This is the FAQ for the Exim Mail Transfer Agent. Thanks to the many people who provided the original information. This file would be amazingly cluttered if I tried to list them all. Suggestions for corrections, improvements, and additions are welcome.
This version of the FAQ applies to Exim 3.20 and later releases. The syntax of some of the options was altered and tidied up at release 3.00. Some of the examples quoted here will not work with earlier releases.
References of the form Cnnn and Fnnn are to the sample configuration and filter files that can be found in the separately distributed directory called config.samples. The primary location is
ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/config.samples.tar.gz ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/config.samples.tar.bz2
There are brief descriptions of these files at the end of this document.
The FAQ is divided into the following sections: Debugging, Building exim, Mailbox locking, Routing, Directing, Delivery, UUCP, Performance, Policy controls, Majordomo, Rewriting addresses, Headers, Fetchmail, Perl, Dial-up, Modifying message bodies, Millennium, Miscellaneous, HP-UX, BSDI, IRIX, Linux, Sun systems, Cookbook, and List of sample configurations.
Philip Hazel <ph10@cus.cam.ac.uk>
Last update: 23-April-2001
A0001: Exim should never crash. The author is always keen to know about crashes, so that they can be diagnosed and fixed. However, before you start sending email, please check that you are running the latest release of Exim, in case the problem has already been fixed. The techniques described below can also be useful in trying to pin down exactly which circumstances caused the crash and what Exim was trying to do at the time. If the crash is reproducable (by a particular message, say) keep a copy of that message. If there is a core file (in Exim's spool directory), see if you can get any information from it.
One thing that has caused crashes in the past has been incorrectly installed DB libraries. In particular, if you are running any version of Berkeley db, it is best to set USE_DB=yes in Local/Makefile before building Exim. This then avoids the use of the "ndbm compatibility interface" via the ndbm.h include file, which has been found to be incorrect on some systems. If you have already built Exim, you can just edit Local/Makefile and run make again to rebuild. Before restarting Exim, delete any existing database files in the spool/db directory.
Q0002: Exim is not working. What is wrong? How can I check what it is doing?A0002: Exactly how is it not working? Check the more specific questions in the other sections of this FAQ. Some general techniques for debugging are:
1. Look for information in Exim's log files. These are in the "log" directory in Exim's spool directory, unless you have configured a different path for them. Serious operational problems are reported in paniclog.
2. If the problem involves the delivery of one or more messages, try forcing a delivery with the -d option, to cause Exim to output debugging information. For example:
exim -d -M 0z6CXU-0005RR-00
On its own, -d produces a small amount of information. Following it with a number increases the amount given: -d9 gives the maximum amount of general information; -d10 gives in addition details of the interpretation of filter files, and -d11 or higher also turns on the debugging option for DNS lookups. The output is written to the standard error stream.
3. If the problem involves incoming SMTP mail, try using the -bh option to simulate an incoming connection from a specific host, for example:
exim -bh 10.9.8.7
This goes through the motions of an SMTP session, without actually accepting a message. Information about various policy checks is output. You will need to know how to pretend to be an SMTP client.
4. If the problem involves lack of recognition or incorrect handling of local addresses, try using the -bt option with debugging turned on, to see how Exim is handling the address. For example,
exim -d2 -bt z6abc
will show you how it would handle the local part "z6abc". Increase the debug level to -d9 for more information.
Q0003: What does the error "Child process of address_pipe transport returned 69 from command xxx" mean?A0003: The most common meaning of exit code 69 is "unavailable", and this often means that when Exim tried to exec the command xxx, it failed. One cause of this might be incorrect permissions on the file containing the command. See also Q0033.
Q0004: My virtual domain setup isn't working. How can I debug it?A0004: You can use an exim command with -d (or -d2, -d3 ... -d9) to get it to show you how it is processing addresses. You don't actually need to send a message; use the -bt option like this:
exim -d2 -bt localpart@virtualhost
This will show you which directors it is using. If the problem appears to be with the expansion of an option setting, you can use the debug_print option on a director (or router) to get Exim to output the expanded string values as it goes along.
Q0005: Why is Exim giving "421 Unexpected log failure, please try later" when receiving an SMTP message with a large number of recipients?A0005: You are verifying recipients, and your configuration is one that does a different lookup of some sort for each recipient. Exim keeps lookup files open, in case there are several lookups in the same file. Versions of Exim prior to 2.10 did not limit the number of open files used for this purpose, and your operating system's maximum per process has been reached. Exim is trying to log the failure to open a file, but cannot open the log file, for the same reason. If upgrading Exim is not immediately possible, you might be able to increase your operating system's maximum number of open files per process.
Q0006: Why is Exim not rejecting incoming messages addressed to non-existent users at SMTP time?A0006: Have you remembered to set receiver_verify? It is not the default.
Q0007: I've put an entry for *.my.domain in a DBM lookup file, but it isn't getting recognized.A0007: You need to request "partial matching" by setting the search type to "partial-dbm" in order for this to work.
Q0008: I've put the entry *@domain.com in a lookup database, but it isn't working. The expansion I'm using is:${lookup{${lc:$sender_address}}dbm{/the/file} ...
A0008: As no sender address will ever be *@domain.com this will indeed have no effect as it stands. You need to tell Exim if you want it to look for defaults after the normal lookup has failed. In this case, change the search type from "dbm" to "dbm*@". See the section on "Default values in single-key lookups" in the chapter entitled "File and database lookups".
Q0009: Is there a way to print recognized local domains?A0009: If you run "exim -bP local_domains" it will output the string that is set, but it won't print the contents of any files that are referenced.
Q0010: If I run "./exim -d9 -bt user@domain" all seems well, but when I send a message from my User Agent, it does not arrive at its destination.A0010: Try sending a message directly to Exim by typing this:
exim -d9 user@domain <some message, could be empty> .
If the message gets delivered to a remote host, but never arrives at its final destination, then the problem is at the remote host. If, however, the message gets through correctly, then the problem may be between your User Agent and Exim. Try setting Exim's log_arguments option, to see with which arguments the UA is calling Exim.
Q0011: I am getting this message in mainlog every so often: "no immediate delivery: too many connections (19, max 0)". What am I missing?A0011: A current release of Exim. :-) The message you are getting is the wrong message. What it should be saying is "too many messages received in one SMTP connection" (see next question). This bug was fixed in release 2.051.
Q0012: What does "no immediate delivery: too many messages received in one SMTP connection" mean?A0012: An SMTP client may send any number of messages down a single SMTP connection to a server. Initially, an Exim server starts up a delivery process as soon as a message is received. However, in order not to start up too many processes when lots of messages are arriving (typically after a period of downtime), it stops doing immediate delivery after a certain number of messages have arrived down the same connection. The threshold is set by smtp_accept_queue_per_connection, and the default value is 10. On large systems, the value should be increased. If you are running a dial-in host and expecting to get all your mail down a single SMTP connection, then you can disable the limit altogether by setting the value to zero.
Q0013: Exim puts "for <address>" in the Received: headers of some, but not all, messages. Is this a bug?A0013: No. It is deliberate. Exim inserts a "for" phrase only if the incoming message has precisely one recipient. If there is more than one recipient, nothing is inserted. The reason for this is that not all recipients appear in the To: or Cc: headers, and it is considered a breach of privacy to expose such recipients to the others. A common case is when a message has come from a mailing list.
Q0014: Instead of exim_dbmbuild, I'm using a homegrown program to build DBM (or cdb) files, but Exim doesn't seem to be able to use them.A0014: Exim expects there to be a binary zero value on the end of each key used in a DBM file if you use the "dbm" lookup type, but not for the "dbmnz" lookup type or for the keys of a cdb file. Check that you haven't slipped up in this regard.
Q0015: Exim is unable to route to any remote domains. It doesn't seen to be able to access the DNS.A0015: Try running "exim -d11 -bt <remote address>". The -d11 will make it show the resolver queries it is building and the results of its DNS queries. If it appears unable to contact any nameservers, check the contents and permissions of /etc/resolv.conf.
Q0016: I'm using ETRN to run a script that checks things and doesn't always end up running "exim -R". However, after it has run once, subsequent attempts fail with "458 Already processing".A0016: Set no_smtp_etrn_serialize.
Q0017: What does the error message "transport system_aliases: cannot find transport driver "aliasfile" in line 92" mean?A0017: "aliasfile" is a director, not a transport. You have put a configuration for a director into the transports section of the configuration file.
Q0018: Exim is timing out after receiving and responding to the DATA command from one particular host, and yet the client host also claims to be timing out. This seems to affect only certain messages.A0018: (A) This problem has been seen with a network that was dropping all packets over a certain size, which mean that the first part of the SMTP transaction worked, but when the body of a large message started flowing, the main data bits never got through the network. See also Q0021.
(B) This can also happen if a machine has a broken TCP stack and won't reassemble fragmented datagrams.
(C) A very few ISDN lines have been seen which failed when certain data patterns were sent through them, and replacing the routers at both end of the link did not fix things. One of them was triggered by more than 4 X's in a row in the data.
Q0019: What does the message "Socket bind() to port 25 for address (any) failed: address already in use" mean?A0019: You are trying to run an Exim daemon when there is one already running - or maybe some other MTA is running, or perhaps you have an SMTP line in /etc/inetd.conf which is causing inetd to listen on port 25.
Q0020: I've set headers_check_syntax, but this causes Exim to complain about headers like "To: Work: Jim <jims@email>, Home: Bob <bobs@email>" which look all right to me. Is this a bug?A0020: No. Header lines such as From:, To:, etc., which contain addresses, are structured, and have to be in a specific format which is defined in RFC 822. Unquoted colons are not allowed in the "phrase" part of an email address (they are OK in other headers such as Subject:). The correct form for that header is
To: "Work: Jim" <jims@email>, "Home: Bob" <bobs@email>
You will sometimes see unquoted colons in To: and Cc: headers, but only in connection with name lists (called "groups"), for example:
To: My friends: X <x@y.x>, Y <y@w.z>;, My enemies: A <a@b.c>, B <b@c.d>;
Each list must be terminated by a semicolon, as shown.
Q0021: Whenever Exim tries to deliver a specific message to a particular server, it fails, giving the error "Remote end closed connection after data" or "Broken pipe" or a timeout. What's going on?A0021: "Broken pipe" is the error you get on some OS when the far end just drops the connection. The alternative is "connection reset by peer".
(A) There are some firewalls that fall over on \0 characters in the mail. Have a look, e.g. with hexdump -c mymail | tail to see if your mail contains any binary zero characters.
(B) There are broken SMTP servers around that just drop the connection after the data has been sent if they don't like the message for some reason (e.g. it is too big) instead of sending a 5xx error code. Have you tried sending a small message to the same address?
It has been reported that some releases of Novell servers running NIMS are unable to handle lines longer than 1024 characters, and just close the connection. This is an example of this behaviour.
(C) If the problem occurs right at the start of the mail, then it could be a network problem with mishandling of large packets. Many emails are small and thus appear to propagate correctly, but big emails will generate big IP datagrams.
There have been problems when something in the middle of the network mishandles large packets due to IP tunnelling. In a tunnelled link, your IP datagrams gets wrapped in a larger datagram and sent over a network. This is how virtual private networks (VPNs), and some ISP transit circuits work. Since the datagrams going over the tunnel require a larger packet size, the tunnel needs a bigger maximum transfer unit (MTU) in the network handling the tunnelled packets. However, MTUs are often fixed, so the tunnel will try to fragment the packets.
If the systems outside the tunnel are using MTU path discovery, (most Sun Sparc Solaris machines do by default), and set the DF (don't fragment) bit because they don't send packets larger than their local MTU, then ICMP control messages will be sent by the routers at the ends of the tunnel to tell them to reduce their MTU, since the tunnel can't fragment the data, and has to throw it away. If this mechanism stops working, e.g. a firewall blocks ICMP, then your host never knows it has hit the maximum path MTU, but it has received no ACK on the packet either, so it continues to resend the same packet and the connection stalls, eventually timing out.
You can test the link using pings of large packets and see what works:
ping -s host 2048
Try reducing the MTU on the sending host:
ifconfig le0 mtu 1300
Alternatively, you can reduce the size of the buffer Exim uses for SMTP output by putting something like
DELIVER_OUT_BUFFER_SIZE=512
in your Local/Makefile and rebuilding Exim (the default is 8192).
Q0022: Why do messages not get delivered down the same connection when I do something like: exim -v -R @aol.com ? For other domains, I do this and I see the appropriate "waiting for passed connections to get used" messages.A0022: Recall that Exim does not keep separate queues for each domain, but operates in a distributed fashion. Messages get into its "waiting for host x" hints database only when a delivery has been tried, and has had a temporary error. Here are some possibilities:
(1) The messages to aol.com got put in your queue, but no previous delivery attempt occured before you did the -R. This might have been because of your settings of queue_only_load, smtp_accept_queue, or any other option that caused no immediate delivery attempt on arrival. If this is the case, you can try using -qqR instead of -R.
(2) You have set batch_max on the smtp transport, and that limit was reached. This would show as a sequence of n messages down one connection, then another n down a new connection, etc.
(3) Exim tried to pass on the SMTP connection to another message, but that message was in the process of being delivered to aol.com by some other process (typically, a normal queue runner). This will break the sequence, though the other delivery should pass its connection on to other messages if there are any.
(4) The folk at aol.com changed the MX records so the host names have changed - or a new host has been added. I don't know how likely this is.
(5) Exim is not performing as it should in this regard, for some reason. Next time you have mail queued up for aol.com, try running
exim_dumpdb /var/spool/exim wait-remote_smtp
to see if those messages are listed among those waiting for the relevant aol.com hosts.
Q0023: What does the error "SEGV while reading ... from dbm file: record assumed not to exist" mean?A0023: A crash is occuring when Exim calls your DBM library in order to read a record from one of its hints files. This kind of problem can be related to incorrectly installed DBM libraries. If you are using Slackware 3.6, the problem is that libgdbm is incorrectly installed on that system, and you will need to re-install it from source.
Q0024: There seems to be a problem in the string expansion code: it doesn't recognize references to headers such as ${h_to}.A0024: The only valid syntax for header references is (for example) $h_to: because header names are permitted by RFC 822 to contain a very wide range of characters. A colon (or white space) is required as the terminator.
Q0025: Exim is timing out after sending the a message's data to one particular host, and yet the remote host also claims to be timing out. This seems to affect only certain messages.A0025: See Q0018.
Q0026: When the Exim daemon forks a copy of itself to handle an incoming SMTP request, the forked copy seems to go around in circles for a significant (up to 5 minutes, so far) amount of time before deciding to accept the message.A0026: These kinds of delay are usually caused by some kind of network problem that affects outgoing calls made by Exim at the start of an incoming message. Configuration options that cause outgoing calls are:
(1) rfc1413_query_hosts and rfc1413_query_timeout (for ident calls); firewalls sometimes block ident calls, which can lead to this problem.
(2) rbl_domains and rbl_hosts.
(3) host_lookup and any other options that require the remote host's name to be looked up from its IP address.
(4) sender_verify_hosts_callback and sender_verify_callback_domains.
You can use the -bh option to get more information about what is happening at the start of a connection.
Q0027: What does "failed to create child process to send failure message" mean? This is a busy mail server with smtp_accept_max set to 500, but this problem started to occur at about 300 incoming connections.A0027: Some message delivery failed, and when Exim wanted to send a bounce message, it was unable to create a process in which to do so. Probably the limit on the maximum number of simultaneously active processes has been reached. Most OS have some means of increasing this limit, and in some operating systems there is also a limit per uid which can be varied.
Q0028: What does "<message filter> transporting defer (-1): No transport set by director" in a log line mean?A0028: Your system filter contains a "save" command, but you have not set message_filter_file_transport.
Q0029: Why is Exim refusing to relay, saying "failed to find host name from IP address" when I have the sender's IP address in host_accept_relay? My configuration contains this:host_accept_relay = "lsearch;/etc/mail/relaydomains:192.168.96.0/24"
A0029: When checking host_accept_relay, the items are tested in left-to-right order. The first item in your list is a lookup on the incoming host's name, so Exim has to determine the name from the incoming IP address in order to perform the test. If it can't find the host name, it can't do the check, so it gives up. The solution is to put all explicit IP addresses first in the list. You would have discovered what was going on if you had run a test such as
exim -bh 192.168.96.131Q0030: When I run "exim -bd -q10m" I get "PANIC LOG: exec of exim -q failed".
A0030: This probably means that Exim doesn't know its own path so it can't re-exec itself to do the first queue run. Check the output of
exim -bP exim_pathQ0031: Why do connections to my machine's SMTP port take a long time to respond with the banner, when connections to other ports respond instantly?
A0031: See Q0026.
Q0032: I can't seem to get a pipe command to run when I include a ${if expansion in it. This fails:command = "perl -T /usr/local/rt/bin/rtmux.pl \ rt-mailgate helpdesk \ ${if eq {$local_part}{rt} {correspond}{action}}"
A0032: You need some internal quoting in there. Exim expands each individual argument separately. Because you have (necessarily) got spaces in your ${if item, you have to quote that argument. Try
command = "perl -T /usr/local/rt/bin/rtmux.pl \ rt-mailgate helpdesk \ \"${if eq {$local_part}{rt} {correspond}{action}}\""Q0033: I'm trying to get Exim to connect an alias to a pipe, but it always gives error code 69, with the comment "(could mean service or program unavailable)".
A0033: If your alias entry looks like this:
alias: |"/some/command some parameters"
change it to look like this:
alias: "|/some/command some parameters"Q0034: I'm having a problem with an Exim RPM.
A0034: See Q9606.
Q0035: What does the error "Spool file is locked" mean?A0035: This is not an error[*]. All it means is that when an Exim delivery process (probably started by a queue runner process) looked at a message in order to start delivering it, it found that another Exim process was already busy delivering it. On a busy system this is quite a common occurrence. If you set log_level less than 5, these messages are omitted from the log.
[*] The only time when this message might indicate a problem is if it is repeated for the same message for a very long time - say more than a few hours. That would suggest that the process that is delivering the message has somehow got stuck.
Q0036: Exim is reporting IP addresses as 0.0.0.0 or 255.255.255.255 instead of their correct values. What's going on?A0036: You are using a version of Exim built with gcc on an IRIX box. See Q9502.
Q0037: I can't seem to figure out why PAM support doesn't work correctly.A0037: There is a problem using PAM on Linux with shadow passwords when the calling program is not running as root. Exim is normally running as the Exim user when authenticating a remote host. I don't know of an easy resolution to this.
Q0038: I'm trying to use a query-style lookup for hosts that are allowed to relay, but it is giving really weird errors.A0038: Does your query contain a colon character? Remember that host_accept_relay operates on a colon-separated list, so you need to double any colons in the query. This applies even if the query is defined as a macro.
Q0039: Exim is rejecting calls from hosts that have more than one IP address, for no apparent reason.A0039: You are using Solaris 7 or earlier, and have "nis dns files" in /etc/nsswitch.conf. Change this to "dns nis files" to avoid hitting Sun bug 1154236 (a bad interaction between NIS and the DNS).
Q0040: Exim is failing to find the MySQL library, even though is it present within $LD_LIBRARY_PATH. I'm getting this error:/usr/local/bin/exim: fatal: libmysqlclient.so.6: open failed: No such file or directory
A0040: Exim is suid, and LD_LIBRARY_PATH is ignored for suid binaries on a Solaris (and other?) systems. What you should be doing is adding -R/local/lib/mysql to the same place in the compilation that you added -L/local/lib/mysql. This lets the binary know where to look without needing a path variable.
Q0041: I have a collection of Exim processes that have been around for days, and are apparently stuck while trying to deliver to remote hosts. This is causing the messages they are handling to get stuck.A0041: There appears to be a problem in the connect() function in some operating systems, such that it does not time out as it should. Setting connect_timeout in the smtp transport causes Exim to apply its own timeout, and this seems to overcome this problem. In Exim 3.15 the default was changed from zero (rely on system's timeout) to 5 minutes, which is the value recommended in the RFCs.
Q0042: I have a message in the spool which couldn't be delivered because of a timeout from the remote smtp server. When I try to deliver this message in eximon, I get "Spool file is locked". How can I deliver the message?A0042: Find the Exim proccess that is stuck, and kill it. You may be able to use exiwhat to do this, but if it is stuck in connect() it may not respond, and you will have to identify it some other way. Now read Q0041 about why this might have happened.
If you have a suitable debugger on your system, you may be able to find out more information before killing the process. For example, if you have gdb you can connect it to the process by running this command as root:
gdb exim <process-id>
At the gdb prompt, give the "bt" (backtrace) command, to display the stack contents. This should tell you the name of the function in which the process is stuck. If this is connect(), then you do have the Q0041 problem.
Q0043: What does the error "lookup of host "xx.xx.xx" failed in yyyy router" mean? Any suggestions to stop this these sort of errors from being frozen would be muchly appreciated.A0043: You configured a domainlist router to send the message to xx.xx.xx. When it tried to look up the IP address for that host, the lookup failed with a permanent error. As this is a manual routing, this is a considered to be a serious error which the postmaster needs to know about (maybe you have a typo in your file), and there is little point in keeping on trying. So it freezes the message.
1. Don't set up routes to non-existent hosts.
2. If you must set up routes to non-existent hosts, and don't want freezing, set the host_find_failed option on the router to do something other than freeze.
Q0044: My filter isn't working. How can I test it?A0044: Use the -bf option (-bF for a system filter) to test the basic operation of your filter. If you also turn on debugging at level 10 (-d10) it will output information as the filter runs.
Q0045: Exim works fine on one host, but when I copied the binary to another identical host, it stopped working (it could not resolve DNS names).A0045: Is the new host running exactly the same operating system? Most importantly, are the versions of the dynamically loaded libraries (files with names like libsocket.so.1) the same on both systems? If not, that is probably the cause of the problem. Either arrange for the libraries to be the same, or rebuild Exim from source on the new host.
Q0046: Once in a while, a user will send a message and immediatly get a response back "No Transport Provider" If they choose "Send Again", sometimes it works, sometimes it doesn't.A0046: This problem has been seen on Debian Linux 2.1 systems. The best advice seems to be to upgrade your server to a later Debian release and a later Exim release, and maybe also upgrade the hardware.
Q0047: I set host_accept_relay to do a lookup in a file of IP addresses, but it doesn't work.A0047: Did you remember to put `net-' at the start of the the search type? If you set something like this:
host_accept_relay = lsearch;/some/file
it searches the file for the host name. You need to set
host_accept_relay = net-lsearch;/some/file
to make it use the IP address as the key to the lookup.
A0101: The problem is that libident assumes "struct timeval" refers to DST_NONE, and so it tries to avoid using this structure when DST_NONE isn't defined. Unfortunately it doesn't make this change everywhere it should, and so it blows up. The problem has been seen on NetBSD and some versions of the Linux C library. An easy, albeit not particularly neat, fix is to add -DDST_NONE to LIBIDENTCFLAGS for systems that are afflicted like this - there's not a lot else you can do without modifying libident. The value of DST_NONE is never used, so defining it to be empty should be harmless.
Q0102: When I ran make I got the error "undefined reference to dbopen".A0102: Either:
(A) This means you (or the default configuration for your operating system) have configured Exim to use Berkeley DB version 1.xx and it has not been given access to the DB library (where dbopen should be found). You may need something like DBMLIB=-ldb in Local/Makefile. Berkeley DB is one of several alternative DBM libraries that Exim can make use of. For a discussion of DBM issues, see the file doc/dbm.discuss.txt in the Exim distribution.
(B) You are running on a version of Linux which has a problem in its libraries. This effect isn't fully understood. It has been seen with the libraries used in Caldera OpenLinux Base 1.1.
Q0103: I can't get Exim to compile with Berkeley DB version 2.x.A0103: Have you set USE_DB=yes in Local/Makefile? This causes Exim to use the native interface to the DBM library instead of the compatibility interface, which needs a header called ndbm.h that may not exist on your system.
Q0104: I'm getting an "undefined symbol" error for hosts_ctl when I try to build Exim. (On some systems this error is "undefined reference to 'hosts_ctl'".)A0104: You should either remove the definition of USE_TCP_WRAPPERS or add -lwrap to your EXTRALIBS setting in Local/Makefile.
Q0105: I'm about to upgrade to a new Exim release. Do I need to ensure the spool is empty, or take any other special action?A0105: If you are changing to release 3.00 or later from a release prior to 3.00, you will probably need to make changes to the runtime configuration file. See README.UPDATING for details. Otherwise, you do not need to take special action. New releases are made backwards compatible with old spool files and "hints" databases so that upgrading can be done on a running system. All that should be necessary is to install a new binary and then HUP the daemon if you are running one.
Q0106: What does the error "install-info: command not found" mean?A0106: You have set INFO_DIRECTORY in your Local/Makefile, and Exim is trying to install the Texinfo documentation, but cannot find the command called install-info. If you have a version of Texinfo prior to 3.9, you should upgrade. Otherwise, check your installation of Texinfo to see why the install-info command is not available.
Q0107: Exim doesn't seem to be recognizing my operating system type correctly, and so is failing to build.A0107: Run the command "scripts/os-type -generic". The output should be one of the known OS types, and should correspond to your operating system. You can see which OS are supported by obeying "ls OS/Makefile-*" and looking at the file name suffixes.
If there is a discrepancy, it means that the script is failing to interpret the output from the "uname" command correctly, or that the output is wrong. Meanwhile, you can build Exim by obeying
EXIM_OSTYPE=xxxx make
instead of just make, provided you are running a Bourne-compatible shell, or otherwise by setting EXIM_OSTYPE correctly in your environment. It is probably best to start again from a clean distribution, to avoid any wreckage left over from the failed attempt.
Q0108: I am getting an error "`exim' undeclared here" when I compile, in the globals.c module.A0108: You have set EXIM_UID = exim in your Local/Makefile. Unfortunately, named uids are not permitted here; you must give a numerical uid. However, in the runtime configure file names are permitted.
Q0109: Exim fails to build, complaining about the absence of the "killpg" function.A0109: This function should be present in all modern flavours of Unix. If you are using an older version, you should be able to get round the problem by inserting
#define killpg(pgid,sig) kill(-(pgid),sig)
into the file called OS/os.h-xxx, where xxx identifies your operating system, and is the output of the command "scripts/os-type -generic".
Q0110: I'm getting an unresolved symbol ldap_is_ldap_url when trying to build Exim.A0110: You must have specified LOOKUP_LDAP=yes in the configuration. Have you remembered to set -lldap somewhere (e.g. in LOOKUP_LIBS)? You need that in order to get the LDAP library scanned when linking.
Q0111: I'm getting an unresolved symbol mysql_close when trying to build Exim.A0111: You must have specified LOOKUP_MYSQL=yes in the configuration. Have you remembered to set -lmysqlclient somewhere (e.g. in LOOKUP_LIBS)? You need that in order to get the MySQL library scanned when linking.
Q0112: I'm trying to build Exim with PAM support. I have included -lpam in EXTRALIBS, but I'm still getting a linking error:/lib/libpam.so: undefined reference to `dlerror' /lib/libpam.so: undefined reference to `dlclose' /lib/libpam.so: undefined reference to `dlopen' /lib/libpam.so: undefined reference to `dlsym'
A0112: Add -ldl to EXTRALIBS. In some systems these dynamic loading functions are in their own library.
Q0113: I'm getting the error "db.h: No such file or directory" when I try to build Exim.A0113: This problem has been seen with RedHat 7.0, but could also happen in other environments. If your system is using the DB3 DBM library, you need to install the DB3 development package in order to build Exim. The package is called something like db3-devel-3.1.14-16.i386.rpm for Linux systems, but you should check which version of DB3 you have installed.
Q0114: I'm getting the error "/usr/bin/ld: cannot find -ldb1" when I try to build Exim.A0114: This is probably the same problem as Q0113.
A0201: Your configuration specifies that local mailboxes are all held in single directory, via configuration lines like these (taken from the default configuration):
local_delivery: driver = appendfile file = /var/mail/$local_part
and the permissions on the directory probably look like this:
drwxrwxr-x 3 root mail 512 Jul 9 13:48 /var/mail/
Using the default configuration, Exim runs as the local user when doing a local delivery, and it uses a lock file to prevent any other process from updating the mailbox while it is writing to it. With those permissions the delivery process, running as the user, is unable to create a lock file in the /var/mail directory. There are two solutions to this problem:
(A) Set the "write" and "sticky bit" permissions on the directory, so that it looks like this:
drwxrwxrwt 3 root mail 512 Jul 9 13:48 /var/mail/
The "w" allows any user to create new files in the directory, but the "t" bit means that only the creator of a file is able to remove it. This is the same setting as is normally used with the /tmp directory.
(B) Arrange to run the local_delivery transport under a specific group by changing the configuration to read
local_delivery: driver = appendfile file = /var/mail/${local_part} group = mail
The delivery process still runs under the user's uid, but with the group set to "mail". The group permission on the directory allows the process to create and remove the lock file.
The choice between (A) and (B) is up to the administrator. If the second solution is used, users can empty their mailboxes by updating them, but cannot delete them.
If your problem involves mail to root, see also Q0507.
Q0202: I am experiencing mailbox locking problems with Sun's mailtool used over a network.A0202: See A9705 in the Sun-specific section below.
A0301: They mean exactly what they say. Exim has tried to route a domain that it thinks is not local, and when it looked it up in the DNS, either the lowest numbered MX record pointed at the local host, or there were no MX records, and the address record for the domain pointed to an IP address that belongs to the local host.
(A) If the domain is meant to be handled as a local domain, then there is a problem with the setting of the local_domains configuration option. If you have not set this, then only the name of the local host is treated as a local domain. If, for example, your host is called myhost.mydomain.com and you want it to handle mail for the domain mydomain.com as well as for its own name, you must set
local_domains = myhost.mydomain.com:mydomain.com
or, if you want to be more general, you could use
local_domains = *.mydomain.com:mydomain.com
If you have a large number of individual local domains, you should investigate storing them in a file and setting local_domains to do a lookup.
All the domains in local_domains are treated as synonymous by default. If you want to specify different handling for different domains, you can either use domains options, to restrict certain directors to certain domains, or use the $domain expansion variable in director options to vary the value according to the domain, for example, setting the name of an alias file to /etc/aliases/$domain.
(B) If the domain is one for which the local host is providing a forwarding service (called "mail hubbing"), possibly as part of a firewall, then you need to set up a router to tell Exim where to send messages addressed to this domain, since the DNS directs them to the local host. The routers section of your configuration file should look something like this:
hubbed_hosts: driver = domainlist transport = remote_smtp route_list = see discussion below
other_hosts: driver = lookuphost transport = remote_smtp
Note that the domainlist router must come first so that it can pick off a hubbed host before it gets to the lookuphost router. The contents of the route_list option depend on how many hosts you are hubbing for, and how their names are related to the domain name. Suppose the local host is a firewall, and all the domains in *.foo.bar have MX records pointing to it, and each domain corresponds to a host of the same name. Then the setting could be
route_list = "*.foo.bar $domain byname"
If there isn't a convenient relationship between the domain names and the host names, then you either have to list each domain separately, or use a lookup expansion to look up the host from the domain, or put the routing information in a file and use the route_file option.
(C) If neither (A) nor (B) is the case, then the lowest numbered MX record or the address record for the domain should not be pointing to your host. You should arrange to get the DNS mended.
There has been a rash of instances of domains being deliberately set up with MX records pointing to "localhost", which causes this behaviour. By default, Exim defers delivery and freezes the message. You can change what Exim does by setting the generic "self" option on the router, for example, to make it bounce such domains. If you are running a release later than 3.16, you can use the option called ignore_target_hosts instead, to get it to pretend such hosts do not exist.
Q0302: How do I configure Exim to send all non-local mail to a gateway host?A0302: Replace the lookuphost router in the default configuration with the following:
send_to_gateway: driver = domainlist transport = remote_smtp route_list = * gate.way.host byname
This uses gethostbyname() to find the gateway's IP address. You could alternatively have "bydns" to do a DNS lookup with MX handling, in which case "gate.way.host" is really being treated as a mail domain name rather than a host name. If there are several hosts you can send to, you can specify them as a colon-separated list. See also Q0325 and Q0402.
Q0303: How do I configure Exim to send all non-local mail to a central server if it cannot be immediately delivered by my host? I don't want to have queued mail waiting on my host.A0303: Add to the remote_smtp transport the following:
fallback_hosts = central.server.name(s)
If there are several names, they must be separated by colons.
Q0304: How can I arrange for messages submitted by (for example) Majordomo to be routed specially?A0304: See A0404.
Q0305: How do I arrange for all incoming email for *@some.domain to go into one pop3 mail account? The customer doesn't want to add a list of specific local parts to the system.A0305: Set up a special transport that writes to the mailbox like this:
special_transport: driver = appendfile file = /pop/mailbox envelope_to_add return_path_add delivery_date_add user = exim
The file will be written as the user "exim". Then arrange to route all mail for that domain to that transport, with a router like this:
special_router: driver = domainlist transport = special_transport route_list = some.domain
Alternatively, you could make some.domain a local domain, and use a smartuser director instead.
Q0306: The route_list setting ^foo$:^bar$ $domain byname in a domainlist router does not work.A0306: The first thing in a route_list item is a single pattern, not a list of patterns. You need to write that as ^(foo|bar)$ $domain byname. Alternatively, you could use several items and write
route_list = "foo $domain byname; bar $domain byname"
Note the semicolon separator. This is because the second thing in each item can be a list - of hosts.
Q0307: I'm getting "permission denied" when Exim attempts to check a require_files option.A0307: See A0410 below.
Q0308: I have a domain for which some local parts must be delivered locally, but the remainder are to be treated like any other remote addresses.A0308: The way to do this is not to include the domain in local_domains, so that addresses initially get passed to the routers. The first router should be definied like this:
special_local: driver = domainlist local_parts = whatever... domains = whatever... route_list = * localhost byname self = local
That will pick off those addresses with matching local parts and domains, and hand them to the directors, because of the self = local setting. Any other addresses will fall through to the other routers and be handled as normal remote addresses.
Q0309: For certain domains, I don't want Exim to use MX records. Instead, I want it just to look up the hosts' A records. I tried using a negative entry in mx_domains in the smtp router, but it didn't work.A0309: The mx_domains option specifies domains for which there must be an MX record (an A record isn't good enough). Consequently, a negative item in it doesn't do what you want - any domain matching is is not required to have an MX record, but it doesn't stop Exim from using MX records for any that do have them. You can achieve what you want using either a lookuphost or a domainlist router:
(A) Using lookuphost:
special_domains: driver = lookuphost transport = remote_smtp domains = list:of:domains:you:want:to:do:this:for gethostbyname
(B) Using domainlist:
special_domains: driver = domainlist transport = remote_smtp domains = list:of:domains:you:want:to:do:this:for route_list = * * byname
If the list of domains is actually a lookup in a file, you can dispense with domains in the domainlist case, and put the lookup into the route_list option.
Q0310: How can I configure Exim on a firewall machine so that if mail arrives addressed to a domain whose MX points to the firewall, it is forwarded to the internal mail server, without having to have a list of all the domains involved?A0310: As your first router, have the standard lookuphost router from the default configuration, with the added options
no_more self = pass
This will handle all domains whose lowest numbered MX records do not point to your host. Because of the no_more setting, if it encounters an unknown domain, routing will fail. However, if it hits a domain whose lowest numbered MX points to your host, the "self" option comes into play, and overrides no_more. The "pass" setting causes it to pass the address on to the next router. (The default causes it to generate an error.)
As your second (and last) router, set up a domainlist router that sends everything to your internal mail server. That is, use an option of the form
route_list = * internal.server bynameQ0311: How can I arrange that messages larger than some limit are handled by a special router?
A0311: If you are using Exim 2.10 or greater, you can use a condition option on the router of the form
condition = ${if >{$message_size}{100K}{yes}{no}}
Earlier versions of Exim do not have numerical comparison operators, though you can use tricks like
condition = ${if eq {${substr_5:$message_size}}{}{no}{yes}}Q0312: If a DNS lookup returns no MX records why doesn't Exim just bin the message?
A0312: If a DNS lookup returns no MXs, Exim looks for an A record, in accordance with the rules that are defined in the RFCs. If you want to break the rules, you can set mx_domains in the lookuphost router, but you will cut yourself off from those sites (and there still seem to be plenty) who do not set up MX records.
Q0313: When a DNS lookup for MX records fails to complete, why doesn't Exim send the messsage to the host defined by the A record?A0313: The RFCs are quite clear on this. Only if it is known that there are no MX records is an MTA allowed to make use of the A record. When an MX lookup fails to complete, Exim does not know whether there are any MX records or not. There seem to be some nameservers (or some configurations of some nameservers) that give a "server fail" error when asked for a non-existent MX record. Exim uses standard resolver calls, which unfortunately do not distinguish between this case and a timeout, so all Exim can do is try again later.
Q0314: Can you specify a list of domains to explicitly reject?A0314: Use a router like this:
reject_domains: driver = domainlist self = fail_hard domains = list:of:domains:to:reject route_list = * localhost bynameQ0315: Is it possible to use a conditional expression for the host item in a route_list for the domainlist router? I tried the following, but it doesn't work:
route_list = * ${if match{$header_from:}{.*\\.usa\\.net\\$} \ {<smarthost1>}{<smarthost2>} bydns_a
A0315: The problem is that the second item in the route_list contains white space, which means that it gets terminated prematurely. To avoid this, you must put the second item in quotes:
route_list = * "${if match{$header_from:}{.*\\.usa\\.net\\$} \ {<smarthost1>}{<smarthost2>}}" bydns_aQ0316: I send all external mail to a smart host, but this means that bad addresses also get passed to the smart host. Can I avoid this?
A0316: If you are receiving the mail via SMTP, then you can use verification to weed out the bad addresses. Set no_verify on the router which sends everything to your smart host, and insert a new router with verify_only that does general routing using DNS lookups (e.g. the default lookuphost router), or any other verification you want. Then set receiver_verify so that addresses are accepted only if they verify successfully.
Q0317: I have a dial-up machine, and I use the queue_smtp option so that remote mail only goes out when I do a queue run. However, any email I send with an address <anything>@aol.com is returned within about 15 mins saying 'retry time exceeded', and all addresses are affected.A0317: See Q1401.
Q0318: How can I route mail for user X@local to a smarthost if X doesn't exist on the local host?A0318: See A0428.
Q0319: How can I arrange to do my own qualification of non-fully-qualified domains, and then pass them on to the next router?A0319: If you have some list of domains that you want to qualify, you can do this using a domainlist router. For example,
qualify: driver = domainlist route_list = *.a.b $domain.c.com
adds ".c.com" to any domain that matches "*.a.b". In the absence of any options in the route item, the new domain is passed to the next router.
If you want to do this in conjunction with a lookuphost router, the widen_domains option of that router may be another way of achieving what you want.
Q0320: Every system has a "nobody" account under which httpd etc run. I would like to know how to restrict mail which comes from that account to users on that host only.A0320: Set up a router with senders=nobody@your.domain which routes all mail to a local transport that delivers it to /dev/null (or to a pipe that bounces with an error message, or whatever). That would catch all mail to non-local domains.
Q0321: I have a really annoying intermittent problem where attempts to mail to valid sites are rejected with "unknown mail domain". This only happens a few times a day and there is no particular pattern to the sites it rejects. If I try to lookup the same domain a few minutes later then it is OK.A0321: (A) Have you linked Exim against the newest DNS resolver library that comes with Bind? If you are using SunOS4 that may be your problem, as the resolver that comes with that OS is known to be buggy and to give intermittent false negatives.
(B) Effects like this are sometimes seen if a domain's nameservers get out of step with each other.
Q0322: I'd like route all mail with unresolved addresses to a relay machine.A0322: Set pass_on_timeout on your lookuphost router, and add below it a domainlist router that routes everything to the relay.
Q0323: I would like to forward all incoming email for a particular domain to another machine via SMTP. Whereabouts would I configure that?A0323: First, do not list the domain in local_domains. Instead, list it in relay_domains. Then, if the domain's lowest numbered MX record points to your host, set up a domainlist router before your normal lookuphost router, in order to route the domain to the specific host.
Q0324: Why does Exim say "all relevant MX records point to non-existent hosts" when MX records point to IP addresses?A0324: MX records cannot point to IP addresses. They are defined to point to host names, so Exim always interprets them that way. (An IP address is a syntactically valid host name.) The DNS for the domain you are having problems with is misconfigured.
However, it appears that more and more DNS zones are breaking the rules and putting IP addresses on the RHS of MX records. Exim follows the rules and rejects this, but other MTAs do support it, so allow_mx_to_ip was regretfully added at release 3.14 to permit this heinous activity.
Q0325: How can I arrange for mail on my local network to be delivered directly to the relevant hosts, but all other mail to be sent to my ISP's mail server? The local hosts are all DNS-registered and behave like normal Internet hosts.A0325: Set up a first router to pick off all the domains for your local network. There are several ways you might do this. For example
local: driver = lookuphost transport = remote_smtp domains = lsearch;/etc/local_domains.list
This does a perfectly conventional DNS routing operation, but only for your local domains. Follow this with a "smarthost" router:
internet: driver = domainlist transport = remote_smtp route_list = * mail.isp.net bydns_a
This sends anything else to the smart host.
Q0326: What I'd like to do is have alternative smarthosts, where the one to be used is determined by which ISP I'm connected to.A0326: The simplest way to do this is to use a lookup in a domainlist router. For example:
smarthost: driver = domainlist transport = remote_smtp route_list = * ${lookup{smart}lsearch{/etc/smarthost}{$value}} byname
where you arrange for the name (or IP address) of the relevant smart host to be placed in /etc/smarthost when you connect, in the form
smart: smart.host.name.or.ip
By keeping the data out of the main configuration file, you avoid having to HUP the daemon when it changes.
A0401: Adding an asterisk to a search type causes Exim to look up "*" when the normal lookup fails. So if your director is something like this:
virtual: driver = aliasfile domains = virt.dom.ain file = /usr/lib/aliases.virt search_type = lsearch no_more
you should change "lsearch" to "lsearch*", and put this in the alias file:
*: postmaster@virt.dom.ain
This solution has the feature that if there are several unknown addresses in the same message, only one copy gets sent to the postmaster, because of Exim's normal de-duplication rules.
You can get separate deliveries for each unknown address only if you can direct them to a specific transport, by using a smartuser director like this:
virtual: driver = aliasfile domains = virt.dom.ain file = /usr/lib/aliases.virt search_type = lsearch
default_virtual: driver = smartuser domains = virt.dom.ain transport = special_delivery new_address = postmaster@virt.dom.ain no_more
If an address in the virtual domain is not matched by the normal alias lookup, then it gets picked up by the smartuser and passed to the transport with a new address. There is no checking for duplicates, so if there is more than one address that passes through this mechanism, multiple copies get delivered. In order to distinguish them, the envelope_to_add option can be set on the transport, to cause the insertion of an Envelope-To: header containing the original recipient address.
Q0402: How do I configure Exim to send all messages to a central server?A0402: This implies that you are not doing any local deliveries at all. Set
local_domains =
in the configuration file. This specifies that there are no local domains (by default your host name is set up as a local domain). Then all addresses are non-local - A0302 tells you how to deal with them.
Q0403: How do I configure Exim to send messages for unknown local users to a central server?A0403: At the end of the directors section of the configuration, insert the following director:
unknown: driver = smartuser transport = unknown_transport
You should add no_verify to this if you are verifying addresses; without it, all local parts will verify as valid in the local domain. Then somewhere in the transports section of the configuration insert
unknown_transport: driver = smtp hosts = server.host.name
A colon-separated list of hosts may be given. They are tried in order. By default, the IP address of any host is found by looking in the DNS and doing MX processing (so really it is a domain list rather than a host list). If you don't want MX processing, set the "gethostbyname" option:
unknown_transport: driver = smtp hosts = server.host.name gethostbyname
This calls the gethostbyname() function to find IP addresses. Depending on your operating system and configuration, this usually consults /etc/hosts and possibly other sources of information, as well as, or instead of, the DNS.
If you want to change the recipient address when doing this, you can use the new_address option on the smartuser director. For example, if the address is user@foo.bar.com and the setting is
new_address = $local_part@bar.com
The message is sent to the server with the envelope recipient changed to user@bar.com. However, this does not make any changes to the message's headers.
Q0404: How can I arrange for messages submitted by (for example) Majordomo to be handled specially?A0404: You can use the condition option on a director or router, with a setting such as
condition = ${if and {{eq {$sender_host_address}{}} \ {eq {$sender_ident}{majordom}}} {yes}{no}}
This first tests for a locally-submitted message, by ensuring there is no sending host address, and then it checks the identity of the user that ran the submitting process.
Q0405: On a host that accepts mail for several domains, do I have to use fully qualified names in /etc/aliases or do I have to set up an alias file for each domain?A0405: You can do it either way. If you use a single file, you must set include_domain on the aliasfile director. If you use a separate file for each domain you can use a single director with an option such as
file = /etc/aliases/$domain
(as in C007), or you can have several different directors, each one with
domains = domain1:domain2:...
so that each one processes certain domains only. That way you could have several domains sharing an alias file. All of this assumes that you want have different aliases for each domain. If all the domain names are in effect just synonyms, you don't need to do anything other than ensure they all match something in local_domains.
Q0406: Some of my users are using the .forward to pipe to a shell command which appends to the user's INBOX. How can I forbid this?A0406: If you allow your users to run shells in pipes, you cannot control which commands they run or which files they write to. However, you should point out to them that writing to an INBOX by arbitrary commands is not interlocked with the MTA and MUAs, and is liable to mess up the contents of the file.
If a user simply wants to choose a specific file for the delivery of messages, this can be done by putting a file name in a .forward file rather than using a pipe, or by using the "save" command in an Exim filter file.
You can set forbid_pipe on the forwardfile director, but that will prevent them from running any pipe commands at all. Alternatively, you can restrict which commands they may run in their pipes by setting the allow_commands and/or restrict_to_path options in the address_pipe transport.
Q0407: How can I arrange for a default value when using a query-style lookup such as LDAP or NIS+ to handle aliases?A0407: Using the queries option for the aliasfile driver should do what you want. You can supply a second query which gets obeyed when the first query fails. For example,
queries = "\ ldap:://x.y.z/l=yvr?aliasaddress?sub?(&(mail=$local_part@$domain)):\ ldap:://x.y.z/l=yvr?aliasaddress?sub?(&(mail=default@$domain))"Q0408: If I don't fully qualify the addresses in a virtual domain's alias file then mail to aliases which also match the local domain get delivered to the local domain.
For example, if the alias file for foobar.com is
foo: joe@some.place.com postmaster: foo
then mail sent to postmaster@foobar.com is not delivered to joe@some.place.com but instead goes to foo@localdomain.com.
A0408: Set the qualify_preserve_domain option on the aliasfile director.
Q0409: We've got users who chmod their home to 750, and home is NFS-mounted without root privilege, so Exim cannot access ~user/.forward.A0409: Set the seteuid option on the forwardfile director so that Exim "becomes" the user before trying to read the file. However, if your operating system does not support the seteuid() function, you cannot do this. In that circumstance, if you cannot persuade your users to make their .forward files world readable, you can set the ignore_eacces option, which causes Exim to ignore unreadable files.
Q0410: I'm getting "permission denied" when Exim tries to check a for the existence of a user's .procmailrc file using require_files.A0410: Exim is running under its own uid (or root if there isn't an Exim uid) when it checks require_files. You can cause it to change to a specific uid by putting an item not containing any / characters at the start of the require_files list. In this case you probably want a director along these lines:
procmail: driver = localuser require_files = $local_part:$home/.procmailrc transport = procmail_pipeQ0411: How can I deliver mail into different directories for each virtual domain, doing user lookups not against /etc/passwd but against /etc/passwd.domain?
A0411: See configuration sample C009.
Q0412: I want mail for any local part at certain virtual domains to go to a single address for each domain.A0412: One way to to this is
virtual: driver = smartuser domains = lsearch;/etc/virtual new_address = ${lookup{$domain}lsearch{/etc/virtual}{$value}fail}
The /etc/virtual file contains a list of domains and the addresses to which their mail should be sent. For example:
domain1: postmaster@some.where.else domain2: joe@xyz.plc etc.
If the number of domains is large, using a DBM or cdb file would be more efficient.
Q0413: How can I make Exim look in the alias NIS map instead of /etc/aliases?A0413: The default configuration does not use NIS (many hosts don't run it). You should change the system_aliases director to
system_aliases: driver = aliasfile file = mail.aliases search_type = nis
If you want to use /etc/aliases as well as NIS, put this director (with a different name) before or after the default one, depending on which data source you want to take precedence.
Q0414: What does the error message "error in forward file (filtering not enabled): missing or malformed local part ..." mean?A0414: If you are trying to use an Exim filter, you have forgotten to enable the facility, which is disabled by default. In the forwardfile director (in the Exim configuration file) you need to set
filter = true
to allow a .forward file to be used as an Exim filter. If you are not trying to use an Exim filter, then you have put a malformed address in the .forward file.
Q0415: Exim isn't recognizing certain forms of local address.A0415: (A) Try using the -bt option with debugging turned on, to see how Exim is handling the addresses. For example,
exim -d2 -bt z6abc
will show you how it would handle the local part "z6abc". Increase the debug level to -d9 for more information.
(B) If the local user names contain capital letters, that is probably the cause of your problem. Setting up such user names is a bad idea. By default, everything is lowercased before the final delivery for the sake of alias matching and user name matching, because people who type email addresses often get the case wrong. You can stop this by setting
locally_caseless = false
but then incoming addresses are recognized only in the correct case. See Q0424 for a way round this.
Q0416: I have a domain for which some local parts must be delivered locally, but the remainder are to be treated like any other remote addresses.A0416: See A0308.
Q0417: What I really need is the ability to obtain the result of a pipe command so that I can filter externally and redirect internally. Is this possible?A0417: This is not possible. The result of a pipe command is not available to a filter, because it doesn't run any deliveries while filtering. It just sets up deliveries. They all happen later. If you want to run pipes and examine their results, you need to set up a single delivery to a delivery agent such as procmail which provides this kind of facility.
Q0418: When I set a suffix on one of my directors, it doesn't get stripped when checking the local_parts option. Why is this?A0418: The test on local parts and domains is done early on, and only if they match is supplementary processing such as prefix and suffix recognition done. There is a section of the manual called "Skipping directors" which gives details. If you want to ignore a prefix or suffix in the initial test of the local part, you can do so by replacing local_parts with a setting of the condition option. For example, suppose you wanted to look up the basic local part in a file, and run the director if it is found:
condition = ${if lookup{\ ${if match{$local_part}{^(.*)-request}{$1}{$local_part}}\ }lsearch{/some/file}{yes}}
The key that is looked up is the second line, which uses a regular expression to strip "-request" from the local part if it is present.
Q0419: Why will Exim deliver a message locally to any username that is longer than 8 characters as long as the first 8 characters match one of the local usernames?A0419: The problem is in your operating system. Exim just calls the getpwnam() function to test a local part for being a local login name. It does not presume to guess the maximum length of user name for the underlying operating system. Many operating systems correctly reject names that are longer than the maximum length; yours is apparently deficient in this regard. To cope with such systems, Exim has an option called max_user_name_length which you can set to the maximum allowed length.
Q0420: Why am I seeing the error "bad mode (100664) for /home/test/.forward (userforward director)"? I've looked through the documentation but can't see anything to suggest that exim has to do anything other than read the .forward file.A0420: For security, Exim checks for mode bits that shouldn't be set, by default 022. You can change this by setting the "modemask" option of the forwardfile director.
Q0421: How can I arrange that messages larger than some limit are handled by a special director?A0421: See A0311.
Q0422: When a user's .forward file is syntactially invalid, Exim defers delivery of all messages to that user, which sometimes include the user's own test messages. Can it be told to ignore the .forward file and/or inform the user of the error?A0422: Setting skip_syntax_errors on the forwardfile director causes syntax errors to be skipped. When dealing with users' .forward files it is best to combine this with a setting of syntax_errors_to in order to send a message about the error to the user. However, to avoid an infinite cascade of messages, you have to be able to send to an address that bypasses .forward file processing. This can be done by including a director like this one
real_localuser: driver = localuser transport = local_delivery prefix = real-
before the forwardfile director. This will do an ordinary local delivery without .forward processing, if the local part is prefixed by "real-". You can then set something like the following options on the forwardfile director:
skip_syntax_errors syntax_errors_to = real-$local_part@$domain syntax_errors_text = "\ This is an automatically generated message. An error has been \ found\nin your .forward file. Details of the error are reported \ below. While\nthis error persists, messages addressed to you will \ get delivered into\nyour normal mailbox and you will receive a \ copy of this message for\neach one."
A final tidying setting to go with this is a rewriting rule that changes "real-username" into just "username" in the headers of the message:
^real-([^@]+)@your\.dom\.ain$ $1@your.dom.ain h
This means that users won't ever see the "real-" prefix, unless they look at the Envelope-To header.
Q0423: I have some users on my system with upper case letters in their login names, but these are not recognized.A0423: See A0424.
Q0424: I have unset locally_caseless because my users have upper case letters in their login names, but incoming mail now has to use the correct case. Can I relax this somehow?A0424: If you really have to live with caseful user names but want incoming local parts to be caseless, then you have to maintain a file, indexed by the lower case forms, that gives the correct case for each login, like this:
admin: Admin steven: Steven mcdonald: McDonald lamanch: LaManche ...
and at the start of your directors, put one like this:
set_case_director: driver = smartuser new_address = ${lookup{${lc:$local_part}}lsearch{/the/file}\ {$value@$domain}fail}
For efficiency, you should also set the new_director option to cause processing of the changed address to begin at the next director. If you are otherwise using the default configuration, then the setting would be
new_director = system_aliases
If there are lots of users, then a DBM or cdb file would be more efficient than lsearch. If you are handling several domains, then you will have to extend this configuration to cope appropriately.
Q0425: I want to look up local users in an SQL database instead of looking in the passwd file.A0425: From release 3.03, Exim contains support for calling MySQL, and from release 3.14 there is support for PostgreSQL.
You must consider what will happen if your database is down. All local mail delivery will be delayed until it comes up again. Whether this matters is of course something for you to decide. If the database is down a lot and it does matter, then consider some scheme of extracting a list of users from the database at regular intervals, and getting Exim to work off that. This is also likely to be more efficient.
Q0426: Is it possible for Exim to use a SQL database like MySQL for its lists of virtual domains and explicit aliases?A0426: See A0425.
Q0427: Can I use my existing alias files and forward files as well as procmail and effectively drop in exim in place of Sendmail ?A0427: Yes, as long as your alias/forward files don't assume that pipes are going to run under a shell. If they do, you either have to change them, or configure Exim to use a shell (which it doesn't by default).
Q0428: How can I route mail for user X@local to a smarthost if X doesn't exist on the local host?A0428: This is the same question as Q0402. The duplication is a bug in the FAQ.
Q0429: What is quickest way to set up Exim so any message sent to a non- existing user would bounce back with a different message, based on the name of non-existing user?A0429: See the example in the section of the manual entitled "System-wide automatic processing".
Q0430: I am building some largish mailing lists with Majordomo, and was wondering if it worth leaving the actually list expansion to the aliasfile :include: mechanism or should I consider using the forwardfile transport? Is there any real difference in terms of facilities and/or performance, and are the expansions basically the same code anyway?A0430: The code that pulls out individual addresses from a list is the same in both cases, so it's really just a matter of which is the most convenient for you.
Q0431: What do I need to do to make Exim handle /usr/ucb/vacation processing automatically, so that people could just create a .vacation.msg file in their home directory and not have to edit their .forward file?A0431: Add a new director like this, immediately before the normal localuser director:
vacation: driver = localuser require_files = .vacation.msg transport = vacation_transport unseen
and a matching new transport like this:
vacation_transport: driver = pipe command = "/usr/ucb/vacation \"$local_part\""
However, some versions of /usr/ucb/vacation do not work properly unless the DBM file(s) it uses are created in advance - it won't create them itself. You also need a way of removing them when the vacation is over.
Another possibility is to use a fixed filter file which is run whenever .vacation.msg exists, for example:
vacation: driver = forwardfile check_localuser require_files = $home/.vacation.msg file = /some/central/filter filter
The filter file should use the "if personal" check before sending mail, to avoid generating automatic responses to mailing lists. If sending a message is all that it does, this doesn't count as a "significant" delivery, so the message goes on to be delivered as normal.
Yet another possibility is to make use of Exim's autoreply transport. See C033.
Q0432: I want to use a default entry in my alias file, but it picks up the local parts that the aliases generate. For example, if the alias file isluke.skywalker: luke ls: luke *: postmaster
then messages addressed to luke.skywalker end up at postmaster.
A0432: (A) If you know for certain that no alias in your alias file ever generates another alias that is in the same file, then the most efficient solution is to put
new_director = name-of-following-director
in your aliasfile director. This stops Exim from processing the generated names as aliases the second time.
(B) If you can't give that guarantee, then you have to put dummy entries in the alias file for all your local parts, for example:
luke: luke
(C) Another possibility is to put the aliasfile director for these aliases after the localuser director, so that local parts get picked off first. You will need to have two aliasfile directors if there are some local parts (e.g. root) which you do want to handle as aliases rather than local users.
Q0433: I have some obsolete domains which people have been warned not to use any more. How can I arrange to delete any mail that is sent to them?A0433: If you are using release 3.10 or later, you can use a smartuser director like this:
obsolete: domains = lsearch;/etc/exim/obsolete.domains new_address = :blackhole:
If you want to make any exceptions, for example, for mail to postmaster at those domains, you can add the line
local_parts = !postmaster
If you are using an earlier release of Exim, you have to set up an alias file in order to use :blackhole:
obsolete: domains = lsearch;/etc/exim/obsolete.domains file = /blackhole/all search_type = lsearch*
with the file containing
*: :blackhole:
and possibly a postmaster alias if you want.
Q0434: How can I arrange that mail addressed to anything@something.mydomain.com gets delivered to something@mydomain.com?A0434: Ensure that all the relevant domains are local, by setting
local_domains = mydomain.com : *.mydomain.com
Then set up a smartuser director like this:
user_from_domain: driver = smartuser new_address = ${if match{$domain}{^(.+)\\.mydomain.com\$}\ {$1@mydomain.com}fail}Q0435: I can't get a regular expression to work in this local_parts option on one of my directors:
local_parts = ^0740\d{6}
A0435: The local_parts option is expanded before use, so that you can, for example, make it dependent on the domain. Therefore, you need to write
local_parts = ^0740\\d{6}
so as to preserve the backslash.
Q0436: How can I arrange for all addresses in a group of domains *.example.com to share the same alias file? I have a number of such groups.A0436: For a single group you could just hardwire the file name into a director that had
domains = *.example.com
set, to restrict it to the relevant domains. For a number of such groups you can create a file containing the domains, like this:
*.example1.com example1.com *.example2.com example2.com ...
Arrange that the domains are treated as local by setting
local_domains = partial-lsearch;/that/file
Then create a director like this
domain_aliases: driver = aliasfile domains = partial-lsearch;/that/file file = /etc/aliases.d/$domain_data search_type = lsearch*
The variable $domain_data contains the data that was looked up when the domains option was matched, i.e. "example1.com", "example2.com", etc. in this case.
Q0437: When Exim tries to read /usr/lib/majordomo/lists/lists.aliases it is giving "Permission denied", but that file is world-readable!A0437: Check the permissions on the superior directories.
Q0438: Some of our users have no home directories; the field in the password file contains /no/home/dir. This causes the error "failed to stat /no/home/dir (No such file or directory)" when Exim tries to look for a .forward file, and the delivery is deferred.A0438: With the default configuration, you are asking Exim to check for a .forward file in the user's home directory. It looks up the home directory and tries to stat() it before looking for .forward. This is so that it can will notice a missing NFS home directory, and not treat it as if the .forward file did not exist. This stat() is failing when the home directory doesn't exist. What you should do is pick off these special cases before looking for .forward files for normal users. Place the following director before the userforward director:
no_home_directory_users: driver = localuser transport = local_delivery match_directory = /no/home/dir current_directory = /Q0439: How can I disable Exim's de-duplication features? I want it to do two deliveries if two different aliases expand to the same address.
A0439: This is not possible. Duplication has other ramifications other than just (in)convenience. Consider:
. Message is addressed to A and to B.
. Both A and B are aliased to C.
. Without de-duplication, two deliveries to C are scheduled.
. One delivery happens, Exim records that it has delivered the message to C.
. The next delivery fails (C's mailbox is over quota, say).
Next time round, Exim wants to know if it has already delivered to C or not, before scheduling a new delivery. Has it? Obviously, if duplicate deliveries are supported, it has to remember not only that it has delivered to C but also the "history" of how that delivery happened - in effect an ancestry list back to the original envelope address. This it does not do, and changing it to work in that way would be a lot of work and a big upheaval.
The best way to get duplicate deliveries if you want them is not to use aliasfile, but to use smartuser with a transport, e.g.
alias_with_duplicates: driver = smartuser transport = local_delivery_for_duplicates new_address = ${lookup {$local_part} lsearch ..... etc
This goes straight to the transport without generating a new address that is considered for de-duplication or re-aliasing. In effect, it is just re-writing the address on the way to the transport. You will need to specify the user under which to run the delivery, either on the transport or on the director.
Q0440: I set up an aliasfile director using MySQL, but it doesn't use the new addresses. This it my director:mysql_system_aliases: driver = aliasfile search_type = mysql query = "select userid from domain_table where \ aliasid='$local_part' and domain='$domain'" transport = local_delivery
A0440: The setting of "transport" is your problem. Aliasfile operates entirely differently if you give it a transport. It just verifies the incoming address by doing the query, then sends it to the transport. Take away the transport setting, and it will do normal aliasing, that is, turn one address into another which is independently processed.
Q0441: I received a message with a Subject: line that contained a non-printing character (a carriage return). This messed up my filter file. Is there a way to get round it?A0441: Instead of $h_subject: use ${escape:$h_subject:}
Q0442: My users' mailboxes are distributed between several servers according to the first letter of the user name. All the servers receive incoming mail at random. I would like to have the same configuration file for all the servers, which does local delivery for the mailboxes it holds, and sends other addresses to the correct other server. Is this possible?A0442: It is easiest if you arrange for all the users to have password entries on all the servers. This means that non-existent users can be detected at the first server they reach. Set up a file containing a mapping from the first letter of the user names to the servers where their mailboxes are held. For example:
a: server1 b: server1 c: server2 ...
Replace the normal localuser director with these two directors:
localuser: driver = localuser transport = local_delivery condition = ${if eq{$primary_hostname}\ {${lookup {${substr_0_1:$local_part}}\ lsearch{/etc/mapfile} {$value}}}{yes}{no}}
check_remote: driver = localuser transport = send_to_correct_host
The first director succeeds only if the local part is a local user whose mailbox is listed as being on the current host. The second server runs for all other local users, directing the addresses to this transport:
send_to_correct_host: driver = smtp hosts = ${lookup {${substr_0_1:$local_part}}lsearch{/etc/mapfile}\ {$value}}
Local parts that are not the names of local users are declined by both directors, and so they fail.
Q0443: I want to search for '$' in the subject line, but I can't seem to get the syntax. The obvious choice, '\$' doesn't work. Any help?A0443: Try one of these:
if $h_subject: contains \$ then ... if $h_subject: contains "\\$" then ...Q0444: One of the things I want to set up is for anything@onedomain to forward to anything@anotherdomain. I tried adding $local_part@anotherdomain to my aliases but it did not expand - it sent it to that literal address.
A0444: If you want to do it that way, you can make it expand by setting the "expand" option on the aliasfile director. Another approach is to use a smartuser director like this:
forwarddomain: driver = smartuser domains = onedomain new_address = $local_part@anotherdomain
new_address can, of course, be more complicated, involving lookups etc. if you have lots of different cases.
Q0445: How can I have an address looked up in two different alias files, and delivered to all the addresses that are found?A0445: It is tempting to use the "unseen" option for this (see Q0504 for an example of the use of "unseen"). You would have two directors, the first of which has "unseen" set, so that the address is always passed on to the next director, even if the first one accepts it.
However, there is a problem with this approach. If an address is found in the first director (with unseen set) but not in the second one, it will get delivered but will also (under most normal setups) generate an "unknown user" bounce as well.
If you want an incoming address to be "properly" delivered to two different "child" addresses (or lists), "unseen" is not really the right way to do it. You don't really need two different directors. You can use a smartuser director with an option something like this:
new_address = ${lookup{$local_part}lsearch{/etc/aliases1}\ {$value${lookup{$local_part}lsearch{/etc/aliases2}{,$value}}}\ {${lookup{$local_part}lsearch{/etc/aliases2}{$value}fail}}}\
If the first lookup succeeds, the result is its data, followed by the data from the second lookup, if any, separated by a comma. If the first lookup fails, the result is the data from the third lookup (which also looks in the second file), but if this also fails, the entire expansion is forced to fail, thereby causing the director to decline.
Q0446: I've converted from Sendmail, and I notice that Exim doesn't make use of the "owner-" entries in my alias file to change the sender address in outgoing messages to a mailing list.A0446: If you have an alias file with entries like this:
somelist: a@b, c@d, ... owner-somelist: postmaster
Sendmail assumes that the second entry specifies a new sender address for the first. Exim does not make this assumption. However, you can make it take the same action, by adding
errors_to = owner-$local_part@whatever.domain
to the configuration for your aliasfile director. This is fail-safe, because Exim verifies a new sender address before using it. Thus, the change of sender address occurs only when the owner entry exists.
A0501: Whenever Exim does a local delivery, it runs a process under a specific user and group id (uid and gid). For deliveries into mailboxes, and to pipes and files set up by .forwarding, it normally picks up the uid/gid of the receiving user. However, if an address is directed to a pipe or a file by some other means, such an entry in the system alias file of the form
majordomo: |/local/mail/majordomo ...
then Exim has to be told what uid/gid to use for the delivery. This can be done either on the director that handled the address, or on the transport that actually does the delivery. If a pipe is going to run a setuid program, then it doesn't matter what uid Exim starts it out with, and so the most straightforward thing is to put
user = exim
on either the director or the transport. A setting on the transport overrides a setting on the director, so if the same transport is being used with several directors, you should set the user on it only if you want the same uid to be used in all cases.
In the default configuration, the transports used for file and pipe deliveries are the ones called address_file and address_pipe. You can specify different transports by setting, for example,
pipe_transport = special_pipe_transport
on the aliasfile director. Then you can set up special_pipe_transport
special_pipe_transport: driver = pipe user = ????
which will be used only for pipe deliveries from that one director. What you put for the ???? is up to you, and depends on the particular circumstances.
Q0502: Exim won't deliver to a host with no MX record.A0502: (A) Are you sure there really is no MX record? Sometimes a typo results in a malformed MX record in the zone file, in which case some nameservers give a SERVFAIL error rather than NXDOMAIN. Exim has to treat this as a temporary error, so it can't go on to look for an A record. You can check for this state using one of the DNS interrogation commands, such as "nslookup", "host", or "dig".
(B) Is there a wildcard MX record for your domain? Is the search_parents option on in your lookuphost router? (Prior to Exim version 1.80 this was the default; it was changed because of this problem.) If the answer to both these questions is "yes", then that is the cause of the problem. When the DNS resolver fails to find the MX record, it tries adding on your domain if search_parents is true, and thereby finds your wildcard MX record. For example:
. There is a wildcard MX record for *.a.b.c.
. There is a host called x.y.z that has an A record and no MX record.
. Somebody on a machine m.a.b.c domain tries to mail to user@x.y.z.
. Exim calls the DNS to look for an MX record for x.y.z.
. The DNS doesn't find any MX record. Because search_parents is true, it then tries searching the current host's parent domain, so it looks for x.y.z.a.b.c and picks up the wildcard MX record.
Setting search_parents false makes this case work while retaining the wildcard MX record. However, anybody on the machine m.a.b.c who mails to user@n.a (expecting it to go to user@n.a.b.c) now has a problem. The widen_domains option of the lookuphost router may be helpful in this circumstance.
Q0503: How should Exim be configured when it is acting as a temporary storage system for a domain on a dial-up host?A0503: See Q1403, Q0521, and Q5014.
Q0504: I would like to deliver mail addressed to a given domain normally, but also to generate a message to the envelope sender.A0504: If the domain is a local one, you can do this with an "unseen" smartuser director and an autoreply transport, along the following lines:
# Transport warning_t: driver = autoreply file = /usr/local/mail/warning.txt file_expand from = postmaster@your.domain to = $sender_address user = exim subject = Re: Your mail to $local_part@$domain
# Director auto_warning_d: driver = smartuser domains = <domains you want to do this for> condition = ${if eq{$sender_address}{}{no}{yes}} transport = warning_t no_verify unseen
Note the use of the condition option to avoid attempting to send a message when there is no sender (that is, when the incoming message is a delivery error report). You can of course extend this to include other conditions. If you want to log the sending of messages, you can add
log = /some/file
to the transport and also make use of the "once" option if you want to send only one message to each sender.
Q0505: Exim keeps crashing with segmentation errors (signal 11 or 139) during delivery. This seems to happen when it is about to contact a remote host or when a delivery is deferred.A0505: This could be a problem with Exim's databases. Check that your DBM library is correctly installed. In particular, if you have installed a second DBM library onto a system that already had one, check that its version of ndbm.h is being seen first. For example, if the new version is in /usr/local/include, check that there isn't another version in /usr/include. If you are using Berkeley db, you can set USE_DB=yes in your Local/Makefile to avoid using ndbm.h altogether. This is particularly relevant for version 2 of Berkeley db, because no ndbm.h file is distributed with it.
Q0506: Whenever Exim tries to do a local delivery, it gives a permission denied error for the .forward file, like this:1998-08-10 16:55:32 0z5y2W-0000B8-00 == xxxx@yyy.zzz <xxxx@yyy.zz> D=userforward defer (-1): failed to open /home/xxxx/.forward (userforward director): Permission denied (euid=1234 egid=101)
A0506: Have you remembered to make Exim setuid root?
Q0507: I have installed Exim, but now I can't mail to root any more. Why is this?A0507: Most people set up root as an alias for the manager of the machine. If you haven't done this, Exim will attempt to deliver to root as if it were a normal user. This isn't really a good idea because the delivery process would run as root. Exim has a trigger guard in the option
never_users = root
in the default configuration file. This prevents it from running as root when doing any local deliveries. If you really want to run local deliveries as root, remove this line, but it would be better to create an alias for root instead.
Q0508: How can I stop undeliverable bounce messages (e.g. to routeable, but undeliverable, spammer senders) from clogging up the queue for days?A0508: Set ignore_errmsg_errors to drop them immediately, or set ignore_errmsg_ errors_after to specify a (short) time to keep them for. I use 12h so that I notice them, but they go away relatively quickly.
Q0509: How can mails that are being routed through directors other than localuser be delivered under the uid of the recipient?A0509: A0501 contains background information on this. If you are using, say, an alias file to direct messages to specific mailboxes, then you can use the "user" option on either the aliasfile director or the appendfile transport to set the uid. What you put in the setting depends on how the required uid is to be found. It could be looked up in a file or computed somehow from the local part, for example.
Q0510: I want to use MMDF-style mailboxes. How can I get Exim to append the ctrl-A characters that separate indvidual emails?A0510: Set the suffix option in the appendfile transport. In fact, for MMDF mailboxes you need a prefix as well as a suffix to get it working right, so your transport should contain these settings:
prefix = "\1\1\1\1\n" suffix = "\1\1\1\1\n"
Also, you need to change the check_string and escape_string settings so that the escaping happens for lines in the message that happen to begin with the MMDF prefix or suffix string, rather than "From" (the default):
check_string = "\1\1\1\1\n" escape_string = "\1\1\1\1 \n"
Adding a space to the line is sufficient to prevent it being taken as a separator.
Q0511: I have an ISDN connection and would like a way of running the queue automatically when it is up.A0511: The following shell commands test for the interface being up and then run the queue:
ifconfig ppp0 | fgrep UP >/dev/null if [ $? -eq 0 ] ; then exim -q ; fi
You could put these commands into a script which runs them at regular intervals. You might want to use -qq instead of -q.
With Linux, the script /etc/ppp/ip-up is run after a ISDN connection or a more general PPP connection has been established. If you are using Linux, you could put the call to exim in that script.
Q0512: If a user's mailbox is over quota, is there a way for me to set it up so that the mail bounces to the sender and is NOT stored in the mail queue?A0512: In the retry section of the configuration, put
*@your.dom.ain quota
That is, provide no retry timings for over quota errors. They will then bounce immediately. Alternatively, you can set up retries for a short time only, or use something like this:
*@your.dom.ain quota_7d *@your.dom.ain quota F,2h,15m; F,3d,1h
which bounces immediately if the user's mailbox hasn't been read for 7 days, but otherwise tries for up to 3 days after the first quota failure.
Q0513: I'm using tmail to do local deliveries, but when I turned on the use_crlf option on the pipe transport (tmail prefers \r\n terminations) message bodies started to vanish.A0513: You need to unset the prefix option, or change it so that its default \n terminator becomes \r\n. For example, the transport could be:
local_delivery_mbx: driver = pipe command = /usr/local/bin/tmail $local_part user = exim current_directory = / use_crlf prefix =
The reason for this is as follows: tmail uses the line terminator on the first line it sees to determine whether lines are terminated by \r\n or \n. If the latter, it moans to stderr and changes subsequent \n terminators to \r\n. The default setting of the prefix option is "From ...\n", and this is unaffected by the use_crlf option. If you don't change this, tmail sees the first line terminated by \n and prepends \r to the \n terminator on all subsequent lines. However, if use_crlf is set, Exim makes all other lines \r\n terminated leading to doubled \r\r\n lines and corrupt mbx mailboxes.
Q0514: What does the message "Unable to get root to set uid and gid for local delivery to xxx: uid=yyy euid=zzz" mean?A0514: Have you remembered to make Exim setuid root? It needs root privilege if it is to do any local deliveries, because it does them "as the user".
Q0515: I upgraded to 2.04 and now my Envelope-To: header for my virtual domains is gone. Any idea how to get it back?A0515: Read paragraph 1 of the 1.92 information in README.UPDATING. Add envelope_to_add to your transports for your virtual domains. You may also want to set return_path_add and delivery_date_add.
Q0516: The Exim log records the arrival of a message, and then "Completed", without logging any deliveries. What's going on?A0516: This is unlikely in current versions of Exim, because more logging has been added. In versions before 2.053, one scenario is that the message was addressed to some user who has set up an Exim filter containing the command "seen finish", which discards a message without doing any deliveries. (In current versions of Exim this is logged as "discarded".) More information can be obtained by setting
log_received_recipients
so that next time you can see to whom it is addressed. Another possibility, prior to version 2.053, was that the message was injected using the -t option, but all the addresses in the message were also on the command line. See A5020 for more detail. Current versions of Exim generate a bounce message in this case.
Q0517: When I activate "return receipt" for example in Netscape Mailbox sending options, then I get an error message from Exim... something like "not supported". Can I activate delivery confirmations?A0517: Exim does not support any kind of delivery notification.
(A) You can configure it to recognize headers such as "Return-receipt-to:" if you wish.
(B) Some people want MSN (message status notification). Such services are implemented in MUAs, and don't impact on the MTA at all.
(C) I investigated the RFCs which describe the DSN (delivery status notification) system, and there is even a bit of code in there (excluded by #ifdef) for handling some of the data. However, I was unable to specify any sensible way of actually doing anything with the data. There were comments on the mailing list at the time; many people, including me, conclude that DSN is in practice unworkable. The killer problem is with forwarding and aliasing. Do you propagate the DSN data with the generated addresses? Do you send back a "reached end of the DSN world" or "expanded" message? Do you do this differently for different kinds of aliasing/forwarding? For a user who has a .forward file with a single address in, this might seem easy - just propagate the data. But what if there are several forwardings? If you propagate the DSN data, the sender may get back several DSN messages - and should the sender really know about the detail of the receiver's forwarding arrangements? There isn't really any way to distinguish between a .forward file that is forwarding and one that is a mini mailing list. And so on, and so on. There are so many questions that don't have obvious answers.
Q0518: When I dial up to collect mail from my ISP, only the first 10 messages get delivered immediately; the remainder just sit on the queue until a queue runner process finds them.A0518: Your ISP is delivering all the messages in a single SMTP session. Exim limits the number of immediate delivery processes it will create as a result of a single SMTP connection, in order to avoid creating a zillion processes on systems that can have many incoming connections. In your situation, you should probably set smtp_accept_queue_per_connection to some number larger than 10.
Q0519: My ISP's mail server is rejecting bounce messages from Exim, complaining that they have no sender. The SMTP trace does indeed show that the sender address is "<>". Why is the Sender on the bounce message empty?A0519: Because the RFCs say it must be. Your ISP is at fault. Send them this extract from RFC 1123 section 5.3.3 ("Reliable Mail Receipt"):
If there is a delivery failure after acceptance of a message, the receiver-SMTP MUST formulate and mail a notification message. This notification MUST be sent using a null ("<>") reverse path in the envelope; see Section 3.6 of RFC-821. The recipient of this notification SHOULD be the address from the envelope return path (or the Return-Path: line). However, if this address is null ("<>"), the receiver-SMTP MUST NOT send a notification. If the address is an explicit source route, it SHOULD be stripped down to its final hop.
Q0520: What does the message "retry time not reached [for any host]" on the log mean? Why won't Exim try to deliver the message?A0520: That is not an error. It means exactly what it says. A previous attempt to deliver to that address failed with a temporary error, and Exim computed the earliest time at which to try again. This can apply to local as well as to remote deliveries. For remote deliveries, each host (if there are several) has its own retry time.
If you are running on a dial-up host, the rest of this answer probably does not apply to you. Go and read Q1404 instead. If your host is permanently online, read on...
Some MTAs have a retrying schedule for each message. Exim does not work like this. Retry timing is normally host-based for remote domains and address-based for local domains. (There are some exceptions for certain kinds of remote failure - see "Errors in outgoing SMTP" in the manual.)
If a new message arrives for a failing address and the retry time has not yet arrived, Exim will log "retry time not reached" and leave the message on the queue, without attempting delivery. Similarly, if a queue runner notices the message before the time to retry has arrived, it writes the same log entry. When the retry time has past, Exim attempts delivery at the next queue run. If you want to know when that will be, run the exinext utility on the address, for example:
exinext user@some.domain
You can suppress these messages on the log by setting log_level to a value that is less than 5. You can force a delivery attempt on a specific message (overriding the retry time) by means of the -M option:
exim -M 10hCET-0000Bf-00
If you want to do this for the entire queue, use the -qf option. See also Q0533.
Q0521: RFC 1985 specifies that the SMTP command "ETRN host.domain" causes all mail queued for that host, no matter what domain it's for, to be dequeued. Why doesn't Exim support this?A0521: Exim does not keep queues of mail for specific destinations. It just keeps one pool of undelivered messages. What is more, once you start a delivery of a message, it tries to deliver to all the addresses in the message, not just the one you may be interested in. (Of course, this doesn't usually do any harm.)
The only way it could be done within Exim would be, for every message on the queue, to go through the motions of routing each undelivered address and see if that resulted in a delivery to the host of interest. This could be extremely expensive (e.g. 1,000 messages on the queue, only 1 for the given host).
The bottom line is that Exim just wasn't designed for this kind of operation, that is, holding messages for intermittently connected hosts. The queueing arrangements are designed for handling delivery problems that are not expected to be common.
A better way to do this is to implement the required queues separately. After all, keeping such mail on an "active" queue (where Exim will keep trying to deliver) is silly. If there is a lot of mail for these hosts, it also masks genuine delivery problems when you inspect the queue.
Large ISPs who provide this kind of functionality do not usually leave waiting mail on the MTA's queue. Instead, they get it delivered into per-host directories, one message per file, in one of the special formats (BSMTP, maildir, or mailstore) and when an ETRN arrives, it kicks off some completely different program that establishes an SMTP connection to the host and shovels the waiting mail down it. That seems to me to be a much neater way of doing this. It means you can easily add additional functionality such as archiving or throwing away uncollected mail.
One program that has this functionality is "ssmtp", which can be found in ftp://metalab.unc.edu/pub/Linux/system/mail/mta/. Alternatively, sample configuration C037 demonstrates an elegant way of using Exim itself to deliver the saved messages when the client issues an ETRN.
Q0522: If email has been deferred to a member on a local mailing list (implemented through forward files), and one of our ETRN clients is on this mailing list, the -R won't "flush" the mailing list message for that client.A0522: That is because -R matches only original recipient addresses, not those produced as a result of expansion, because these are not (by default) preserved from delivery to delivery. You can get round this by setting one_time on the forwardfile director, but you are not allowed to have expansions to pipes or files on directors that have one_time set. Therefore, you will have to have a separate director for mailing lists (with one_time set) to the one used for normal forward files that might specify pipe or file deliveries. However, the problem will then still be present for any user who sets up a .forward file to redirect to any of the ETRN domains. See the last 3 paragraphs of A0521 for a discussion of an alternative approach.
Q0523: Exim seems to be sending the same message twice, according to the log, although there is a difference in capitalization of the local part of the address.A0523: That is correct. The RFCs are explicit in stating that capitalization matters for local parts. For remote domains, Exim is not entitled to assume case independence of local parts. I know, it is utterly silly, and it causes a lot of grief, but that's what the rules say. Here is a quote from the draft of the forthcoming revision to RFC 821:
... a command verb, an argument value other than a mailbox local-part, and free form text MAY be encoded in upper case, lower case, or any mixture of upper and lower case with no impact on its meaning. This is NOT true of a mailbox local-part. The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. Mailbox domains are not case sensitive. However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged.
Q0524: How can I force the next retry time for a host to be now?A0524: (A) You can force a particular message to be delivered with the -M command line option. If it succeeds, the retry data will get cleared. If the host is past the cutoff time, so that messages are bouncing immediately without trying a delivery, you can use -odq to put a message on the queue without a delivery attempt, and then use -M on it.
(B) You can change the retry time with the exim_fixdb utility, but its interface is very clumsy.
Q0525: I set up "|/bin/grep Subject|/usr/bin/smbclient -M <netbiosname>" as an alias but it doesn't work.A0525: That is a shell command line. Exim does not run pipe commands under a shell by default (for added security - and it saves a process). You need something like
"|/bin/sh -c '/bin/grep Subject|/usr/bin/smbclient -M <netbiosname>'"Q0526: Why does the pipe transport add a line starting with ">From" to messages?
A0526: Actually, it adds a line starting with "From", because that is the default of the "prefix" option (/usr/ucb/vacation needs it, and that is the most common use of piping). If you don't want it, change the setting of "prefix".
Q0527: I have set fallback_hosts on my smtp transport, but after the error "sem@chat.ru cannot be resolved at this time" Exim isn't using them.A0527: fallback_hosts only works if an attempt at delivery to the original host(s) fails. In this case, Exim couldn't even resolve the domain chat.ru to discover what the original hosts were, so it never got as far as the transport. However, see Q0322 for a possible solution.
Q0528: After the holidays my ISP has always hundreds of e-mails waiting for me. These are forced down Exim's throat in one go. Exim spawns a lot of kids, but is there some limit to the number of processes it creates?A0528: Unless you have changed smtp_accept_queue_per_connection (introduced at release 2.03) it should only spawn that many processes per connection (default 10). Your ISP may be making many connections, of course. That is limited by smtp_accept_max.
Q0529: When a message in the queue got to 12h old, Exim wrote 'retry timeout exceeded' and removed all messages in the queue to this host - even recent messages. How I can avoid this behaviour? I only want to remove messages that have exceeded the maximum retry time.A0529: Exim's retrying is host-based rather than message-based. The philosophy is that if a host has been down for a very long time, there is no point in keeping messages hanging around. However, you might like to check out delay_after_cutoff in the smtp transport. It doesn't do what you want, but it might help.
Q0530: Can Exim add a Content-Length: header to messages it delivers?A0530: You could include something like
headers_remove = "content-length" headers_add = "Content-Length: $message_body_size"
to the appendfile transport. However, the use of Content-Length: can cause several problems, and is not recommended unless you really know what you are doing. There is a discussion of the problems in
http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/content-length.html
Q0531: Exim seems to be trying to deliver a message every 10 minutes, though the retry rules specify longer times after a while, because it is writing a log entry every time, like this:1999-08-26 14:51:19 11IVsE-000MuP-00 == example@example.com T=smtp defer (-34): some host address lookups failed and retry time not reached for other hosts or connection limit reached
A0531: It is looking at the message every 10 minutes, but it isn't actually trying to deliver. It's looking up example.com in the DNS and finding this information:
example.com. MX 10 example-com.isp.example.com. example.com. MX 0 mail.example.com. mail.example.com. A 202.77.183.45 A lookup for example-com.isp.example.com. yielded NXDOMAIN
The last line means that there is no address (A) record in the DNS for example-com.isp.example.com. That accounts for "some host address lookups failed", but the retry time for mail.example.com hasn't been reached, which accounts for "retry time not reached for other hosts".
Q0532: I am trying to set exim up to have a automatic failover if it sees that the system that it is sending all mail to is down.A0532: Add to the remote_smtp transport the following:
fallback_hosts = failover.server.name(s)
If there are several names, they must be separated by colons.
Q0533: I can't get Exim to deliver over NFS. I get the error "fcntl() failed: No locks available", though the lock daemon is running on the NFS server and other hosts are able to access it.A0533: Check that you have lockd running on the NFS client. This is not always running by default on some systems (Red Hat is believed to be one such system).
Q0534: Why does Exim bounce messages without even attempting delivery, giving the error "retry time not reached for any host after a long failure period"?A0534: This message means that all hosts to which the message could be sent have been failing for so long that the end of the retry period (typically 4 or 5 days) has been reached. In this situation, Exim still computes a next time to retry, but any messages that arrive in the meantime are bounced straight away. You can alter this behaviour by unsetting the delay_after_cutoff option on the smtp transport. Then Exim will try most messages for those hosts once before giving up.
Q0535: My .forward file is "|/usr/bin/procmail -f-" and mail gets delivered, but there was a bounce to the sender, sending him the output of procmail. How can I prevent this?A0535: Exim's default configuration is set up like this:
address_pipe: driver = pipe return_output
The return_output option requests that any output that the pipe produces be returned to the sender. That is the safest default. If you don't want this, you can either remove the option altogether, or change it to return_fail_output, to return output only if the command fails. Note that this will affect all pipes that users run, not just your procmail one. It might be better to arrange for procmail not to produce any output when it succeeds.
Q0536: Can I write an ordinary file when I running a perl script as a transport filter for remote_smtp and address_pipe transports?A0536: Yes, provided the file is writeable by the Exim user. However, if two messages are being delivered at once, their data will get mixed up in the file unless you implement your own locking scheme. If all you want to do is to take a copy of the message, another approach that avoids the locking problem is to use a system filter to set up an "unseen" delivery to a file. If you only want the message's headers, you can set message_filter_file_transport to point to a special appendfile transport that has headers_only set.
Q0537: I have some mails on my queues that are sticking around longer than the retry time indicates they should. They are all getting frozen because some remote admin has set their MX record to 127.0.0.1.A0537: The admin in question is an idiot. Exim will always freeze such messages because they are apparently routed to the local host. There are two router options that can help you deal with them.
(1) Set
self = fail
on the router which handles the domain - in a simple configuration this will be the lookuphost router. This will cause the relevant addresses to bounce, instead of freezing the message.
(2) If you are running Exim 3.20 or later, you can set
ignore_target_hosts = 127.0.0.1
on the router instead. This causes Exim to completely ignore any hosts with that IP address.
Q0538: My /var/spool/mail has grown drastically. Is there any possibility of using two files in exim.cfg ?A0538: You can use an expansion string to split mailboxes between two directories. For example,
file = /var/spool/mail${nhash_2:$local_part}/$local_part
which does a hash on the local part, producing either 0 or 1, thereby using mail0 or mail1. But remember, the MUAs that read these mailboxes also have to know where they are.
Q0539: Sendmail has a program called smrsh that restricts what binaries can be run from sendmail aliases. Is there someting like this in Exim ?A0539: Check out the allow_commands option in the pipe transport.
Q0540: I wish to have large emails go out one at a time.A0540: One possibility is to set up a router that defers all large messages, except in queue runs. Since queue runners deliver just one message at a time, if you limited the number of simultaneous queue runners to 1, you would get the effect you wanted. A suitable router might be
defer_if_large_unless_queue_run: driver = domainlist self = defer condition = ${if or{{queue_running}{<{$message_size}{200K}}}{no}{yes}} route_list = * 127.0.0.1 byname
Of course, this would always delay any large message until the next queue runner, but if you run them fairly regularly, this shouldn't be a huge problem. (May even be desirable!)
A0601: There are several possibilities. One straightforward way is to set up a domainlist router which matches the UUCP domains and routes to a suitable transport. Sample configuration C003 is such a configuration, while C004 shows another way to do it, by defining the domains as local and using a smartuser director.
If all the domains whose MX records point to the local host are either local domains or UUCP domains, you can do without the domainlist router altogether, by making use of the "self" option. This means that only the DNS has to be updated when a UUCP domain is added or removed.
For example, this router routes to remote hosts over SMTP using a DNS lookup with default options, and fails for unknown domains (because of the no_more setting), but if the MX for a domain points at the local host, Exim continues on to the next router (self = fail_soft overrides no_more).
lookuphost: driver = lookuphost transport = smtp no_more self = fail_soft
The next router can just send everything to a suitable UUCP transport:
uucp: driver = domainlist transport = uux_transport route_list = "* $domain"
This assumes that the transport can determine the UUCP host name from the domain name.
Q0602: How can I get Exim to handle "bang path" addresses?A0602: In general, you can't (Exim is an Internet mailer and recognizes only RFC 822 addresses) but some restricted kinds of bang path can be dealt with by appropriate rewriting - but please note the warning below.
Exim treats a bang path address as an unqualified local part, and so will qualify it with your domain. A rule such as
^([^!]+)!(.+)@your\.domain$ $2@$1
turns a!b@your.domain into b@a. You can also use a repeating rule to turn multi-component paths into the "percent hack" notation with a rule such as
^([^!]+)!([^@%]+)(.+)$ $2%$1$3 R
which turns a!b@c into b%a@c and a!b!c@d first into b!c%a@d and then, because of the R flag, into c%b%a@d. The R flag causes repetition up to 10 times.
See also sample configuration C002, which contains some more sophisticated rewriting rules.
WARNING: If you install a general rewriting rule like the above, you are opening yourself up to the possibility of unwanted relaying. A host that is not permitted to relay through your system could send a message with an SMTP command line such as
RCPT TO:<victim-host!victim-user@your.domain>
and this would be accepted because it is addressed to your domain. However, the rewriting then converts the address, and the message does in fact get relayed. One way round this, if all your bang path messages are passed to Exim via SMTP, is to use the "S" rewriting flag. This applies a rewriting rule to incoming SMTP addresses as soon as they are received, before checking for qualification, relaying, etc. So a rule such as
^([^!]+)!(.+)$ $2@$1 S
rewrites simple two-component bang paths before the result is checked for relaying. However, this does not rewrite addresses in the headers of the message.
Q0603: We see something strange on our system in regards to mail comming in via rmail from a UUCP link. The sender is being set to mailmaster instead of the real sender, and a Sender: header is being added to the message.A0603: If mailmaster is the user that is running rmail, you need to include that user in the trusted_users configuration option. Only trusted users are permitted to specify senders when mail is passed to Exim via the command line.
A0701: There doesn't seem to be any significant performance hit using a flat queue on Solaris systems, so there is no need to do this for them. On the other hand, there is a known performance problem on Linux filing systems, where split_spool_directory can make a significant difference. ???? Other operating systems ????
Q0702: How well does Exim scale?A0702: Although the author did not specifically set out to write a high- performance MTA, Exim does seem to be fairly efficient. The biggest server at the University of Cambridge (a large Sun box) goes over 100,000 deliveries per day on busy days (it has over 20,000 users). There was a report of a mailing list exploder that sometimes handles over 100,000 deliveries a day on a big Linux box, the record being 177,000 deliveries (791MB in total). Up to 13,000 deliveries an hour have been reported.
These are quotes from some Exim users:
"... Canada's largest internet provider, uses Exim on all of our mail machines, and we're absolutely delighted with it. It brought life back into one of our machines plagued with backlogs and high load averages. Here's just an example of how much email our largest mail server (quad SS1000) is seeing ... " [230,911 deliveries in a day: 4,475MB]
"... Exim has to ... do gethostbyname()s and RBL lookups on all of the incoming mail servers, and he runs from inetd (TCP Wrappers connected). All the same, it seems to me that he runs as fast as lightning on our SCO 5.0.4 box (1 Pentium 166) - far faster than MMDF which I (and many customers) had before."
"On a PII 400 with 128M of RAM running Linux 2.2.5, I have achieved 36656 messages per hour (outgoing unique messages and recipients). For about a 5 minute period, I was able to achieve an average of 30 messages per second (that would be 108000 m/hour)! We are using: (options that make a difference):
queue_only split_spool_directory auto_thaw 60s max_queue_run 1 remote_max_parallel 1
We have a cron job hat runs every five minutes that spawns 5 exim -q if there are less that 120 exim processes currently running. We found that by "manually" controlling the concurrency of exim -q processes contending for the spool for remote_smtp delivery that we gained considerable performance -- 10000 m/hour."
Q0703: We have a large password file. Can Exim use alternative lookups during delivery to speed things up?A0703: Yes. You don't have to use the password file at all. See sample configuration C009 for some suggestions. (It shows lsearch lookups, but these could equally be DBM or cdb or NIS or LDAP lookups.)
If you are using FreeBSD, this problem should not arise, because it automatically uses an indexed password file. In some other operating systems you can arrange for this to happen too. On Linux, for example, all you need to do is
# cd /var/db # make
and put "db" before "files" in any /etc/nsswitch.conf lines you want to use db for.
Q0704: I just wondered if it might be helpful to put the hints database on a RAM disk during regular operation. Did anybody try that yet?A0704: A user reported thus: I have found that this works GREAT under Solaris. Make a RAM disk partition and keep everything in the "db" directory on it. However, when I try the same thing on Linux, I don't see the same boost. I think that Linux's file buffer cache works about the same. Plus, this leave more room for processes to run.
A0801: There are several different options that can be used to block incoming SMTP messages according to different criteria. The following are the most commonly used:
(A) Set sender_verify; this causes rejection of any message whose envelope sender cannot be successfully routed. This is mainly a check on the existence of remote domains, though it the domain is a local one, the local part also gets checked. Unfortunately, error mesages do not have envelope sender addresses, so cannot be checked in this way. See the headers_sender_verify options for ways of checking header addresses.
(B) If you want to block all mail from specific hosts or IP networks, set host_reject_recipients. The _recipients form of the option is more likely to prevent the remote hosts from keeping on trying. For example:
host_reject_recipients = 209.12.111.0/24
If you have many such blocks, they can be put in a file which is named in the option. If you have a mixture of IP addresses and names in your list, it is best to put the addresses first, because they can be checked without the need for a DNS lookup.
(C) If you want to block mail from specific envelope sender addresses, one convenient way is to organize a file of local parts indexed by domain names, for example
x.y.z creditrepair:^betterlovelife[0-9]+$:... p.q.r *
This would block creditrepair@x.y.z, any local part starting with betterlovelife and ending with digits in the x.y.z domain, and all addresses in the p.q.r domain. You refer to the file in the Exim configuration as follows:
sender_reject_recipients = @@lsearch*;/name/of/the/file
If the file is big, you can convert it into a DBM or cdb file and use a faster lookup method. The asterisk on the end of the search type causes a lookup for "*" if the domain is not found; that is, it permits a default list of local parts that are blocked at any domain that is not specifically listed. If you use this, you probably also want to end each local part list with ">*" (except those that consist of "*"). This causes Exim to check the default list of local parts if none of the specific ones for a domain are matched. So, the file above could become
* yourfriend:a.friend:... x.y.z creditrepair:^betterlovelife[0-9]+$:>* p.q.r *
If you are using an lsearch file, putting the * entry first saves a bit of processing.
(D) If you want to allow mail to postmaster through the blocks, you can set
recipients_reject_except = postmaster@your.domain
This overrides any of the policy controls that cause rejection by recipient.
Q0802: I don't want to block spam entirely; how can I inspect each message before deciding whether to deliver it or not?A0802: This can be done by using a system filter. See the sample configuration F003.
Q0803: How can I test that my spam blocks are working?A0803: The -bh option allows you to run a testing SMTP session as if from a given IP address. For example,
exim -bh 192.203.178.39
In addition to the normal SMTP replies, it outputs commentary about which tests have succeeded or failed.
Q0804: How can I test that Exim is correctly configured to use the Realtime Blocking List (RBL)?A0804: The -bh option allows you to run a testing SMTP session as if from a given address. You need to know a blocked IP address with which to test. Such a testing address is kindly provided by Russell Nelson:
linux.crynwr.com [192.203.178.39]
You can also send mail to nelson@linux.crynwr.com from the server whose RBL block you are testing. The robot that receives that email will attempt to send a piece of test email in reply. If your RBL block didn't work, you get a message to that effect. Regardless of whether the RBL block succeeds or not it emails you the results of the SMTP conversation from a host that is not on the RBL, so you can see how your server looks from the view of someone on the RBL.
Q0805: How can I use tcpwrappers in conjunction with Exim?A0805: Exim's own control facilities can do all that tcpwrappers can do. However, if you are already using tcpwrappers for other things it might be convenient to include Exim controls in the same place.
First of all, ensure that Exim is built to call the tcpwrappers library, by including USE_TCPWRAPPERS=yes in Local/Makefile. You also need to ensure that the header file tcpd.h is available at compile time, and the libwrap.a library is available at link time, typically by including it in EXTRALIBS. You may need to copy these two files from the tcpwrappers build directory to, for example, /usr/local/include and /usr/local/lib, respectively. Then you could reference them by
CFLAGS=-I/usr/local/include EXTRALIBS=-L/usr/local/lib -lwrap
in Local/Makefile. There are two ways to make use of the functionality, depending on how you have tcpwrappers set up. If you have it set up to use only one file, you ought to have something like:
/etc/hosts.allow:
exim : <client_list> : <allow_or_deny>
For example:
exim : LOCAL 192.168.0. .friendly.domain special.host : ALLOW exim : ALL : DENY
This allows connections from local hosts (chiefly `localhost'), from the subnet 192.168.0.0/24, from all hosts in *.friendly.domain, and from a specific host called special.host. All other connections are denied. If you have tcpwrappers set up to use two files, use the following:
/etc/hosts.allow:
exim : <client_list>
/etc/hosts.deny:
exim : <client_list>
Read the hosts_access(5) man page for more ways of specifying clients, including ports, etc., and on logging connections.
Q0806: How can I get POP-auth-before-relay support in Exim?A0806: See http://cc.ysu.edu/~doug/exim-pop.tar.Z which has some scripts for this, courtesy of Doug S <doug@cc.ysu.edu>. See also Q0835.
Q0807: I have one or two cases where my machine correctly rejects messages, but the remote machine is quite persistent, and keeps trying over and over.A0807: It is an unfortunate fact that a number of SMTP clients, in violation of the SMTP RFC, do not treat a permanent error code that is given after the MAIL FROM command or the DATA portion of the transaction as a permanent error. Consequently they keep resending the message. Failing checks on a message's headers (the headers_... options) necessarily result in an error code after the data has been received.
Q0808: I am seeing the error "no valid sender in message headers: return path is <>" in the reject log. Isn't <> a valid return path for error messages?A0808: It is indeed valid. The complaint here is about the contents of the message's headers, not the return path. This message has been reworded in later versions of Exim. You must have set the headers_sender_verify option. Check the From:, Reply-to: and Sender: headers that were logged with the error. You can use Exim's -bv option to find out why verification of those addresses failed.
Q0809: Let's say that we want to run a mail server that does not care if you have proper reverse DNS. If you include host_reject lines in your config file, Exim will always reject connections from such hosts. How can this be avoided?A0809: This is true only if you have wild-carded host names in host_reject. For complete host names, Exim uses a DNS forward lookup to obtain an IP address to compare. If you are using wild cards of any sort, put +allow_unknown as an item in your host list, for example:
host_reject = +allow_unknown : *.def.zz : *.stu.yy
This will allow any host without reverse DNS to bypass the checks. Note that it means that the owner of abc.def.zz (for example) can trivially get round your block simply by deleting the PTR record for abc.def.zz. If you use +warn_unknown instead of +allow_unknown, the action is the same, but every time the exception is invoked, it is logged.
Q0810: Is there a way to prevent lookups in the RBL for local hosts?A0810: Check out the rbl_hosts option.
Q0811: How can I set up the sender_reject option in my config file so I can reject mail by matching regular expressions?A0811: You must either put the regular expressions directly in the option setting, or in a file that is referenced by a plain file name, or use an @@ type of search. If the regular expressions match the domain as well as the local part, then the first two approaches are the only possible ones. For example:
sender_reject_recipients = ^.*\.spam\.com$ : ^.*@[0-9]+\.com$
or
sender_reject_recipients = /some/file
Each line of the file is treated as if it were an entry in the list, and must begin with ^ if it is a regular expression. No keys are involved because this is not a lookup,
If you are using version 2.10 or later, the first of those regular expressions can be rewritten to execute much more efficiently by using lookbehinds and once-only subpatterns:
sender_reject_recipients = ^(?>.*$)(?<=\.spam\.com)
See the manual section entitled "Address lists" for a description of the @@ type of split domain/local part lookup. See also Q0801.
Q0812: Normally sender_reject_recipients works fine, but addresses that have some uppercase letters in them seem to come through.A0812: This should no longer be the case from release 3.00 onwards. Although host and domain names are case-insensitive, the RFCs about mail specify that local parts are case sensitive. When earlier versions of Exim looked up a sender address in sender_reject_recipients, they did so using the caseful form, in order to be compliant with the mail RFCs. (In principle, user@domain and USER@domain might be different people. Silly, I know, but that's the rule. It has caused a lot of grief.) However, RFC 2305 (Anti-Spam Recommendations for SMTP MTAs) recommends that address checking in blocking lists should be done caselessly, so Exim now does this by default.
Q0813: I want to accept some sender addresses, even though they do not verify. There doesn't seem to be an option for verification exceptions, so how can I do this?A0813: Set up a special director or router to ensure that those addresses do verify, using verify_only and verify_sender so that it is not used during delivery or recipient verification. For example, here is a router which verifies the address root@somedomain.com:
verify_exceptions: driver = domainlist verify_only verify_sender domains = some.domain.com local_parts = root route_list = *Q0814: We are being plagued by forged mail coming from a number of different hosts and sender addresses. The guy however leaves a fingerprint. The first received line always contains 'Received: from baby'. What is the best suggested way for eliminiating him from our systems?
A0814: You cannot, unfortunately, prevent the message from getting into your system, because the message has to be read before you can inspect the Received: header. The best you can do is to install a system filter which junks any message containing such a header. Thus the sender still wastes bandwidth and your resources in transporting the message to you, but you just throw it away. A simple system filter that does this is
# Exim filter if $h_Received: contains "from baby" then seen finish endifQ0815: I have set host_accept_relay, but my host still refuses to relay from matching hosts.
A0815: (A) Did you remember to HUP or restart the Exim daemon after changing the configuration? You can get information as to what options Exim is checking by using the -bh option to test how it would handle mail from a specific host.
(B) Have you used any wild-card host names in host_accept_relay? E.g:
host_accept_relay = *.aaa.bbb
If so, the problem may be that the relevant hosts do not have reverse DNS entries for their IP addresses. In order to match a wild card name, Exim has to look up the calling host's name from its IP address, and if it cannot do so, it takes a hard line by default. Exim processes lists from left to right, and so will attempt a reverse DNS lookup at the first wild-carded entry it reaches. If you have IP addresses in your list, it is best to put them first for this reason. Suppose you had
host_accept_relay = *.x.y : 10.9.8.7
Then when the host 10.9.8.7 connects, a reverse lookup will still be done, because the first check is against *.x.y. If the lookup fails, relaying is rejected. However, if the list were in the opposite order, the IP check would succeed, and no DNS lookup would be done. See also Q0809.
Q0816: How can I run customized verification checks on incoming addresses?A0816: If you can implement your checks in Perl, then you can use Exim's facility for running an embedded Perl interpreter. For example, if you want to run special checks on local addresses, you could install this as your first director:
private_verify: driver = smartuser condition = ${perl{verify}{$local_part}{$domain}} verify_only
If you want this to be the only means of verification, you can set no_verify on all the other directors. Otherwise, if this director fails to verify, the address gets passed on to those that follow.
The verify_sender and verify_recipient options can be used to restrict the director to sender or recipient verification only, and if necessary you could have two different directors, one for senders and one for recipients.
If the result of the expansion of condition is not "no", "false" or "0", then address verification succeeds, because the director itself matches any address. The expansion of condition causes the Perl subroutine called "verify" to be run, with two arguments, the local part and the domain. The subroutine must be provided in Perl code that is referenced by the perl_startup option. See the chapter on embedded Perl for details.
Remote addresses can be handled in a similar way by using a domainlist router that matches all domains. See also Q0813.
Starting up a Perl interpreter is not cheap. On a busy system you should first make sure that there isn't some way of using Exim's own facilities for doing what you want before going down this road.
Q0817: Does Exim apply RBL checks to error messages, those with an envelope sender of "<>" ?A0817: Yes, it does, because the RBL check happens immediately on connection, before any commands are passed, and so therefore before it even knows that the envelope sender is "<>".
Q0818: I want to be able to set up a list, similar to sender_reject_recipients, but with a user-defined message. I believe I have to use a director for this.A0818: You can do this using the prohibition_message mechanism (see the section entitled "Customizing prohibition messages" in the manual). This avoids having to use a director, and therefore doesn't require you to let the message into your host at all. Use something like this:
prohibition_message = "\ ${if eq {$prohibition_reason}{sender_reject_recipients}\ {${lookup{$sender_address}lsearch{/some/file}{$value}}}{}}"
This example looks up a message that is specific to the sender, but you can of course tailor the message any way you like. Vertical bar is treated as a line separator in prohibition texts.
Q0819: I want to reject certain sender-recipient combinations, with a specific message for each such combination.A0819: That needs a special director, using the "senders" option to predicate it on the sender, and a file of recipients to fail for each sender. Something like this:
forced_fail: driver = aliasfile senders = sender@domain.com : *@otherdomain.com file = /blocked/${lc:$sender_address} search_type = lsearch
with the files containing lines like
recipient: :fail: message
If you are handling multiple local domains, you may want to set include_domain so you can specify fully qualified addresses in the files. If the files get big, an indexed search type such as DBM or cdb should be used.
If you want to block an entire domain from a specific sender, you could use this director:
domain_block: driver = aliasfile senders = dislikedsender@wherever file = /fail/all search_type = lsearch*
with the file containing
*: :fail: message
The message text supplied after :fail: is restricted to a single line. If you want to send several paragraphs of message, instead of using :fail: you could use the aliasfile to pipe the message off so some script which generates a long message and then gives a non-zero return code so that the message gets returned to the sender.
In all of these cases you are in trouble if the sender address is bad, because the bounce message you generate will get stuck.
Q0820: Will Exim allow me to create a file of regexs and match incoming external email to the list - and if a match is found file the offending message into a special location? Also is it possible to make exim only filter parts of an incoming email - e.g. ignore large MIME attachments for example and only process text/plain?A0820: You can do some of this in a system filter. For example:
if $message_body matches <...some complicated regex...> or $message_body matches <...some other regex...> or $header_from: matches <...regex...> or etc. then save /some/special/file endif
or instead of "save" you could have "deliver" (to some address) or "pipe" (to some script).
There isn't any mechanism for ignoring attachments, but $message_body only looks at the first n bytes of the body, where n defaults to 500 but can be changed.
A more expensive alternative would be to run a Perl subroutine using the embedded Perl mechanism. If you passed over the message id, the Perl code could read the message files on the spool and implement any algorithm it liked for deciding what should be done.
Q0821: I've hacked sendmail to make an ioctl call at the time of the SMTP RCPT command, to check if a user has exceeded their email quota. If they have I issue a temporary failure and a message - can I do this with Exim?A0821: This could be done by arranging for a quota check to happen during the verification of the address after RCPT, but without hacking Exim you would have to use the embedded Perl facility to get it to run a Perl script to do the test.
If the reason you want to do this is to avoid having messages for over- quota users sitting on your spool for many days, there is an alternative. In Exim you can set up special retry rules for quota excession (what we use is "if mailbox not read for 7 days, bounce immediately, otherwise try every hour for one day, then bounce").
Q0822: I'm looking for a rule to reject special unknown recipients.A0822: If the messages in question are coming in via SMTP, you can turn on receiver_verify (if you haven't already) and arrange for these addresses not to verify. For example, if they are not in your local domains, you could use a router like this:
verify_check_specials: driver = domainlist condition = "\ ${if eq {$local_part@$domain}{account@host.domain}{yes}{no}}" verify_only fail_verify route_list = *
where of course you can extend the condition setting to use regular expressions, file lookups, Perl calls, or anything else that is available. The failure of the verification causes an error return to the SMTP RCPT command, so the messages never get into your system. For addresses in your local domains you could use a smartuser director in a similar fashion, but you could also use an alias file with :fail: entries.
If you are receiving such messages from the local host, then they are already in the system, and have to be failed locally as part of the delivery process. The :fail: mechanism is the simplest for local addresses. For remote addresses, one possibility would be to use a router with a condition setting to send such messages to an autoreply transport that sends back an error message to the sender. See also Q0826.
Q0823: I'd like to pass all messages through a virus-scanning system before delivery. Can Exim do this?A0823: One way of achieving this is to deliver all messages via a pipe to a checking program that resubmits them for delivery in some private way that can be checked (e.g. on a specific SMTP port, or IP address). One possibility is to use the "received protocol" field that can be set for locally submitted mail via the -oMr command line option. This director sends all messages that are not from the local host and whose received protocol is not "scanned-ok" to the virus_scan transport:
vircheck: driver = smartuser transport = virus_scan condition = "${if or {{eq {$received_protocol}{scanned-ok}} \ {eq {$sender_host_address}{127.0.0.1}}}\ {0}{1}}"
A similar router could be used if you want to scan messages for remote addresses. One problem is that this approach scans the message for each recipient, not just once per message.
The virus_scan transport should be set up to pipe the message to a suitable checking program or script which runs as a trusted user. This can then re-submit the message to Exim, using -oMr to set the received protocol to "scanned-ok", and the -f option to set the correct envelope sender address. WARNING: If you forget to make the resubmitting process run as a trusted user, the received protocol does not get set, and you are likely to generate a loop.
Q0824: How can I accomplish this: a message sent from any host must either be sending to a domain in a list (a dbm file) or the sender's address domain must be in the list.A0824: First of all, set
relay_domains = dbm;/the/dbm/file
This allows relaying from any host, provided that the recipient address matches one of the domains in the list. Then set
host_accept_relay = * sender_address_relay = dbm;/the/dbm/file
This allows relaying from any host (because of the *) to any arbitrary domain, provided that the sender's address matches a domain in the list.
WARNING: This setting makes it possible for your host to be used as an open relay by those unscrupulous enough to forge sender addresses. Your host may end up on one of the open relay blocking lists as a result.
Q0825: I've set relay_domains and sender_address_relay, but if user@mydomain tries sending to an arbitrary domain, Exim rejects it.A0825: The safest way to control relaying arbitrary domains is by host, not by sender address. If you are able to specify the hosts which your users use, then set host_accept_relay to match them. You can then remove the setting of sender_address_relay, unless you also want to limit relaying to specific senders.
If you want to permit relaying from specific senders on arbitrary hosts, you can set relay_match_host_or_sender. This requires that only one of the host or sender address be recognized, instead of both of them.
WARNING: This setting makes it possible for your host to be used as an open relay by those unscrupulous enough to forge sender addresses. Your host may end up on one of the open relay blocking lists as a result.
Q0826: I set sender_reject_recipients, but Exim is not rejecting those recipients.A0826: You have misunderstood the option. A setting like that rejects all the recipients of an incoming message with that sender. To reject a specific recipient in your own domain you can set up an alias like this:
reject-me: :fail: mail for reject-me is not acceptable
If you want to reject a recipient that is not in a local domain, one approach is to set up a router to send the address to your directors, and then use an alias file to generate a :fail: message as above. Alternatively, you can use the verification mechanism: see Q0822.
Q0827: I can't find an option to deny "RCPT TO:" addresses.A0827: Denying RCPT TO addresses is the job of verifying. You can set up directors and routers that are run only when verifying and not when delivering. This gives you a great deal of flexibility. See Q0822.
Q0828: My problem is that Exim replaces $local_part with an empty string in the system filtering. What's wrong or what did I miss?A0828: A message may have many recipients. The system filter is run just once at the start of a delivery attempt. Consequently, it does not make sense to set $local_part. Which recipient should it be set to? However, you can access all the recipients from a system filter via the variable called $recipients.
Q0829: Using $recipients in a system filter gives me another problem: how can I do a string lookup if $recipients is a list of addresses?A0829: Check out section 25 of the filter document ("Testing a list of addresses"). If that doesn't help, you may have to resort to calling an embedded Perl interpreter - but that is expensive.
Q0830: Is there a way to configure Exim to reject mail to a certain local host?A0830: No, only to certain domains. Use a configuration like this:
receiver_verify local_domains = rejected.domain : <other local domains>
with the first director as
reject_domains: driver = smartuser domains = rejected.domain verify_only fail_verifyQ0831: Exim sometimes rejects messages with bad senders after the DATA and sometimes after the MAIL command. What is the difference?
A0831: The first time Exim encounters a particular bad sender, it rejects the message after the data has been received, so that it can log the headers. If the same sender re-appears within 24 hours, Exim assumes that the remote host has (in violation of RFC 821) not interpreted the previous 550 error code correctly, so this time it rejects the MAIL command. Some hosts don't even managed to handle that, so if the same sender turns up for a third time within 24 hours, Exim accepts MAIL, but rejects every RCPT command instead.
Q0832: How can I get Exim to remove attachments from messages?A0832: (A) The cleanest way is to check for the existence of a "Content-type" header line, and route messages containing it down a pipe to some other program that strips the attachments and re-submits the message to Exim. Alternatively, a transport filter can be used to do the job, as described in C028.
(B) A somewhat more hairy way is to use embedded Perl from a system filter to truncate the message's data file directly, and then use the "headers remote" filter command to get rid of the associated headers.
Q0833: I ran a relay test against my host and it failed with an address containing a %, though I don't have percent_hack_domains set. Is Exim broken? This is what the tester said:Relay test 6 >>> RSET <<< 250 Reset OK >>> MAIL FROM:<spamtest@example.com> <<< 250 <spamtest@example.com> is syntactically correct >>> RCPT TO:<relaytest%mail-abuse.org@example.com> <<< 250 <relaytest%mail-abuse.org@example.com> is syntactically correct Relay test result Uh oh, host appeared to accept a message for relay. The host may reject this message internally, however
A0833: This does not prove that your host is open for relaying. Notice the wording of the last two sentences: "appeared to accept" and "may reject internally". Assuming that your Exim configuration is correct, Exim will discover that the local part "relaytest%mail-abuse.org" is not valid on your host, and it will bounce the message.
Why doesn't it reject the RCPT TO command? Answer: because you have not set receiver_verify in your configuration file, or you have excluded these particular sender or recipient domains from receiver verification.
Q0834: How can I arrange for each user to have a file listing the only sender addresses from which she will accept mail? I want to do this so my family members don't get any spam (or other inappropriate mail).A0834: Arrange for each user you want to control to have a file called .acceptlist, ignoring for the moment how this gets maintained. Then, turn on receiver_verify and make the following your first director:
verify_known_sender: driver = smartuser require_files = /home/$local_part/.acceptlist senders = ! /home/$local_part/.acceptlist new_address = :fail: Sender unknown
That will stop such messages even getting into your host. (Replace /home/$local_part with whatever the correct path to your user's home directories is.) As written above, the accept list is interpolated into the senders list and can contain wild cards. If there are no wild cards and the lists get very long, it would be more efficient to convert them into some indexed format, e.g. cdb and use a cdb lookup.
One problem with this is that it will block bounce messages, which have empty senders. You can get round this, by changing the "senders" line to
senders = ! : ! /home/$local_part/.acceptlist
However, this will, of course, let in spam that has a null sender. Since the "senders" option is expanded, you could perhaps include something that tested a message without a sender for being a plausible bounce message before including the null sender in the list. Another approach would be to use a condition option to do various tests, including looking up $sender_address in /home/$local_part/.acceptlist.
Q0835: I have the POP-auth-before-relay support in, but I see that Exim still does an RBL lookup before checking the POP authorisation file. How can I prevent it doing an RBL check if the caller is authorized by virtue of a recent POP authentication?A0835: If the file containing a list of recent POP-authenticated hosts is /usr/local/etc/exim/popauth, say, set
rbl_hosts = !/usr/local/etc/exim/popauth
so that hosts in the list are exempted from RBL checking.
Q0836: When using Nessus on a system that runs exim, a number of security issues are raised. Nessus complains that exim answers to EXPN and/or VRFY; sometimes it even complains that exim allows relaying.A0836: Exim supports EXPN only if you permit it to do so by setting smtp_expn_hosts. Likewise, it supports to VRFY only if you set smtp_verify. Without these settings, its responses are
550 EXPN not available 252 VRFY not available
Maybe the use of 252 is the "problem". It is recommended that this be done (by those that discuss these things) because there are stupid clients that attempt VRFY before sending a message.
Q0837: Could anyone points me to right rules to prevent sending/receiving messages to/for domains which have one MX to localhost or only have address 127.0.0.1 ?A0837: You need to turn on sender_verify. With the default configuration, this will result in a temporary verification failure for these domains. You can make this into a permanent failure by adding
self = fail
to your lookuphost router. The default action on encountering a routing to the local host is to defer, and freeze the message if it is a delivery address. Making this change applies to any routing to the local host, not just to 127.0.0.1.
If you are running Exim release 3.16 or later, an alternative approach is to set ignore_target_hosts = 127.0.0.1 on the relevant routers.
Q0838: How can I lock out domains that do not have any MX records?A0838: You can do this by means of the mx_domains option, but you should NOT do this for Internet domains in general. There are still a large number of legitimate domains that do not have MX records.
Q0839: I would like to have a per-user limit for the maximum size of messages that can be sent.A0839: The simplest way to do this is to put something in a system filter along these lines:
if $message_size is above "${lookup{$sender_address}lsearch{/some/file}{$value}{10M}}" then fail "Message is larger than $sender_address is allowed to send" endifQ0840: I have set up a DBM (or cdb, or lsearch, or MySQL or whatever) file containing a list of IP addresses for the hosts I want to allow to relay, but when I set host_accept_relay to do a lookup on that data, it doesn't work.
A0840: If you include any kind of lookup in a host list, it will by default search on the host name, not on the IP address. What you want is something like
host_accept_relay = net-dbm;/some/file
The prefix net- makes it look up the IP address instead of the name. You can also look up IP networks by using entries like
host_accept_relay = net24-dbm;/some/file
For a host with IP address 192.168.45.23 this would do the lookup using the key "192.168.45.0/24".
A0901: Users have found several ways of setting up Exim for use with Majordomo. There's a web page at
http://www.netmaster.ca/exim/majordomo.html
which shows one way to do it, and discusses some of the issues. The sample configuration C018 is another approach which automates a lot of the functions based on whether the files or directories exist. Only three aliases per list are needed.
Somewhere in the Majordomo docs or FAQ it mentions using batchmail or other additional programs to improve the performance of large lists. They are not needed with Exim, and their use can actually make things worse. However, it's a good idea to set remote_max_parallel to a value greater than 1 in the Exim configuration.
Q0902: I have set $mailer in majordomo.cf, but it still isn't setting the sender correctly in the messages it sends.A0902: Make sure you have got the quoting correct in the $mailer setting. For example,
$mailer = "$sendmail_command -oi -oee -f$sender\@lists.mydomain.de";
is not correct. It needs three backslashes, not one, and the $ at the start of $sender has to be escaped with a backslash.
Q0903: I'm trying to set up majordomo, but I'm getting a "wrong mode" error when I try to send it mail. The panic log entry reads:1999-01-05 11:23:34 0zxZGY-0000vB-00 majordomo_aliases director: /var/lib/majordomo/lists/lists.aliases (lsearch lookup): wrong mode
A0903: Check the mode of /var/lib/majordomo/lists/lists.aliases and compare it with the setting of the modemask option in the majordomo_aliases director. This option specifies bits which must not be set for the alias file, and it defaults to 022.
Q0904: I'm getting return code 9 from /home/majordomo/majordomo-1.94.4/wrapper when it is passed a message from Exim.A0904: A problem like this turned out to be the Perl version that came with RedHat 5.2. Rebuilding Perl 5.005x solved it.
Q0905: Exim is complaining about an invalid command line when Majordomo tries to send it a message for delivery.A0905: Take a look at your majordomo.cf file, It should have something that looks like
$sendmail_command = "/usr/lib/sendmail";
and another line like
$mailer = "$sendmail_command -oi -oee -f\$sender";
If you have modified resend (one of the majordomo programs) to use $sendmail_command instead of $mailer you will be calling Exim with no command line arguments.
A1001: If you set up a rewriting rule in the following form:
*@*.your.domain $1@your.domain
then Exim will rewrite all addresses in the envelope and the headers, removing anything between "@" and "your.domain". This applies to all messages that Exim processes. If you want to rewrite sender addresses only, the the rule should be
*@*.your.domain $1@your.domain Ffrs
This applies the rule only to the envelope "From" address and to the From:, Reply-to:, and Sender: headers.
Q1002: I have Exim configured to remove the hostname portion of the domain on outgoing mail, and yet the hostname is present when the mail gets delivered.A1002: Check the DNS record for your domain. If the MX record points to a CNAME record instead of to an A record, MTAs are liable to rewrite addresses, changing your domain name to its "canonical" form, as obtained from the CNAME record.
Q1003: I want to rewrite local addresses in mail that goes to the outside world, but not for messages that remain within the local intranet.A1003: Exim wasn't really designed to handle this kind of split world, and doing this is not entirely straightforward.
(A) If you are running version 3.20 or later, you can use the headers_rewrite option on a transport. This will apply to just those copies of a message that pass through the transport. The return_path option can similarly be used to rewrite the sender address, but there is no way of rewriting recipient addresses at transport time. However, as these are by definition remote addresses, you probably don't want to rewrite them.
You have to set up the configuration so that it uses different SMTP transports for internal and external mail. Typically this would be done by setting the domains option on a router for handling your internal domains. However, if all domains are routed in the same way (for example, using a DNS lookup), another approach is to use a string expansion for the transport name. For example:
lookuphost: driver = lookuphost transport = ${if match{$domain}{\\.my\\.domain\$}{int_smtp}{ext_smtp}}
This example uses the int_smtp transport for domains ending in .my.domain, and ext_smtp for everything else. The ext_smtp transport could be something like this:
ext_smtp: driver = smtp headers_rewrite = *@*.my.domain \ ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail} return_path = \ ${if match{$return_path}{^([^@]+)@(.*)\\.my\\.domain\$}\ {\ ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail}\ }\ fail}
This example uses a separate file of local-to-external address translations for each domain. This is not the only possibility, of course. The headers_rewrite and return_path options apply the same rewriting to the header lines and the envelope sender address, respectively.
(B) If you are running a version of Exim that is earlier than 3.20, doing this kind of rewriting is very much more difficult. Until the headers_rewrite option was added, all header rewriting was done at the time a message was received. A standard configuration cannot handle rewriting that is specific to certain recipients only.
The simplest thing to do is to upgrade to the latest current Exim release. For those that cannot do that, this old information from the pre-3.20 FAQ is retained:
The trick is to split off a copy of the message to be sent to all external recipients, and do the rewriting on that. This can be achieved by running two differently-configured versions of Exim, either on a single host, or on two different hosts. If you have a gateway or firewall machine, that is the natural place to run the rewriting version.
On a single machine, the following is one way of handling this:
(1) Set up the normal configuration (in the configuration file whose name is screwed into the binary) such that it does local deliveries as required, but forwards a copy of the message for non-local recipients to a different incarnation of Exim via a private SMTP port. For example, use this transport and router:
# Transport to send SMTP using port 26 internal_smtp: driver = smtp service = 26
# Router to send everything the internal_smtp transport pass_remotes: driver = domainlist transport = internal_smtp route_list = * localhost byname self = send
This should be the only router. Because of the self = send setting, Exim will transport the messages, even though it knows it is going to the local host.
(2) Set up a different configuration file for the rewriting version of Exim. This need do no local deliveries, so it needs no local domains or directors, and as it accepts mail only from the local host, there is no need for any spam-blocking or other policy controls. However, it does need to have its own spool area. The main part of the configuration could be like this:
local_domains = local_interfaces = 127.0.0.1 host_reject = !127.0.0.1 spool_directory = /var/spool/exim-external end
Note the use of a negated item for host_reject, causing rejection of SMTP calls from all but the local host.
The directors section can be completely empty (apart from the line saying "end"), while the routers section should be as in a normal configuration, as it is going to control external delivery.
The rule(s) for rewriting your internal addresses into external ones should be in this configuration. This is one example of what might be done:
*@*.your.domain "\ ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail}"
which looks up each local part in a per-host file to obtain the externally-visible address, including (in this example) the domain.
(3) You have to arrange for a daemon to be listening on port 26, and to be using the alternate configuration file. It is necessary to do this as root so that Exim retains its privilege after reading a non-standard configuration. A command such as
exim -C /etc/exim-configure2 -bd -oX 26
could be used in a suitable system start-up file. Alternatively you could set up inetd to run Exim with the -C option for incoming connections on port 26.
The net result of all of this is that when a message has one or more external recipients, a copy of it is sent via port 26 to the second version of Exim, which rewrites any internal addresses and does the external deliveries. The cost of this is that the message has to be copied and spooled twice, and you have two different Exim queues to manage. Note that if the "external" Exim has to send a delivery failure message, it will use the rewritten sender address.
Q1004: I'm using this rewriting rule to change login names into "friendly" names, but if mail comes in for an upper case login name, it doesn't get rewritten.*@my.domain ${lookup{$1}dbm{/usr/lib/exim/longforms}\ {$value}fail}@my.domain bcfrtFT
The longforms database has entries of the form:
ano23: A.N.Other
A1004: Replace $1 in your rule by ${lc:$1} to force the local part to lower case before it is used as a lookup key.
Q1005: Is it possible to completely fail a message if the rewrite rules fail?A1005: It depends on what you mean by "fail a message" and what addresses you are rewriting. If you are rewriting recipient addresses for your local domain, you can do:
*@dom.ain ${lookup{$1}dbm{/wher/ever}{$value}{failaddr}} Ehq
and in your alias file put something like
failaddr: :fail: Rewriting failed.
This fails a single recipient - others are processed independently.
Q1006: I'm using $domain as the key for a lookup in a rewriting rule, but its contents are not being lowercased. Aren't domains supposed to be handled caselessly?A1006: The value of $domain is the actual domain that appears in the address. It could of course be lower cased, but I know that would cause some unhappiness, because some people have mixed-case domain names which look silly if the case is changed. Thus, one wants to preserve the case in rewrites such as
*@*.TheRap.com <something>@$domain
(not the best example) because "therap" doesn't look like two words. I know it seems trivial, but it is important to some people - especially if by some unfortunate accident the lowercased word is something indecent.
You can trivally force lower casing by means of the ${lc: operator. Instead of "$domain" write "${lc:$domain}".
Q1007: I want to rewrite local sender addresses depending on the domain of the recipient.A1007: In general, this is not possible, because a message may have more than one recipient and Exim keeps just a single copy of each message. It may also deliver one copy of a message with several recipient addresses. You can do an incomplete job by using a regular expression match in a rewrite rule to test, for example, the contents of the To: header. This would work except in cases of multiple recipients. See also Q1003.
A1101: To the remote_smtp transport, add something like
headers_add = "${if and{\ {eq{$domain}{spec.dom}}\ {matches{$h_subject:}{whatever}}}\ {Content-Type: text/html; charset=\"us-ascii\"} fail }"
This example shows a Content-Type header, but you can have anything you like, and multiple headers can be inserted by using \n to separate them.
Q1102: Is it possible to have Exim add a header to only certain local_parts of outgoing mail?A1102: Only if you arrange for each such local part to receive its own private copy of the mail. See max_rcpt in the SMTP transport. Then you could use conditions in an expansion string to add or not add a header.
Q1103: How can I remove some part of the Received: header?A1103: Set received_header_text.
Q1104: How I can insert the PGP header line using exim filters?A1104: You can't insert headers in a user filter. A system filter can do so, but the inserted lines then are included for all recipients.
Q1105: I know I can use a system filter to replace certain headers in messages, but how can I add text to existing headers? I want to add [SPAM] to the subject line of messages that appear to be spam.A1105: You can only do this in a round about way, using filter commands like this:
headers add "New-Subject: SPAM: $h_subject:" headers remove subject neaders add "Subject: $h_new-subject:" headers remove new-subject
This trick works only in system filters, where the commands are obeyed in order, and affect the master list of headers that apply to the whole message. You cannot do this with the headers_add and headers_remove options on drivers.
A1201: Put "localhost" in a list of local domains, that is, add it to the local_domains option in your Exim configuration file.
Q1202: Fetchmail is passing on bounce messages to Exim with the sender address set to <@some.domain> which causes Exim to complain, because there is no local part.A1202: This was a fetchmail problem which has been fixed. Ideally, you should upgrade to the current fetchmail release. If you cannot do this, there is some Exim magic that might help. The 'S' rewriting flag allows rewriting of envelope addresses to be done as soon as they are received in the SMTP protocol, before any kind of checking or other processing is done. This is specifically provided for installations that have to cope with mangled addresses coming in over SMTP.
Q1203: I'm currently using Exim with fetchmail and I'd like to use the RBL on Exim, but will it work? Do I need to configure fetchmail any particular way? As far as Exim knows, all mail is coming from 127.0.01. Will it check the source address against RBL? Or will it check the From: header?A1203: It will check 127.0.0.1 (not very useful). The point of the RBL is to keep messages from black-listed hosts out of your machine. If you are using fetchmail, you have got the messages into your machine before you approach Exim. That kind of defeats the purpose of the RBL. The right way to do this would be for the host from which you fetchmail to do the RBL checking and insert some kind of warning header for you to test, as Exim does if you run RBL checks in warning mode.
A1301: If you are using BSDI, see Q9401.
Q1302: Exim built with Perl support exits with several error messages of the form "undefined reference to `PL_stack_sp'".A1302: This has been seen on FreeBSD systems that had two different versions of Perl installed, the older with an a.out library and the newer with an ELF library. Ensure that the older package is removed.
A1401: Use the queue_remote_domains option to control which domains are held on the queue for later delivery. For example,
queue_remote_domains = ! *.localnet
allows delivery to domains ending in .localnet, while queueing all the others.
Q1402: I have a dial-up machine, and I use the queue_smtp_domains option so that remote mail only goes out when I do a queue run. However, any email I send with an address <anything>@aol.com is returned within about 15 minutes saying 'retry time exceeded', and all addresses are affected.A1402: (A) You should be using queue_remote_domains rather than queue_smtp_ domains. With the latter, Exim is trying to route the addresses, which involves a DNS lookup. This is presumably timing out, causing a retry time to be set for the domain, and somehow a valid lookup never happened before the maximum retry time (default of 4 days) passed. Hence the bounce. The fact that it is aol.com is not relevant. You should probably also be using -qq to do your queue run rather than -q.
(B) An alternative approach if you are sending all your outgoing mail to the same smart host is to use a single router like this:
route_append: driver = domainlist transport = remote_smtp route_list = "* smarthost.isp.net byname"
and put the address of the smart host in /etc/hosts, so that it can be found without the need of a DNS lookup. Then you can use queue_smtp_ domains so that Exim does the routing for every message, but doesn't try to deliver it. See also Q1403.
Q1403: How should Exim be configured when it is acting as a temporary storage system for a domain on a dial-up host?A1403: Exim isn't really designed for this, but... The lowest-numbered MX record for the domain should be pointing to your host. You should set a large retry time for that domain, so that Exim doesn't keep trying to deliver when the host is offline. When the host comes online, the waiting messages have to be kicked somehow. This can be done by calling Exim with the -R option, or via the SMTP ETRN command. This works provided the number of messages is low. If you are handling lots of mail, keeping messages waiting for their host to connect and those that are having delivery problems to remote hosts all in the same queue doesn't work so well. It is better in this case to get Exim to deliver the mail for the dial-in hosts into some local files which then get transmitted by other software when the host connects. See the manual chapter entitled "Intermittently connected hosts" and also Q5014 and Q0521.
Q1404: I have queue_remote_domains or queue_smtp_domains set, and use -qf to force delivery of waiting mail when I dial in. How can I arrange for any new messages that arrive while I'm connected to be delivered immediately?A1404: (A) Instead of queue_remote_domains or queue_smtp_domains, use the queue_only_file option. This causes messages to be queued only if a particular file exists. The word "remote" or "smtp" before the file name controls which type of queueing is used. For example:
queue_only_file = remote/etc/present/when/not/connected
Then, in the scripts which are run when you connect and disconnect, arrange to remove the file after connection, and create it just before disconnection.
(B) An alternative is to set hold_domains to point to a file lookup and switch that file appropriately.
A1501: There are a number of technical and potential legal problems that arise in connection with message modification. Some of them are listed below. If, despite these considerations, you still want to modify messages, you can do so using Exim, but not directly in Exim itself. It is not the job of an MTA to modify messages, something that requires understanding of their content and format.
Exim provides a hook in the form of a "transport filter" that lets you pass any outgoing message through a program or script of your choice. It is the job of this script to make any changes to the message that you require. By this means, you have full control over what changes are made, and Exim does not need to know anything about message bodies. However, using a transport filter requires additional resources, and may slow down mail delivery.
You can use Exim's directors and routers to arrange for those messages that you want to modify to be delivered via a transport filter. For example, suppose you want to do this for messages from addresses in your domain that are being delivered to a remote host. Place the following router before the standard lookuphost router:
filter_remote: driver = lookuphost transport = remote_smtp_filter condition = ${if eq {$sender_address_domain}{your.domain}{yes}{no}}
This routes the relevant addresses to a transport called remote_smtp_filter. Other addresses fall through to the normal router, and are routed to the standard remote_smtp transport. Another way to do this would be to use a single router, with an expanded string for the transport setting. The new transport is defined thus:
remote_smtp_filter: driver = smtp transport_filter = /your/filter/command
The entire message is passed to your filter command on its standard input. It must write the modified version to the standard output, taking care not to break the RFC 822 syntax. The command is run as the Exim user, if one is defined; otherwise it is run as root.
There are a number of potential problems in doing this kind of modification in an MTA. Many people believe that to attempt is it wrong, because:
1. It breaks digital signatures, which are becoming legally binding in some countries (already in the UK, likely to be 1 October 2000 in the USA). It may well also break encryption.
2. It is likely to break MIME encoding, that is, it is likely to wreck attachments, unless great care is taken. And what about the case of a message containing only binary MIME parts?
3. It is illegal under German and Dutch law to change the body of a mail message in transit. It might potentially be illegal in the UK under European law. This consideration applies to ISPs and other "common carriers". It would presumably not apply in a corporate environment where modification was done only to messages originating from the employees, before they left the company's network. It might also not apply if the senders have explicitly given their consent (e.g. agreed to have advertisements added to their incoming mail).
4. Since the delivered message body was produced by the MTA (not the originator, because it was modified), the MTA operator could potentially be sued for any content. This again applies to "common carrier" MTAs. It's interesting that adding a disclaimer of liability could be making you liable for the message, but this case seems more likely to involve adding advertisements than disclaimers. After all, no postal service in the world opens all the mail it carries to add disclaimers.
5. Some mail clients (old versions of MS outlook) crash if the message body of an incoming MIME message has been tampered with.
There are also potential problems that could arise if a scheme to add disclaimers goes wrong for some messages:
1. False negatives: "Ah, this guy usually says he does not represent their views, but in this message he doesn't have the disclaimer".
2. False positives: "This official announcement does not represent our views, oh no".
An alternative approach to the disclaimer problem would be to insist that all relevant messages have the disclaimer appended by the MUA. The MTA should refuse to accept any that do not. Again, however, the MTA must understand the format of messages in order to do this. Simply checking for appropriate wording at the end of the body is not good enough. It would probably be necessary to run a Perl script from within an Exim system filter in order to adopt this approach.
Finally, it's a trivial matter to add customized headers of the sort:
X-Disclaimer: This is a standard disclaimer that says that the views X-Disclaimer: contained within this message are somebody elses.
which is a much easier alternative to modifying message bodies.
Q1502: How can I remove attachments from messages?A1502: The answer to this is essentially the same as for Q1501.
A2000: The author of Exim believes that it is Y2K-compliant, as long as the underlying operating system and C library are. Exim does not parse dates or times at all. Internally, it makes some use of binary timestamps in Unix format (number of seconds since 1-Jan-1970) and uses C library services to convert these to printing forms (e.g. for logging). The printing forms all use 4-digit years. Some people have tried various tests. No problems have been reported, but details of what tests have been done are not available.
Well, it's now August 2000, and no Y2K problems have been reported, so it looks like I was right.
A5001: This is an error that occurs when Exim is trying to find out the all the IP addresses on all of the local host's interfaces. If you have lots of virtual interfaces, this can occur if there are more than around 250 of them. The solution is to set the option local_interfaces to list just those IP addresses that you want to use for making and receiving SMTP connections.
Q5002: How can I arrange to allow a limited set of users to perform a limited set of Exim administration functions? I don't want to put them all in the exim group.A5002: See http://www.chiark.greenend.org.uk/~ian/userv/. Using userv you can arrange (for example) for certain users to be able to invoke mailq or runq or other preset commands as exim (or any other user, as configured) with only userv configuration. If you want to check the particular Exim options available you can easily do it with shell or Perl scripts and userv configuration, and provided you know how to do argument `unparsing' properly in shell or Perl it will be secure.
Q5003: How can I test for a message's size being greater or less than a given value in an expansion string?A5003: This isn't straightforward in versions of Exim prior to 2.10, because there were no arithmetic operators in expansion strings. In version 2.10 or later you can write, straightforwardly,
${if > {$message_size}{10K} {yes} {no}}
In earlier versions, low cunning can be used to achieve certain kinds of test. For example, to test if the message size is less than or equal to 1000000:
${if eq{${expand:\$\{substr_-1000000_$message_size:x\}}} {} {yes} {no}}Q5004: I want to "tail" the Exim log, but I have a number of other logs I also want to "tail", and the number of tailing windows is getting to be a nuisance.
A5004: Look for a program called 'xtail' (despite its name, it's not an X-windows application). It allows you to do multiple tails, even of entire directories.
Q5005: I would like to have Exim log information written to syslog.A5005: Support for this is available from version 3.10 onwards.
Q5006: What does the error "Failed to create spool file" mean?A5006: Exim has been unable to create a file in its spool area in which to store an incoming message. This is most likely to be either a permissions problem in the file hierarchy, or a problem with the uid under which Exim is running, though it could be something more drastic such as your disc being full. Check that you have defined the spool directory correctly by running
exim -bP spool_directory
and examining the output. Check the mode of this directory. It should look like this, assuming you are running Exim as user `exim':
drwxr-x--- 6 exim exim 512 Jul 16 12:29 /var/spool/exim
If there are any subdirectories already in existence, they should have the same permissions, owner, and group. Check also that you haven't got incorrect permissions on superior directories (for example, /var/spool). Check that you have set up the exim binary to be setuid root. It should look like this:
-rwsr-xr-x 1 root xxx 502780 Jul 16 14:16 exim
Note that it is not just the owner that must be root, but also the third permission must be "s" rather than "x".
Q5007: Exim keeps crashing with segmentation errors (signal 11 or 139).A5007: This might be a problem with the db library. See Q0505.
Q5008: Exim's databases keep getting corrupted.A5008: See Q0505.
Q5009: I've been using an autoreply director to try and mimic a bounce message, but I can't get it to have an envelope from of <>.A5009: You haven't, by any chance, put "exim" in the list of never_users, have you?
Q5010: I see entries in the log that mention two different IP addresses for the same connection. Why is this? For example:H=tip-mp8-ncs-13.stanford.edu ([36.173.0.189]) [36.173.0.156]
A5010: The actual IP address from which the call came is the final one. Whenever there's something in parentheses in a host name, it is what the host quoted as the domain part of an SMTP HELO or EHLO command. So in this case, the client, despite being 36.173.0.156, issued the command
HELO [36.173.0.189]
when it sent your server the message. This is, of course, very misleading.
Q5011: How can I persuade Exim to accept ETRN commands without the leading # character?A5011: Set the option
smtp_etrn_command = /usr/lib/sendmail -R $domain
This causes Exim to run that command, with $domain replaced by the argument of ETRN. The default action of Exim is to require the # sign in order to be RFC-compliant, and to run the equivalent of
smtp_etrn_command = /usr/lib/sendmail -R ${substr_1:$domain}
which uses the argument without the leading # as the value for the -R option. You aren't restricted to running Exim with the -R option, of course. You can specify any command you like, with any number of arguments. In particular, you can pass over the IP address of the caller via $sender_host_address. However, if you make use of expansion strings in the arguments, each one must be entirely contained in a single argument. For example, if you want to remove the first character of the ETRN argument when it is @ or #, you could use
smtp_etrn_command = "/usr/lib/sendmail -R \ \"${if match {$domain}{^[@#]}{${substr_1:$domain}}{$domain}}\""
The internal quotes are necessary because of the white space inside the expansion string.
If you use smtp_etrn_command to run something other than Exim with the -R option, you must disable smtp_etrn_serialize, because otherwise the serialization lock (which is set by default) never gets removed.
Q5012: I've recently noticed that emails I send with a Bcc: line are being delivered to their final destination with the Bcc: line still present.A5012: Exim removes Bcc lines only if you call it with the -t option (i.e. when it is acting partly as an MUA). It does not remove Bcc lines that are present in incoming SMTP mail or command-line mail that does not use -t. Indeed, it should not remove them. From RFC 822:
5.3. BCC / RESENT-BCC
This field contains the identity of additional recipients of the message. The contents of this field are not included in copies of the message sent to the primary and secondary recipients. Some systems may choose to include the text of the "Bcc" field only in the author(s)'s copy, while others may also include it in the text sent to all those indicated in the "Bcc" list.
Only the initiating software (i.e. the MUA) can tell what to do with Bcc; any MTA software has to leave it alone.
Q5013: I used gv v3.5.8 (ghostview) to try printing spec.ps. After every printed page, the printer ejects a blank sheet. Is this something to do with using "letter" rather than A4 paper?A5013: This seems to be an effect of using ghostview. Although the PostScript is generated for A4 pages, the size of the page images is such that they should fit on a letter page (they are shorter than would normally be used on A4 paper). If the PostScript file is sent directly to a PostScript printer, there is no problem. An alternative is to get hold of the "psutils" toolset, which is available from
ftp://ftp.dcs.ed.ac.uk/pub/psutils/psutils.tar.gz
It contains utilities for extracting pages (which can be useful for double-sided printing) and for resizing pages. If you resize from A4 to letter the text shrinks a bit, but should then be printable via ghostview.
Q5014: I would like to have a separate queue per domain for hosts which dial in to collect their mail.A5014: Exim isn't really designed for this kind of operation. The only way to do this would be to cause it to send those messages to a differently configured version of Exim with its own spool area. This could be done via a pipe or SMTP to a private port. The main Exim, listening on port 25, would then be configured to run an appropriate command to prod one of the others when it received ETRN, by means of the etrn_command option.
You could probably manage this with a single Exim binary and a number of different configuration files, passed to the special versions using the -C option. For this application they could all run as exim, since no root privilege would be needed.
An alternative approach id to get Exim to deliver mail for such hosts in batch SMTP format into some directory, and have the ETRN run something to pass such messages to the dialled-in host. See also Q0503 and Q0521.
Q5015: A short time after I start Exim I see a <defunct> zombie process. What is causing this?A5015: Your system must be lightly loaded as far as mail is concerned. The daemon sets off a queue runner process when it is started, but it only tidies up completed child processes when it wakes up for some other reason. When there's nothing much going on, you occasionally see <defunct> processes like this waiting to be dealt with. This is perfectly normal.
Q5016: On a reboot, or a restart of the mail system, I see the message "Mailer daemons: exim abandoned: unknown, malformed, or incomplete option -bz sendmail". What does this mean?A5016: -bz is a Sendmail option requesting it to create a "configuration freeze file". Exim has no such concept and so does not support the option. You probably have a line like
/usr/lib/sendmail -bz
in some start-up script (e.g. /etc/init.d/mail) immedately before
/usr/lib/sendmail -bd -q15m
The first of these lines should be commented out.
Q5017: I would like to restrict e-mail usage for some users to the local machine, ideally on a group basis.A5017: See A9802
Q5018: Whenever exim restarts it takes up to 3-5 minutes to start responding on the SMTP port. Why is this?A5018: Something else is hanging onto port 25 and not releasing it. One place to look is /etc/inetd.conf in case for any reason an SMTP stream is configured there.
Q5019: Why aren't there any man pages for Exim? I don't always carry my printed documentation.A5019: As well as plain ASCII text, the Exim documentation is provided in two online forms - texinfo and HTML - which have a certain amount of built- in indexing for ease of finding your way around. There are no man pages because the author of Exim hasn't the time (or desire :-) to maintain yet another documentation format. Besides, it is hard to know how to split the Exim manual up.
There is a contributed man page for a previous version of Exim in
ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/Contrib/doc/exim.8
This was written by a previous maintainer of the Debian GNU/Linux Exim package. You can view a nicely formated version at:
http://dwww.jimpick.com/cgi-bin/dwww?type=man&location=/usr/man/man8/exim.8.gz
This contains some introductory text and the command line options only.
Q5020: When I send a message using the -t command line option, Exim sends only to the addresses within the message, not to those on the command line.A5020: By default Exim operates according to the Sendmail documentation, and interprets addresses on the command line as addresses not to send to. You can set
extract_addresses_remove_arguments = false
to change this behaviour. There is some confusion in the Sendmail community about the interpretation of recipient addresses on the command line if the -t option is used.
Here is an except from one version of the sendmail documentation
-t Read message for recipients. To:, Cc:, and Bcc: lines will be scanned for recipient addresses. The Bcc: line will be deleted before transmission. Any addresses in the argument list will be suppressed, that is, they will not receive copies even if listed in the message header.
Earlier versions of the sendmail documentation are ambiguous (unlike the snippet above). Apparently the code and documentation streams resolved the ambiguity differently.
Q5021: If I set up, for example, local_domains = *customer.com, then it matches "customer.com" and "abc.customer.com" as required, but it also matches "noncustomer.com", which is wrong. How can I get round this?A5021: (A) You have to specify two entries in the list:
local_domains = customer.com : *.customer.com
because * in a domain list matches any characters, including "." and including a null sequence.
(B) Alternatively, you could use a regular expression:
local_domains = ^(.+\.|)customer\.com$
but that probably will not be as efficient.
(C) If you have lots of local domains, you could put them into a file to be searched (using lsearch, dbm, cdb, or whatever) and use a partial search such as
local_domains = partial-dbm;/list/of/domains
If the file contains the key *.customer.com then the desired effect is achieved, because partial lookups do operate on a component basis. See the section entitled "Partial matching in domain lists". It is a bit confusing that "*" is used in this context, because its meaning is not the same as when it appears directly in a domain list.
Q5022: I want to match all local domains of the form *.oyoy.org but want a few exceptions. For instance I don't want foo.oyoy.org or bar.oyoy.org to be treated as local. What is the best way to do this?A5022: (A) From release 3.00 onwards, you can put negative items in the local_domains setting, like this:
local_domains = !foo.oyoy.org : !bar.oyoy.org : *.oyoy.org
If there are many exceptions, you can use a lookup instead of listing them all inline.
(B) Otherwise, you can use a regular expression:
local_domains = ^.*(?<!^foo|^bar)\.oyoy\.org$
An alternative formulation that is more efficient in execution (because it doesn't backtrack for .* in cases that don't match) is
local_domains = ^(?>.*$)(?<=\.oyoy\.org)(?<!^(foo|bar)\.oyoy\.org)
If you are using an earlier version of Exim in which the regular expression library does not have lookbehind support (versions prior to 2.051, but after 1.735):
local_domains = ^(?!(foo|bar)\.oyoy\.org$).+\.oyoy\.org$
If you are using a version of Exim that is earlier than 1.735, consider upgrading!
Q5023: I can't seem to find a pre-built version of Exim anywhere. The machine is a Sparc 5 running Solaris 2.6.A5023: The problem is that there are a number of build-time options, requiring the answer to questions like:
. Which DBM library do you have? (On Solaris probably ndbm, but no easy default on some other systems.)
. Which uid/gid do you want to use for Exim?
. Where do you want the configuration file to be? (Many different answers, even on the same OS, depending on local policy.)
. Ditto for the binaries.
. Which optional bits of Exim do you want to include?
... and so on. One could impose a set of values, but I suspect they would probably please nobody.
Q5024: Is there a Windows NT version of Exim available?A5024: A long time ago somebody took a copy of the Exim source with the aim of trying to port it to NT. However, I never heard anything more.
Q5025: Does Exim support Delivery Status Notificaion (DSN), Message Status Notification (MSN), or any other form of delivery acknowledgement?A5025: See A0517.
Q5026: What does "Exim" stand for?A5026: Originally, it was "EXperimental Internet Mailer", which was the best I could come up with when I was starting out. At that point it was experimental - I wanted to see if the ideas I had for extending Smail's approach actually worked. Then somebody discovered about it and wanted to start using it, and told other people about it...
Q5027: What does the log message "no immediate delivery: more than 10 messages received in one connection" mean?A5027: See A0518.
Q5028: Although I haven't set check_spool_space, Exim is still checking the amount of space on the spool for incoming SMTP messages that use the SIZE option. Can I suppress this?A5028: The RFC for the SIZE option says
If the server currently lacks sufficient resources to accept a message of the indicated size, but may be able to accept the message at a later time, it responds with code "452 insufficient system storage".
and that is what Exim is trying to implement. This is entirely independent from check_spool_space, which says "don't accept any mail if there is less than so much space in the spool partition", though the code is optimised to do both checks at the same time if required. However, you can suppress the SIZE check if you want to, by unsetting smtp_check_spool_space.
Q5029: I just noticed log entries that start off "<= <>". Am I correct in assuming that the "<>" indicates that the envelope did not contain any "From" data?A5029: Yes. This indicates a delivery failure report (aka "bounce message"). Here is what RFC 1123 has to say about this:
"If there is a delivery failure after acceptance of a message, the receiver-SMTP MUST formulate and mail a notification message. This notification MUST be sent using a null ("<>") reverse path in the envelope; see Section 3.6 of RFC-821. The recipient of this notification SHOULD be the address from the envelope return path (or the Return-Path: line). However, if this address is null ("<>"), the receiver-SMTP MUST NOT send a notification. If the address is an explicit source route, it SHOULD be stripped down to its final hop."
The reason for using empty sender addresses is to identify bounce messages so that they themselves do not cause further bounces. However, this has made life harder for those that want to check incoming mail for valid senders. It is a pity that some other mechanism (e.g. a keyword on the MAIL command) was not used instead, but it is far too late to change now.
Empty senders are also used for other kinds of report which should not themselves cause the generation of bounce messages. For example, Exim uses them when sending out warnings about delivery delays.
Q5030: I've received a message which does not have my address in the To: line. It is a spam message with the same address in both the From: and the To: headers. How can this happen, and why doesn't Exim reject it?A5030: There is an important distinction between the "envelope" from and to and the "header" from and to. The former are sometimes called the "sender" and "recipient". An email message needs an "envelope" for the same reason that paper mail does - the envelope tells the delivery mechanism what to do with *this copy* of the message, whereas the To: header lists all the recipients, including those who have been sent different copies of the message because their mailbox is on some other host.
An MTA such as Exim normally works entirely with the "envelope" addresses, not with those in the header lines. However, you can specify that it should do some checking of header addresses by setting a number of options whose names begin with headers_.
Don't try to block mail where envelope from and the header from differ. There are common legitimate cases where this happens, for example, messages forwarded from mailing lists and delivery failure reports.
Q5031: Can (or will) Exim ever handle a message delivery purely in memory, that is, it is handled without it ever hitting the disc?A5031: It doesn't, and never will. Accepting and delivering a message are two entirely separate, independent processes, which communicate only by writing/reading the message on the disc.
Q5032: If I am using dbm files for data that Exim reads, can I rebuild them on the fly, or do I need to restart Exim every time I make a change?A5032: Exim re-reads the file every time it consults it, so if you are using a cdb or a DBM library that uses just a single file (i.e. NOT ndbm) then you can just build the new file with a temporary file name, and use "mv" to rename it into the correct place on the fly. If there are two files to rename, there is a window of time during which the DBM database is inconsistent. On lightly loaded systems this may not matter.
Q5033: What are the main differences between using an Exim filter and using procmail?A5033: Exim filters and procmail provide different facilities. Exim filters run at directing time, before any deliveries are done. A filter is like a ".forward file with conditions". One of the benefits is de-duplication. Another is that if you forward, you are forwarding the original message.
However, this does mean that pipes etc. are not run at filtering time, nor can you change the headers, because the message may have other recipients and Exim keeps only a single set of headers.
Procmail runs at delivery time. This is for one recipient only, and so it can change headers, run pipes and check the results, etc. However, if it wants to forward, it has to create a new message containing a copy of the original message.
It's your choice as to which of these you use. You can of course use both.
Q5034: I need an option that is the opposite of -bpa, that is, a listing of those addresses generated from a top-level address that have not yet been delivered.A5034: Exim does not keep this information. It saves only the top-level addresses and the list of addresses that are finished with. At each delivery attempt, generated addresses are recomputed from scratch. This makes it possible to correct errors in .forward and alias files that are causing delivery delays. However, there is an option you can set on an aliasfile or forwardfile director that changes things. It is called one_time, and if it is set, the list of generated addresses gets added to the top-level list at the first delivery attempt, and is never regenerated. Because top-level address lists must be real email addresses, this option cannot be used if any of the generated addresses are pipes, files, or autoreplies.
Q5035: I am getting complaints from a customer who uses my EXIM server for relaying that they are being blocked with a "Too many connections" error.A5035: See smtp_accept_max and related options such as smtp_accept_reserve.
Q5036: When I try "exim -bf" to test a system filter, I received the following error message: "Filter error: unavailable filtering command "fail" near line 8 of filter file".A5036: Use the -bF option to test system filters. This gives you access to the freeze and fail actions.
Q5037: How can I make Exim receive incoming mail, queue it, but NOT attempt to deliver it? I want to be in this state while moving some mailboxes.A5037: (1) Set queue_only in the Exim configuration. (2) Kill off your daemon, and restart it without the -q option (i.e. with just the -bd option), so that it does not spawn any queue runners. This stops all deliveries, remote as well as local. To stop just local deliveries, assuming that none of your routers are configured to send messages directly to a local transport, make this your first director:
defer_all: driver = smartuser new_address = :defer:
When you are ready to go again, remove that director and do a -qf run to override the retry times. This solution works from release 3.10 onwards. In earlier releases an aliasfile director must be used because :defer: was not available for use in smartuser.
Q5038: What does the rejection message "reject all recipients: 3 times bad sender" mean?A5038: See the section of the manual entitled "Sender verification". Exim has failed to verify a sender from the same host 3 times within a period of 24 hours.
Q5039: The menu in Eximon isn't working. It displays, but I can't select anything from it.A5039: On some X implementations, if the numlock key is pressed (so that the numeric keypad is working) then the menu didn't work properly in versions of Eximon before Exim release 3.10. The problem is an infelicity in the particular implementation of X. A workaround was introduced at release 3.10, so this problem should no longer be encountered.
Q5040: What does "ridiculously long message header" in an error report mean?A5040: There has to be some limit to the length of a message's header lines, because otherwise a malefactor could open an SMTP channel to your host, start a message, and then just send characters continuously until your machine ran out of memory. (Exim stores all the header lines in main memory). For this reason a limit is imposed on the total amount of memory that can be used for header lines. The default is 1MB, but this can be changed by setting HEADER_MAXSIZE in Local/Makefile. Exceeding the limit provokes the "ridiculous" error message.
Prior to release 3.022 Exim used two separate limits, one on the length of an individual header line and one on the total number of header lines. A header line longer than 8192 used to provoke the error "Header line is ridiculously overlong". In subsequent releases there is no limit on individual header lines; only the total header size matters.
Q5041: What does Exim use for POP as a default? Do I have to install anything else?A5041: Yes. Exim provides MTA functionality. That is, it delivers mail. POP is one of several ways of reading previously-delivered mail. Exim does not provide that functionality.
Q5042: I see that Exim doesn't support SSL. Can it be made to work with stunnel?A5042: From release 3.20, Exim does support SSL/TLS, by making use of the OpenSSL library.
The problem with using stunnel is that all your SSL connections look like they come from 127.0.0.1 - none of your IP based policies will have any effect. This means that you are basically an open relay, anyone who connects to your server via SSL can relay through you, whether they are local or not (and who knows, spammers may someday evolve brains enough to try using SSL ports).
One solution to this is to force all SSL connections to authenticate before relaying. This is how one user has done this:
First make sure you are set up to do SMTP AUTH properly (see the sample configuration C034). Then add MUSTAUTH to the auth_hosts line in your configure file. If you don't already have a list of IPs there, it will look like this:
auth_hosts = MUSTAUTH
If you have some IPs you want to authenticate, add them like this:
auth_hosts = MUSTAUTH:10.1.1.1:10.1.1.2
Then invoke stunnel like this:
/usr/local/sbin/stunnel -d 465 -l /usr/exim/bin/exim \ -p /usr/local/ssl/certs/exim.pem -- exim -bs -DMUSTAUTH=127.0.0.1
Whenever an SSL connection is established, Exim is invoked with the macro MUSTAUTH defined as 127.0.0.1, which forces that one particular instance to authenticate, without disrupting normal 127.0.0.1 operations via non-SSL sessions.
Q5043: Is there an easy way of removing all queued messages at once in a safe way?A5043: Try this command:
exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | shQ5044: What is the best way to provide backup MX for clients?
A5044: If the clients are always online, all you need to do is to have MX records for their domains pointing to your host, with suitable preference values, and ensure that their domains are listed in relay_domains. If the clients are not always online, see Q1403.
Q5045: Why does Exim do "ident" callbacks by default? Isn't this just a waste of resources? I've been told this is an ancient way of authentication. Is it obsolete?A5045: This is a common mistake, at least partially resulting from the incorrect naming of the protocol when it was first published. The service on port 113 is an identification service, which allows a target host to record information identifying the user responsible for making a connection to it. The information may not be intelligible to the recording host - it could, for example, be encrypted so that only someone on the calling host can make sense of it. It is useful for providing additional information in an audit trail.
The data should not be used for authentication in any form except on a closed secure network between cooperating hosts (probably not even then). The information from the source host is only as reliable as the host itself - if it's not under your control then you have to treat the information as opaque data that can be used by the sysadmin of the source system to trace back connection data - and some ident implementations send out opaque cookies or DES encrypted information. Ident is hugely useful at times - especially for checking back on connections from multiuser machines (as opposed to one-person desktop boxes).
You can stop Exim making ident calls by adding
rfc1413_query_timeout = 0s
to its configuration, but it is better to leave it active (reducing the timeout if it is causing problems) - it costs very little, and in cases of mail forgery from a multiuser system can track the sinner concerned very quickly.
Q5046: I often have the problem that a message gets stuck in the mailq and I want it to be bounced to a certain address.A5046: You can do this using a combination of four command line options, like this:
exim -Mf 14Fdlq-0003kM-00 exim -Mmad 14Fdlq-0003kM-00 exim -Mar 14Fdlq-0003kM-00 new@ddress exim -M 14Fdlq-0003kM-00
The first command freezes the message so that a queue runner won't start to deliver it while you are changing things. The second command marks all existing recipients as delivered. The third command adds a new recipient, and the fourth command forces a delivery of the message, which will cause it to be delivered to the new address, and then deleted.
Q5047: What precautions should I take when editing exim.conf?A5047: Edit exim.conf to exim.conf.new. Then run
exim -bV -C exim.conf.new
That will check for syntax errors without disturbing your running configuration. If you are paranoid enough, as root run
exim -C exim.conf.new <some address> <some message> .
and see if it delivers it. Carry on testing until happy. When happy,
mv exim.conf.new exim.conf kill -HUP `cat /var/spool/exim/exim-daemon.pid`
Then check the Exim log to be sure the daemon restarted OK. Watch the log for a bit to see that mail is flowing.
Q5048: Is exim able to use RFC 2645, On-demand Mail Relay (ODMR)?A5048: No.
Q5049: I want to send every bounced mail that is received by my server, as "headers-only" to the sysadmin. How can I do this?A5049: 1. Set up a transport with headers_only to do the delivery.
2. Set up a smartuser director that directs messages to a special local alias (e.g. "sysadmin-header") to that transport.
3. Set up a system filter file, containing something like
if first_delivery and error_message then unseen deliver sysadmin-header@your.domain endifQ5050: What POP3 daemon should I use with Exim? I want something with configurable authentication mechanisms.
A5050: Qmail-pop has a checkpasswd part that can be hacked to add whatever authentication you want. There is also Solid POP which has a lot of Exim support in it (e.g. nhash). There is also Cyrus, which is self-contained, so you don't have to worry about ownership of mailboxes and also it can be poked into authenticating from just about anything. However, in general, YMMV, and really what suits one user may not suit another. There is a mailing list at pop-imap@exim.org for the discussion of POP/IMAP issues. More information can be found in its archives.
Q5051: Is there any way I can send bounces to the postmaster, and nobody else? Basically, I want to recieve them, and I don't want the reply/from person to get them. If I think they need it I will forward it myself.A5051: Put errors_to=postmaster on every router and director.
(Bundled) cc: "buildconfig.c", line 54: error 1705: Function prototypes are an ANSI feature.
A9301: The bundled compiler is not an ANSI C compiler. You either have to get a copy of gcc from the HPUX Software Porting Archives or buy the ANSI cc from HP. The advice given by one user of HP systems on the Exim mailing list was as follows:
"Personally, I wouldn't use anything but the ANSI C compiler. gcc works for compilation, but it doesn't know squat about PA-RISC chips past the 1.0 rev. Since then, HP has come out with PA-RISC 1.1, 2.0, and 2.1, each with better features. gcc will compile for them, but it doesn't produce anywhere near the optimization that HP's compiler does.
I took the gcc road when we moved from FreeBSD to HP-UX because I was familiar with it. After 6 months, I had to go and re-port everything over when we realized that gcc wasn't going to do it for us long-term. If I could give advice to any new HP-UX admin: don't use gcc if you can afford the ANSI C compiler. Based on the cost of even the lowest HP workstation, that usually isn't a problem."
./exim: can't load library 'libperl.so'
A9401: You probably compiled perl5 yourself, without looking into
/usr/src/contrib/perl5/perl5.004_02/hints/bsdos.sh
first. The problem is that the command
perl5 -MExtUtils::Embed -e ldopts
doesn't give you sufficient flags to link something with libperl. Since 5.004_02 the hints/bsdos.sh file has changed to adapt to the changes between BSDI 3.1 and 4.0, but it is still not entirely right.
The solution is, when you compile perl, change the "ccdlflags" variable in config.sh to:
-rdynamic -Wl,-rpath,/usr/local/lib/perl5/5.00502/i386-bsdos/CORE
(or something similar). Alternatively, you can run ./Configure and answering the question "Any special flags to pass to cc to use dynamic loading?" with the above line. It is not known what -rdynamic means (it's not apparently documented in any man page), but that's what BSDI guys did to compile perl5 which comes with BSDI 4.0 distribution.
A9501: This problem was fixed in Exim release 2.03. If you are running an earlier version you should use the local_interfaces option to specify all your IP addresses explicitly.
Q9502: The IP addresses for incoming calls are all being given as 255.255.255.255 or 0.0.0.0.A9502: From release 3.21, Exim contains a workaround that should fix this problem. If you are using an earlier release, read on...
If you used the gcc compiler 2.8.x or a version in the 2.95 series, there is a known bug with the "gethost" function under Irix. SGI recommends using either their cc compiler in Irix 6.5, or a lesser version of the gnu compiler. Version 2.7.2.3 is known to work. Alternatively, there is an Inst-able port of Exim for Irix at http://freeware.sgi.com, but it is not likely to be the latest release. There is further information about this problem, which is described as a "classic gcc structure-in-a-register bug" at this URL:
http://www.ccp14.ac.uk/ccp14admin/apache13/apache255error.html
This is a summary that I was sent:
"Gcc does not correctly pass/return structures which are smaller than 16 bytes and which are not 8 bytes. The problem is very involved and difficult to fix. It affects a number of other targets also, but irix6 is affected the most, because it is a 64 bit target, and 4 byte structures are common. The exact problem is that structures are being padded at the wrong end, e.g. a 4 byte structure is loaded into the lower 4 bytes of the register when it should be loaded into the upper 4 bytes of the register."
A9601: This has been seen in cases where Exim has been incorrectly built with a muddled combination of an ndbm.h include file and a non-matching DBM library.
Faults like this have also been seen on systems with faulty motherboards. You could try to compile the Linux kernel 10 times - if the compile process stops with signal 11, your hardware is to blame.
Q9602: Exim has created a directory called build-Linux-libc5-i386 but is trying to reference build-Linux-libc5-i386-linux while building.A9602: You have several shells installed, which are setting conflicting values in the HOSTTYPE environment variable that is used to construct the name of the build directory. One way round this is to run this command:
ln -s build-Linux-libc5-i386-linux build-Linux-libc5-i386
This problem should no longer be encountered in release 3.10 or later. Exim has been changed to get the host type from the "uname" command preferentially.
Q9603: I want to use logrotate which is standard with RH5.2 Linux to rotate my mail logs. Anyone worked out the logrotate config file that will do this?A9603: Here's one suggestion:
/var/log/exim/main.log { create 644 exim exim rotate 4 compress delaycompress }
The sleep is added to allow things to close the log file prior to compression. You also need similar entries for the panic log and the reject log, of course.
Q9604: I'm seeing the message "inetd[334]: imap/tcp server failing (looping), service terminated" on a RedHat 5.2 system, causing imap connections to be refused. The imapd in use is Washington Uni vers 12.250. Could this be anything to do with Exim?A9604: No, it's nothing to do with Exim, but here's the answer anyway: there is a maximum connection rate for inetd. If connections come in faster than that, it thinks a caller is looping. The default setting on RedHat 5.2 is 40 calls in any one minute before inetd thinks there's a problem and suspends further calls for 10 mins. This default setting is very conservative. You should probably increase it by a factor of 10 or 20. For example:
imap stream tcp nowait.400 root /usr/sbin/tcpd /usr/local/etc/imapd
The rate setting is the number following "nowait". This syntax seems to be specific to the Linux version of inetd. Other operating systems provide similar functionality, but in different ways.
Q9605: I get the "too many open files" error especially when a lot of messages land for majordomo at the same time.A9605: The problem appears to be the number of open files the system can handle. This is changable by using the proc filesystem. To your /etc/rc.d/rc.local file append something like the following:
# Now System is up, Modify kernel parameters for max open etc.
if [ -f /proc/sys/kernel/file-max ]; then echo 16384 >> /proc/sys/kernel/file-max fi if [ -f /proc/sys/kernel/inode-max ]; then echo 24576 >> /proc/sys/kernel/inode-max fi if [ -f /proc/sys/kernel/file-nr ]; then echo 2160 >> /proc/sys/kernel/file-nr fi
By echoing the value you want for file-max to the file file-max etc., you actually change the kernel parameters.
Q9606: I'm having a problem with an Exim RPM.A9606: Normally the thing to do if you have a problem with an RPM package is to contact the person who built the package first, not the person who made the software that's in the package. You can usually find out who made a package using the following command:
rpm --query --package --queryformat '%{PACKAGER}\n' <rpm-package-file>
where <rpm-package-file> is the actual file, e.g. `exim-3.03-2.i386.rpm'. Or, if the package is installed on your system:
rpm --query --queryformat '%{PACKAGER}\n' <package-name>
where <package-name> is the name component of the package, e.g. `exim'. If the packager is unable or unwilling to help, only then should you contact the actual author or associated mailing list of the software.
If you discover through the querying process that you can't tell who the person (or company or group) is who built the package, or that they no longer exist at the given address, then you should reconsider whether you want a package from an unknown source on your system.
If you discover through the querying process that you yourself are the person who built the package, then you should either (a) contact the author or associated mailing list, or (b) reconsider whether you ought to be building and distributing RPM packages of software you don't understand.
Similar rules of thumb govern other binary package formats, including debs, tarballs, and POSIX packages.
Q9607: I installed debian 2.2 linux on a small 325mb 486 laptop. When I try to test the Mail program, I get the following error: "Failed to open configuration file /etc/exim.conf".A9607: The Debian installation should have given you /usr/sbin/eximconfig, which asks you some questions and then sets up the configuration file in /etc/exim.conf. Try running that (you'll probably need root) and see how it goes. In any case you get a thoroughly commented conf file at the end, which will give you a sample from which to work if you need further modification.
The exim docs in the Debian package are in /usr/doc/exim and the full reference manual is spec.txt.gz
Q9608: I'm getting the error "db.h: No such file or directory" when I try to build Exim under RedHat 7.0.A9608: See Q0113.
A9701: Make sure you are liking with the GNU ld linker and not the system version of ld.
Q9702: How can I get rid of spurious ^M characters in messages sent from CDE dtmail?A9702: CDE dtmail passes messages to Exim via the command line interface with lines terminated by CRLF, instead of the Unix convention of just LF. As Exim is an 8-bit clean program it treats the CR as just another data character. Exim has a command line option called -dropcr which causes it to ignore all CR characters in an incoming non-SMTP message. You should configure dtmail to add this option to the command it uses to call Exim (using the path /usr/lib/sendmail). However, it has been reported that it isn't possible to change this call from dtmail by any official means. An alternative approach is to replace /usr/lib/sendmail by a filtering script which removes the spurious CRs from the input before passing it to Exim.
Q9703: On SunOS 4 Exim crashes when looking up domains in the DNS that have more than 10 A records.A9703: There are Sun library patches to fix this. It is not Exim's problem. For 4.13_U1 the patch is 101558-xx; for 4.1.3 the patch is 100891-xx. From the README: 1054748 ftp, ping dump core when connecting to a host with multiple DNS A records.
An alternative is to build another resolver library - such as the ones that are part of the bind distribution - and explicitly link against those.
Q9704: The menu in Eximon isn't working on my Sun system.A9704: With OpenWindows, if the numlock key is pressed (so that the numeric pad is working) then some menus don't work. This appears to be true for the console and (some) remote X-window servers. A workaround for this problem was introduced in the 3.10 Exim release, so it should no longer be encountered.
Q9705: I am experiencing mailbox locking problems with Sun's mailtool used over a network.A9705: Under the "Expert" settings of mailtool is a option to turn on "Use network aware mail file locking". By default dtmail has this set, but mailtool doesn't. You should set it. The help info on dtmail has this to say about it:
"Mailer tries to prevent two different instances of itself from opening the same mail file at the same time through a technique that detects this access when both instances of Mailer and the file are all on the same machine. A network-aware mail file locking protocol is available that uses ToolTalk to coordinate instances of Mailer running from more than one machine, or mail files accessed over the network. Mailer can only change this option when first opening a mail file."
If you are using the SunOS4 version of mailtool, this apparently doesn't work. The only thing which does seem to work it getting the user to hit the "done" button to make it release the lock.
Q9706: Exim has been crashing on my Solaris x86 system, apparently while running DBM functions.A9706: The use of ndbm with gcc has caused problems on x86 Solaris systems. Try changing one or the other; using either db 1.85 with gcc, or Sun's WS compiler with ndbm, has fixed this in the past.
Q9707: The exiwhat utility isn't working for me on a Solaris 2 system.A9707: Have you got /usr/ucb on your path? If so, it is probably picking up the wrong version of the ps command. The exiwhat script is built on Solaris to expect the normal Solaris version of ps.
Q9708: How do I stop Sun's dtcm from hanging?A9708: From qmail's FAQ: "There is a novice programming error in dtcm, known as ``failure to close the output side of the pipe in the child.'' Sun has, at the time of this writing, not yet provided a patch."
Q9709: I want Exim to use only the resolver (i.e. ignore /etc/hosts), but don't want to alter the nsswitch.conf file in Solaris 2.A9709: You need to rebuild Exim after fiddling with OS/os.h-SunOS5:
#define gethostbyaddr res_gethostbyaddr #define gethostbyname res_gethostbyname #define endhostent res_endhostent #define endnetent res_endnetent #define gethostent res_gethostent #define getnetbyaddr res_getnetbyaddr #define getnetbyname res_getnetbyname #define getnetent res_getnetent #define sethostent res_sethostent #define setnetent res_setnetent
Exim uses gethostbyname and gethostbyaddr only, but may use others in the future. Note that -lnsl is still needed in the Makefile as it contains code used by the NIS lookup and also the inet_addr function that Exim uses.
A9801: (1) add partial-lsearch;/etc/mail/tpc.domains to local_domains; /etc/mail/tpc.domains is a text file with lines in this format:
9.3.5.1.0.8.1.tpc.int.
This sample line indicates that we accept faxes destined for 1(801)539-*.
(2) Set up the following transport:
tpc: driver = pipe command = /usr/local/tpc/tpcmailer.pl ${local_part}@${domain} \ ${sender_address} pipe_as_creator
/usr/local/tpc/tpcmailer.pl is the mail processing script that can be obtained from the TPC distribution.
(3) Set up the following director:
tpc_director: driver = smartuser transport = tpc domains = partial-lsearch;/etc/mail/tpc.domains
Of course, there are other things to do as well before your system is a functioning TPC server.
Q9802: How do I configure Exim so that it sends mail to the outside world only from a restricted list of our local users?A9802: There are several possible ways that this can be done.
(A) You can restrict the senders directly by putting a setting such as this one on all the drivers that route to the outside (usually this is just the final lookuphost router):
senders = :^[^@]+@(?!${rxquote:your.domain}\$):\ lsearch;/permitted/senders
The first item in this list is empty, to match the empty sender. This is necessary because bounce messages have null senders. The second item is a regular expression that matches any address whose domain is not your domain. This caters for cases when mail from an external user has arrived for a local user who has forwarding set up to some outside address.
If the first two items do not match (that is, the address is in your domain) the sender is looked up in a file of permitted senders; each item in the file must be a complete address, including the domain. If the sender is unacceptable, an "unrouteable mail domain" error will occur because the router won't run, and there are no more to try.
(B) If your local users are in many domains, it may be easier to use a condition option to test the domain and local part independently, along these lines:
condition = \ ${lookup{${domain:$sender_address}}lsearch{/domain/list}\ {\ ${lookup{${local_part:$sender_address}}lsearch\ {/permitted/senders}{yes}{no}}\ }\ {yes}}
Obviously other means of testing the domain and local part could be substituted, for example, by having separate files of valid local parts for each local domain.
(C) If your local users are logged in to your host, you could use a special group for those that are permitted to mail to the world. Assuming your groups are defined in /etc/group you could arrange to look up the group in that file and then check that the sender was in the group,using something along these lines:
condition = \ ${lookup{groupname}lsearch{/etc/group}\ {${if match {$value}\ {[:,]${rxquote:${local_part:$sender_address}}(,|\$)}\ {yes}{no}}}{no}}
This is checking the local part of the sender; a alternative might be to check $sender_ident. However, you should really also check that $sender_host_address is either unset or set to 127.0.0.1 or your IP address, so you check only locally-originated mail.
A block like this does not prevent a logged in user from sending mail by telnetting to another host's SMTP port, or indeed from installing a private version of Exim to do the job for her.
(D) On a gateway server that has no local users and so receives all the mail via SMTP from client hosts, you could use a rewriting rule to rewrite sender addresses in your local domain from a table of legal local parts, replacing any illegal addresses with an address such as unknown@your.domain. If this is combined with sender_verify=true it causes messages from users that are not in the table to be refused, assuming that the gateway is capable of verifying the local part of user@your.domain.
Q9803: How do I configure Exim to run with SmartList?A9803: This is what was done for Exim's own mailing list, using SmartList/ procmail 3.11pre7. It runs as its own user - trying to manage mailing lists under your own ID can be hard work. Smartlist is installed into /var/spool/slist, and there is an slist user defined. Each list appears as a directory under /var/spool/slist (as per usual for Smarlist). Exim is configured like this:
# slist added to list of trusted users so it can # manipulate sender addresses
trusted_users = exim:slist
# in transports, a list transport is defined:
list_transport: driver = pipe command = /var/spool/slist/.bin/flist \ ${local_part}${local_part_suffix} current_directory = /var/spool/slist home_directory = /var/spool/slist user = slist group = slist
# in directors a list director is defined:
list_director: driver = smartuser suffix = -request suffix_optional local_parts = !.bin:!.etc require_files = /var/spool/slist/${local_part}/rc.init transport = list_transport
and thats it - no aliases, no special handling of out lists etc. What you do need is to ensure that choplist is used for distribution (that is, do not uncomment the alt_sendmail entry which is blank).
A couple of other things are forced - for example since the list runs in its own domain the domain value is forced to exim.org.
Then everything else is basic SmartList configuration - and that's moderately well documented. A confirmation stage on signup was added - now when you subscribe you are sent a confirmation which you must return before the system subscribes you (this prevents people subscribing their "friends" and makes sure that the addresses really do work). The confirm package is available at:
ftp://ftp.fatfree.com/confirm-1.1.tar.gz
and was written by Michelle Dick.
Q9804: How do I configure Exim to minic PP's "tripnote" facility?A9804: See C005.
Q9805: How do I configure Exim to handle local parts with extensions?A9805: See C010.
Q9806: How do I configure Exim so that only a restricted list of users can receive mail from external domains?A9806: See C013.
Q9807: I have someuser@mydomain.com that I only want certain users to be able to mail to. How do I accomplish this?A9807: This is a transport:
bounce: driver = autoreply from = postmaster@mydomain.com to = $sender_address user = exim subject = "Re: Your mail to ${local_part}" text = "You are not allowed to mail to ${local_part}."
This is a director that should come before all the others:
special_user: driver = smartuser local_parts = someuser transport = bounce senders = !: !lsearch;/list/of/permitted/senders
Note that leading "!:" in senders. It allows the null sender <> to be valid (i.e. not to match this director). This is necessary, since bounce messages have null senders. All other permitted senders must be in the file as complete addresses, including a domain.
Q9808: A site for which I provide secondary MX is down for some time. Is there a way to run the queue for that destination separately from the main queue?A9808: No, because Exim does not have the concept of "the queue for that destination". It simply has a single pool of messages awaiting delivery (and some of them may have several destinations). The best approach to this is to arrange for all messages for the site to be saved somewhere other than the main spool, either on a separate dedicated MTA, or in BSMTP files. There is an example of the latter approach in C014.
Q9809: How do I implement VERP (Variable Envelope Return Paths) in Exim?A9809: See C017.
Q9810: I'd like to make a copy of all outgoing messages to a local mailbox. Is there a solution for this using an Exim filter?A9810: The following filter makes a copy of every message, except for delivery failure reports:
# Exim filter
# Ignore error messages if error_message then finish endif
# Copy if this is the first delivery attempt if first_delivery then unseen deliver copy@your.domain errors_to postmaster@your.domain endif
The keyword "unseen" stops this being a "significant delivery", so that the message goes on to be delivered as normal. The errors_to setting changes the envelope sender on the copy so that if there is a problem delivering it, the bounce message is sent to postmaster.
You can add to the condition setting to select specific messages. To make a copy of outgoing messages only requires a definition of "outgoing". Because a message may have many recipients, simply testing for your own domain in both the From: and the To: headers is not enough. You can craft your own conditions, but here is one suggestion:
if $h_from: contains your.domain and foranyaddress $h_to:,$h_cc: ($thisaddress does not contain your.domain) then unseen deliver copy@your.domain errors_to postmaster@your.domain endif
This takes copies of messages whose From: header contains your.domain and whose To: and Cc: headers contain at least one address that does not contain your.domain. See also Q9817.
Q9811: I want to make a copy of outgoing messages to a specific file for each user in a specific directory, using a "save" command in a system filter. How can I arrange for Exim to write to these files under the correct UID/GID?A9811: You need to set up a special transport and tell Exim to use it for file deliveries from the system filter. Add the following setting to your configuration:
message_filter_file_transport = copy_transport
Then define copy_transport like this
copy_transport: driver = appendfile delivery_date_add envelope_to_add user = ${local_part:$sender_address}
This assumes that you want to run the delivery under the uid associated with the local part of the sender address. Alternatively, you could just use user=exim and do all the writing under the same UID/GID.
Q9812: How can I keep an archive of all mail for some specific local email addresses?A9812: You could use a system filter, along the lines of
if first_delivery and <tests for appropriate addresses> then unseen save /mail/archive/${substr_0_10:$tod_log} endif
That would create a new file for each day. However, in order to use this, you will need to set message_filter_file_transport to point to an appropriate transport which includes a setting of "user" to specify which uid to run the saving under, as is described in Q9811.
Q9813: How can I configure Exim to provide a vacation message when there are no local users on my mail hub?A9813: See C019.
Q9814: We want to be able to temporarily lock out a user by disabling the password and moving the home directory to another place. How can we arrange to reject mail for users in this state?A9814: Change the home directory pointer in the passwd file to something distinctive. For example, we use /home/CANCELLED for cancelled users. Then you can pick up such users with this director, which is placed immediately after system_aliases:
cancelled_users: driver = localuser transport = cancelleduser_pipe fail_verify match_directory = /home/CANCELLED
This sends messages for cancelled users to the following special transport:
cancelleduser_pipe: driver = pipe command = "/opt/exim/util/cancelleduser.sh" ignore_status return_output user = nobody
The script simply generates a message saying that the user is cancelled on its standard output. This gets returned to the original message sender in an error report.
If you don't want to change the home directory in the passwd file, an alternative is to check for the non-existence of the home directory with
require_files = +!$home
instead of setting match_directory.
Q9815: I need an alias, say "fakeaddress" that should receive a message, strip all reply-to: headers present, substitute another one pointing to "otheraddress" and forward a message to "realaddress".A9815: Add this director:
fakeaddress_director: driver = smartuser domain = (if necessary to restrict the domain) local_parts = fakeaddress headers_remove = reply-to headers_add = reply-to: otheraddress new_address = realaddress
If there are several of these aliases then you could list them in a file along with the corresponding other addresses, and use lookups instead of the fixed values shown above.
Q9816: How can I set up Exim to work with Listar?A9816: See http://www.cs.huji.ac.il/~vadik/listar-exim/.
Q9817: I need to take copies of all incoming and outgoing mail for certain users. For each user there may be a different monitoring address.A9817: You can adapt the filter solution given in Q9810 by adding a test for the relevant local parts. Create a file containing lines like this:
user1@domain1: monitor1@monitor.domain1 user2@domain2: monitor2@monitor.domain2
and then use the following command in a system filter:
if ${lookup{$sender_address}lsearch{/some/file}{$value}{}} is not "" then unseen deliver ${lookup{$sender_address}lsearch{/some/file}{$value}} errors_address = postmaster@your.domain else if foranyaddress $recipients (${lookup{$thisaddress}lsearch{/some/file}{$value}{}} is not "") then unseen deliver ${lookup{$thisaddress}lsearch{/some/file}{$value}} errors_address = postmaster@your.domain endif endif
It is messy to have to repeat the lookups, but it won't be inefficient, because Exim caches the results of successful lookups.
Q9818: How can I add a disclaimer to the end of every message?A9818: See Q1501.
Q9819: I would like to append a simple advertisement text to all outgoing and local mails.A9819: See Q1501.
Q9820: How can I configure Exim so that all mails adressed to something@username.domain.net get delivered to /var/spool/mail/username?A9820: There are several possibilities, depending on exactly how you are set up. Here is one approach: First, arrange that all the domains you are interested in are local domains, for example, by listing them in a file:
local_domains = /list/of/domains
If there are lots of them, a DBM or cdb file should be used for a faster lookup. Assuming that "username" is set up as a user on your system, and you have a configuration that can handle username@domain.net in the normal way, all you have to do is to arrange to convert the recipient address by means of a smartuser director like this:
user_in_domain: driver = smartuser domains = /list/of/domains new_address = ${if match{$domain}{^([^.]+)\\.domain\\.net\$}{$1}fail}@domain.net
This should be the first director.
Q9821: How do I get exim not to add a Sender: header to locally originated mail?A9821: It only adds it if the From: header doesn't correspond to the user sending the message. From release 3.14 onwards, you can suppress this by setting no_local_from_check. Alternatively,
(1) You can get it removed later, by putting
headers_remove = Sender
on all your transports. This doesn't test for locally originated mail, but you could use a more complicated expansion string to make that test. For example
headers_remove = ${if eq{$sender_host_address}{}{Sender}}
which removes it only if there is no sending host address.
(2) If your real question "how do I submit mail from UUCP without it adding Sender:?" Then see Q0603.
Q9822: How can I get Exim to work with mailman?A9822: The configuration in http://www.exim.org/howto/mailman.html was used for the Exim mailing list before it switched to SmartList.
Q9823: Is there any way to have messages sent to a specific local address delayed by - say - 24 hours?A9823: Using Exim 3.10 or later, the answer is "yes". Set up a smartuser director like this:
delay: driver = smartuser domains = the.domain local_parts = thelocalpart condition = ${if < ${$message_age}{86400}{yes}{no}} new_address = :defer: message not old enough
Of course, this will also have the effect of setting a retry time for the address. You may want to set a special retry rule for it.
Q9824: I have a mailing list exploder on one host, and three other hosts where I want to do the actual deliveries from. How can I get Exim to split a message into groups of recipients between the three hosts?A9824: Splitting into groups of recipients can be done by setting max_rcpt in the SMTP transport. Persuading Exim to spread the groups between three hosts is a little harder. Suppose you have 300 addresses, and max_rcpt is set to 100. One approach is to try hosts_randomize in a domainlist router, like this:
split: driver = domainlist transport = remote_smtp hosts_randomize route_list = * hostA:hostB:hostC byname
Unfortunately, this doesn't work quite as you might expect. There are six different permutations of the host list, and so if the randomizing works perfectly, Exim will end up with
50 addresses routed to hostA:hostB:hostC 50 addresses routed to hostA:hostC:hostB 50 addresses routed to hostB:hostC:hostA 50 addresses routed to hostB:hostA:hostC 50 addresses routed to hostC:hostA:hostB 50 addresses routed to hostC:hostB:hostA
Although a total of 100 addresses have hostA as their first host, Exim will still send them in two separate SMTP calls, because it can only batch up addresses that have identical host lists. If hostA is down, it will send 50 of these to host B and 50 to host C. It will aways send six copies of the message.
With only three hosts, this isn't a major problem, but if the number of hosts increases, it becomes more serious. If there are four delivery hosts, there are 24 different permuations, and with five hosts there are 120, so 120 messages are sent. When the hosts are not all of the same power, you might want to use a list like
hostA:hostA:hostA:hostB:hostB:hostC
to send more to hostA, and this makes the situation worse. There is, however, a way to solve this. Instead of putting the host list on the router, put it on the transport. The router just contains one host:
split: driver = domainlist transport = special_smtp route_list = * hostA byname
and the transport has the full list, set to override the router's host:
special_smtp: driver = smtp hosts = hostA:hostA:hostA:hostB:hostB:hostC hosts_override hosts_randomize max_rcpt = 100
Now all 300 addresses are routed to the same host, so they are sent to the transport 100 at a time. The transport overrides the router's host with its own list, which it randomizes each time. (This works only for releases of Exim after 3.16 - up to and including that release, there is a bug that prevents it re-randomizing for each group.) See also C040.
Each sample configuration is held in a separate file in the config.samples directory. Those with names of the form Cnnn are Exim configurations; those with names of the form Fnnn are filter file fragments.
C001: "This config will support delivery across multiple systems using NIS to look up delivery addresses from the mail.aliases database."
C002: "Although exim not intended for use in UUCP environment (it doesn't know anything about bang!path addresses), I'm successfully using it for delivering mail to UUCP clients."
C003: "I've read down through Q0601 and your request for UUCP examples. Here's how I'm doing it." (This example uses routers.)
C004: "Here's a BSMTP over UUCP [configuration] - the transport is Taylor/GNU UUCP - which takes the long option types." (This example uses directors.)
C005: "I am using a virus scanner program that is invoked by a pipe, scans the mail and re-invokes Exim to do the delivery. The pipe is invoking a perl script that tries to unpack and MIME, zip and other archives and then applies the McAfee scanner on the results."
C006: "This is how I have configured a PP-inspired vacationnote, there is (was?) such a feature in PP. The user makes a file "tripnote" in his/her home directory, the message is passed to the sender once with a short leading text."
C007: "If I host a domain foo.dom on my machine as a virtual domain I expect it to be completely virtual and separate from other mail domains that end up on my machine."
C008: "And of course it is possible to do a very interesting solution to this [virtual domains] using LDAP."
C009: "These are suggested parts of a configuration for looking up users in /etc/passwd.domain rather than in /etc/passwd ..."
C010: "One of our customers is looking for us to support addresses of the form username+extension@domain.com, primarily for use with procmail."
C011: "Thanks to Philip and others I now have my ISP style config built and therefore am posting the final configuration fragments to the list in case anyone else wants to do a similar thing."
C012: "I've written a small chapter how-to configure Exim for use with UUCP (mostly condensed from the exim-user mailing list plus some experimenting) and would be glad if it could be included in the Exim documentation."
C013: "I've take some tips from the FAQ about permitting only certain users to send to external mail and came up with my own for the receiving part."
C014: "If I have a situation where a site I MX for has a known outage I stash all their mail into a directory in BSMTP format."
C015: "This approach to virtual domains has helped me a great deal, and is so easy to maintain (add and modify as appropriate)."
C016: "Herewith my configuration." (A complete configuration, including simple virtual domains, along the lines of C015).
C017: "I have gotten the new VERP feature of Exim 2.054 working in test, along with some supporting programs to handle bounces that do come back."
C018: "This Majordomo configuration removes a lot of the aliases, and automates a lot of the other functions based on whether the files or directories exist."
C019: "The following configuration file entries can be used to provide a 'vacation'-style function for a mailhub which has no local users."
C020: "I was asked for a copy of the programs we were using to mail everybody."
C021: "Here is some sample code that might be useful for handling X-Failed-Recipients headers generated by Exim, with mailing lists."
C022: "This is the Exim configuration file of a machine which delivers mail to several local domains where the mail is delivered locally, several hairy domains, handled as described below, and a half-virtual domain, which is first processed by its special alias file, then processed as other local domains (including the processing by the global alias file)."
C023: A Perl script and instructions for hooking it into Exim in order to handle disposition-notification-to and return-receipt-to by using a shadow transport to send copies of delivered messages to the script.
C024: "In case anybody wants to use a MySql database to store aliases this is how I managed to get my site working."
C025: "As promised here is the way I got Exim to delver to Cyrus mailboxes if the user exists in the MySql database."
C026: "The following configuration and program will allow messages going to AOL only, to be filtered thru a Perl script. This Perl script will convert any URL's to the HTML syntax. In addition, the transport will use VERP to send a unique envelope sender with each message."
C027: "This is an FYI to demonstrate how to have exim work with SSL using the stunnel wrapper and its underlying OpenSSL libraries and toolkit."
C028: "This Python script reads from stdin and writes to stdout. It strips all the MIME attachments from a mail message that are one of the mime types listed on the command line. Exim can use it in its configuration file, for example, as follows:"
C029: "The standard way to connect one's MTA to a list manager seems to be to add a set of aliases for every list one creates. Once upon a time, I crufted a set of configs from Smail to work with majordomo, to automaticaly recognize the standard patterns, for all lists in existence...I have setup a set of transports and directors for Exim, which will do the same thing for mailman."
C030: "I am currently configuring an exim for a site that will to mail hosting for several domains. I want the domain holders to have control over 'their' alias files, being able to create their own aliases. However, I don't want them to have postmaster, abuse and other role accounts under their control."
C031: "These are config file snippets for handling certain remote addresses as local, and making only real external addresses visible to users."
C032: "This is the Exim Nervous Mailbox Quota Suite. It does not impose hard quotas on users' mailboxes, but it makes a user nervous by putting all his mail in a secondary mailbox, inaccessible to the user, when he is over his quota. When the user clears his mailbox (i.e., deletes mail to make his mailbox below the quota again), mail from his secondary mailbox is transferred back to his primary mailbox, in FIFO order."
C033: "Here's our current automatic vacation recipe".
C034: "This is a HOW-TO for setting up Exim to support SMTP authentication under different environments, including regular password files, PAM and NIS."
C035: "These configurations enable exim and hylafax (www.hylafax.org) work together, I mean sending fax by email (user@123456.fax)."
C036: "My aim was to have an LDAP-driven system for mail delivery."
C037: An elegant way of using ETRN, which does immediate delivery if the host is online, but saves mail in a BSMTP file after some time on the queue. ETRN then re-injects the mail.
C038: Amavis virus scanning: "Here ya go. This is the config we use... this box is our main MX host then relays it to our real server for delivery."
C039: "For reference, this is how I got PAM authentication from a standard UNIX password database with Eudora 4.3 clients to work on a Debian 2.2 (Intel) system. This configuration assumes that you are using standard UNIX crypt passwords; pam-pwdfile is NOT compatible with MD5 encrypted passwords."
C040: "Exim 3.20 has a feature that allows a large mailing of a single message to be sent to many different relays. This is useful for mailing lists, as it allows the message to be relayed to multiple machines, in groups of 100 addresses, for final delivery."
C041: "Attached you will find a plain text file where I explain how to set up mailman to use virtual environment (single setup for many domains)."
F001: "I thought that the rest of the list may be interested in reviewing our filter as a starting point for their own system message filter."
F002: "... program which refused mail from unknown addresses until they mailed me promising not to spam me ... since I'd already thought through how to do it in Exim, and knew it'd be slightly easier than falling out of bed, I went ahead and did it."
F003: "Here's four checks installed in our system wide filter that knock out a lot of otherwise hard to detect rubbish."
F004: "This is an Exim filter snippet to change locally-generated Message-Id: and Resent-Message-Id: headers to world-unique values."