X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/bd4dbfa326a2f2e33b24869aa62f0031bac61a82..fcea5ed3accf6963971e744c7f183e266b47706c:/FAQ.html diff --git a/FAQ.html b/FAQ.html index b9aca2d..573ea50 100644 --- a/FAQ.html +++ b/FAQ.html @@ -12,7 +12,7 @@ improvements, and additions are welcome.
-This version of the FAQ applies to Exim 3.10 and later releases. The syntax of +This version of the FAQ applies to Exim 3.20 and later releases. The syntax of some of the options was altered and tidied up at release 3.00. Some of the examples quoted here will not work with earlier releases. @@ -24,48 +24,48 @@ files that can be found in the separately distributed directory called
- ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/config.samples.tar.gz+ ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/config.samples.tar.gz + ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/config.samples.tar.bz2
There are brief descriptions of these files at the end of this document.
The FAQ is divided into the following sections: Debugging, -Building exim, -Mailbox locking, -Routing, -Directing, -Delivery, -UUCP, -Performance, -Policy controls, -Majordomo, -Rewriting addresses, -Headers, -Fetchmail, -Perl, -Dial-up, -Modifying message bodies, -Millennium, -Miscellaneous, -HP-UX, -BSDI, -IRIX, -Linux, -Sun systems, -Cookbook, and -List of sample configurations. +Building exim, +Mailbox locking, +Routing, +Directing, +Delivery, +UUCP, +Performance, +Policy controls, +Majordomo, +Rewriting addresses, +Headers, +Fetchmail, +Perl, +Dial-up, +Modifying message bodies, +Millennium, +Miscellaneous, +HP-UX, +BSDI, +IRIX, +Linux, +Sun systems, +Cookbook, and +List of sample configurations.
Philip Hazel <ph10@cus.cam.ac.uk>
-Last update: 13-June-2000 (addition of section 15)
-Last general update: 15-December-1999
+Last update: 23-April-2001
@@ -887,7 +1011,8 @@ A0002: Exactly how is it not working? Check the more specific questions in the A0003: The most common meaning of exit code 69 is "unavailable", and this often means that when Exim tried to exec the command xxx, it failed. One cause of this might be incorrect permissions on the file containing the - command. + command. See also + Q0033.
Q0004: My virtual domain setup isn't working. How can I debug it? @@ -1150,6 +1275,12 @@ A0021: "Broken pipe" is the error you get on some OS when the far end just reason (e.g. it is too big) instead of sending a 5xx error code. Have you tried sending a small message to the same address? + ++ It has been reported that some releases of Novell servers running NIMS + are unable to handle lines longer than 1024 characters, and just close + the connection. This is an example of this behaviour. +
(C) If the problem occurs right at the start of the mail, then it could @@ -1162,7 +1293,7 @@ A0021: "Broken pipe" is the error you get on some OS when the far end just There have been problems when something in the middle of the network mishandles large packets due to IP tunnelling. In a tunnelled link, your IP datagrams gets wrapped in a larger datagram and sent over a network. - This is how virtual private networks (VPNs), and some ISP's transit + This is how virtual private networks (VPNs), and some ISP transit circuits work. Since the datagrams going over the tunnel require a larger packet size, the tunnel needs a bigger maximum transfer unit (MTU) in the network handling the tunnelled packets. However, MTUs @@ -1316,6 +1447,10 @@ A0026: These kinds of delay are usually caused by some kind of network problem (3) host_lookup and any other options that require the remote host's name to be looked up from its IP address. +
++ (4) sender_verify_hosts_callback and sender_verify_callback_domains. +
You can use the -bh option to get more information about what is @@ -1423,7 +1558,7 @@ A0033: If your alias entry looks like this:
Q0035: What does the error "Spool file is locked" mean? @@ -1445,10 +1580,187 @@ A0035: This is not an error[*]. All it means is that when an Exim delivery message has somehow got stuck. -+A0036: You are using a version of Exim built with gcc on an IRIX box. + See + Q9502. + +
+Q0037: I can't seem to figure out why PAM support doesn't work correctly. + + ++A0037: There is a problem using PAM on Linux with shadow passwords when the + calling program is not running as root. Exim is normally running as the + Exim user when authenticating a remote host. I don't know of an easy + resolution to this. + +
+Q0038: I'm trying to use a query-style lookup for hosts that are allowed to + relay, but it is giving really weird errors. + + ++A0038: Does your query contain a colon character? Remember that + host_accept_relay operates on a colon-separated list, so you need to + double any colons in the query. This applies even if the query is + defined as a macro. + +
+Q0039: Exim is rejecting calls from hosts that have more than one IP address, + for no apparent reason. + + ++A0039: You are using Solaris 7 or earlier, and have "nis dns files" in + /etc/nsswitch.conf. Change this to "dns nis files" to avoid hitting Sun + bug 1154236 (a bad interaction between NIS and the DNS). + +
+Q0040: Exim is failing to find the MySQL library, even though is it present + within $LD_LIBRARY_PATH. I'm getting this error: + + ++ /usr/local/bin/exim: fatal: libmysqlclient.so.6: open failed: + No such file or directory+
+A0040: Exim is suid, and LD_LIBRARY_PATH is ignored for suid binaries on a + Solaris (and other?) systems. What you should be doing is adding + -R/local/lib/mysql to the same place in the compilation that you added + -L/local/lib/mysql. This lets the binary know where to look without + needing a path variable. + +
+Q0041: I have a collection of Exim processes that have been around for days, + and are apparently stuck while trying to deliver to remote hosts. This + is causing the messages they are handling to get stuck. + + ++A0041: There appears to be a problem in the connect() function in some + operating systems, such that it does not time out as it should. Setting + connect_timeout in the smtp transport causes Exim to apply its own + timeout, and this seems to overcome this problem. In Exim 3.15 the + default was changed from zero (rely on system's timeout) to 5 minutes, + which is the value recommended in the RFCs. + +
+Q0042: I have a message in the spool which couldn't be delivered because of a + timeout from the remote smtp server. When I try to deliver this message + in eximon, I get "Spool file is locked". How can I deliver the message? + + ++A0042: Find the Exim proccess that is stuck, and kill it. You may be able to + use exiwhat to do this, but if it is stuck in connect() it may not + respond, and you will have to identify it some other way. Now read + + Q0041 about why this might have happened. + +
++ If you have a suitable debugger on your system, you may be able to find + out more information before killing the process. For example, if you + have gdb you can connect it to the process by running this command as + root: + +
++ gdb exim <process-id>+
+ At the gdb prompt, give the "bt" (backtrace) command, to display the + stack contents. This should tell you the name of the function in which + the process is stuck. If this is connect(), then you do have the + Q0041 + problem. + +
+Q0043: What does the error "lookup of host "xx.xx.xx" failed in yyyy router" + mean? Any suggestions to stop this these sort of errors from being + frozen would be muchly appreciated. + + ++A0043: You configured a domainlist router to send the message to xx.xx.xx. When + it tried to look up the IP address for that host, the lookup failed + with a permanent error. As this is a manual routing, this is a + considered to be a serious error which the postmaster needs to know + about (maybe you have a typo in your file), and there is little point + in keeping on trying. So it freezes the message. + +
++ 1. Don't set up routes to non-existent hosts. + +
++ 2. If you must set up routes to non-existent hosts, and don't want + freezing, set the host_find_failed option on the router to do something + other than freeze. + +
+Q0044: My filter isn't working. How can I test it? + + ++A0044: Use the -bf option (-bF for a system filter) to test the basic operation + of your filter. If you also turn on debugging at level 10 (-d10) it will + output information as the filter runs. + +
+Q0045: Exim works fine on one host, but when I copied the binary to another + identical host, it stopped working (it could not resolve DNS names). + + ++A0045: Is the new host running exactly the same operating system? Most + importantly, are the versions of the dynamically loaded libraries + (files with names like libsocket.so.1) the same on both systems? If not, + that is probably the cause of the problem. Either arrange for the + libraries to be the same, or rebuild Exim from source on the new host. + +
+Q0046: Once in a while, a user will send a message and immediatly get a + response back "No Transport Provider" If they choose "Send Again", + sometimes it works, sometimes it doesn't. + + ++A0046: This problem has been seen on Debian Linux 2.1 systems. The best advice + seems to be to upgrade your server to a later Debian release and a later + Exim release, and maybe also upgrade the hardware. + +
+Q0047: I set host_accept_relay to do a lookup in a file of IP addresses, but it + doesn't work. + + ++A0047: Did you remember to put `net-' at the start of the the search type? If + you set something like this: + +
++ host_accept_relay = lsearch;/some/file+
+ it searches the file for the host name. You need to set + +
++ host_accept_relay = net-lsearch;/some/file+
+ to make it use the IP address as the key to the lookup. + +
+@@ -1487,7 +1799,7 @@ A0102: Either: the libraries used in Caldera OpenLinux Base 1.1.
-Q0103: I can't get Exim to compile with Berkeley DB version 2.x. +Q0103: I can't get Exim to compile with Berkeley DB version 2.x.@@ -1497,7 +1809,7 @@ A0103: Have you set USE_DB=yes in Local/Makefile? This causes Ex system.
-Q0104: I'm getting an "undefined symbol" error for hosts_ctl when I try to +Q0104: I'm getting an "undefined symbol" error for hosts_ctl when I try to build Exim. (On some systems this error is "undefined reference to 'hosts_ctl'".) @@ -1507,7 +1819,7 @@ A0104: You should either remove the definition of USE_TCP_WRAPPERS or add -lwrap to your EXTRALIBS setting in Local/Makefile. -Q0105: I'm about to upgrade to a new Exim release. Do I need to ensure the +Q0105: I'm about to upgrade to a new Exim release. Do I need to ensure the spool is empty, or take any other special action? @@ -1521,7 +1833,7 @@ A0105: If you are changing to release 3.00 or later from a release prior to install a new binary and then HUP the daemon if you are running one. -Q0106: What does the error "install-info: command not found" mean? +Q0106: What does the error "install-info: command not found" mean?@@ -1532,7 +1844,7 @@ A0106: You have set INFO_DIRECTORY in your Local/Makefile, and Exim is tr the install-info command is not available.
-Q0107: Exim doesn't seem to be recognizing my operating system type correctly, +Q0107: Exim doesn't seem to be recognizing my operating system type correctly, and so is failing to build. @@ -1558,7 +1870,7 @@ A0107: Run the command "scripts/os-type -generic". The output shou distribution, to avoid any wreckage left over from the failed attempt. -Q0108: I am getting an error "`exim' undeclared here" when I compile, in the +Q0108: I am getting an error "`exim' undeclared here" when I compile, in the globals.c module. @@ -1568,7 +1880,7 @@ A0108: You have set EXIM_UID = exim in your Local/Makefile. Unfortunately However, in the runtime configure file names are permitted. -Q0109: Exim fails to build, complaining about the absence of the "killpg" +Q0109: Exim fails to build, complaining about the absence of the "killpg" function. @@ -1585,20 +1897,65 @@ A0109: This function should be present in all modern flavours of Unix. If you system, and is the output of the command "scripts/os-type -generic". -Q0110: I'm getting an unresolved symbol ldap_is_ldap_url when trying to build +Q0110: I'm getting an unresolved symbol ldap_is_ldap_url when trying to build Exim.A0110: You must have specified LOOKUP_LDAP=yes in the configuration. Have you remembered to set -lldap somewhere (e.g. in LOOKUP_LIBS)? You need that - in order to get the LDAP scanned when linking. + in order to get the LDAP library scanned when linking. + +
+Q0111: I'm getting an unresolved symbol mysql_close when trying to build Exim. + + ++A0111: You must have specified LOOKUP_MYSQL=yes in the configuration. Have you + remembered to set -lmysqlclient somewhere (e.g. in LOOKUP_LIBS)? You + need that in order to get the MySQL library scanned when linking. + +
+Q0112: I'm trying to build Exim with PAM support. I have included -lpam in + EXTRALIBS, but I'm still getting a linking error: + + ++ /lib/libpam.so: undefined reference to `dlerror' + /lib/libpam.so: undefined reference to `dlclose' + /lib/libpam.so: undefined reference to `dlopen' + /lib/libpam.so: undefined reference to `dlsym'+
+A0112: Add -ldl to EXTRALIBS. In some systems these dynamic loading functions + are in their own library.
-+A0113: This problem has been seen with RedHat 7.0, but could also happen in + other environments. If your system is using the DB3 DBM library, you + need to install the DB3 development package in order to build Exim. + The package is called something like db3-devel-3.1.14-16.i386.rpm for + Linux systems, but you should check which version of DB3 you have + installed. + +
+Q0114: I'm getting the error "/usr/bin/ld: cannot find -ldb1" when I try to + build Exim. + + ++A0114: This is probably the same problem as + Q0113. + +
+local_delivery: driver = appendfile - file = /var/mail/${local_part}+ file = /var/mail/$local_part
and the permissions on the directory probably look like this: @@ -1665,28 +2022,31 @@ A0201: Your configuration specifies that local mailboxes are all held in
If your problem involves mail to root, see also - Q0507. + Q0507.
-Q0202: I am experiencing mailbox locking problems with Sun's mailtool used +Q0202: I am experiencing mailbox locking problems with Sun's mailtool used over a network.A0202: See - A9705 in the Sun-specific section below. + A9705 in the Sun-specific section below.
--A0301: It means exactly what it says. Exim has tried to route a domain that it - thinks is not local, and when it looked it up in the DNS, the lowest - numbered MX record pointed at the local host. +A0301: They mean exactly what they say. Exim has tried to route a domain that + it thinks is not local, and when it looked it up in the DNS, either the + lowest numbered MX record pointed at the local host, or there were no + MX records, and the address record for the domain pointed to an IP + address that belongs to the local host.
@@ -1761,11 +2121,22 @@ A0301: It means exactly what it says. Exim has tried to route a domain that it
(C) If neither (A) nor (B) is the case, then the lowest numbered MX - record for the domain should not be pointing to your host. You - should arrange to get the DNS mended. + record or the address record for the domain should not be pointing + to your host. You should arrange to get the DNS mended. + +
++ There has been a rash of instances of domains being deliberately set + up with MX records pointing to "localhost", which causes this + behaviour. By default, Exim defers delivery and freezes the message. + You can change what Exim does by setting the generic "self" option + on the router, for example, to make it bounce such domains. If you + are running a release later than 3.16, you can use the option + called ignore_target_hosts instead, to get it to pretend such hosts + do not exist.
-Q0302: How do I configure Exim to send all non-local mail to a gateway host? +Q0302: How do I configure Exim to send all non-local mail to a gateway host?@@ -1777,18 +2148,18 @@ A0302: Replace the lookuphost router in the default configuration with th send_to_gateway: driver = domainlist transport = remote_smtp - route_list = "* gate.way.host byname" + route_list = * gate.way.host byname
This uses gethostbyname() to find the gateway's IP address. You could alternatively have "bydns" to do a DNS lookup with MX handling, in which case "gate.way.host" is really being treated as a mail domain name rather than a host name. If there are several hosts you can send to, you can specify them as a colon-separated list. See also - Q0325 and - Q0402. + Q0325 and + Q0402.
-Q0303: How do I configure Exim to send all non-local mail to a central server +Q0303: How do I configure Exim to send all non-local mail to a central server if it cannot be immediately delivered by my host? I don't want to have queued mail waiting on my host. @@ -1803,16 +2174,16 @@ A0303: Add to the remote_smtp transport the following: If there are several names, they must be separated by colons. -Q0304: How can I arrange for messages submitted by (for example) Majordomo to +Q0304: How can I arrange for messages submitted by (for example) Majordomo to be routed specially? -Q0305: How do I arrange for all incoming email for *@some.domain to go into one +Q0305: How do I arrange for all incoming email for *@some.domain to go into one pop3 mail account? The customer doesn't want to add a list of specific local parts to the system. @@ -1838,13 +2209,13 @@ A0305: Set up a special transport that writes to the mailbox like this: special_router: driver = domainlist transport = special_transport - route_list = "some.domain" + route_list = some.domainAlternatively, you could make some.domain a local domain, and use a smartuser director instead.
-Q0306: The route_list setting +Q0306: The route_list setting ^foo$:^bar$ $domain byname in a domainlist router does not work. @@ -1863,16 +2234,16 @@ A0306: The first thing in a route_list item is a single pattern, not a item can be a list - of hosts. -Q0307: I'm getting "permission denied" when Exim attempts to check a +Q0307: I'm getting "permission denied" when Exim attempts to check a require_files option.A0307: See - A0410 below. + A0410 below.
-Q0308: I have a domain for which some local parts must be delivered locally, +Q0308: I have a domain for which some local parts must be delivered locally, but the remainder are to be treated like any other remote addresses. @@ -1896,7 +2267,7 @@ A0308: The way to do this is not to include the domain in local_domains be handled as normal remote addresses. -Q0309: For certain domains, I don't want Exim to use MX records. Instead, I +Q0309: For certain domains, I don't want Exim to use MX records. Instead, I want it just to look up the hosts' A records. I tried using a negative entry in mx_domains in the smtp router, but it didn't work. @@ -1936,7 +2307,7 @@ A0309: The mx_domains option specifies domains for which there must route_list option. -Q0310: How can I configure Exim on a firewall machine so that if mail arrives +Q0310: How can I configure Exim on a firewall machine so that if mail arrives addressed to a domain whose MX points to the firewall, it is forwarded to the internal mail server, without having to have a list of all the domains involved? @@ -1949,13 +2320,13 @@ A0310: As your first router, have the standard lookuphost router from theno_more - self = fail_soft+ self = pass
This will handle all domains whose lowest numbered MX records do not point to your host. Because of the no_more setting, if it encounters an unknown domain, routing will fail. However, if it hits a domain whose lowest numbered MX points to your host, the "self" option comes into - play, and overrides no_more. The fail_soft setting causes it to pass + play, and overrides no_more. The "pass" setting causes it to pass the address on to the next router. (The default causes it to generate an error.) @@ -1968,7 +2339,7 @@ A0310: As your first router, have the standard lookuphost router from the
route_list = * internal.server byname-Q0311: How can I arrange that messages larger than some limit are handled by +Q0311: How can I arrange that messages larger than some limit are handled by a special router? @@ -1986,7 +2357,7 @@ A0311: If you are using Exim 2.10 or greater, you can use a condition o
condition = ${if eq {${substr_5:$message_size}}{}{no}{yes}}-Q0312: If a DNS lookup returns no MX records why doesn't Exim just bin the +Q0312: If a DNS lookup returns no MX records why doesn't Exim just bin the message? @@ -1998,7 +2369,7 @@ A0312: If a DNS lookup returns no MXs, Exim looks for an A record, in plenty) who do not set up MX records. -Q0313: When a DNS lookup for MX records fails to complete, why doesn't Exim +Q0313: When a DNS lookup for MX records fails to complete, why doesn't Exim send the messsage to the host defined by the A record? @@ -2013,7 +2384,7 @@ A0313: The RFCs are quite clear on this. Only if it is known that there are no so all Exim can do is try again later. -Q0314: Can you specify a list of domains to explicitly reject? +Q0314: Can you specify a list of domains to explicitly reject?
@@ -2026,25 +2397,24 @@ A0314: Use a router like this: self = fail_hard domains = list:of:domains:to:reject route_list = * localhost byname -Q0315: Is it possible to use a conditional expression for the host item in a +Q0315: Is it possible to use a conditional expression for the host item in a route_list for the domainlist router? I tried the following, but it doesn't work:
- route_list = "* ${if match{$header_from:}{.*\\.usa\\.net\\$} \ - {<smarthost1>}{<smarthost2>} bydns_a"+ route_list = * ${if match{$header_from:}{.*\\.usa\\.net\\$} \ + {<smarthost1>}{<smarthost2>} bydns_a
A0315: The problem is that the second item in the route_list contains white space, which means that it gets terminated prematurely. To avoid this, - you must put the second item in quotes, and because the whole item is - already in quotes, you have to escape them like this: + you must put the second item in quotes:
- route_list = "* \"${if match{$header_from:}{.*\\.usa\\.net\\$} \ - {<smarthost1>}{<smarthost2>}\" bydns_a"-Q0316: I send all external mail to a smart host, but this means that bad + route_list = * "${if match{$header_from:}{.*\\.usa\\.net\\$} \ + {<smarthost1>}{<smarthost2>}}" bydns_a +Q0316: I send all external mail to a smart host, but this means that bad addresses also get passed to the smart host. Can I avoid this? @@ -2057,7 +2427,7 @@ A0316: If you are receiving the mail via SMTP, then you can use verification to so that addresses are accepted only if they verify successfully. -Q0317: I have a dial-up machine, and I use the queue_smtp option so that remote +Q0317: I have a dial-up machine, and I use the queue_smtp option so that remote mail only goes out when I do a queue run. However, any email I send with an address <anything>@aol.com is returned within about 15 mins saying 'retry time exceeded', and all addresses are affected. @@ -2065,19 +2435,19 @@ A0316: If you are receiving the mail via SMTP, then you can use verification to -Q0318: How can I route mail for user X@local to a smarthost if X doesn't exist +Q0318: How can I route mail for user X@local to a smarthost if X doesn't exist on the local host? -Q0319: How can I arrange to do my own qualification of non-fully-qualified +Q0319: How can I arrange to do my own qualification of non-fully-qualified domains, and then pass them on to the next router? @@ -2089,7 +2459,7 @@ A0319: If you have some list of domains that you want to qualify, you can do
qualify: driver = domainlist - route_list = "*.a.b $domain.c.com"+ route_list = *.a.b $domain.c.com
adds ".c.com" to any domain that matches "*.a.b". In the absence of any options in the route item, the new domain is passed to the next router. @@ -2101,7 +2471,7 @@ A0319: If you have some list of domains that you want to qualify, you can do you want.
-Q0320: Every system has a "nobody" account under which httpd etc run. I would +Q0320: Every system has a "nobody" account under which httpd etc run. I would like to know how to restrict mail which comes from that account to users on that host only. @@ -2113,7 +2483,7 @@ A0320: Set up a router with senders=nobody@your.domain which route mail to non-local domains. -Q0321: I have a really annoying intermittent problem where attempts to mail to +Q0321: I have a really annoying intermittent problem where attempts to mail to valid sites are rejected with "unknown mail domain". This only happens a few times a day and there is no particular pattern to the sites it rejects. If I try to lookup the same domain a few minutes later then it @@ -2132,7 +2502,7 @@ A0321: (A) Have you linked Exim against the newest DNS resolver library that out of step with each other. -Q0322: I'd like route all mail with unresolved addresses to a relay machine. +Q0322: I'd like route all mail with unresolved addresses to a relay machine.@@ -2140,7 +2510,7 @@ A0322: Set pass_on_timeout on your lookuphost router, and add be domainlist router that routes everything to the relay.
-Q0323: I would like to forward all incoming email for a particular domain to +Q0323: I would like to forward all incoming email for a particular domain to another machine via SMTP. Whereabouts would I configure that? @@ -2151,7 +2521,7 @@ A0323: First, do not list the domain in local_domains. Instead, list it router, in order to route the domain to the specific host. -Q0324: Why does Exim say "all relevant MX records point to non-existent hosts" +Q0324: Why does Exim say "all relevant MX records point to non-existent hosts" when MX records point to IP addresses? @@ -2162,7 +2532,14 @@ A0324: MX records cannot point to IP addresses. They are defined to point to problems with is misconfigured. -Q0325: How can I arrange for mail on my local network to be delivered directly ++ However, it appears that more and more DNS zones are breaking the rules + and putting IP addresses on the RHS of MX records. Exim follows the + rules and rejects this, but other MTAs do support it, so allow_mx_to_ip + was regretfully added at release 3.14 to permit this heinous activity. + +
+Q0325: How can I arrange for mail on my local network to be delivered directly to the relevant hosts, but all other mail to be sent to my ISP's mail server? The local hosts are all DNS-registered and behave like normal Internet hosts. @@ -2192,10 +2569,36 @@ A0325: Set up a first router to pick off all the domains for your local This sends anything else to the smart host. -+A0326: The simplest way to do this is to use a lookup in a domainlist router. + For example: + +
++ smarthost: + driver = domainlist + transport = remote_smtp + route_list = * ${lookup{smart}lsearch{/etc/smarthost}{$value}} byname+
+ where you arrange for the name (or IP address) of the relevant smart + host to be placed in /etc/smarthost when you connect, in the form + +
++ smart: smart.host.name.or.ip+
+ By keeping the data out of the main configuration file, you avoid having + to HUP the daemon when it changes. + +
+@@ -2268,10 +2671,10 @@ A0402: This implies that you are not doing any local deliveries at all. Set in the configuration file. This specifies that there are no local domains (by default your host name is set up as a local domain). Then all addresses are non-local - - A0302 tells you how to deal with them. + A0302 tells you how to deal with them.
-Q0403: How do I configure Exim to send messages for unknown local users to a +Q0403: How do I configure Exim to send messages for unknown local users to a central server? @@ -2328,7 +2731,7 @@ A0403: At the end of the directors section of the configuration, insert the headers. -Q0404: How can I arrange for messages submitted by (for example) Majordomo to +Q0404: How can I arrange for messages submitted by (for example) Majordomo to be handled specially? @@ -2338,15 +2741,15 @@ A0404: You can use the condition option on a director or router, with a- condition = "${if and {eq {$sender_host_address}{}} \ - {eq {$sender_ident}{majordom}} {yes}{no}}"+ condition = ${if and {{eq {$sender_host_address}{}} \ + {eq {$sender_ident}{majordom}}} {yes}{no}}
This first tests for a locally-submitted message, by ensuring there is no sending host address, and then it checks the identity of the user that ran the submitting process.
-Q0405: On a host that accepts mail for several domains, do I have to use fully +Q0405: On a host that accepts mail for several domains, do I have to use fully qualified names in /etc/aliases or do I have to set up an alias file for each domain? @@ -2373,7 +2776,7 @@ A0405: You can do it either way. If you use a single file, you must set they all match something in local_domains. -Q0406: Some of my users are using the .forward to pipe to a shell command which +Q0406: Some of my users are using the .forward to pipe to a shell command which appends to the user's INBOX. How can I forbid this? @@ -2400,7 +2803,7 @@ A0406: If you allow your users to run shells in pipes, you cannot control which transport. -Q0407: How can I arrange for a default value when using a query-style lookup +Q0407: How can I arrange for a default value when using a query-style lookup such as LDAP or NIS+ to handle aliases? @@ -2414,7 +2817,7 @@ A0407: Using the queries option for the aliasfile driver should do what y queries = "\ ldap:://x.y.z/l=yvr?aliasaddress?sub?(&(mail=$local_part@$domain)):\ ldap:://x.y.z/l=yvr?aliasaddress?sub?(&(mail=default@$domain))" -Q0408: If I don't fully qualify the addresses in a virtual domain's alias file +Q0408: If I don't fully qualify the addresses in a virtual domain's alias file then mail to aliases which also match the local domain get delivered to the local domain. @@ -2435,7 +2838,7 @@ A0407: Using the queries option for the aliasfile driver should do what y A0408: Set the qualify_preserve_domain option on the aliasfile director. -Q0409: We've got users who chmod their home to 750, and home is NFS-mounted +Q0409: We've got users who chmod their home to 750, and home is NFS-mounted without root privilege, so Exim cannot access ~user/.forward. @@ -2448,7 +2851,7 @@ A0409: Set the seteuid option on the forwardfile director so that Exim option, which causes Exim to ignore unreadable files. -Q0410: I'm getting "permission denied" when Exim tries to check a for the +Q0410: I'm getting "permission denied" when Exim tries to check a for the existence of a user's .procmailrc file using require_files. @@ -2463,9 +2866,9 @@ A0410: Exim is running under its own uid (or root if there isn't an Exim uid)procmail: driver = localuser - require_files = ${local_part}:${home}/.procmailrc + require_files = $local_part:$home/.procmailrc transport = procmail_pipe-Q0411: How can I deliver mail into different directories for each virtual +Q0411: How can I deliver mail into different directories for each virtual domain, doing user lookups not against /etc/passwd but against /etc/passwd.domain? @@ -2474,7 +2877,7 @@ A0410: Exim is running under its own uid (or root if there isn't an Exim uid) A0411: See configuration sample C009. -Q0412: I want mail for any local part at certain virtual domains to go +Q0412: I want mail for any local part at certain virtual domains to go to a single address for each domain. @@ -2501,7 +2904,7 @@ A0412: One way to to this is efficient. -Q0413: How can I make Exim look in the alias NIS map instead of /etc/aliases? +Q0413: How can I make Exim look in the alias NIS map instead of /etc/aliases?
@@ -2520,7 +2923,7 @@ A0413: The default configuration does not use NIS (many hosts don't run it). data source you want to take precedence.
-Q0414: What does the error message "error in forward file (filtering not +Q0414: What does the error message "error in forward file (filtering not enabled): missing or malformed local part ..." mean? @@ -2538,7 +2941,7 @@ A0414: If you are trying to use an Exim filter, you have forgotten to enable the .forward file. -Q0415: Exim isn't recognizing certain forms of local address. +Q0415: Exim isn't recognizing certain forms of local address.@@ -2565,20 +2968,20 @@ A0415: (A) Try using the -bt option with debugging turned on, to see how locally_caseless = false
but then incoming addresses are recognized only in the correct case. - See also - Q0424 for a way round this. + See + Q0424 for a way round this.
-Q0416: I have a domain for which some local parts must be delivered locally, +Q0416: I have a domain for which some local parts must be delivered locally, but the remainder are to be treated like any other remote addresses. -Q0417: What I really need is the ability to obtain the result of a pipe +Q0417: What I really need is the ability to obtain the result of a pipe command so that I can filter externally and redirect internally. Is this possible? @@ -2591,7 +2994,7 @@ A0417: This is not possible. The result of a pipe command is not available to delivery agent such as procmail which provides this kind of facility. -Q0418: When I set a suffix on one of my directors, it doesn't get stripped when +Q0418: When I set a suffix on one of my directors, it doesn't get stripped when checking the local_parts option. Why is this? @@ -2607,15 +3010,15 @@ A0418: The test on local parts and domains is done early on, and only if they- condition = "${if lookup{\ + condition = ${if lookup{\ ${if match{$local_part}{^(.*)-request}{$1}{$local_part}}\ - }lsearch{/some/file}{yes}}"+ }lsearch{/some/file}{yes}}
The key that is looked up is the second line, which uses a regular expression to strip "-request" from the local part if it is present.
-Q0419: Why will Exim deliver a message locally to any username that is longer +Q0419: Why will Exim deliver a message locally to any username that is longer than 8 characters as long as the first 8 characters match one of the local usernames? @@ -2630,7 +3033,7 @@ A0419: The problem is in your operating system. Exim just calls the getpwnam() max_user_name_length which you can set to the maximum allowed length. -Q0420: Why am I seeing the error "bad mode (100664) for /home/test/.forward +Q0420: Why am I seeing the error "bad mode (100664) for /home/test/.forward (userforward director)"? I've looked through the documentation but can't see anything to suggest that exim has to do anything other than read the .forward file. @@ -2642,16 +3045,16 @@ A0420: For security, Exim checks for mode bits that shouldn't be set, by forwardfile director. -Q0421: How can I arrange that messages larger than some limit are handled by +Q0421: How can I arrange that messages larger than some limit are handled by a special director? -Q0422: When a user's .forward file is syntactially invalid, Exim defers +Q0422: When a user's .forward file is syntactially invalid, Exim defers delivery of all messages to that user, which sometimes include the user's own test messages. Can it be told to ignore the .forward file and/or inform the user of the error? @@ -2700,16 +3103,16 @@ A0422: Setting skip_syntax_errors on the forwardfile director ca look at the Envelope-To header. -Q0423: I have some users on my system with upper case letters in their login +Q0423: I have some users on my system with upper case letters in their login names, but these are not recognized. -Q0424: I have unset locally_caseless because my users have upper case letters +Q0424: I have unset locally_caseless because my users have upper case letters in their login names, but incoming mail now has to use the correct case. Can I relax this somehow? @@ -2734,8 +3137,8 @@ A0424: If you really have to live with caseful user names but want incomingset_case_director: driver = smartuser - new_address = "${lookup{${lc:$local_part}}lsearch{/the/file}\ - {$value@$domain}fail}"+ new_address = ${lookup{${lc:$local_part}}lsearch{/the/file}\ + {$value@$domain}fail}
For efficiency, you should also set the new_director option to cause processing of the changed address to begin at the next director. If you @@ -2750,25 +3153,13 @@ A0424: If you really have to live with caseful user names but want incoming will have to extend this configuration to cope appropriately.
-Q0425: I want to look up local users in an SQL database instead of looking in +Q0425: I want to look up local users in an SQL database instead of looking in the passwd file.-A0425: (A) From release 3.03, Exim contains support for calling MySQL. - -
-- (B) If you can set up an LDAP interface to your SQL database, then this - is relatively straightforward to do, since Exim contains LDAP support. - Sample configuration C009 shows you how to lookup users in - /etc/passwd/whatever instead of /etc/passwd. Modifying this to use LDAP - instead of looking in a file would be easy. - -
-- (C) If you can access SQL from Perl, you could use Exim's embedded Perl - facility, but this is expensive in terms of resources used. +A0425: From release 3.03, Exim contains support for calling MySQL, and from + release 3.14 there is support for PostgreSQL.
@@ -2780,16 +3171,16 @@ A0425: (A) From release 3.03, Exim contains support for calling MySQL. to work off that. This is also likely to be more efficient.
-Q0426: Is it possible for Exim to use a SQL database like MySQL for its lists +Q0426: Is it possible for Exim to use a SQL database like MySQL for its lists of virtual domains and explicit aliases? -Q0427: Can I use my existing alias files and forward files as well as procmail +Q0427: Can I use my existing alias files and forward files as well as procmail and effectively drop in exim in place of Sendmail ? @@ -2799,16 +3190,16 @@ A0427: Yes, as long as your alias/forward files don't assume that pipes are or configure Exim to use a shell (which it doesn't by default). -Q0428: How can I route mail for user X@local to a smarthost if X doesn't exist +Q0428: How can I route mail for user X@local to a smarthost if X doesn't exist on the local host?A0428: This is the same question as - Q0402. The duplication is a bug in the FAQ. + Q0402. The duplication is a bug in the FAQ.
-Q0429: What is quickest way to set up Exim so any message sent to a non- +Q0429: What is quickest way to set up Exim so any message sent to a non- existing user would bounce back with a different message, based on the name of non-existing user? @@ -2818,7 +3209,7 @@ A0429: See the example in the section of the manual entitled "System-wide automatic processing". -Q0430: I am building some largish mailing lists with Majordomo, and was +Q0430: I am building some largish mailing lists with Majordomo, and was wondering if it worth leaving the actually list expansion to the aliasfile :include: mechanism or should I consider using the forwardfile transport? Is there any real difference in terms of facilities and/or @@ -2831,7 +3222,7 @@ A0430: The code that pulls out individual addresses from a list is the same in for you. -Q0431: What do I need to do to make Exim handle /usr/ucb/vacation processing +Q0431: What do I need to do to make Exim handle /usr/ucb/vacation processing automatically, so that people could just create a .vacation.msg file in their home directory and not have to edit their .forward file? @@ -2885,7 +3276,7 @@ A0431: Add a new director like this, immediately before the normal localuser See C033. -Q0432: I want to use a default entry in my alias file, but it picks up the +Q0432: I want to use a default entry in my alias file, but it picks up the local parts that the aliases generate. For example, if the alias file is @@ -2926,7 +3317,7 @@ A0432: (A) If you know for certain that no alias in your alias file ever rather than local users. -Q0433: I have some obsolete domains which people have been warned not to use +Q0433: I have some obsolete domains which people have been warned not to use any more. How can I arrange to delete any mail that is sent to them? @@ -2960,15 +3351,13 @@ A0433: If you are using release 3.10 or later, you can use a smartuser di with the file containing -- *: :blackhole: - -
++ *: :blackhole:
and possibly a postmaster alias if you want.
-Q0434: How can I arrange that mail addressed to anything@something.mydomain.com +Q0434: How can I arrange that mail addressed to anything@something.mydomain.com gets delivered to something@mydomain.com? @@ -2985,9 +3374,9 @@ A0434: Ensure that all the relevant domains are local, by settinguser_from_domain: driver = smartuser - new_address = "${if match{$domain}{^(.+)\\\\.mydomain.com\\$}\ - {$1@mydomain.com}fail}"-Q0435: I can't get a regular expression to work in this local_parts option on + new_address = ${if match{$domain}{^(.+)\\.mydomain.com\$}\ + {$1@mydomain.com}fail} +Q0435: I can't get a regular expression to work in this local_parts option on one of my directors: @@ -3004,7 +3393,7 @@ A0435: The local_parts option is expanded before use, so that you can, so as to preserve the backslash. -Q0436: How can I arrange for all addresses in a group of domains *.example.com +Q0436: How can I arrange for all addresses in a group of domains *.example.com to share the same alias file? I have a number of such groups. @@ -3029,7 +3418,7 @@ A0436: For a single group you could just hardwire the file name into a director
- local_domains = "partial-lsearch;/that/file"+ local_domains = partial-lsearch;/that/file
Then create a director like this @@ -3046,7 +3435,7 @@ A0436: For a single group you could just hardwire the file name into a director in this case.
-Q0437: When Exim tries to read /usr/lib/majordomo/lists/lists.aliases it is +Q0437: When Exim tries to read /usr/lib/majordomo/lists/lists.aliases it is giving "Permission denied", but that file is world-readable! @@ -3054,10 +3443,266 @@ A0436: For a single group you could just hardwire the file name into a director A0437: Check the permissions on the superior directories. -+A0438: With the default configuration, you are asking Exim to check for a + .forward file in the user's home directory. It looks up the home + directory and tries to stat() it before looking for .forward. This is so + that it can will notice a missing NFS home directory, and not treat it + as if the .forward file did not exist. This stat() is failing when the + home directory doesn't exist. What you should do is pick off these + special cases before looking for .forward files for normal users. Place + the following director before the userforward director: + +
++ no_home_directory_users: + driver = localuser + transport = local_delivery + match_directory = /no/home/dir + current_directory = /+Q0439: How can I disable Exim's de-duplication features? I want it to do two + deliveries if two different aliases expand to the same address. + + +
+A0439: This is not possible. Duplication has other ramifications other than + just (in)convenience. Consider: + +
++ . Message is addressed to A and to B. + +
++ . Both A and B are aliased to C. + +
++ . Without de-duplication, two deliveries to C are scheduled. + +
++ . One delivery happens, Exim records that it has delivered the message + to C. + +
++ . The next delivery fails (C's mailbox is over quota, say). + +
++ Next time round, Exim wants to know if it has already delivered to C or + not, before scheduling a new delivery. Has it? Obviously, if duplicate + deliveries are supported, it has to remember not only that it has + delivered to C but also the "history" of how that delivery happened - in + effect an ancestry list back to the original envelope address. This it + does not do, and changing it to work in that way would be a lot of work + and a big upheaval. + +
++ The best way to get duplicate deliveries if you want them is not to use + aliasfile, but to use smartuser with a transport, e.g. + +
++ alias_with_duplicates: + driver = smartuser + transport = local_delivery_for_duplicates + new_address = ${lookup {$local_part} lsearch ..... etc+
+ This goes straight to the transport without generating a new address + that is considered for de-duplication or re-aliasing. In effect, it is + just re-writing the address on the way to the transport. You will need + to specify the user under which to run the delivery, either on the + transport or on the director. + +
+Q0440: I set up an aliasfile director using MySQL, but it doesn't use the new + addresses. This it my director: + + ++ mysql_system_aliases: + driver = aliasfile + search_type = mysql + query = "select userid from domain_table where \ + aliasid='$local_part' and domain='$domain'" + transport = local_delivery+
+A0440: The setting of "transport" is your problem. Aliasfile operates entirely + differently if you give it a transport. It just verifies the incoming + address by doing the query, then sends it to the transport. Take away + the transport setting, and it will do normal aliasing, that is, turn one + address into another which is independently processed. + +
+Q0441: I received a message with a Subject: line that contained a non-printing + character (a carriage return). This messed up my filter file. Is there a + way to get round it? + + ++A0441: Instead of $h_subject: use ${escape:$h_subject:} + +
+Q0442: My users' mailboxes are distributed between several servers according to + the first letter of the user name. All the servers receive incoming mail + at random. I would like to have the same configuration file for all the + servers, which does local delivery for the mailboxes it holds, and sends + other addresses to the correct other server. Is this possible? + + ++A0442: It is easiest if you arrange for all the users to have password entries + on all the servers. This means that non-existent users can be detected + at the first server they reach. Set up a file containing a mapping from + the first letter of the user names to the servers where their mailboxes + are held. For example: + +
++ a: server1 + b: server1 + c: server2 + ...+
+ Replace the normal localuser director with these two directors: + +
++ localuser: + driver = localuser + transport = local_delivery + condition = ${if eq{$primary_hostname}\ + {${lookup {${substr_0_1:$local_part}}\ + lsearch{/etc/mapfile} {$value}}}{yes}{no}}+
+ check_remote: + driver = localuser + transport = send_to_correct_host+
+ The first director succeeds only if the local part is a local user whose + mailbox is listed as being on the current host. The second server runs + for all other local users, directing the addresses to this transport: + +
++ send_to_correct_host: + driver = smtp + hosts = ${lookup {${substr_0_1:$local_part}}lsearch{/etc/mapfile}\ + {$value}}+
+ Local parts that are not the names of local users are declined by both + directors, and so they fail. + +
+Q0443: I want to search for '$' in the subject line, but I can't seem to get + the syntax. The obvious choice, '\$' doesn't work. Any help? + + ++A0443: Try one of these: + +
++ if $h_subject: contains \$ then ... + if $h_subject: contains "\\$" then ...+Q0444: One of the things I want to set up is for anything@onedomain to forward + to anything@anotherdomain. I tried adding $local_part@anotherdomain to + my aliases but it did not expand - it sent it to that literal address. + + +
+A0444: If you want to do it that way, you can make it expand by setting + the "expand" option on the aliasfile director. Another approach is to + use a smartuser director like this: + +
++ forwarddomain: + driver = smartuser + domains = onedomain + new_address = $local_part@anotherdomain+
+ new_address can, of course, be more complicated, involving lookups etc. + if you have lots of different cases. + +
+Q0445: How can I have an address looked up in two different alias files, and + delivered to all the addresses that are found? + + ++A0445: It is tempting to use the "unseen" option for this (see + Q0504 for an + example of the use of "unseen"). You would have two directors, the first + of which has "unseen" set, so that the address is always passed on to + the next director, even if the first one accepts it. + +
++ However, there is a problem with this approach. If an address is found + in the first director (with unseen set) but not in the second one, it + will get delivered but will also (under most normal setups) generate an + "unknown user" bounce as well. + +
++ If you want an incoming address to be "properly" delivered to + two different "child" addresses (or lists), "unseen" is not really the + right way to do it. You don't really need two different directors. You + can use a smartuser director with an option something like this: + +
++ new_address = ${lookup{$local_part}lsearch{/etc/aliases1}\ + {$value${lookup{$local_part}lsearch{/etc/aliases2}{,$value}}}\ + {${lookup{$local_part}lsearch{/etc/aliases2}{$value}fail}}}\+
+ If the first lookup succeeds, the result is its data, followed by the + data from the second lookup, if any, separated by a comma. If the first + lookup fails, the result is the data from the third lookup (which also + looks in the second file), but if this also fails, the entire expansion + is forced to fail, thereby causing the director to decline. + +
+Q0446: I've converted from Sendmail, and I notice that Exim doesn't make use + of the "owner-" entries in my alias file to change the sender address in + outgoing messages to a mailing list. + + ++A0446: If you have an alias file with entries like this: + +
++ somelist: a@b, c@d, ... + owner-somelist: postmaster+
+ Sendmail assumes that the second entry specifies a new sender address + for the first. Exim does not make this assumption. However, you can make + it take the same action, by adding + +
++ errors_to = owner-$local_part@whatever.domain+
+ to the configuration for your aliasfile director. This is fail-safe, + because Exim verifies a new sender address before using it. Thus, the + change of sender address occurs only when the owner entry exists. + +
+@@ -3120,7 +3765,7 @@ A0502: (A) Are you sure there really is no MX record? Sometimes a typo results give a SERVFAIL error rather than NXDOMAIN. Exim has to treat this as a temporary error, so it can't go on to look for an A record. You can check for this state using one of the DNS interrogation commands, such - as "dig". + as "nslookup", "host", or "dig".
@@ -3163,16 +3808,18 @@ A0502: (A) Are you sure there really is no MX record? Sometimes a typo results circumstance.
-Q0503: How should Exim be configured when it is acting as a temporary storage +Q0503: How should Exim be configured when it is acting as a temporary storage system for a domain on a dial-up host?A0503: See - Q1402. + Q1403, + Q0521, and + Q5014.
-Q0504: I would like to deliver mail addressed to a given domain normally, but +Q0504: I would like to deliver mail addressed to a given domain normally, but also to generate a message to the envelope sender. @@ -3190,7 +3837,7 @@ A0504: If the domain is a local one, you can do this with an "unseen" smartus from = postmaster@your.domain to = $sender_address user = exim - subject = "Re: Your mail to ${local_part}@${domain}" + subject = Re: Your mail to $local_part@$domain# Director auto_warning_d: @@ -3214,7 +3861,7 @@ A0504: If the domain is a local one, you can do this with an "unseen" smartus send only one message to each sender. -Q0505: Exim keeps crashing with segmentation errors (signal 11 or 139) during +Q0505: Exim keeps crashing with segmentation errors (signal 11 or 139) during delivery. This seems to happen when it is about to contact a remote host or when a delivery is deferred. @@ -3231,7 +3878,7 @@ A0505: This could be a problem with Exim's databases. Check that your DBM file is distributed with it. -Q0506: Whenever Exim tries to do a local delivery, it gives a permission denied +Q0506: Whenever Exim tries to do a local delivery, it gives a permission denied error for the .forward file, like this: @@ -3243,7 +3890,7 @@ A0505: This could be a problem with Exim's databases. Check that your DBM A0506: Have you remembered to make Exim setuid root? -Q0507: I have installed Exim, but now I can't mail to root any more. Why is +Q0507: I have installed Exim, but now I can't mail to root any more. Why is this? @@ -3263,7 +3910,7 @@ A0507: Most people set up root as an alias for the manager of the machine. If an alias for root instead. -Q0508: How can I stop undeliverable bounce messages (e.g. to routeable, but +Q0508: How can I stop undeliverable bounce messages (e.g. to routeable, but undeliverable, spammer senders) from clogging up the queue for days? @@ -3273,13 +3920,13 @@ A0508: Set ignore_errmsg_errors to drop them immediately, or set ig that I notice them, but they go away relatively quickly. -Q0509: How can mails that are being routed through directors other than +Q0509: How can mails that are being routed through directors other than localuser be delivered under the uid of the recipient?-Q0831: Exim sometimes rejects messages with bad senders after the DATA and +Q0831: Exim sometimes rejects messages with bad senders after the DATA and sometimes after the MAIL command. What is the difference? @@ -4848,7 +5636,7 @@ A0831: The first time Exim encounters a particular bad sender, it rejects the rejects every RCPT command instead. -Q0832: How can I get Exim to remove attachments from messages? +Q0832: How can I get Exim to remove attachments from messages?A0509: - A0501 contains background information on this. If you are using, say, an + A0501 contains background information on this. If you are using, say, an alias file to direct messages to specific mailboxes, then you can use the "user" option on either the aliasfile director or the appendfile transport to set the uid. What you put in the setting depends on how @@ -3287,7 +3934,7 @@ A0509: computed somehow from the local part, for example.
-Q0510: I want to use MMDF-style mailboxes. How can I get Exim to append the +Q0510: I want to use MMDF-style mailboxes. How can I get Exim to append the ctrl-A characters that separate indvidual emails? @@ -3314,7 +3961,7 @@ A0510: Set the suffix option in the appendfile transport. In fact, for MMDF separator. -Q0511: I have an ISDN connection and would like a way of running the queue +Q0511: I have an ISDN connection and would like a way of running the queue automatically when it is up. @@ -3337,7 +3984,7 @@ A0511: The following shell commands test for the interface being up and then Linux, you could put the call to exim in that script. -Q0512: If a user's mailbox is over quota, is there a way for me to set it up so +Q0512: If a user's mailbox is over quota, is there a way for me to set it up so that the mail bounces to the sender and is NOT stored in the mail queue? @@ -3362,20 +4009,20 @@ A0512: In the retry section of the configuration, put failure. -Q0513: I'm using tmail to do local deliveries, but when I turned on the +Q0513: I'm using tmail to do local deliveries, but when I turned on the use_crlf option on the pipe transport (tmail prefers \r\n terminations) message bodies started to vanish.-A0513: You need to unset the prefix option (or change it so that its default - \n terminator becomes \r\n). For example, the transport could be: +A0513: You need to unset the prefix option, or change it so that its default + \n terminator becomes \r\n. For example, the transport could be:
local_delivery_mbx: driver = pipe - command = "/usr/local/bin/tmail ${local_part}" + command = /usr/local/bin/tmail $local_part user = exim current_directory = / use_crlf @@ -3392,7 +4039,7 @@ A0513: You need to unset the prefix option (or change it so that its default doubled \r\r\n lines and corrupt mbx mailboxes. -Q0514: What does the message "Unable to get root to set uid and gid +Q0514: What does the message "Unable to get root to set uid and gid for local delivery to xxx: uid=yyy euid=zzz" mean? @@ -3401,7 +4048,7 @@ A0514: Have you remembered to make Exim setuid root? It needs root privilege if it is to do any local deliveries, because it does them "as the user". -Q0515: I upgraded to 2.04 and now my Envelope-To: header for my virtual domains +Q0515: I upgraded to 2.04 and now my Envelope-To: header for my virtual domains is gone. Any idea how to get it back? @@ -3411,7 +4058,7 @@ A0515: Read paragraph 1 of the 1.92 information in README.UPDATING. Add also want to set return_path_add and delivery_date_add. -Q0516: The Exim log records the arrival of a message, and then "Completed", +Q0516: The Exim log records the arrival of a message, and then "Completed", without logging any deliveries. What's going on? @@ -3431,11 +4078,11 @@ A0516: This is unlikely in current versions of Exim, because more logging possibility, prior to version 2.053, was that the message was injected using the -t option, but all the addresses in the message were also on the command line. See - A5020 for more detail. Current versions of Exim + A5020 for more detail. Current versions of Exim generate a bounce message in this case. -Q0517: When I activate "return receipt" for example in Netscape Mailbox +Q0517: When I activate "return receipt" for example in Netscape Mailbox sending options, then I get an error message from Exim... something like "not supported". Can I activate delivery confirmations? @@ -3474,7 +4121,7 @@ A0517: Exim does not support any kind of delivery notification. many questions that don't have obvious answers. -Q0518: When I dial up to collect mail from my ISP, only the first 10 messages +Q0518: When I dial up to collect mail from my ISP, only the first 10 messages get delivered immediately; the remainder just sit on the queue until a queue runner process finds them. @@ -3488,7 +4135,7 @@ A0518: Your ISP is delivering all the messages in a single SMTP session. Exim some number larger than 10. -Q0519: My ISP's mail server is rejecting bounce messages from Exim, complaining +Q0519: My ISP's mail server is rejecting bounce messages from Exim, complaining that they have no sender. The SMTP trace does indeed show that the sender address is "<>". Why is the Sender on the bounce message empty? @@ -3510,7 +4157,7 @@ A0519: Because the RFCs say it must be. Your ISP is at fault. Send them this SHOULD be stripped down to its final hop. -Q0520: What does the message "retry time not reached [for any host]" on the log +Q0520: What does the message "retry time not reached [for any host]" on the log mean? Why won't Exim try to deliver the message? @@ -3521,6 +4168,13 @@ A0520: That is not an error. It means exactly what it says. A previous attempt local as well as to remote deliveries. For remote deliveries, each host (if there are several) has its own retry time. + +-Q0814: We are being plagued by forged mail coming from a number of different +Q0814: We are being plagued by forged mail coming from a number of different hosts and sender addresses. The guy however leaves a fingerprint. The first received line always contains 'Received: from baby'. What is the best suggested way for eliminiating him from our systems? @@ -4396,7 +5182,7 @@ A0814: You cannot, unfortunately, prevent the message from getting into your+ If you are running on a dial-up host, the rest of this answer probably + does not apply to you. Go and read + Q1404 instead. If your host is + permanently online, read on... +
Some MTAs have a retrying schedule for each message. Exim does not work @@ -3552,10 +4206,10 @@ A0520: That is not an error. It means exactly what it says. A previous attempt
If you want to do this for the entire queue, use the -qf option. See also - Q0533. + Q0533.
-Q0521: RFC 1985 specifies that the SMTP command "ETRN host.domain" causes all +Q0521: RFC 1985 specifies that the SMTP command "ETRN host.domain" causes all mail queued for that host, no matter what domain it's for, to be dequeued. Why doesn't Exim support this? @@ -3599,11 +4253,18 @@ A0521: Exim does not keep queues of mail for specific destinations. It just connection to the host and shovels the waiting mail down it. That seems to me to be a much neater way of doing this. It means you can easily add additional functionality such as archiving or throwing away uncollected - mail. One program that has this functionality is "ssmtp", which can be + mail. + + ++ One program that has this functionality is "ssmtp", which can be found in ftp://metalab.unc.edu/pub/Linux/system/mail/mta/. + Alternatively, sample configuration C037 demonstrates an elegant way of + using Exim itself to deliver the saved messages when the client issues + an ETRN.
-Q0522: If email has been deferred to a member on a local mailing list +Q0522: If email has been deferred to a member on a local mailing list (implemented through forward files), and one of our ETRN clients is on this mailing list, the -R won't "flush" the mailing list message for that client. @@ -3620,11 +4281,11 @@ A0522: That is because -R matches only original recipient addresses, not specify pipe or file deliveries. However, the problem will then still be present for any user who sets up a .forward file to redirect to any of the ETRN domains. See the last 3 paragraphs of - A0521 for a discussion of + A0521 for a discussion of an alternative approach. -Q0523: Exim seems to be sending the same message twice, according to the log, +Q0523: Exim seems to be sending the same message twice, according to the log, although there is a difference in capitalization of the local part of the address. @@ -3649,7 +4310,7 @@ A0523: That is correct. The RFCs are explicit in stating that capitalization local-parts impedes interoperability and is discouraged. -Q0524: How can I force the next retry time for a host to be now? +Q0524: How can I force the next retry time for a host to be now?@@ -3665,7 +4326,7 @@ A0524: (A) You can force a particular message to be delivered with the -M interface is very clumsy.
-Q0525: I set up "|/bin/grep Subject|/usr/bin/smbclient -M <netbiosname>" as an +Q0525: I set up "|/bin/grep Subject|/usr/bin/smbclient -M <netbiosname>" as an alias but it doesn't work. @@ -3677,7 +4338,7 @@ A0525: That is a shell command line. Exim does not run pipe commands under a"|/bin/sh -c '/bin/grep Subject|/usr/bin/smbclient -M <netbiosname>'"-Q0526: Why does the pipe transport add a line starting with ">From" to +Q0526: Why does the pipe transport add a line starting with ">From" to messages? @@ -3688,7 +4349,7 @@ A0526: Actually, it adds a line starting with "From", because that is the of "prefix". -Q0527: I have set fallback_hosts on my smtp transport, but after the error +Q0527: I have set fallback_hosts on my smtp transport, but after the error "sem@chat.ru cannot be resolved at this time" Exim isn't using them. @@ -3697,10 +4358,10 @@ A0527: fallback_hosts only works if an attempt at delivery to the origi host(s) fails. In this case, Exim couldn't even resolve the domain chat.ru to discover what the original hosts were, so it never got as far as the transport. However, see - Q0322 for a possible solution. + Q0322 for a possible solution. -Q0528: After the holidays my ISP has always hundreds of e-mails waiting for me. +Q0528: After the holidays my ISP has always hundreds of e-mails waiting for me. These are forced down Exim's throat in one go. Exim spawns a lot of kids, but is there some limit to the number of processes it creates? @@ -3712,7 +4373,7 @@ A0528: Unless you have changed smtp_accept_queue_per_connection (introd is limited by smtp_accept_max. -Q0529: When a message in the queue got to 12h old, Exim wrote 'retry timeout +Q0529: When a message in the queue got to 12h old, Exim wrote 'retry timeout exceeded' and removed all messages in the queue to this host - even recent messages. How I can avoid this behaviour? I only want to remove messages that have exceeded the maximum retry time. @@ -3726,7 +4387,7 @@ A0529: Exim's retrying is host-based rather than message-based. The philosophy want, but it might help. -Q0530: Can Exim add a Content-Length: header to messages it delivers? +Q0530: Can Exim add a Content-Length: header to messages it delivers?@@ -3746,7 +4407,7 @@ A0530: You could include something like http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/content-length.html
-Q0531: Exim seems to be trying to deliver a message every 10 minutes, though +Q0531: Exim seems to be trying to deliver a message every 10 minutes, though the retry rules specify longer times after a while, because it is writing a log entry every time, like this: @@ -3773,7 +4434,7 @@ A0531: It is looking at the message every 10 minutes, but it isn't actu reached, which accounts for "retry time not reached for other hosts". -Q0532: I am trying to set exim up to have a automatic failover if it sees that +Q0532: I am trying to set exim up to have a automatic failover if it sees that the system that it is sending all mail to is down. @@ -3787,7 +4448,7 @@ A0532: Add to the remote_smtp transport the following: If there are several names, they must be separated by colons. -Q0533: I can't get Exim to deliver over NFS. I get the error "fcntl() failed: +Q0533: I can't get Exim to deliver over NFS. I get the error "fcntl() failed: No locks available", though the lock daemon is running on the NFS server and other hosts are able to access it. @@ -3798,7 +4459,7 @@ A0533: Check that you have lockd running on the NFS client. This is not such system). -Q0534: Why does Exim bounce messages without even attempting delivery, giving +Q0534: Why does Exim bounce messages without even attempting delivery, giving the error "retry time not reached for any host after a long failure period"? @@ -3813,7 +4474,7 @@ A0534: This message means that all hosts to which the message could be sent will try most messages for those hosts once before giving up. -Q0535: My .forward file is "|/usr/bin/procmail -f-" and mail gets delivered, +Q0535: My .forward file is "|/usr/bin/procmail -f-" and mail gets delivered, but there was a bounce to the sender, sending him the output of procmail. How can I prevent this? @@ -3836,10 +4497,107 @@ A0535: Exim's default configuration is set up like this: any output when it succeeds. -6. UUCP +Q0536: Can I write an ordinary file when I running a perl script as a transport + filter for remote_smtp and address_pipe transports? + + +
+A0536: Yes, provided the file is writeable by the Exim user. However, if two + messages are being delivered at once, their data will get mixed up in + the file unless you implement your own locking scheme. If all you want + to do is to take a copy of the message, another approach that avoids + the locking problem is to use a system filter to set up an "unseen" + delivery to a file. If you only want the message's headers, you can + set message_filter_file_transport to point to a special appendfile + transport that has headers_only set. + +
+Q0537: I have some mails on my queues that are sticking around longer than + the retry time indicates they should. They are all getting frozen + because some remote admin has set their MX record to 127.0.0.1. + + ++A0537: The admin in question is an idiot. Exim will always freeze such messages + because they are apparently routed to the local host. There are two + router options that can help you deal with them. + +
++ (1) Set + +
++ self = fail++ on the router which handles the domain - in a simple configuration this + will be the lookuphost router. This will cause the relevant addresses to + bounce, instead of freezing the message. + +
++ (2) If you are running Exim 3.20 or later, you can set + +
++ ignore_target_hosts = 127.0.0.1++ on the router instead. This causes Exim to completely ignore any hosts + with that IP address. + +
+Q0538: My /var/spool/mail has grown drastically. Is there any possibility of + using two files in exim.cfg ? + + ++A0538: You can use an expansion string to split mailboxes between two + directories. For example, + +
++ file = /var/spool/mail${nhash_2:$local_part}/$local_part++ which does a hash on the local part, producing either 0 or 1, thereby + using mail0 or mail1. But remember, the MUAs that read these mailboxes + also have to know where they are. + +
+Q0539: Sendmail has a program called smrsh that restricts what binaries + can be run from sendmail aliases. Is there someting like this in Exim ? + + ++A0539: Check out the allow_commands option in the pipe transport. + +
+Q0540: I wish to have large emails go out one at a time. + + ++A0540: One possibility is to set up a router that defers all large messages, + except in queue runs. Since queue runners deliver just one + message at a time, if you limited the number of simultaneous queue + runners to 1, you would get the effect you wanted. A suitable router + might be + +
++ defer_if_large_unless_queue_run: + driver = domainlist + self = defer + condition = ${if or{{queue_running}{<{$message_size}{200K}}}{no}{yes}} + route_list = * 127.0.0.1 byname++ Of course, this would always delay any large message until the next + queue runner, but if you run them fairly regularly, this shouldn't be a + huge problem. (May even be desirable!) + +
+6. UUCP
-Q0601: The MX records for some UUCP domains point to my local host. How do I +Q0601: The MX records for some UUCP domains point to my local host. How do I get it to pass the messages on to UUCP? @@ -3886,7 +4644,7 @@ A0601: There are several possibilities. One straightforward way is to set up the domain name. -Q0602: How can I get Exim to handle "bang path" addresses? +Q0602: How can I get Exim to handle "bang path" addresses?@@ -3948,7 +4706,7 @@ A0602: In general, you can't (Exim is an Internet mailer and recognizes only the message.
-Q0603: We see something strange on our system in regards to mail comming in via +Q0603: We see something strange on our system in regards to mail comming in via rmail from a UUCP link. The sender is being set to mailmaster instead of the real sender, and a Sender: header is being added to the message. @@ -3960,10 +4718,10 @@ A0603: If mailmaster is the user that is running rmail, you need to include command line. -7. PERFORMANCE +
7. PERFORMANCE
-Q0701: I'm running a large mail server. Should I set split_spool_directory to +Q0701: I'm running a large mail server. Should I set split_spool_directory to improve performance? @@ -3975,7 +4733,7 @@ A0701: There doesn't seem to be any significant performance hit using a flat ???? Other operating systems ???? -Q0702: How well does Exim scale? +Q0702: How well does Exim scale?@@ -4031,7 +4789,7 @@ A0702: Although the author did not specifically set out to write a high- considerable performance -- 10000 m/hour."
-Q0703: We have a large password file. Can Exim use alternative lookups during +Q0703: We have a large password file. Can Exim use alternative lookups during delivery to speed things up? @@ -4041,10 +4799,37 @@ A0703: Yes. You don't have to use the password file at all. See sample these could equally be DBM or cdb or NIS or LDAP lookups.) -8. POLICY CONTROLS +
+ If you are using FreeBSD, this problem should not arise, because it + automatically uses an indexed password file. In some other operating + systems you can arrange for this to happen too. On Linux, for example, + all you need to do is + +
++ # cd /var/db + # make++ and put "db" before "files" in any /etc/nsswitch.conf lines you want to + use db for. + +
+Q0704: I just wondered if it might be helpful to put the hints database on a + RAM disk during regular operation. Did anybody try that yet? + + ++A0704: A user reported thus: I have found that this works GREAT under Solaris. + Make a RAM disk partition and keep everything in the "db" directory on + it. However, when I try the same thing on Linux, I don't see the same + boost. I think that Linux's file buffer cache works about the same. + Plus, this leave more room for processes to run. + +
+8. POLICY CONTROLS
-Q0801: How do I block unwanted messages from outside my host? +Q0801: How do I block unwanted messages from outside my host?@@ -4130,7 +4915,7 @@ A0801: There are several different options that can be used to block incoming recipient.
-Q0802: I don't want to block spam entirely; how can I inspect each message +Q0802: I don't want to block spam entirely; how can I inspect each message before deciding whether to deliver it or not? @@ -4139,7 +4924,7 @@ A0802: This can be done by using a system filter. See the sample configuration F003. -Q0803: How can I test that my spam blocks are working? +Q0803: How can I test that my spam blocks are working?@@ -4154,7 +4939,7 @@ A0803: The -bh option allows you to run a testing SMTP session as if from which tests have succeeded or failed.
-Q0804: How can I test that Exim is correctly configured to use the Realtime +Q0804: How can I test that Exim is correctly configured to use the Realtime Blocking List (RBL)? @@ -4176,7 +4961,7 @@ A0804: The -bh option allows you to run a testing SMTP session as if from server looks from the view of someone on the RBL. -Q0805: How can I use tcpwrappers in conjunction with Exim? +Q0805: How can I use tcpwrappers in conjunction with Exim?@@ -4236,15 +5021,16 @@ A0805: Exim's own control facilities can do all that tcpwrappers can do. including ports, etc., and on logging connections.
-Q0806: How can I get POP-auth-before-relay support in Exim? +Q0806: How can I get POP-auth-before-relay support in Exim?A0806: See http://cc.ysu.edu/~doug/exim-pop.tar.Z which has some scripts for - this, courtesy of Doug S <doug@cc.ysu.edu>. + this, courtesy of Doug S <doug@cc.ysu.edu>. See also + Q0835.
-Q0807: I have one or two cases where my machine correctly rejects messages, but +Q0807: I have one or two cases where my machine correctly rejects messages, but the remote machine is quite persistent, and keeps trying over and over. @@ -4257,7 +5043,7 @@ A0807: It is an unfortunate fact that a number of SMTP clients, in violation of result in an error code after the data has been received. -Q0808: I am seeing the error "no valid sender in message headers: return path +Q0808: I am seeing the error "no valid sender in message headers: return path is <>" in the reject log. Isn't <> a valid return path for error messages? @@ -4271,7 +5057,7 @@ A0808: It is indeed valid. The complaint here is about the contents of the verification of those addresses failed. -Q0809: Let's say that we want to run a mail server that does not care if you +Q0809: Let's say that we want to run a mail server that does not care if you have proper reverse DNS. If you include host_reject lines in your config file, Exim will always reject connections from such hosts. How can this be avoided? @@ -4294,14 +5080,14 @@ A0809: This is true only if you have wild-carded host names in host_reject< same, but every time the exception is invoked, it is logged. -Q0810: Is there a way to prevent lookups in the RBL for local hosts? +Q0810: Is there a way to prevent lookups in the RBL for local hosts?A0810: Check out the rbl_hosts option.
-Q0811: How can I set up the sender_reject option in my config file so I can +Q0811: How can I set up the sender_reject option in my config file so I can reject mail by matching regular expressions? @@ -4338,10 +5124,10 @@ A0811: You must either put the regular expressions directly in the optionSee the manual section entitled "Address lists" for a description of the @@ type of split domain/local part lookup. See also - Q0801. + Q0801.
-Q0812: Normally sender_reject_recipients works fine, but addresses that have +Q0812: Normally sender_reject_recipients works fine, but addresses that have some uppercase letters in them seem to come through. @@ -4358,7 +5144,7 @@ A0812: This should no longer be the case from release 3.00 onwards. Although caselessly, so Exim now does this by default. -Q0813: I want to accept some sender addresses, even though they do not verify. +Q0813: I want to accept some sender addresses, even though they do not verify. There doesn't seem to be an option for verification exceptions, so how can I do this? @@ -4378,7 +5164,7 @@ A0813: Set up a special director or router to ensure that those addresses do domains = some.domain.com local_parts = root route_list = *# Exim filter if $h_Received: contains "from baby" then seen finish endif-Q0815: I have set host_accept_relay, but my host still refuses to relay from +Q0815: I have set host_accept_relay, but my host still refuses to relay from matching hosts. @@ -4432,10 +5218,10 @@ A0815: (A) Did you remember to HUP or restart the Exim daemon after changing fails, relaying is rejected. However, if the list were in the opposite order, the IP check would succeed, and no DNS lookup would be done. See also - Q0809. + Q0809. -Q0816: How can I run customized verification checks on incoming addresses? +Q0816: How can I run customized verification checks on incoming addresses?@@ -4476,7 +5262,7 @@ A0816: If you can implement your checks in Perl, then you can use Exim's
Remote addresses can be handled in a similar way by using a domainlist router that matches all domains. See also - Q0813. + Q0813.
@@ -4485,7 +5271,7 @@ A0816: If you can implement your checks in Perl, then you can use Exim's for doing what you want before going down this road.
-Q0817: Does Exim apply RBL checks to error messages, those with an envelope +Q0817: Does Exim apply RBL checks to error messages, those with an envelope sender of "<>" ? @@ -4495,7 +5281,7 @@ A0817: Yes, it does, because the RBL check happens immediately on connection, that the envelope sender is "<>". -Q0818: I want to be able to set up a list, similar to sender_reject_recipients, +Q0818: I want to be able to set up a list, similar to sender_reject_recipients, but with a user-defined message. I believe I have to use a director for this. @@ -4517,7 +5303,7 @@ A0818: You can do this using the prohibition_message mechanism (see the treated as a line separator in prohibition texts. -Q0819: I want to reject certain sender-recipient combinations, with a specific +Q0819: I want to reject certain sender-recipient combinations, with a specific message for each such combination. @@ -4576,7 +5362,7 @@ A0819: That needs a special director, using the "senders" option to predicate because the bounce message you generate will get stuck. -Q0820: Will Exim allow me to create a file of regexs and match incoming +Q0820: Will Exim allow me to create a file of regexs and match incoming external email to the list - and if a match is found file the offending message into a special location? Also is it possible to make exim only filter parts of an incoming email - e.g. ignore large MIME attachments @@ -4613,7 +5399,7 @@ A0820: You can do some of this in a system filter. For example: algorithm it liked for deciding what should be done. -Q0821: I've hacked sendmail to make an ioctl call at the time of the SMTP RCPT +Q0821: I've hacked sendmail to make an ioctl call at the time of the SMTP RCPT command, to check if a user has exceeded their email quota. If they have I issue a temporary failure and a message - can I do this with Exim? @@ -4633,7 +5419,7 @@ A0821: This could be done by arranging for a quota check to happen during the immediately, otherwise try every hour for one day, then bounce"). -Q0822: I'm looking for a rule to reject special unknown recipients. +Q0822: I'm looking for a rule to reject special unknown recipients.@@ -4669,10 +5455,10 @@ A0822: If the messages in question are coming in via SMTP, you can turn on router with a condition setting to send such messages to an autoreply transport that sends back an error message to the sender. See also - Q0826. + Q0826.
-Q0823: I'd like to pass all messages through a virus-scanning system before +Q0823: I'd like to pass all messages through a virus-scanning system before delivery. Can Exim do this? @@ -4704,10 +5490,12 @@ A0823: One way of achieving this is to deliver all messages via a pipe to a suitable checking program or script which runs as a trusted user. This can then re-submit the message to Exim, using -oMr to set the received protocol to "scanned-ok", and the -f option to set the correct envelope - sender address. + sender address. WARNING: If you forget to make the resubmitting process + run as a trusted user, the received protocol does not get set, and you + are likely to generate a loop. -Q0824: How can I accomplish this: a message sent from any host must either be +Q0824: How can I accomplish this: a message sent from any host must either be sending to a domain in a list (a dbm file) or the sender's address domain must be in the list. @@ -4737,7 +5525,7 @@ A0824: First of all, set host may end up on one of the open relay blocking lists as a result. -Q0825: I've set relay_domains and sender_address_relay, but if user@mydomain +Q0825: I've set relay_domains and sender_address_relay, but if user@mydomain tries sending to an arbitrary domain, Exim rejects it. @@ -4761,7 +5549,7 @@ A0825: The safest way to control relaying arbitrary domains is by host, not host may end up on one of the open relay blocking lists as a result. -Q0826: I set sender_reject_recipients, but Exim is not rejecting those +Q0826: I set sender_reject_recipients, but Exim is not rejecting those recipients. @@ -4778,20 +5566,20 @@ A0826: You have misunderstood the option. A setting like that rejects allQ0822. + Q0822. -Q0827: I can't find an option to deny "RCPT TO:" addresses. +Q0827: I can't find an option to deny "RCPT TO:" addresses.A0827: Denying RCPT TO addresses is the job of verifying. You can set up directors and routers that are run only when verifying and not when delivering. This gives you a great deal of flexibility. See - Q0822. + Q0822.
-Q0828: My problem is that Exim replaces $local_part with an empty string in the +Q0828: My problem is that Exim replaces $local_part with an empty string in the system filtering. What's wrong or what did I miss? @@ -4803,7 +5591,7 @@ A0828: A message may have many recipients. The system filter is run just once called $recipients. -Q0829: Using $recipients in a system filter gives me another problem: how can +Q0829: Using $recipients in a system filter gives me another problem: how can I do a string lookup if $recipients is a list of addresses? @@ -4813,7 +5601,7 @@ A0829: Check out section 25 of the filter document ("Testing a list of embedded Perl interpreter - but that is expensive. -Q0830: Is there a way to configure Exim to reject mail to a certain local host? +Q0830: Is there a way to configure Exim to reject mail to a certain local host?@@ -4833,7 +5621,7 @@ A0830: No, only to certain domains. Use a configuration like this: domains = rejected.domain verify_only fail_verify
@@ -4866,7 +5654,7 @@ A0832: (A) The cleanest way is to check for the existence of a "Content-type" headers.
-Q0833: I ran a relay test against my host and it failed with an address +Q0833: I ran a relay test against my host and it failed with an address containing a %, though I don't have percent_hack_domains set. Is Exim broken? This is what the tester said: @@ -4883,23 +5671,177 @@ A0832: (A) The cleanest way is to check for the existence of a "Content-type" Uh oh, host appeared to accept a message for relay. The host may reject this message internally, however-A0833: This does not prove that your host is open for relaying. Notice the - wording of the last two sentences: "appeared to accept" and "may reject - internally". Assuming that your Exim configuration is correct, Exim will - discover that the local part "relaytest%mail-abuse.org" is not valid on - your host, and it will bounce the message. +A0833: This does not prove that your host is open for relaying. Notice the + wording of the last two sentences: "appeared to accept" and "may reject + internally". Assuming that your Exim configuration is correct, Exim will + discover that the local part "relaytest%mail-abuse.org" is not valid on + your host, and it will bounce the message. + +
++ Why doesn't it reject the RCPT TO command? Answer: because you have not + set receiver_verify in your configuration file, or you have excluded + these particular sender or recipient domains from receiver verification. + +
+Q0834: How can I arrange for each user to have a file listing the only sender + addresses from which she will accept mail? I want to do this so my + family members don't get any spam (or other inappropriate mail). + + ++A0834: Arrange for each user you want to control to have a file called + .acceptlist, ignoring for the moment how this gets maintained. Then, + turn on receiver_verify and make the following your first director: + +
++ verify_known_sender: + driver = smartuser + require_files = /home/$local_part/.acceptlist + senders = ! /home/$local_part/.acceptlist + new_address = :fail: Sender unknown+
+ That will stop such messages even getting into your host. (Replace + /home/$local_part with whatever the correct path to your user's home + directories is.) As written above, the accept list is interpolated into + the senders list and can contain wild cards. If there are no wild cards + and the lists get very long, it would be more efficient to convert them + into some indexed format, e.g. cdb and use a cdb lookup. + +
++ One problem with this is that it will block bounce messages, which have + empty senders. You can get round this, by changing the "senders" line to + +
++ senders = ! : ! /home/$local_part/.acceptlist+
+ However, this will, of course, let in spam that has a null sender. Since + the "senders" option is expanded, you could perhaps include something + that tested a message without a sender for being a plausible bounce + message before including the null sender in the list. Another approach + would be to use a condition option to do various tests, including + looking up $sender_address in /home/$local_part/.acceptlist. + +
+Q0835: I have the POP-auth-before-relay support in, but I see that Exim still + does an RBL lookup before checking the POP authorisation file. How can I + prevent it doing an RBL check if the caller is authorized by virtue of a + recent POP authentication? + + ++A0835: If the file containing a list of recent POP-authenticated hosts is + /usr/local/etc/exim/popauth, say, set + +
++ rbl_hosts = !/usr/local/etc/exim/popauth+
+ so that hosts in the list are exempted from RBL checking. + +
+Q0836: When using Nessus on a system that runs exim, a number of security + issues are raised. Nessus complains that exim answers to EXPN and/or + VRFY; sometimes it even complains that exim allows relaying. + + ++A0836: Exim supports EXPN only if you permit it to do so by setting + smtp_expn_hosts. Likewise, it supports to VRFY only if you set + smtp_verify. Without these settings, its responses are + +
++ 550 EXPN not available + 252 VRFY not available+
+ Maybe the use of 252 is the "problem". It is recommended that this be + done (by those that discuss these things) because there are stupid + clients that attempt VRFY before sending a message. + +
+Q0837: Could anyone points me to right rules to prevent sending/receiving + messages to/for domains which have one MX to localhost or only have + address 127.0.0.1 ? + + ++A0837: You need to turn on sender_verify. With the default configuration, this + will result in a temporary verification failure for these domains. You + can make this into a permanent failure by adding + +
++ self = fail+
+ to your lookuphost router. The default action on encountering a routing + to the local host is to defer, and freeze the message if it is a + delivery address. Making this change applies to any routing to the local + host, not just to 127.0.0.1. + +
++ If you are running Exim release 3.16 or later, an alternative approach + is to set ignore_target_hosts = 127.0.0.1 on the relevant routers. + +
+Q0838: How can I lock out domains that do not have any MX records? + + ++A0838: You can do this by means of the mx_domains option, but you should NOT do + this for Internet domains in general. There are still a large number of + legitimate domains that do not have MX records. + +
+Q0839: I would like to have a per-user limit for the maximum size of messages + that can be sent. + + ++A0839: The simplest way to do this is to put something in a system filter along + these lines: + +
++ if $message_size is above + "${lookup{$sender_address}lsearch{/some/file}{$value}{10M}}" + then + fail "Message is larger than $sender_address is allowed to send" + endif+Q0840: I have set up a DBM (or cdb, or lsearch, or MySQL or whatever) file + containing a list of IP addresses for the hosts I want to allow to + relay, but when I set host_accept_relay to do a lookup on that data, it + doesn't work. + + +
+A0840: If you include any kind of lookup in a host list, it will by default + search on the host name, not on the IP address. What you want is + something like + +
++ host_accept_relay = net-dbm;/some/file+
+ The prefix net- makes it look up the IP address instead of the name. You + can also look up IP networks by using entries like
++ host_accept_relay = net24-dbm;/some/file
- Why doesn't it reject the RCPT TO command? Answer: because you have not - set receiver_verify in your configuration file, or you have excluded - these particular sender or recipient domains from receiver verification. + For a host with IP address 192.168.45.23 this would do the lookup using + the key "192.168.45.0/24".
-@@ -4924,7 +5866,7 @@ A0901: Users have found several ways of setting up Exim for use with Majordomo. greater than 1 in the Exim configuration.
-Q0902: I have set $mailer in majordomo.cf, but it still isn't setting the +Q0902: I have set $mailer in majordomo.cf, but it still isn't setting the sender correctly in the messages it sends. @@ -4942,7 +5884,7 @@ A0902: Make sure you have got the quoting correct in the $mailer setting. start of $sender has to be escaped with a backslash. -Q0903: I'm trying to set up majordomo, but I'm getting a "wrong mode" error +Q0903: I'm trying to set up majordomo, but I'm getting a "wrong mode" error when I try to send it mail. The panic log entry reads: @@ -4958,7 +5900,7 @@ A0903: Check the mode of /var/lib/majordomo/lists/lists.aliases an file, and it defaults to 022. -Q0904: I'm getting return code 9 from /home/majordomo/majordomo-1.94.4/wrapper +Q0904: I'm getting return code 9 from /home/majordomo/majordomo-1.94.4/wrapper when it is passed a message from Exim. @@ -4967,10 +5909,33 @@ A0904: A problem like this turned out to be the Perl version that came with RedHat 5.2. Rebuilding Perl 5.005x solved it. -+A0905: Take a look at your majordomo.cf file, It should have something that + looks like + +
++ $sendmail_command = "/usr/lib/sendmail";+
+ and another line like + +
++ $mailer = "$sendmail_command -oi -oee -f\$sender";+
+ If you have modified resend (one of the majordomo programs) to use + $sendmail_command instead of $mailer you will be calling Exim with no + command line arguments. + +
+@@ -4993,7 +5958,7 @@ A1001: If you set up a rewriting rule in the following form: From:, Reply-to:, and Sender: headers.
-Q1002: I have Exim configured to remove the hostname portion of the domain on +Q1002: I have Exim configured to remove the hostname portion of the domain on outgoing mail, and yet the hostname is present when the mail gets delivered. @@ -5005,24 +5970,84 @@ A1002: Check the DNS record for your domain. If the MX record points to a CNAME CNAME record. -Q1003: I want to rewrite local addresses in mail that goes to the outside +Q1003: I want to rewrite local addresses in mail that goes to the outside world, but not for messages that remain within the local intranet.-A1003: Exim wasn't really designed to handle this kind of split world. Because - it keeps only one copy of a message, and does all the rewriting at the - time of reception, a standard configuration cannot handle this kind of - rewriting in a message that has both internal and external recipients. +A1003: Exim wasn't really designed to handle this kind of split world, and + doing this is not entirely straightforward. + +
++ (A) If you are running version 3.20 or later, you can use the + headers_rewrite option on a transport. This will apply to just those + copies of a message that pass through the transport. The return_path + option can similarly be used to rewrite the sender address, but there is + no way of rewriting recipient addresses at transport time. However, as + these are by definition remote addresses, you probably don't want to + rewrite them. + +
++ You have to set up the configuration so that it uses different SMTP + transports for internal and external mail. Typically this would be done + by setting the domains option on a router for handling your internal + domains. However, if all domains are routed in the same way (for + example, using a DNS lookup), another approach is to use a string + expansion for the transport name. For example: + +
++ lookuphost: + driver = lookuphost + transport = ${if match{$domain}{\\.my\\.domain\$}{int_smtp}{ext_smtp}}+
+ This example uses the int_smtp transport for domains ending in + .my.domain, and ext_smtp for everything else. The ext_smtp transport + could be something like this: + +
++ ext_smtp: + driver = smtp + headers_rewrite = *@*.my.domain \ + ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail} + return_path = \ + ${if match{$return_path}{^([^@]+)@(.*)\\.my\\.domain\$}\ + {\ + ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail}\ + }\ + fail}+
+ This example uses a separate file of local-to-external address + translations for each domain. This is not the only possibility, of + course. The headers_rewrite and return_path options apply the same + rewriting to the header lines and the envelope sender address, + respectively. + +
++ (B) If you are running a version of Exim that is earlier than 3.20, + doing this kind of rewriting is very much more difficult. Until the + headers_rewrite option was added, all header rewriting was done at the + time a message was received. A standard configuration cannot handle + rewriting that is specific to certain recipients only. + +
++ The simplest thing to do is to upgrade to the latest current Exim + release. For those that cannot do that, this old information from the + pre-3.20 FAQ is retained:
- However, what can be done is to split off a copy of the message to be - sent to all external recipients, and do the rewriting on that. This can - be achieved by running two differently-configured versions of Exim, - either on a single host, or on two different hosts. If you have a - gateway or firewall machine, that is the natural place to run the - rewriting version. + The trick is to split off a copy of the message to be sent to all + external recipients, and do the rewriting on that. This can be achieved + by running two differently-configured versions of Exim, either on a + single host, or on two different hosts. If you have a gateway or + firewall machine, that is the natural place to run the rewriting + version.
@@ -5120,7 +6145,7 @@ A1003: Exim wasn't really designed to handle this kind of split world. Because message, it will use the rewritten sender address.
-Q1004: I'm using this rewriting rule to change login names into "friendly" +Q1004: I'm using this rewriting rule to change login names into "friendly" names, but if mail comes in for an upper case login name, it doesn't get rewritten. @@ -5139,7 +6164,7 @@ A1004: Replace $1 in your rule by ${lc:$1} to force the local part case before it is used as a lookup key. -Q1005: Is it possible to completely fail a message if the rewrite rules fail? +Q1005: Is it possible to completely fail a message if the rewrite rules fail?@@ -5160,7 +6185,7 @@ A1005: It depends on what you mean by "fail a message" and what addresses you This fails a single recipient - others are processed independently.
-Q1006: I'm using $domain as the key for a lookup in a rewriting rule, but its +Q1006: I'm using $domain as the key for a lookup in a rewriting rule, but its contents are not being lowercased. Aren't domains supposed to be handled caselessly? @@ -5187,23 +6212,24 @@ A1006: The value of $domain is the actual domain that appears in the addr Instead of "$domain" write "${lc:$domain}". -Q1007: I want to rewrite local sender addresses depending on the domain of the +Q1007: I want to rewrite local sender addresses depending on the domain of the recipient.A1007: In general, this is not possible, because a message may have more than - one recipient and Exim keeps just a single copy of each message. You can - do an incomplete job by using a regular expression match in a rewrite - rule to test, for example, the contents of the To: header. This would - work except in cases of multiple recipients. See also - Q1003. + one recipient and Exim keeps just a single copy of each message. It may + also deliver one copy of a message with several recipient addresses. + You can do an incomplete job by using a regular expression match in a + rewrite rule to test, for example, the contents of the To: header. This + would work except in cases of multiple recipients. See also + Q1003.
-A1103: Set received_header_text.
-Q1104: How I can insert the PGP header line using exim filters? +Q1104: How I can insert the PGP header line using exim filters?@@ -5246,10 +6272,32 @@ A1104: You can't insert headers in a user filter. A system filter can do so, but the inserted lines then are included for all recipients.
-+A1105: You can only do this in a round about way, using filter commands like + this: + +
++ headers add "New-Subject: SPAM: $h_subject:" + headers remove subject + neaders add "Subject: $h_new-subject:" + headers remove new-subject+
+ This trick works only in system filters, where the commands are obeyed + in order, and affect the master list of headers that apply to the whole + message. You cannot do this with the headers_add and headers_remove + options on drivers. + +
+A1301: If you are using BSDI, see - Q9401. + Q9401.
-Q1302: Exim built with Perl support exits with several error messages of the +Q1302: Exim built with Perl support exits with several error messages of the form "undefined reference to `PL_stack_sp'". @@ -5311,10 +6359,10 @@ A1302: This has been seen on FreeBSD systems that had two different versions of ELF library. Ensure that the older package is removed. -@@ -5478,12 +6526,13 @@ A1501: There are a number of technical and potential legal problems that arise
1. It breaks digital signatures, which are becoming legally binding in some countries (already in the UK, likely to be 1 October 2000 in - the USA). + the USA). It may well also break encryption.
2. It is likely to break MIME encoding, that is, it is likely to wreck - attachments, unless great care is taken. + attachments, unless great care is taken. And what about the case of a + message containing only binary MIME parts?
@@ -5512,6 +6561,21 @@ A1501: There are a number of technical and potential legal problems that arise 5. Some mail clients (old versions of MS outlook) crash if the message body of an incoming MIME message has been tampered with. +
++ There are also potential problems that could arise if a scheme to add + disclaimers goes wrong for some messages: + +
++ 1. False negatives: "Ah, this guy usually says he does not represent + their views, but in this message he doesn't have the disclaimer". + +
++ 2. False positives: "This official announcement does not represent our + views, oh no". +
An alternative approach to the disclaimer problem would be to insist @@ -5523,18 +6587,29 @@ A1501: There are a number of technical and potential legal problems that arise an Exim system filter in order to adopt this approach.
-Q1502: How can I remove attachments from messages? ++ Finally, it's a trivial matter to add customized headers of the sort: + +
++ X-Disclaimer: This is a standard disclaimer that says that the views + X-Disclaimer: contained within this message are somebody elses.+
+ which is a much easier alternative to modifying message bodies. + +
+Q1502: How can I remove attachments from messages?A1502: The answer to this is essentially the same as for - Q1501. + Q1501.
-@@ -5548,10 +6623,15 @@ A2000: The author of Exim believes that it is Y2K-compliant, as long as the been done are not available.
-+ Well, it's now August 2000, and no Y2K problems have been reported, so + it looks like I was right. + +
+${if eq{${expand:\$\{substr_-1000000_$message_size:x\}}} {} {yes} {no}}-Q5004: I want to "tail" the Exim log, but I have a number of other logs I also +Q5004: I want to "tail" the Exim log, but I have a number of other logs I also want to "tail", and the number of tailing windows is getting to be a nuisance. @@ -5610,14 +6690,14 @@ A5004: Look for a program called 'xtail' (despite its name, it's not an entire directories. -Q5005: I would like to have Exim log information written to syslog. +Q5005: I would like to have Exim log information written to syslog.
A5005: Support for this is available from version 3.10 onwards.
-Q5006: What does the error "Failed to create spool file" mean? +Q5006: What does the error "Failed to create spool file" mean?@@ -5653,23 +6733,23 @@ A5006: Exim has been unable to create a file in its spool area in which to permission must be "s" rather than "x".
-Q5007: Exim keeps crashing with segmentation errors (signal 11 or 139). +Q5007: Exim keeps crashing with segmentation errors (signal 11 or 139).A5007: This might be a problem with the db library. See - Q0505. + Q0505.
-Q5008: Exim's databases keep getting corrupted. +Q5008: Exim's databases keep getting corrupted. -Q5009: I've been using an autoreply director to try and mimic a bounce message, +Q5009: I've been using an autoreply director to try and mimic a bounce message, but I can't get it to have an envelope from of <>. @@ -5678,7 +6758,7 @@ A5009: You haven't, by any chance, put "exim" in the list of never_users -Q5010: I see entries in the log that mention two different IP addresses for the +Q5010: I see entries in the log that mention two different IP addresses for the same connection. Why is this? For example: @@ -5698,7 +6778,7 @@ A5010: The actual IP address from which the call came is the final one. misleading. -Q5011: How can I persuade Exim to accept ETRN commands without the leading +Q5011: How can I persuade Exim to accept ETRN commands without the leading # character? @@ -5741,7 +6821,7 @@ A5011: Set the option serialization lock (which is set by default) never gets removed. -Q5012: I've recently noticed that emails I send with a Bcc: line are being +Q5012: I've recently noticed that emails I send with a Bcc: line are being delivered to their final destination with the Bcc: line still present. @@ -5770,7 +6850,7 @@ A5012: Exim removes Bcc lines only if you call it with the -t option (i.e Bcc; any MTA software has to leave it alone. -Q5013: I used gv v3.5.8 (ghostview) to try printing spec.ps. After every +Q5013: I used gv v3.5.8 (ghostview) to try printing spec.ps. After every printed page, the printer ejects a blank sheet. Is this something to do with using "letter" rather than A4 paper? @@ -5793,7 +6873,7 @@ A5013: This seems to be an effect of using ghostview. Although the PostScript ghostview. -Q5014: I would like to have a separate queue per domain for hosts which dial +Q5014: I would like to have a separate queue per domain for hosts which dial in to collect their mail. @@ -5814,16 +6894,16 @@ A5014: Exim isn't really designed for this kind of operation. The only way to- An alternative approach would be to get Exim to deliver mail for such - hosts in batch SMTP format into some directory, and have the ETRN run + An alternative approach id to get Exim to deliver mail for such hosts + in batch SMTP format into some directory, and have the ETRN run something to pass such messages to the dialled-in host. See also - Q0503 + Q0503 and - Q0521. + Q0521.
-Q5015: A short time after I start Exim I see a <defunct> process. What is - causing this? +Q5015: A short time after I start Exim I see a <defunct> zombie process. What + is causing this?@@ -5835,7 +6915,7 @@ A5015: Your system must be lightly loaded as far as mail is concerned. The perfectly normal.
-Q5016: On a reboot, or a restart of the mail system, I see the message "Mailer +Q5016: On a reboot, or a restart of the mail system, I see the message "Mailer daemons: exim abandoned: unknown, malformed, or incomplete option -bz sendmail". What does this mean? @@ -5858,16 +6938,16 @@ A5016: -bz is a Sendmail option requesting it to create a "configuration The first of these lines should be commented out. -Q5017: I would like to restrict e-mail usage for some users to the local +Q5017: I would like to restrict e-mail usage for some users to the local machine, ideally on a group basis. -Q5018: Whenever exim restarts it takes up to 3-5 minutes to start responding on +Q5018: Whenever exim restarts it takes up to 3-5 minutes to start responding on the SMTP port. Why is this? @@ -5877,7 +6957,7 @@ A5018: Something else is hanging onto port 25 and not releasing it. One place configured there. -Q5019: Why aren't there any man pages for Exim? I don't always carry my printed +Q5019: Why aren't there any man pages for Exim? I don't always carry my printed documentation. @@ -5911,7 +6991,7 @@ A5019: As well as plain ASCII text, the Exim documentation is provided in two This contains some introductory text and the command line options only. -Q5020: When I send a message using the -t command line option, Exim sends only +Q5020: When I send a message using the -t command line option, Exim sends only to the addresses within the message, not to those on the command line. @@ -5947,7 +7027,7 @@ A5020: By default Exim operates according to the Sendmail documentation, and the ambiguity differently. -Q5021: If I set up, for example, +Q5021: If I set up, for example, local_domains = *customer.com, then it matches "customer.com" and "abc.customer.com" as required, but it also matches "noncustomer.com", which is wrong. How can I get round this? @@ -5990,7 +7070,7 @@ A5021: (A) You have to specify two entries in the list: the same as when it appears directly in a domain list. -Q5022: I want to match all local domains of the form *.oyoy.org but want a few +Q5022: I want to match all local domains of the form *.oyoy.org but want a few exceptions. For instance I don't want foo.oyoy.org or bar.oyoy.org to be treated as local. What is the best way to do this? @@ -6033,7 +7113,7 @@ A5022: (A) From release 3.00 onwards, you can put negative items in the upgrading! -Q5023: I can't seem to find a pre-built version of Exim anywhere. The machine +Q5023: I can't seem to find a pre-built version of Exim anywhere. The machine is a Sparc 5 running Solaris 2.6. @@ -6069,7 +7149,7 @@ A5023: The problem is that there are a number of build-time options, requiring would probably please nobody. -Q5024: Is there a Windows NT version of Exim available? +Q5024: Is there a Windows NT version of Exim available?@@ -6077,16 +7157,16 @@ A5024: A long time ago somebody took a copy of the Exim source with the aim of trying to port it to NT. However, I never heard anything more.
-Q5025: Does Exim support Delivery Status Notificaion (DSN), Message Status +Q5025: Does Exim support Delivery Status Notificaion (DSN), Message Status Notification (MSN), or any other form of delivery acknowledgement? -Q5026: What does "Exim" stand for? +Q5026: What does "Exim" stand for?@@ -6097,16 +7177,16 @@ A5026: Originally, it was "EXperimental Internet Mailer", which was the best I to start using it, and told other people about it...
-Q5027: What does the log message "no immediate delivery: more than 10 messages +Q5027: What does the log message "no immediate delivery: more than 10 messages received in one connection" mean? -Q5028: Although I haven't set check_spool_space, Exim is still checking the +Q5028: Although I haven't set check_spool_space, Exim is still checking the amount of space on the spool for incoming SMTP messages that use the SIZE option. Can I suppress this? @@ -6131,7 +7211,7 @@ A5028: The RFC for the SIZE option says smtp_check_spool_space. -Q5029: I just noticed log entries that start off "<= <>". Am I correct in +Q5029: I just noticed log entries that start off "<= <>". Am I correct in assuming that the "<>" indicates that the envelope did not contain any "From" data? @@ -6168,7 +7248,7 @@ A5029: Yes. This indicates a delivery failure report (aka "bounce message"). uses them when sending out warnings about delivery delays. -Q5030: I've received a message which does not have my address in the To: +Q5030: I've received a message which does not have my address in the To: line. It is a spam message with the same address in both the From: and the To: headers. How can this happen, and why doesn't Exim reject it? @@ -6196,7 +7276,7 @@ A5030: There is an important distinction between the "envelope" from and to and messages forwarded from mailing lists and delivery failure reports. -Q5031: Can (or will) Exim ever handle a message delivery purely in memory, +Q5031: Can (or will) Exim ever handle a message delivery purely in memory, that is, it is handled without it ever hitting the disc? @@ -6206,7 +7286,7 @@ A5031: It doesn't, and never will. Accepting and delivering a message are two writing/reading the message on the disc. -Q5032: If I am using dbm files for data that Exim reads, can I rebuild them +Q5032: If I am using dbm files for data that Exim reads, can I rebuild them on the fly, or do I need to restart Exim every time I make a change? @@ -6219,7 +7299,7 @@ A5032: Exim re-reads the file every time it consults it, so if you are using a inconsistent. On lightly loaded systems this may not matter. -Q5033: What are the main differences between using an Exim filter and using +Q5033: What are the main differences between using an Exim filter and using procmail? @@ -6248,7 +7328,7 @@ A5033: Exim filters and procmail provide different facilities. Exim filters run both. -Q5034: I need an option that is the opposite of -bpa, that is, a listing of +Q5034: I need an option that is the opposite of -bpa, that is, a listing of those addresses generated from a top-level address that have not yet been delivered. @@ -6267,7 +7347,7 @@ A5034: Exim does not keep this information. It saves only the top-level are pipes, files, or autoreplies. -Q5035: I am getting complaints from a customer who uses my EXIM server for +Q5035: I am getting complaints from a customer who uses my EXIM server for relaying that they are being blocked with a "Too many connections" error. @@ -6276,7 +7356,7 @@ A5034: Exim does not keep this information. It saves only the top-level A5035: See smtp_accept_max and related options such as smtp_accept_reserve. -Q5036: When I try "exim -bf" to test a system filter, I received the following +Q5036: When I try "exim -bf" to test a system filter, I received the following error message: "Filter error: unavailable filtering command "fail" near line 8 of filter file". @@ -6286,7 +7366,7 @@ A5036: Use the -bF option to test system filters. This gives you access t freeze and fail actions. -Q5037: How can I make Exim receive incoming mail, queue it, but NOT attempt to +Q5037: How can I make Exim receive incoming mail, queue it, but NOT attempt to deliver it? I want to be in this state while moving some mailboxes. @@ -6310,7 +7390,7 @@ A5037: (1) Set queue_only in the Exim configuration. (2) Kill off your was not available for use in smartuser. -Q5038: What does the rejection message "reject all recipients: 3 times bad +Q5038: What does the rejection message "reject all recipients: 3 times bad sender" mean? @@ -6320,7 +7400,7 @@ A5038: See the section of the manual entitled "Sender verification". Exim has 24 hours. -Q5039: The menu in Eximon isn't working. It displays, but I can't select +Q5039: The menu in Eximon isn't working. It displays, but I can't select anything from it. @@ -6333,7 +7413,7 @@ A5039: On some X implementations, if the numlock key is pressed (so that the encountered. -Q5040: What does "ridiculously long message header" in an error report mean? +Q5040: What does "ridiculously long message header" in an error report mean?@@ -6352,10 +7432,10 @@ A5040: There has to be some limit to the length of a message's header lines, of an individual header line and one on the total number of header lines. A header line longer than 8192 used to provoke the error "Header line is ridiculously overlong". In subsequent releases there is no limit - on individual header lines; only the total matters. + on individual header lines; only the total header size matters.
-Q5041: What does Exim use for POP as a default? Do I have to install anything +Q5041: What does Exim use for POP as a default? Do I have to install anything else? @@ -6365,10 +7445,229 @@ A5041: Yes. Exim provides MTA functionality. That is, it delivers mail. POP is provide that functionality. -+A5042: From release 3.20, Exim does support SSL/TLS, by making use of the + OpenSSL library. + +
++ The problem with using stunnel is that all your SSL connections look + like they come from 127.0.0.1 - none of your IP based policies will + have any effect. This means that you are basically an open relay, + anyone who connects to your server via SSL can relay through you, + whether they are local or not (and who knows, spammers may someday + evolve brains enough to try using SSL ports). + +
++ One solution to this is to force all SSL connections to authenticate + before relaying. This is how one user has done this: + +
++ First make sure you are set up to do SMTP AUTH properly (see the sample + configuration C034). Then add MUSTAUTH to the auth_hosts line in your + configure file. If you don't already have a list of IPs there, it will + look like this: + +
++ auth_hosts = MUSTAUTH+
+ If you have some IPs you want to authenticate, add them like this: + +
++ auth_hosts = MUSTAUTH:10.1.1.1:10.1.1.2+
+ Then invoke stunnel like this: + +
++ /usr/local/sbin/stunnel -d 465 -l /usr/exim/bin/exim \ + -p /usr/local/ssl/certs/exim.pem -- exim -bs -DMUSTAUTH=127.0.0.1+
+ Whenever an SSL connection is established, Exim is invoked with the + macro MUSTAUTH defined as 127.0.0.1, which forces that one particular + instance to authenticate, without disrupting normal 127.0.0.1 operations + via non-SSL sessions. + +
+Q5043: Is there an easy way of removing all queued messages at once in a safe + way? + + ++A5043: Try this command: + +
++ exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | sh+Q5044: What is the best way to provide backup MX for clients? + + +
+A5044: If the clients are always online, all you need to do is to have MX + records for their domains pointing to your host, with suitable + preference values, and ensure that their domains are listed in + relay_domains. If the clients are not always online, see + Q1403. + +
+Q5045: Why does Exim do "ident" callbacks by default? Isn't this just a waste + of resources? I've been told this is an ancient way of authentication. + Is it obsolete? + + ++A5045: This is a common mistake, at least partially resulting from the + incorrect naming of the protocol when it was first published. + The service on port 113 is an identification service, which allows a + target host to record information identifying the user responsible for + making a connection to it. The information may not be intelligible to + the recording host - it could, for example, be encrypted so that only + someone on the calling host can make sense of it. It is useful for + providing additional information in an audit trail. + +
++ The data should not be used for authentication in any form except + on a closed secure network between cooperating hosts (probably not + even then). The information from the source host is only as reliable + as the host itself - if it's not under your control then you have to + treat the information as opaque data that can be used by the sysadmin + of the source system to trace back connection data - and some ident + implementations send out opaque cookies or DES encrypted information. + Ident is hugely useful at times - especially for checking back on + connections from multiuser machines (as opposed to one-person desktop + boxes). + +
++ You can stop Exim making ident calls by adding + +
++ rfc1413_query_timeout = 0s+
+ to its configuration, but it is better to leave it active (reducing the + timeout if it is causing problems) - it costs very little, and in cases + of mail forgery from a multiuser system can track the sinner concerned + very quickly. + +
+Q5046: I often have the problem that a message gets stuck in the mailq and I + want it to be bounced to a certain address. + + ++A5046: You can do this using a combination of four command line options, like + this: + +
++ exim -Mf 14Fdlq-0003kM-00 + exim -Mmad 14Fdlq-0003kM-00 + exim -Mar 14Fdlq-0003kM-00 new@ddress + exim -M 14Fdlq-0003kM-00+
+ The first command freezes the message so that a queue runner won't start + to deliver it while you are changing things. The second command marks + all existing recipients as delivered. The third command adds a new + recipient, and the fourth command forces a delivery of the message, + which will cause it to be delivered to the new address, and then + deleted. + +
+Q5047: What precautions should I take when editing exim.conf? + + ++A5047: Edit exim.conf to exim.conf.new. Then run + +
++ exim -bV -C exim.conf.new+
+ That will check for syntax errors without disturbing your running + configuration. If you are paranoid enough, as root run + +
++ exim -C exim.conf.new <some address> + <some message> + .+
+ and see if it delivers it. Carry on testing until happy. When happy, + +
++ mv exim.conf.new exim.conf + kill -HUP `cat /var/spool/exim/exim-daemon.pid`+
+ Then check the Exim log to be sure the daemon restarted OK. Watch the + log for a bit to see that mail is flowing. + +
+Q5048: Is exim able to use RFC 2645, On-demand Mail Relay (ODMR)? + + ++A5048: No. + +
+Q5049: I want to send every bounced mail that is received by my server, as + "headers-only" to the sysadmin. How can I do this? + + ++A5049: 1. Set up a transport with headers_only to do the delivery. + +
++ 2. Set up a smartuser director that directs messages to a special local + alias (e.g. "sysadmin-header") to that transport. + +
++ 3. Set up a system filter file, containing something like + +
++ if first_delivery and error_message then + unseen deliver sysadmin-header@your.domain + endif+Q5050: What POP3 daemon should I use with Exim? I want something with + configurable authentication mechanisms. + + +
+A5050: Qmail-pop has a checkpasswd part that can be hacked to add whatever + authentication you want. There is also Solid POP which has a lot of + Exim support in it (e.g. nhash). There is also Cyrus, which is + self-contained, so you don't have to worry about ownership of mailboxes + and also it can be poked into authenticating from just about anything. + However, in general, YMMV, and really what suits one user may not suit + another. There is a mailing list at pop-imap@exim.org for the discussion + of POP/IMAP issues. More information can be found in its archives. + +
+Q5051: Is there any way I can send bounces to the postmaster, and nobody else? + Basically, I want to recieve them, and I don't want the reply/from + person to get them. If I think they need it I will forward it myself. + + ++A5051: Put errors_to=postmaster on every router and director. + +
++ ./exim: can't load library 'libperl.so'
A9401: You probably compiled perl5 yourself, without looking into @@ -6440,10 +7740,10 @@ A9401: You probably compiled perl5 yourself, without looking into guys did to compile perl5 which comes with BSDI 4.0 distribution.
--A9502: If you used the gcc compiler 2.8.x there is a known bug with the - "gethost" function under Irix. SGI recommends using either their cc - compiler in Irix 6.5, or a lesser version of the gnu compiler (2.6.x). +A9502: From release 3.21, Exim contains a workaround that should fix this + problem. If you are using an earlier release, read on...
- Alternatively, there is an Inst-able port of exim for Irix at + If you used the gcc compiler 2.8.x or a version in the 2.95 series, + there is a known bug with the "gethost" function under Irix. SGI + recommends using either their cc compiler in Irix 6.5, or a lesser + version of the gnu compiler. Version 2.7.2.3 is known to work. + Alternatively, there is an Inst-able port of Exim for Irix at http://freeware.sgi.com, but it is not likely to be the latest release. + There is further information about this problem, which is described as a + "classic gcc structure-in-a-register bug" at this URL: + +
++ http://www.ccp14.ac.uk/ccp14admin/apache13/apache255error.html + +
++ This is a summary that I was sent: + +
++ "Gcc does not correctly pass/return structures which are smaller than + 16 bytes and which are not 8 bytes. The problem is very involved and + difficult to fix. It affects a number of other targets also, but irix6 + is affected the most, because it is a 64 bit target, and 4 byte + structures are common. The exact problem is that structures are being + padded at the wrong end, e.g. a 4 byte structure is loaded into the + lower 4 bytes of the register when it should be loaded into the upper + 4 bytes of the register."
-@@ -6623,10 +7947,38 @@ A9606: Normally the thing to do if you have a problem with an RPM package is debs, tarballs, and POSIX packages.
-+A9607: The Debian installation should have given you /usr/sbin/eximconfig, + which asks you some questions and then sets up the configuration file + in /etc/exim.conf. Try running that (you'll probably need root) and see + how it goes. In any case you get a thoroughly commented conf file at + the end, which will give you a sample from which to work if you need + further modification. + +
++ The exim docs in the Debian package are in /usr/doc/exim and the full + reference manual is spec.txt.gz + +
+Q9608: I'm getting the error "db.h: No such file or directory" when I try to + build Exim under RedHat 7.0. + + ++A9608: See + Q0113. + +
+@@ -6634,7 +7986,7 @@ A9701: Make sure you are liking with the GNU ld linker and not the system version of ld.
-Q9702: How can I get rid of spurious ^M characters in messages sent from +Q9702: How can I get rid of spurious ^M characters in messages sent from CDE dtmail? @@ -6652,7 +8004,7 @@ A9702: CDE dtmail passes messages to Exim via the command line interface before passing it to Exim. -Q9703: On SunOS 4 Exim crashes when looking up domains in the DNS that have +Q9703: On SunOS 4 Exim crashes when looking up domains in the DNS that have more than 10 A records. @@ -6669,7 +8021,7 @@ A9703: There are Sun library patches to fix this. It is not Exim's problem. those. -Q9704: The menu in Eximon isn't working on my Sun system. +Q9704: The menu in Eximon isn't working on my Sun system.@@ -6680,7 +8032,7 @@ A9704: With OpenWindows, if the numlock key is pressed (so that the numeric be encountered.
-Q9705: I am experiencing mailbox locking problems with Sun's mailtool used +Q9705: I am experiencing mailbox locking problems with Sun's mailtool used over a network. @@ -6707,7 +8059,7 @@ A9705: Under the "Expert" settings of mailtool is a option to turn on "Use to hit the "done" button to make it release the lock. -Q9706: Exim has been crashing on my Solaris x86 system, apparently while +Q9706: Exim has been crashing on my Solaris x86 system, apparently while running DBM functions. @@ -6717,7 +8069,7 @@ A9706: The use of ndbm with gcc has caused problems on x86 Solaris systems. WS compiler with ndbm, has fixed this in the past. -Q9707: The exiwhat utility isn't working for me on a Solaris 2 system. +Q9707: The exiwhat utility isn't working for me on a Solaris 2 system.@@ -6726,7 +8078,7 @@ A9707: Have you got /usr/ucb on your path? If so, it is probably picking Solaris to expect the normal Solaris version of ps.
-Q9708: How do I stop Sun's dtcm from hanging? +Q9708: How do I stop Sun's dtcm from hanging?@@ -6735,7 +8087,7 @@ A9708: From qmail's FAQ: "There is a novice programming error in dtcm, kn at the time of this writing, not yet provided a patch."
-Q9709: I want Exim to use only the resolver (i.e. ignore /etc/hosts), but don't +Q9709: I want Exim to use only the resolver (i.e. ignore /etc/hosts), but don't want to alter the nsswitch.conf file in Solaris 2. @@ -6761,10 +8113,10 @@ A9709: You need to rebuild Exim after fiddling with OS/os.h-SunOS5: that Exim uses. -
@@ -6786,8 +8138,8 @@ A9801: (1) add partial-lsearch;/etc/mail/tpc.domains to local_domains
tpc:
driver = pipe
- command = "/usr/local/tpc/tpcmailer.pl ${local_part}@${domain} \
- ${sender_address}"
+ command = /usr/local/tpc/tpcmailer.pl ${local_part}@${domain} \
+ ${sender_address}
pipe_as_creator
/usr/local/tpc/tpcmailer.pl is the mail processing script that can @@ -6802,13 +8154,13 @@ A9801: (1) add partial-lsearch;/etc/mail/tpc.domains to local_domains tpc_director: driver = smartuser transport = tpc - domains = "partial-lsearch;/etc/mail/tpc.domains" + domains = partial-lsearch;/etc/mail/tpc.domains
Of course, there are other things to do as well before your system is a functioning TPC server.
-Q9802: How do I configure Exim so that it sends mail to the outside world only +Q9802: How do I configure Exim so that it sends mail to the outside world only from a restricted list of our local users? @@ -6823,8 +8175,8 @@ A9802: There are several possible ways that this can be done.- senders = ":^[^@]+@(?!${rxquote:your.domain}\\$):\ - lsearch;/permitted/senders"+ senders = :^[^@]+@(?!${rxquote:your.domain}\$):\ + lsearch;/permitted/senders
The first item in this list is empty, to match the empty sender. This is necessary because bounce messages have null senders. The @@ -6850,13 +8202,13 @@ A9802: There are several possible ways that this can be done.
- condition = "\ + condition = \ ${lookup{${domain:$sender_address}}lsearch{/domain/list}\ {\ ${lookup{${local_part:$sender_address}}lsearch\ {/permitted/senders}{yes}{no}}\ }\ - {yes}}"+ {yes}}
Obviously other means of testing the domain and local part could be substituted, for example, by having separate files of valid local @@ -6872,11 +8224,11 @@ A9802: There are several possible ways that this can be done.
- condition = "\ + condition = \ ${lookup{groupname}lsearch{/etc/group}\ {${if match {$value}\ - {[:,]${rxquote:${local_part:$sender_address}}(,|\\\$)}\ - {yes}{no}}}{no}}"+ {[:,]${rxquote:${local_part:$sender_address}}(,|\$)}\ + {yes}{no}}}{no}}
This is checking the local part of the sender; a alternative might be to check $sender_ident. However, you should really also check @@ -6901,7 +8253,7 @@ A9802: There are several possible ways that this can be done. part of user@your.domain.
-Q9803: How do I configure Exim to run with SmartList? +Q9803: How do I configure Exim to run with SmartList?@@ -6923,8 +8275,8 @@ A9803: This is what was done for Exim's own mailing list, using SmartList/
list_transport: driver = pipe - command = "/var/spool/slist/.bin/flist \ - ${local_part}${local_part_suffix}" + command = /var/spool/slist/.bin/flist \ + ${local_part}${local_part_suffix} current_directory = /var/spool/slist home_directory = /var/spool/slist user = slist @@ -6965,21 +8317,21 @@ A9803: This is what was done for Exim's own mailing list, using SmartList/ and was written by Michelle Dick. -Q9804: How do I configure Exim to minic PP's "tripnote" facility? +Q9804: How do I configure Exim to minic PP's "tripnote" facility?A9804: See C005.
-Q9805: How do I configure Exim to handle local parts with extensions? +Q9805: How do I configure Exim to handle local parts with extensions?A9805: See C010.
-Q9806: How do I configure Exim so that only a restricted list of users can +Q9806: How do I configure Exim so that only a restricted list of users can receive mail from external domains? @@ -6987,7 +8339,7 @@ A9805: See C010. A9806: See C013. -Q9807: I have someuser@mydomain.com that I only want certain users to be able +Q9807: I have someuser@mydomain.com that I only want certain users to be able to mail to. How do I accomplish this? @@ -7020,7 +8372,7 @@ A9807: This is a transport: file as complete addresses, including a domain. -Q9808: A site for which I provide secondary MX is down for some time. Is there +Q9808: A site for which I provide secondary MX is down for some time. Is there a way to run the queue for that destination separately from the main queue? @@ -7034,14 +8386,14 @@ A9808: No, because Exim does not have the concept of "the queue for that BSMTP files. There is an example of the latter approach in C014. -Q9809: How do I implement VERP (Variable Envelope Return Paths) in Exim? +Q9809: How do I implement VERP (Variable Envelope Return Paths) in Exim?A9809: See C017.
-Q9810: I'd like to make a copy of all outgoing messages to a local mailbox. Is +Q9810: I'd like to make a copy of all outgoing messages to a local mailbox. Is there a solution for this using an Exim filter? @@ -7086,10 +8438,10 @@ A9810: The following filter makes a copy of every message, except for delivery This takes copies of messages whose From: header contains your.domain and whose To: and Cc: headers contain at least one address that does not contain your.domain. See also - Q9817. + Q9817. -Q9811: I want to make a copy of outgoing messages to a specific file for each +Q9811: I want to make a copy of outgoing messages to a specific file for each user in a specific directory, using a "save" command in a system filter. How can I arrange for Exim to write to these files under the correct UID/GID? @@ -7119,7 +8471,7 @@ A9811: You need to set up a special transport and tell Exim to use it for use user=exim and do all the writing under the same UID/GID. -Q9812: How can I keep an archive of all mail for some specific local email +Q9812: How can I keep an archive of all mail for some specific local email addresses? @@ -7139,10 +8491,10 @@ A9812: You could use a system filter, along the lines of this, you will need to set message_filter_file_transport to point to an appropriate transport which includes a setting of "user" to specify which uid to run the saving under, as is described in - Q9811. + Q9811. -Q9813: How can I configure Exim to provide a vacation message when there are +Q9813: How can I configure Exim to provide a vacation message when there are no local users on my mail hub? @@ -7150,7 +8502,7 @@ A9812: You could use a system filter, along the lines of A9813: See C019. -Q9814: We want to be able to temporarily lock out a user by disabling the +Q9814: We want to be able to temporarily lock out a user by disabling the password and moving the home directory to another place. How can we arrange to reject mail for users in this state? @@ -7198,7 +8550,7 @@ A9814: Change the home directory pointer in the passwd file to something instead of setting match_directory. -Q9815: I need an alias, say "fakeaddress" that should receive a message, +Q9815: I need an alias, say "fakeaddress" that should receive a message, strip all reply-to: headers present, substitute another one pointing to "otheraddress" and forward a message to "realaddress". @@ -7221,20 +8573,20 @@ A9815: Add this director: the fixed values shown above. -Q9816: How can I set up Exim to work with Listar? +Q9816: How can I set up Exim to work with Listar?A9816: See http://www.cs.huji.ac.il/~vadik/listar-exim/.
-Q9817: I need to take copies of all incoming and outgoing mail for certain +Q9817: I need to take copies of all incoming and outgoing mail for certain users. For each user there may be a different monitoring address.A9817: You can adapt the filter solution given in - Q9810 by adding a test for + Q9810 by adding a test for the relevant local parts. Create a file containing lines like this:
@@ -7263,29 +8615,24 @@ A9817: You can adapt the filter solution given in because Exim caches the results of successful lookups. -Q9818: How can I add a disclaimer to the end of every message? +Q9818: How can I add a disclaimer to the end of every message?-A9818: This isn't as easy as it appears. You cannot just add text to the bottom - of messages because of the possibility of MIME attachments. In any case, - it is not the job of an MTA to mess with the contents of messages. You - can perhaps do things with Exim's transport filters if you really have - to, but if the messages originate locally, it would be better to do - what you want in the MUA (e.g. force all your local users to have it in - their .sig files). +A9818: See + Q1501.
-Q9819: I would like to append a simple advertisement text to all outgoing +Q9819: I would like to append a simple advertisement text to all outgoing and local mails. -Q9820: How can I configure Exim so that all mails adressed to +Q9820: How can I configure Exim so that all mails adressed to something@username.domain.net get delivered to /var/spool/mail/username? @@ -7314,14 +8661,14 @@ A9820: There are several possibilities, depending on exactly how you are set This should be the first director. -Q9821: How do I get exim not to add a Sender: header to locally originated +Q9821: How do I get exim not to add a Sender: header to locally originated mail?A9821: It only adds it if the From: header doesn't correspond to the user - sending the message. You can't remove it in general (but this may be - possible in a future release). However: + sending the message. From release 3.14 onwards, you can suppress this + by setting no_local_from_check. Alternatively,
@@ -7345,18 +8692,18 @@ A9821: It only adds it if the From: header doesn't correspond to the user
(2) If your real question "how do I submit mail from UUCP without it adding Sender:?" Then see - Q0603. + Q0603.
-Q9822: How can I get Exim to work with mailman? +Q9822: How can I get Exim to work with mailman?-A9822: The Exim mailing list uses the configuration that is given in the "how - to" information at http://www.exim.org/howto/mailman.html. +A9822: The configuration in http://www.exim.org/howto/mailman.html was used for + the Exim mailing list before it switched to SmartList.
-Q9823: Is there any way to have messages sent to a specific local address +Q9823: Is there any way to have messages sent to a specific local address delayed by - say - 24 hours? @@ -7377,7 +8724,87 @@ A9823: Using Exim 3.10 or later, the answer is "yes". Set up a smartuser the address. You may want to set a special retry rule for it. -99. LIST OF SAMPLE CONFIGURATIONS +Q9824: I have a mailing list exploder on one host, and three other hosts where + I want to do the actual deliveries from. How can I get Exim to split + a message into groups of recipients between the three hosts? + + +
+A9824: Splitting into groups of recipients can be done by setting max_rcpt in + the SMTP transport. Persuading Exim to spread the groups between three + hosts is a little harder. Suppose you have 300 addresses, and max_rcpt + is set to 100. One approach is to try hosts_randomize in a domainlist + router, like this: + +
++ split: + driver = domainlist + transport = remote_smtp + hosts_randomize + route_list = * hostA:hostB:hostC byname++ Unfortunately, this doesn't work quite as you might expect. There are + six different permutations of the host list, and so if the randomizing + works perfectly, Exim will end up with + +
++ 50 addresses routed to hostA:hostB:hostC + 50 addresses routed to hostA:hostC:hostB + 50 addresses routed to hostB:hostC:hostA + 50 addresses routed to hostB:hostA:hostC + 50 addresses routed to hostC:hostA:hostB + 50 addresses routed to hostC:hostB:hostA++ Although a total of 100 addresses have hostA as their first host, Exim + will still send them in two separate SMTP calls, because it can only + batch up addresses that have identical host lists. If hostA is down, it + will send 50 of these to host B and 50 to host C. It will aways send six + copies of the message. + +
++ With only three hosts, this isn't a major problem, but if the number of + hosts increases, it becomes more serious. If there are four delivery + hosts, there are 24 different permuations, and with five hosts there are + 120, so 120 messages are sent. When the hosts are not all of the same + power, you might want to use a list like + +
++ hostA:hostA:hostA:hostB:hostB:hostC++ to send more to hostA, and this makes the situation worse. There is, + however, a way to solve this. Instead of putting the host list on the + router, put it on the transport. The router just contains one host: + +
++ split: + driver = domainlist + transport = special_smtp + route_list = * hostA byname++ and the transport has the full list, set to override the router's host: + +
++ special_smtp: + driver = smtp + hosts = hostA:hostA:hostA:hostB:hostB:hostC + hosts_override + hosts_randomize + max_rcpt = 100++ Now all 300 addresses are routed to the same host, so they are sent to + the transport 100 at a time. The transport overrides the router's host + with its own list, which it randomizes each time. (This works only for + releases of Exim after 3.16 - up to and including that release, there is + a bug that prevents it re-randomizing for each group.) See also C040. + +
+99. LIST OF SAMPLE CONFIGURATIONS
@@ -7399,7 +8826,7 @@ C002: "Although exim not intended for use in UUCP environment (it doesn't
C003: "I've read down through - Q0601 and your request for UUCP examples. Here's + Q0601 and your request for UUCP examples. Here's how I'm doing it." (This example uses routers.)
@@ -7593,6 +9020,41 @@ C034: "This is a HOW-TO for setting up Exim to support SMTP authentication C035: "These configurations enable exim and hylafax (www.hylafax.org) work together, I mean sending fax by email (user@123456.fax)." + ++C036: "My aim was to have an LDAP-driven system for mail delivery." + +
++C037: An elegant way of using ETRN, which does immediate delivery if the host + is online, but saves mail in a BSMTP file after some time on the queue. + ETRN then re-injects the mail. + +
++C038: Amavis virus scanning: "Here ya go. This is the config we use... this + box is our main MX host then relays it to our real server for delivery." + +
++C039: "For reference, this is how I got PAM authentication from a standard + UNIX password database with Eudora 4.3 clients to work on a Debian 2.2 + (Intel) system. This configuration assumes that you are using standard + UNIX crypt passwords; pam-pwdfile is NOT compatible with MD5 encrypted + passwords." + +
++C040: "Exim 3.20 has a feature that allows a large mailing of a single message + to be sent to many different relays. This is useful for mailing lists, + as it allows the message to be relayed to multiple machines, in groups + of 100 addresses, for final delivery." + +
++C041: "Attached you will find a plain text file where I explain how to set up + mailman to use virtual environment (single setup for many domains)." +
F001: "I thought that the rest of the list may be interested in reviewing our