the behaviour of mailers that accept unqualified addresses from anywhere, specify

sender_unqualified_hosts = *

This option also affects message header lines. Exim does not reject unqualified addresses in headers containing sender addresses, but qualifies them only if the message came from a host that matches sender_unqualified_hosts.

sender_verify

Type: boolean
Default: false

If this option is true, envelope sender addresses on incoming SMTP messages are checked to ensure that they are valid. Messages with invalid envelope senders are rejected with a permanent error code if sender_verify_reject is set (the default). Otherwise a warning is logged. See section 45.2 for details of the rejection, which can happen at three different points in the SMTP dialogue. If a sender cannot immediately be verified, a temporary error code is returned after reading the data (so the headers can be logged). The sender_try_verify option is less severe: it operates in exactly the same way as sender_verify except that if an address cannot immediately be verified, it is accepted instead of being temporarily rejected.

sender_verify_batch

Type: boolean
Default: false

If this option is unset, the sender_verify options are not applied to batched SMTP input.

sender_verify_callback_domains

Type: domain list
Default: unset

When a sender address is being verified, an SMTP `callback' to one of the hosts that handle mail for its domain occurs if the sender's domain matches sender_verify_callback_domains and the sending host matches sender_verify_hosts_callback (in addition to sender_verify_hosts). See section 45.3 for details.

sender_verify_callback_timeout

Type: time
Default: 30s

This option specifies a timeout for sender verification callbacks.

sender_verify_fixup

Type: boolean
Default: false

Experience shows that many messages are sent out onto the Internet with invalid sender addresses in the envelopes (that is, in the MAIL command of the SMTP dialogue), but with valid addresses in the Sender:, From:, or Reply-To: header fields. If sender_verify and sender_verify_reject are true and this option is also true, an invalid envelope sender or one that cannot immediately be verified is replaced by a valid value from the headers. If sender_verify_reject is false, the envelope sender is not changed, but Exim writes a log entry giving the correction it would have made. See chapter 45 for details.

sender_verify_hosts

Type: host list
Default: *

If sender_verify or sender_try_verify is true, this option specifies a list of hosts and RFC 1413 identifications to which sender verification applies. The check caused by headers_sender_verify also happens only for matching hosts. See chapter 45 for further details.

sender_verify_hosts_callback

Type: host list
Default: unset

See sender_verify_callback_domains above.

sender_verify_max_retry_rate

Type: integer
Default: 12

If this option is greater than zero, and the rate of temporary rejection of a specific incoming sender address from a specific host, in units of rejections per hour, exceeds it, the temporary error is converted into a permanent verification error. Temporary rejections most commonly occur when a sender address cannot be verified because a DNS lookup fails to complete.

The intent of this option is to stop hosts hammering too frequently with temporarily failing sender addresses. The default value of 12 means that a sender address that has a temporary verification error more than once every 5 minutes will eventually get permanently rejected. Once permanent rejection has been triggered, subsequent temporary failures all cause permanent errors, until there has been an interval of at least 24 hours since the last failure. After 24 hours, the hint expires.

sender_verify_reject

Type: boolean
Default: true

When this is set, a message is rejected if sender verification fails. If it is not set, a warning message is written to the main and reject logs, and the message is accepted (unless some other error occurs).

smtp_accept_keepalive

Type: boolean
Default: true

This option controls the setting of the SO_KEEPALIVE option on incoming TCP/IP socket connections. This causes the kernel periodically to send some OOB (out-of-band) data on idle connections. The reason for doing this is that it has the beneficial effect of freeing up certain types of connection that can get stuck when the remote host is disconnected without tidying up the TCP/IP call properly.

smtp_accept_max

Type: integer
Default: 20

This specifies the maximum number of simultaneous incoming SMTP calls that Exim will accept. It applies only to the listening daemon; there is no control (in Exim) when incoming SMTP is being handled by inetd. If the value is set to zero, no limit is applied. However, it is required to be non-zero if smtp_accept_max_per_host or smtp_accept_queue is set.

smtp_accept_max_per_host

Type: integer
Default: 0

This option restricts the number of simultaneous IP connections from a single host (strictly, from a single IP address) to the Exim daemon. Once the limit is reached, additional connection attempts are rejected with error code 421. The default value of zero imposes no limit. If this option is not zero, it is required that smtp_accept_max also be non-zero.

smtp_accept_queue

Type: integer
Default: 0

If the number of simultaneous incoming SMTP calls handled via the listening daemon exceeds this value, messages received are simply placed on the queue, and no delivery processes are started automatically. A value of zero implies no limit, and clearly any non-zero value is useful only if it is less than the smtp_accept_max value (unless that is zero). See also queue_only, queue_only_load, queue_smtp_domains, and the various -od command line options.

smtp_accept_queue_per_connection

Type: integer
Default: 10

This option limits the number of delivery processes that Exim starts automatically when receiving messages via SMTP, whether via the daemon or by the use of -bs or -bS. If the value of the option is greater than zero, and the number of messages received in a single SMTP session exceeds this number, subsequent messages are placed on the spool, but no delivery process is started. This helps to limit the number of Exim processes when a server restarts after downtime and there is a lot of mail waiting for it on other systems. On large systems the default should probably be increased, while on dial-in client systems it should probably be set to zero (that is, disabled).

smtp_accept_reserve

Type: integer
Default: 0

When smtp_accept_max is set greater than zero, this option specifies a number of SMTP connections that are reserved for connections from the hosts that are specified in smtp_reserve_hosts. The value set in smtp_accept_max includes this reserve pool. For example, if smtp_accept_max is set to 50 and smtp_accept_reserve is set to 5, once there are 45 active connections, new ones are accepted only from hosts listed in smtp_reserve_hosts.

smtp_banner

Type: string, expanded
Default: see below

This string, which is expanded every time it is used, is output as the initial positive response to an SMTP connection. The default setting is:

smtp_banner = $primary_hostname ESMTP Exim $version_number \
  #$compile_number $tod_full

Failure to expand the string causes a panic error. If you want to create a multiline response to the initial SMTP connection, use `\n' in the string at appropriate points, but not at the end. Note that the 220 code is not included in this string. Exim adds it automatically (several times in the case of a multiline response).

smtp_check_spool_space

Type: boolean
Default: true

When this option is set, if an incoming SMTP session encounters the SIZE option on a MAIL command, it checks that there is enough space in the spool directory's partition to accept a message of that size, while still leaving free the amount specified by check_spool_space (even if that value is zero). If there isn't enough space, a temporary error code is returned.

smtp_connect_backlog

Type: integer
Default: 5

This specifies a maximum number of waiting SMTP connections. Exim passes this value to the TCP/IP system when it sets up its listener. Once this number of connections are waiting for the daemon's attention, subsequent connection attempts are refused at the TCP/IP level. At least, that is what the manuals say. In Solaris 2.4 such connection attempts have been observed to time out. The default value of 5 is a conservative one, suitable for older and smaller systems. For large systems is it probably a good idea to increase this, possibly substantially (to 50, say). It also gives some protection against denial-of-service attacks by SYN flooding.

smtp_etrn_command

Type: string, expanded
Default: unset

If this option is set, the given command is run whenever an SMTP ETRN command is received from a host that is permitted to issue such commands (see smtp_etrn_hosts below). The string is split up into separate arguments which are independently expanded. The expansion variable $domain is set to the argument of the ETRN command, and no syntax checking is done on it. For example:

smtp_etrn_command = /etc/etrn_command $domain $sender_host_address

A new process is created to run the command, and Exim does not wait for it to complete. Consequently, its status cannot be checked. If the exec of the command fails, a line is written to the panic log, but the ETRN caller still receives a 250 success response. Exim is normally running under its own uid when receiving SMTP, so it is not possible for it to change the uid before running the command.

You must disable smtp_etrn_serialize if you use this option to run something other than a call of Exim with the -R option, because otherwise the serialization lock never gets removed.

smtp_etrn_hosts

Type: host list
Default: unset

This option lists hosts that are permitted to issue an SMTP ETRN to the local host. See section 48.6 for details.

smtp_etrn_serialize

Type: boolean
Default: true

When this option is set, it prevents the simultaneous execution of more than one queue run for the same argument string as a result of an ETRN command. See section 48.6 for details.

smtp_expn_hosts

Type: host list
Default: unset

The SMTP EXPN command is supported only if the calling host matches smtp_expn_hosts. You must add `localhost' explicitly if you want calls to 127.0.0.1 to be able to use it. A single-level expansion of the address is done, as if the address were being tested using the -bt option. If an unqualified local part is given, it is qualified with qualify_domain. There is a generic option for directors which permits them to be skipped when processing an EXPN command (compare with verification).

smtp_load_reserve

Type: fixed-point
Default: unset

If the system load average ever gets higher than this, incoming SMTP calls are accepted only from those hosts that match an entry in smtp_reserve_hosts. If smtp_reserve_hosts is not set, no incoming SMTP calls are accepted when the load is over the limit. There are some operating systems for which Exim cannot determine the load average (see chapter 1); for these this option has no effect.

smtp_receive_timeout

Type: time
Default: 5m

This sets a timeout value for SMTP reception. If a line of input (either an SMTP command or a data line) is not received within this time, the SMTP connection is dropped and the message is abandoned. For non-SMTP input, the reception timeout is controlled by accept_timeout.

smtp_reserve_hosts

Type: host list
Default: unset

This option defines hosts for which SMTP connections are reserved; see smtp_accept_reserve and smtp_load_reserve above.

smtp_verify

Type: boolean
Default: false

If this option is true, the SMTP command VRFY is supported on incoming SMTP connections; otherwise it is not.

split_spool_directory

Type: boolean
Default: false

If this option is set, it causes Exim to split its input directory into 62 subdirectories, each with a single alphanumeric character as its name. The sixth character of the message id is used to allocate messages to subdirectories; this is the least significant base-62 digit of the time of arrival of the message.

Splitting up the spool in this way may provide better performance on systems where there are long mail queues, by reducing the number of files in any one directory. The msglog directory is also split up in a similar way to the input directory; however, if preserve_message_logs is set, all old msglog files are still placed in the single directory msglog.OLD.

It is not necessary to take any special action for existing messages when changing split_spool_directory. Exim notices messages that are in the `wrong' place, and continues to process them. If the option is turned off after a period of being on, the subdirectories will eventually empty and be automatically deleted.

When split_spool_directory is set, the behaviour of queue runner processes changes. Instead of creating a list of all messages in the queue, and then trying to deliver each one in turn, it constructs a list of those in one sub-directory and tries to deliver them, before moving on to the next sub-directory. The sub-directories are processed in a random order. This spreads out the scanning of the input directories, and is beneficial when there are lots of messages on the queue. However, if queue_run_in_order is set, none of this new processing happens. The entire queue is scanned and sorted before any deliveries start.

spool_directory

Type: string
Default: set at compile time

This defines the directory in which Exim keeps its mail spool. The default value is taken from the compile-time configuration setting, if there is one. If not, this option must be set. The string is expanded, so it can contain, for example, a reference to $primary_hostname.

If the spool directory name is fixed on your installation, it is recommended that you set it at build time rather than from this option, particularly if the log files are being written to the spool directory (see log_file_path). Otherwise log files cannot be used for errors that are detected early on, such as failures in the configuration file.

Even with a compiled-in path, however, this option makes it possible to run testing configurations of Exim without using the standard spool.

strip_excess_angle_brackets

Type: boolean
Default: false

If this option is set, redundant pairs of angle brackets round `route-addr' items in addresses are stripped. For example, <<xxx@a.b.c.d>> is treated as <xxx@a.b.c.d>. If this is in the envelope and the message is passed on to another MTA, the excess angle brackets are not passed on. If this option is not set, multiple pairs of angle brackets cause a syntax error.

strip_trailing_dot

Type: boolean
Default: false

If this option is set, a trailing dot at the end of a domain in an address is ignored. If this is in the envelope and the message is passed on to another MTA, the dot is not passed on. If this option is not set, a dot at the end of a domain causes a syntax error.

syslog_timestamp

Type: boolean
Default: true

If syslog_timestamp is set false, the timestamps on Exim's log lines are omitted when these lines are sent to syslog. See chapter 51 for details of Exim's logging.

timeout_frozen_after

Type: time
Default: 0s

If timeout_frozen_after is set to a time greater than zero, a frozen message of any description that has been on the queue for longer than the given time is automatically cancelled at the next queue run. If it is a bounce message, it is just discarded; otherwise, a bounce is sent to the sender, in a similar manner to cancellation by the -Mg command line option. If you want to timeout frozen bounce messages earlier than other kinds of frozen message, see ignore_errmsg_errors_after.

timestamps_utc

Type: boolean
Default: false

If timestamps_utc is set, all timestamps generated by Exim (for example, in log entries and Received: header lines) are in UTC (aka GMT) rather than in local wall-clock time.

timezone

Type: string
Default: unset

When timestamps_utc is not set, the value of timezone is used to set the environment variable TZ while running Exim (if it is different on entry). This ensures that all timestamps created by Exim are in the required timezone. The default value is taken from TIMEZONE_DEFAULT in `Local/Makefile', or, if that is not set, from the value of the TZ environment variable when Exim is built. If timezone is set to the empty string, either at build or run time, then any existing TZ variable is removed from the environment when Exim runs. This is appropriate behaviour for obtaining wall-clock time on some, but unfortunately not all, operating systems.

tls_advertise_hosts

Type: host list
Default: unset

When Exim is built with support for TLS encrypted connections, the availability of the STARTTLS command to set up an encrypted session is advertised only to those client hosts that match this option. See chapter 38 for details of Exim's support for TLS.

tls_certificate

Type: string, expanded
Default: unset

The value of this option is expanded, and must then be the absolute path to a file which contains the server's certificate.

tls_dhparam

Type: string, expanded
Default: unset

The value of this option is expanded, and must then be the absolute path to a file which contains the server's DH parameter values.

tls_host_accept_relay

Type: host list
Default: unset

Client hosts which match this list are allowed to relay, provided they make use of TLS to send the message over an encrypted channel.

tls_hosts

Type: host list
Default: unset

Client hosts which match this list are required to use TLS to set up an encrypted channel before Exim will accept any messages from them.

tls_log_cipher

Type: boolean
Default: true

If this option is set, the cipher which was used to transmit a message is logged using the tag `X='. This applies to both incoming and outgoing messages.

tls_log_peerdn

Type: boolean
Default: false

If this option is set, the Distinguished Name of the server's certificate is logged, using the tag `DN=', for all outgoing messages delivered over TLS. For incoming messages, the DN from the client's certificate is logged if a certificate was requested from the client (see tls_verify_certificates).

tls_privatekey

Type: string, expanded
Default: unset

The value of this option is expanded, and must then be the absolute path to a file which contains the server's private key.

tls_verify_certificates

Type: string, expanded
Default: unset

The value of this option is expanded, and must then be the absolute path to a file or a directory containing permitted certificates for clients that match tls_verify_hosts.

tls_verify_ciphers

Type: string, expanded
Default: unset

The value of this option is expanded, and must then be a colon-separated list of permitted ciphers for the clients that match tls_verify_hosts. Exim's syntax for alternate separator characters cannot be used for this list, because it is passed directly to the SSL library.

tls_verify_hosts

Type: host list
Default: unset

Any client that matches this list is constrained by tls_verify_certificates and tls_verify_ciphers, that is, it must use one of the permitted ciphers, and present one of the listed certificates. Client hosts that do not match the list are not so constrained.

trusted_groups

Type: string list
Default: unset

If this option is set, any process that is running in one of the listed groups, or which has one of them as a supplementary group, is trusted. See section 5.2 for details of what trusted callers are permitted to do. If neither trusted_groups nor trusted_users is set, only root and the Exim user are trusted.

trusted_users

Type: string list
Default: unset

If this option is set, any process that is running as one of the listed users is trusted. See section 5.2 for details of what trusted callers are permitted to do. If neither trusted_groups nor trusted_users is set, only root and the Exim user are trusted.

unknown_login

Type: string
Default: unset

This is a specialized feature for use in unusual configurations. By default, if the uid of the caller of Exim cannot be looked up using getpwuid(), Exim gives up. The unknown_login option can be used to set a login name to be used in this circumstance. It is expanded, so values like user$caller_uid can be set. When unknown_login is used, the value of unknown_username is used for the user's real name (gecos field), unless this has been set by the -F option.

unknown_username

Type: string
Default: unset

See unknown_login.

untrusted_set_sender

Type: boolean
Default: false

By default, the only form in which untrusted users can use the -f command line option when submitting a local message is with an empty address, to declare that a message should never generate any bounces. If untrusted_set_sender is true, this restriction is lifted, and untrusted users may set any sender value using -f. This does not make all users trusted; they may use only -f, not the other options which override message parameters. Furthermore, this does not stop Exim from adding a Sender: header if necessary (unless this is disabled by no_local_from_check).

The log line for a message's arrival shows the envelope sender following `<='. For local messages, the user's login always follows, after `U='. In -bp displays, and in the Exim monitor, if an untrusted user sets a sender address by this method, the user's login is shown in parentheses after the sender address.

uucp_from_pattern

Type: string
Default: see below

Some applications that pass messages to an MTA via a command line interface use an initial line starting with `From' to pass the envelope sender. In particular, this is used by UUCP software. Exim recognizes such a line by means of a regular expression that is set in uucp_from_pattern, and when the pattern matches, the sender address is constructed by expanding the contents of uucp_from_sender, provided that the caller of Exim is a trusted user. The default pattern recognizes lines in the following two forms:

   From ph10 Fri Jan  5 12:35 GMT 1996
   From ph10 Fri, 7 Jan 97 14:00:00 GMT

The pattern can be seen by running `exim -bP uucp_from_pattern'. It checks only up to the hours and minutes, and allows for a 2-digit or 4-digit year in the second case. The first word after `From' is matched in the regular expression by a parenthesized subpattern. The default value for uucp_from_sender is `$1', which therefore just uses this first word (`ph10' in the example above) as the message's sender. See also ignore_fromline_hosts.

uucp_from_sender

Type: string, expanded
Default: "$1"

See uucp_from_pattern above.

warnmsg_file

Type: string
Default: unset

This option defines a template file containing paragraphs of text to be used for constructing the warning message which is sent by Exim when a message has been on the queue for a specified amount of time, as specified by delay_warning. Details of the file's contents are given in chapter 39. See also errmsg_file.


Go to the first, previous, next, last section, table of contents.