X-Git-Url: https://git.exim.org/exim-website.git/blobdiff_plain/db453be35770dec364921a866b0874bc59f4d082..11ba9b42e16838de4e766674acfcf50b2bb13519:/FAQ.html diff --git a/FAQ.html b/FAQ.html deleted file mode 100644 index 573ea50..0000000 --- a/FAQ.html +++ /dev/null @@ -1,9084 +0,0 @@ - -
--This is the FAQ for the Exim Mail Transfer Agent. Thanks to the many -people who provided the original information. This file would be amazingly -cluttered if I tried to list them all. Suggestions for corrections, -improvements, and additions are welcome. - -
--This version of the FAQ applies to Exim 3.20 and later releases. The syntax of -some of the options was altered and tidied up at release 3.00. Some of the -examples quoted here will not work with earlier releases. - -
--References of the form Cnnn and Fnnn are to the sample configuration and filter -files that can be found in the separately distributed directory called -config.samples. The primary location is - -
-- ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/config.samples.tar.gz - ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/config.samples.tar.bz2-
-There are brief descriptions of these files at the end of this document. - -
-The FAQ is divided into the following sections: -Debugging, -Building exim, -Mailbox locking, -Routing, -Directing, -Delivery, -UUCP, -Performance, -Policy controls, -Majordomo, -Rewriting addresses, -Headers, -Fetchmail, -Perl, -Dial-up, -Modifying message bodies, -Millennium, -Miscellaneous, -HP-UX, -BSDI, -IRIX, -Linux, -Sun systems, -Cookbook, and -List of sample configurations. -
-Philip Hazel <ph10@cus.cam.ac.uk>
-Last update: 23-April-2001
-
-
-A0001: Exim should never crash. The author is always keen to know about - crashes, so that they can be diagnosed and fixed. However, before you - start sending email, please check that you are running the latest - release of Exim, in case the problem has already been fixed. The - techniques described below can also be useful in trying to pin down - exactly which circumstances caused the crash and what Exim was trying to - do at the time. If the crash is reproducable (by a particular message, - say) keep a copy of that message. If there is a core file (in Exim's - spool directory), see if you can get any information from it. - -
-- One thing that has caused crashes in the past has been incorrectly - installed DB libraries. In particular, if you are running any version of - Berkeley db, it is best to set USE_DB=yes in Local/Makefile before - building Exim. This then avoids the use of the "ndbm compatibility - interface" via the ndbm.h include file, which has been found to be - incorrect on some systems. If you have already built Exim, you can just - edit Local/Makefile and run make again to rebuild. Before restarting - Exim, delete any existing database files in the spool/db directory. - -
-Q0002: Exim is not working. What is wrong? How can I check what it is doing? - - --A0002: Exactly how is it not working? Check the more specific questions in the - other sections of this FAQ. Some general techniques for debugging are: - -
-- 1. Look for information in Exim's log files. These are in the "log" - directory in Exim's spool directory, unless you have configured a - different path for them. Serious operational problems are reported - in paniclog. - -
-- 2. If the problem involves the delivery of one or more messages, try - forcing a delivery with the -d option, to cause Exim to output - debugging information. For example: - -
-- exim -d -M 0z6CXU-0005RR-00-
- On its own, -d produces a small amount of information. Following it - with a number increases the amount given: -d9 gives the maximum - amount of general information; -d10 gives in addition details of the - interpretation of filter files, and -d11 or higher also turns on the - debugging option for DNS lookups. The output is written to the - standard error stream. - -
-- 3. If the problem involves incoming SMTP mail, try using the -bh option - to simulate an incoming connection from a specific host, for example: - -
-- exim -bh 10.9.8.7-
- This goes through the motions of an SMTP session, without actually - accepting a message. Information about various policy checks is - output. You will need to know how to pretend to be an SMTP client. - -
-- 4. If the problem involves lack of recognition or incorrect handling - of local addresses, try using the -bt option with debugging turned - on, to see how Exim is handling the address. For example, - -
-- exim -d2 -bt z6abc-
- will show you how it would handle the local part "z6abc". Increase - the debug level to -d9 for more information. - -
-Q0003: What does the error "Child process of address_pipe transport returned - 69 from command xxx" mean? - - --A0003: The most common meaning of exit code 69 is "unavailable", and this often - means that when Exim tried to exec the command xxx, it failed. One - cause of this might be incorrect permissions on the file containing the - command. See also - Q0033. - -
-Q0004: My virtual domain setup isn't working. How can I debug it? - - --A0004: You can use an exim command with -d (or -d2, -d3 ... -d9) to get it to - show you how it is processing addresses. You don't actually need to send - a message; use the -bt option like this: - -
-- exim -d2 -bt localpart@virtualhost-
- This will show you which directors it is using. If the problem appears - to be with the expansion of an option setting, you can use the - debug_print option on a director (or router) to get Exim to output the - expanded string values as it goes along. - -
-Q0005: Why is Exim giving "421 Unexpected log failure, please try later" when - receiving an SMTP message with a large number of recipients? - - --A0005: You are verifying recipients, and your configuration is one that does a - different lookup of some sort for each recipient. Exim keeps lookup - files open, in case there are several lookups in the same file. Versions - of Exim prior to 2.10 did not limit the number of open files used for - this purpose, and your operating system's maximum per process has been - reached. Exim is trying to log the failure to open a file, but cannot - open the log file, for the same reason. If upgrading Exim is not - immediately possible, you might be able to increase your operating - system's maximum number of open files per process. - -
-Q0006: Why is Exim not rejecting incoming messages addressed to non-existent - users at SMTP time? - - --A0006: Have you remembered to set receiver_verify? It is not the default. - -
-Q0007: I've put an entry for *.my.domain in a DBM lookup file, but it isn't - getting recognized. - - --A0007: You need to request "partial matching" by setting the search type to - "partial-dbm" in order for this to work. - -
-Q0008: I've put the entry *@domain.com in a lookup database, but it isn't - working. The expansion I'm using is: - - -- ${lookup{${lc:$sender_address}}dbm{/the/file} ...-
-A0008: As no sender address will ever be *@domain.com this will indeed have - no effect as it stands. You need to tell Exim if you want it to look for - defaults after the normal lookup has failed. In this case, change the - search type from "dbm" to "dbm*@". See the section on "Default values in - single-key lookups" in the chapter entitled "File and database lookups". - -
-Q0009: Is there a way to print recognized local domains? - - --A0009: If you run "exim -bP local_domains" it will output the string that is - set, but it won't print the contents of any files that are referenced. - -
-Q0010: If I run "./exim -d9 -bt user@domain" all seems well, but when I send a - message from my User Agent, it does not arrive at its destination. - - --A0010: Try sending a message directly to Exim by typing this: - -
-- exim -d9 user@domain - <some message, could be empty> - .-
- If the message gets delivered to a remote host, but never arrives at its - final destination, then the problem is at the remote host. If, however, - the message gets through correctly, then the problem may be between your - User Agent and Exim. Try setting Exim's log_arguments option, to see - with which arguments the UA is calling Exim. - -
-Q0011: I am getting this message in mainlog every so often: "no immediate - delivery: too many connections (19, max 0)". What am I missing? - - --A0011: A current release of Exim. :-) The message you are getting is the wrong - message. What it should be saying is "too many messages received in one - SMTP connection" (see next question). This bug was fixed in release - 2.051. - -
-Q0012: What does "no immediate delivery: too many messages received in one SMTP - connection" mean? - - --A0012: An SMTP client may send any number of messages down a single SMTP - connection to a server. Initially, an Exim server starts up a delivery - process as soon as a message is received. However, in order not to start - up too many processes when lots of messages are arriving (typically - after a period of downtime), it stops doing immediate delivery after a - certain number of messages have arrived down the same connection. The - threshold is set by smtp_accept_queue_per_connection, and the default - value is 10. On large systems, the value should be increased. If you are - running a dial-in host and expecting to get all your mail down a single - SMTP connection, then you can disable the limit altogether by setting - the value to zero. - -
-Q0013: Exim puts "for <address>" in the Received: headers of some, but not all, - messages. Is this a bug? - - --A0013: No. It is deliberate. Exim inserts a "for" phrase only if the incoming - message has precisely one recipient. If there is more than one - recipient, nothing is inserted. The reason for this is that not all - recipients appear in the To: or Cc: headers, and it is considered a - breach of privacy to expose such recipients to the others. A common - case is when a message has come from a mailing list. - -
-Q0014: Instead of exim_dbmbuild, I'm using a homegrown program to build DBM - (or cdb) files, but Exim doesn't seem to be able to use them. - - --A0014: Exim expects there to be a binary zero value on the end of each key used - in a DBM file if you use the "dbm" lookup type, but not for the "dbmnz" - lookup type or for the keys of a cdb file. Check that you haven't - slipped up in this regard. - -
-Q0015: Exim is unable to route to any remote domains. It doesn't seen to be - able to access the DNS. - - --A0015: Try running "exim -d11 -bt <remote address>". The -d11 will make it show - the resolver queries it is building and the results of its DNS queries. - If it appears unable to contact any nameservers, check the contents and - permissions of /etc/resolv.conf. - -
-Q0016: I'm using ETRN to run a script that checks things and doesn't always - end up running "exim -R". However, after it has run once, subsequent - attempts fail with "458 Already processing". - - --A0016: Set no_smtp_etrn_serialize. - -
-Q0017: What does the error message "transport system_aliases: cannot find - transport driver "aliasfile" in line 92" mean? - - --A0017: "aliasfile" is a director, not a transport. You have put a configuration - for a director into the transports section of the configuration file. - -
-Q0018: Exim is timing out after receiving and responding to the DATA command - from one particular host, and yet the client host also claims to be - timing out. This seems to affect only certain messages. - - --A0018: (A) This problem has been seen with a network that was dropping all - packets over a certain size, which mean that the first part of the SMTP - transaction worked, but when the body of a large message started - flowing, the main data bits never got through the network. See also - - Q0021. - -
-- (B) This can also happen if a machine has a broken TCP stack and won't - reassemble fragmented datagrams. - -
-- (C) A very few ISDN lines have been seen which failed when certain data - patterns were sent through them, and replacing the routers at both end - of the link did not fix things. One of them was triggered by more than 4 - X's in a row in the data. - -
-Q0019: What does the message "Socket bind() to port 25 for address (any) - failed: address already in use" mean? - - --A0019: You are trying to run an Exim daemon when there is one already running - - or maybe some other MTA is running, or perhaps you have an SMTP line in - /etc/inetd.conf which is causing inetd to listen on port 25. - -
-Q0020: I've set headers_check_syntax, but this causes Exim to complain about - headers like "To: Work: Jim <jims@email>, Home: Bob <bobs@email>" which - look all right to me. Is this a bug? - - --A0020: No. Header lines such as From:, To:, etc., which contain addresses, are - structured, and have to be in a specific format which is defined in RFC - 822. Unquoted colons are not allowed in the "phrase" part of an email - address (they are OK in other headers such as Subject:). The correct - form for that header is - -
-- To: "Work: Jim" <jims@email>, "Home: Bob" <bobs@email>-
- You will sometimes see unquoted colons in To: and Cc: headers, but only - in connection with name lists (called "groups"), for example: - -
-- To: My friends: X <x@y.x>, Y <y@w.z>;, - My enemies: A <a@b.c>, B <b@c.d>;-
- Each list must be terminated by a semicolon, as shown. - -
-Q0021: Whenever Exim tries to deliver a specific message to a particular - server, it fails, giving the error "Remote end closed connection after - data" or "Broken pipe" or a timeout. What's going on? - - --A0021: "Broken pipe" is the error you get on some OS when the far end just - drops the connection. The alternative is "connection reset by peer". - -
-- (A) There are some firewalls that fall over on \0 characters in the - mail. Have a look, e.g. with hexdump -c mymail | tail to see if your - mail contains any binary zero characters. - -
-- (B) There are broken SMTP servers around that just drop the connection - after the data has been sent if they don't like the message for some - reason (e.g. it is too big) instead of sending a 5xx error code. Have - you tried sending a small message to the same address? - -
-- It has been reported that some releases of Novell servers running NIMS - are unable to handle lines longer than 1024 characters, and just close - the connection. This is an example of this behaviour. - -
-- (C) If the problem occurs right at the start of the mail, then it could - be a network problem with mishandling of large packets. Many emails are - small and thus appear to propagate correctly, but big emails will - generate big IP datagrams. - -
-- There have been problems when something in the middle of the network - mishandles large packets due to IP tunnelling. In a tunnelled link, your - IP datagrams gets wrapped in a larger datagram and sent over a network. - This is how virtual private networks (VPNs), and some ISP transit - circuits work. Since the datagrams going over the tunnel require a - larger packet size, the tunnel needs a bigger maximum transfer unit - (MTU) in the network handling the tunnelled packets. However, MTUs - are often fixed, so the tunnel will try to fragment the packets. - -
-- If the systems outside the tunnel are using MTU path discovery, (most - Sun Sparc Solaris machines do by default), and set the DF (don't - fragment) bit because they don't send packets larger than their local - MTU, then ICMP control messages will be sent by the routers at the - ends of the tunnel to tell them to reduce their MTU, since the tunnel - can't fragment the data, and has to throw it away. If this mechanism - stops working, e.g. a firewall blocks ICMP, then your host never - knows it has hit the maximum path MTU, but it has received no ACK on - the packet either, so it continues to resend the same packet and the - connection stalls, eventually timing out. - -
-- You can test the link using pings of large packets and see what works: - -
-- ping -s host 2048-
- Try reducing the MTU on the sending host: - -
-- ifconfig le0 mtu 1300-
- Alternatively, you can reduce the size of the buffer Exim uses for SMTP - output by putting something like - -
-- DELIVER_OUT_BUFFER_SIZE=512-
- in your Local/Makefile and rebuilding Exim (the default is 8192). - -
-Q0022: Why do messages not get delivered down the same connection when I do - something like: exim -v -R @aol.com ? For other domains, I do this and - I see the appropriate "waiting for passed connections to get used" - messages. - - --A0022: Recall that Exim does not keep separate queues for each domain, but - operates in a distributed fashion. Messages get into its "waiting for - host x" hints database only when a delivery has been tried, and has had - a temporary error. Here are some possibilities: - -
-- (1) The messages to aol.com got put in your queue, but no previous - delivery attempt occured before you did the -R. This might have been - because of your settings of queue_only_load, smtp_accept_queue, or any - other option that caused no immediate delivery attempt on arrival. If - this is the case, you can try using -qqR instead of -R. - -
-- (2) You have set batch_max on the smtp transport, and that limit was - reached. This would show as a sequence of n messages down one - connection, then another n down a new connection, etc. - -
-- (3) Exim tried to pass on the SMTP connection to another message, but - that message was in the process of being delivered to aol.com by some - other process (typically, a normal queue runner). This will break the - sequence, though the other delivery should pass its connection on to - other messages if there are any. - -
-- (4) The folk at aol.com changed the MX records so the host names have - changed - or a new host has been added. I don't know how likely this is. - -
-- (5) Exim is not performing as it should in this regard, for some reason. - Next time you have mail queued up for aol.com, try running - -
-- exim_dumpdb /var/spool/exim wait-remote_smtp-
- to see if those messages are listed among those waiting for the relevant - aol.com hosts. - -
-Q0023: What does the error "SEGV while reading ... from dbm file: record - assumed not to exist" mean? - - --A0023: A crash is occuring when Exim calls your DBM library in order to read a - record from one of its hints files. This kind of problem can be related - to incorrectly installed DBM libraries. If you are using Slackware 3.6, - the problem is that libgdbm is incorrectly installed on that system, and - you will need to re-install it from source. - -
-Q0024: There seems to be a problem in the string expansion code: it doesn't - recognize references to headers such as ${h_to}. - - --A0024: The only valid syntax for header references is (for example) $h_to: - because header names are permitted by RFC 822 to contain a very wide - range of characters. A colon (or white space) is required as the - terminator. - -
-Q0025: Exim is timing out after sending the a message's data to one particular - host, and yet the remote host also claims to be timing out. This seems - to affect only certain messages. - - --A0025: See - Q0018. - -
-Q0026: When the Exim daemon forks a copy of itself to handle an incoming SMTP - request, the forked copy seems to go around in circles for a - significant (up to 5 minutes, so far) amount of time before deciding to - accept the message. - - --A0026: These kinds of delay are usually caused by some kind of network problem - that affects outgoing calls made by Exim at the start of an incoming - message. Configuration options that cause outgoing calls are: - -
-- (1) rfc1413_query_hosts and rfc1413_query_timeout (for ident calls); - firewalls sometimes block ident calls, which can lead to this - problem. - -
-- (2) rbl_domains and rbl_hosts. - -
-- (3) host_lookup and any other options that require the remote host's - name to be looked up from its IP address. - -
-- (4) sender_verify_hosts_callback and sender_verify_callback_domains. - -
-- You can use the -bh option to get more information about what is - happening at the start of a connection. - -
-Q0027: What does "failed to create child process to send failure message" mean? - This is a busy mail server with smtp_accept_max set to 500, but this - problem started to occur at about 300 incoming connections. - - --A0027: Some message delivery failed, and when Exim wanted to send a bounce - message, it was unable to create a process in which to do so. Probably - the limit on the maximum number of simultaneously active processes has - been reached. Most OS have some means of increasing this limit, and in - some operating systems there is also a limit per uid which can be - varied. - -
-Q0028: What does "<message filter> transporting defer (-1): No transport set - by director" in a log line mean? - - --A0028: Your system filter contains a "save" command, but you have not set - message_filter_file_transport. - -
-Q0029: Why is Exim refusing to relay, saying "failed to find host name from IP - address" when I have the sender's IP address in host_accept_relay? My - configuration contains this: - - -- host_accept_relay = "lsearch;/etc/mail/relaydomains:192.168.96.0/24"-
-A0029: When checking host_accept_relay, the items are tested in left-to-right - order. The first item in your list is a lookup on the incoming host's - name, so Exim has to determine the name from the incoming IP address in - order to perform the test. If it can't find the host name, it can't do - the check, so it gives up. The solution is to put all explicit IP - addresses first in the list. You would have discovered what was going - on if you had run a test such as - -
-- exim -bh 192.168.96.131-Q0030: When I run "exim -bd -q10m" I get "PANIC LOG: exec of exim -q failed". - - -
-A0030: This probably means that Exim doesn't know its own path so it can't - re-exec itself to do the first queue run. Check the output of - -
-- exim -bP exim_path-Q0031: Why do connections to my machine's SMTP port take a long time to respond - with the banner, when connections to other ports respond instantly? - - -
-A0031: See - Q0026. - -
-Q0032: I can't seem to get a pipe command to run when I include a ${if - expansion in it. This fails: - - -- command = "perl -T /usr/local/rt/bin/rtmux.pl \ - rt-mailgate helpdesk \ - ${if eq {$local_part}{rt} {correspond}{action}}"-
-A0032: You need some internal quoting in there. Exim expands each individual - argument separately. Because you have (necessarily) got spaces in your - ${if item, you have to quote that argument. Try - -
-- command = "perl -T /usr/local/rt/bin/rtmux.pl \ - rt-mailgate helpdesk \ - \"${if eq {$local_part}{rt} {correspond}{action}}\""-Q0033: I'm trying to get Exim to connect an alias to a pipe, but it always - gives error code 69, with the comment "(could mean service or program - unavailable)". - - -
-A0033: If your alias entry looks like this: - -
-- alias: |"/some/command some parameters"-
- change it to look like this: - -
-- alias: "|/some/command some parameters"-Q0034: I'm having a problem with an Exim RPM. - - -
-A0034: See - Q9606. - -
-Q0035: What does the error "Spool file is locked" mean? - - --A0035: This is not an error[*]. All it means is that when an Exim delivery - process (probably started by a queue runner process) looked at a message - in order to start delivering it, it found that another Exim process was - already busy delivering it. On a busy system this is quite a common - occurrence. If you set log_level less than 5, these messages are omitted - from the log. - -
-- [*] The only time when this message might indicate a problem is if it is - repeated for the same message for a very long time - say more than a few - hours. That would suggest that the process that is delivering the - message has somehow got stuck. - -
-Q0036: Exim is reporting IP addresses as 0.0.0.0 or 255.255.255.255 instead of - their correct values. What's going on? - - --A0036: You are using a version of Exim built with gcc on an IRIX box. - See - Q9502. - -
-Q0037: I can't seem to figure out why PAM support doesn't work correctly. - - --A0037: There is a problem using PAM on Linux with shadow passwords when the - calling program is not running as root. Exim is normally running as the - Exim user when authenticating a remote host. I don't know of an easy - resolution to this. - -
-Q0038: I'm trying to use a query-style lookup for hosts that are allowed to - relay, but it is giving really weird errors. - - --A0038: Does your query contain a colon character? Remember that - host_accept_relay operates on a colon-separated list, so you need to - double any colons in the query. This applies even if the query is - defined as a macro. - -
-Q0039: Exim is rejecting calls from hosts that have more than one IP address, - for no apparent reason. - - --A0039: You are using Solaris 7 or earlier, and have "nis dns files" in - /etc/nsswitch.conf. Change this to "dns nis files" to avoid hitting Sun - bug 1154236 (a bad interaction between NIS and the DNS). - -
-Q0040: Exim is failing to find the MySQL library, even though is it present - within $LD_LIBRARY_PATH. I'm getting this error: - - -- /usr/local/bin/exim: fatal: libmysqlclient.so.6: open failed: - No such file or directory-
-A0040: Exim is suid, and LD_LIBRARY_PATH is ignored for suid binaries on a - Solaris (and other?) systems. What you should be doing is adding - -R/local/lib/mysql to the same place in the compilation that you added - -L/local/lib/mysql. This lets the binary know where to look without - needing a path variable. - -
-Q0041: I have a collection of Exim processes that have been around for days, - and are apparently stuck while trying to deliver to remote hosts. This - is causing the messages they are handling to get stuck. - - --A0041: There appears to be a problem in the connect() function in some - operating systems, such that it does not time out as it should. Setting - connect_timeout in the smtp transport causes Exim to apply its own - timeout, and this seems to overcome this problem. In Exim 3.15 the - default was changed from zero (rely on system's timeout) to 5 minutes, - which is the value recommended in the RFCs. - -
-Q0042: I have a message in the spool which couldn't be delivered because of a - timeout from the remote smtp server. When I try to deliver this message - in eximon, I get "Spool file is locked". How can I deliver the message? - - --A0042: Find the Exim proccess that is stuck, and kill it. You may be able to - use exiwhat to do this, but if it is stuck in connect() it may not - respond, and you will have to identify it some other way. Now read - - Q0041 about why this might have happened. - -
-- If you have a suitable debugger on your system, you may be able to find - out more information before killing the process. For example, if you - have gdb you can connect it to the process by running this command as - root: - -
-- gdb exim <process-id>-
- At the gdb prompt, give the "bt" (backtrace) command, to display the - stack contents. This should tell you the name of the function in which - the process is stuck. If this is connect(), then you do have the - Q0041 - problem. - -
-Q0043: What does the error "lookup of host "xx.xx.xx" failed in yyyy router" - mean? Any suggestions to stop this these sort of errors from being - frozen would be muchly appreciated. - - --A0043: You configured a domainlist router to send the message to xx.xx.xx. When - it tried to look up the IP address for that host, the lookup failed - with a permanent error. As this is a manual routing, this is a - considered to be a serious error which the postmaster needs to know - about (maybe you have a typo in your file), and there is little point - in keeping on trying. So it freezes the message. - -
-- 1. Don't set up routes to non-existent hosts. - -
-- 2. If you must set up routes to non-existent hosts, and don't want - freezing, set the host_find_failed option on the router to do something - other than freeze. - -
-Q0044: My filter isn't working. How can I test it? - - --A0044: Use the -bf option (-bF for a system filter) to test the basic operation - of your filter. If you also turn on debugging at level 10 (-d10) it will - output information as the filter runs. - -
-Q0045: Exim works fine on one host, but when I copied the binary to another - identical host, it stopped working (it could not resolve DNS names). - - --A0045: Is the new host running exactly the same operating system? Most - importantly, are the versions of the dynamically loaded libraries - (files with names like libsocket.so.1) the same on both systems? If not, - that is probably the cause of the problem. Either arrange for the - libraries to be the same, or rebuild Exim from source on the new host. - -
-Q0046: Once in a while, a user will send a message and immediatly get a - response back "No Transport Provider" If they choose "Send Again", - sometimes it works, sometimes it doesn't. - - --A0046: This problem has been seen on Debian Linux 2.1 systems. The best advice - seems to be to upgrade your server to a later Debian release and a later - Exim release, and maybe also upgrade the hardware. - -
-Q0047: I set host_accept_relay to do a lookup in a file of IP addresses, but it - doesn't work. - - --A0047: Did you remember to put `net-' at the start of the the search type? If - you set something like this: - -
-- host_accept_relay = lsearch;/some/file-
- it searches the file for the host name. You need to set - -
-- host_accept_relay = net-lsearch;/some/file-
- to make it use the IP address as the key to the lookup. - -
--A0101: The problem is that libident assumes "struct timeval" refers to - DST_NONE, and so it tries to avoid using this structure when DST_NONE - isn't defined. Unfortunately it doesn't make this change everywhere it - should, and so it blows up. The problem has been seen on NetBSD and - some versions of the Linux C library. An easy, albeit not particularly - neat, fix is to add -DDST_NONE to LIBIDENTCFLAGS for systems that are - afflicted like this - there's not a lot else you can do without - modifying libident. The value of DST_NONE is never used, so defining it - to be empty should be harmless. - -
-Q0102: When I ran make I got the error "undefined reference to dbopen". - - --A0102: Either: - -
-- (A) This means you (or the default configuration for your operating - system) have configured Exim to use Berkeley DB version 1.xx - and it has not been given access to the DB library (where dbopen - should be found). You may need something like DBMLIB=-ldb in - Local/Makefile. Berkeley DB is one of several alternative DBM - libraries that Exim can make use of. For a discussion of DBM issues, - see the file doc/dbm.discuss.txt in the Exim distribution. - -
-- (B) You are running on a version of Linux which has a problem in its - libraries. This effect isn't fully understood. It has been seen with - the libraries used in Caldera OpenLinux Base 1.1. - -
-Q0103: I can't get Exim to compile with Berkeley DB version 2.x. - - --A0103: Have you set USE_DB=yes in Local/Makefile? This causes Exim to use the - native interface to the DBM library instead of the compatibility - interface, which needs a header called ndbm.h that may not exist on your - system. - -
-Q0104: I'm getting an "undefined symbol" error for hosts_ctl when I try to - build Exim. (On some systems this error is "undefined reference to - 'hosts_ctl'".) - - --A0104: You should either remove the definition of USE_TCP_WRAPPERS or add - -lwrap to your EXTRALIBS setting in Local/Makefile. - -
-Q0105: I'm about to upgrade to a new Exim release. Do I need to ensure the - spool is empty, or take any other special action? - - --A0105: If you are changing to release 3.00 or later from a release prior to - 3.00, you will probably need to make changes to the runtime - configuration file. See README.UPDATING for details. Otherwise, you - do not need to take special action. New releases are made backwards - compatible with old spool files and "hints" databases so that upgrading - can be done on a running system. All that should be necessary is to - install a new binary and then HUP the daemon if you are running one. - -
-Q0106: What does the error "install-info: command not found" mean? - - --A0106: You have set INFO_DIRECTORY in your Local/Makefile, and Exim is trying - to install the Texinfo documentation, but cannot find the command called - install-info. If you have a version of Texinfo prior to 3.9, you - should upgrade. Otherwise, check your installation of Texinfo to see why - the install-info command is not available. - -
-Q0107: Exim doesn't seem to be recognizing my operating system type correctly, - and so is failing to build. - - --A0107: Run the command "scripts/os-type -generic". The output should be one of - the known OS types, and should correspond to your operating system. You - can see which OS are supported by obeying "ls OS/Makefile-*" and looking - at the file name suffixes. - -
-- If there is a discrepancy, it means that the script is failing to - interpret the output from the "uname" command correctly, or that the - output is wrong. Meanwhile, you can build Exim by obeying - -
-- EXIM_OSTYPE=xxxx make-
- instead of just make, provided you are running a Bourne-compatible - shell, or otherwise by setting EXIM_OSTYPE correctly in your - environment. It is probably best to start again from a clean - distribution, to avoid any wreckage left over from the failed attempt. - -
-Q0108: I am getting an error "`exim' undeclared here" when I compile, in the - globals.c module. - - --A0108: You have set EXIM_UID = exim in your Local/Makefile. Unfortunately, - named uids are not permitted here; you must give a numerical uid. - However, in the runtime configure file names are permitted. - -
-Q0109: Exim fails to build, complaining about the absence of the "killpg" - function. - - --A0109: This function should be present in all modern flavours of Unix. If you - are using an older version, you should be able to get round the problem - by inserting - -
-- #define killpg(pgid,sig) kill(-(pgid),sig)-
- into the file called OS/os.h-xxx, where xxx identifies your operating - system, and is the output of the command "scripts/os-type -generic". - -
-Q0110: I'm getting an unresolved symbol ldap_is_ldap_url when trying to build - Exim. - - --A0110: You must have specified LOOKUP_LDAP=yes in the configuration. Have you - remembered to set -lldap somewhere (e.g. in LOOKUP_LIBS)? You need that - in order to get the LDAP library scanned when linking. - -
-Q0111: I'm getting an unresolved symbol mysql_close when trying to build Exim. - - --A0111: You must have specified LOOKUP_MYSQL=yes in the configuration. Have you - remembered to set -lmysqlclient somewhere (e.g. in LOOKUP_LIBS)? You - need that in order to get the MySQL library scanned when linking. - -
-Q0112: I'm trying to build Exim with PAM support. I have included -lpam in - EXTRALIBS, but I'm still getting a linking error: - - -- /lib/libpam.so: undefined reference to `dlerror' - /lib/libpam.so: undefined reference to `dlclose' - /lib/libpam.so: undefined reference to `dlopen' - /lib/libpam.so: undefined reference to `dlsym'-
-A0112: Add -ldl to EXTRALIBS. In some systems these dynamic loading functions - are in their own library. - -
-Q0113: I'm getting the error "db.h: No such file or directory" when I try to - build Exim. - - --A0113: This problem has been seen with RedHat 7.0, but could also happen in - other environments. If your system is using the DB3 DBM library, you - need to install the DB3 development package in order to build Exim. - The package is called something like db3-devel-3.1.14-16.i386.rpm for - Linux systems, but you should check which version of DB3 you have - installed. - -
-Q0114: I'm getting the error "/usr/bin/ld: cannot find -ldb1" when I try to - build Exim. - - --A0114: This is probably the same problem as - Q0113. - -
--A0201: Your configuration specifies that local mailboxes are all held in - single directory, via configuration lines like these (taken from the - default configuration): - -
-- local_delivery: - driver = appendfile - file = /var/mail/$local_part-
- and the permissions on the directory probably look like this: - -
-- drwxrwxr-x 3 root mail 512 Jul 9 13:48 /var/mail/-
- Using the default configuration, Exim runs as the local user when doing - a local delivery, and it uses a lock file to prevent any other process - from updating the mailbox while it is writing to it. With those - permissions the delivery process, running as the user, is unable to - create a lock file in the /var/mail directory. There are two solutions - to this problem: - -
-- (A) Set the "write" and "sticky bit" permissions on the directory, so - that it looks like this: - -
-- drwxrwxrwt 3 root mail 512 Jul 9 13:48 /var/mail/-
- The "w" allows any user to create new files in the directory, but - the "t" bit means that only the creator of a file is able to remove - it. This is the same setting as is normally used with the /tmp - directory. - -
-- (B) Arrange to run the local_delivery transport under a specific group - by changing the configuration to read - -
-- local_delivery: - driver = appendfile - file = /var/mail/${local_part} - group = mail-
- The delivery process still runs under the user's uid, but with the - group set to "mail". The group permission on the directory allows - the process to create and remove the lock file. - -
-- The choice between (A) and (B) is up to the administrator. If the - second solution is used, users can empty their mailboxes by updating - them, but cannot delete them. - -
-- If your problem involves mail to root, see also - Q0507. - -
-Q0202: I am experiencing mailbox locking problems with Sun's mailtool used - over a network. - - --A0202: See - A9705 in the Sun-specific section below. - -
--A0301: They mean exactly what they say. Exim has tried to route a domain that - it thinks is not local, and when it looked it up in the DNS, either the - lowest numbered MX record pointed at the local host, or there were no - MX records, and the address record for the domain pointed to an IP - address that belongs to the local host. - -
-- (A) If the domain is meant to be handled as a local domain, then there - is a problem with the setting of the local_domains configuration - option. If you have not set this, then only the name of the local - host is treated as a local domain. If, for example, your host is - called myhost.mydomain.com and you want it to handle mail for the - domain mydomain.com as well as for its own name, you must set - -
-- local_domains = myhost.mydomain.com:mydomain.com-
- or, if you want to be more general, you could use - -
-- local_domains = *.mydomain.com:mydomain.com-
- If you have a large number of individual local domains, you should - investigate storing them in a file and setting local_domains to do a - lookup. - -
-- All the domains in local_domains are treated as synonymous by - default. If you want to specify different handling for different - domains, you can either use domains options, to restrict certain - directors to certain domains, or use the $domain expansion variable - in director options to vary the value according to the domain, for - example, setting the name of an alias file to /etc/aliases/$domain. - -
-- (B) If the domain is one for which the local host is providing a - forwarding service (called "mail hubbing"), possibly as part of a - firewall, then you need to set up a router to tell Exim where to - send messages addressed to this domain, since the DNS directs them - to the local host. The routers section of your configuration file - should look something like this: - -
-- hubbed_hosts: - driver = domainlist - transport = remote_smtp - route_list = see discussion below-
- other_hosts: - driver = lookuphost - transport = remote_smtp-
- Note that the domainlist router must come first so that it can pick - off a hubbed host before it gets to the lookuphost router. The - contents of the route_list option depend on how many hosts you are - hubbing for, and how their names are related to the domain name. - Suppose the local host is a firewall, and all the domains in - *.foo.bar have MX records pointing to it, and each domain - corresponds to a host of the same name. Then the setting could be - -
-- route_list = "*.foo.bar $domain byname"-
- If there isn't a convenient relationship between the domain names - and the host names, then you either have to list each domain - separately, or use a lookup expansion to look up the host from the - domain, or put the routing information in a file and use the - route_file option. - -
-- (C) If neither (A) nor (B) is the case, then the lowest numbered MX - record or the address record for the domain should not be pointing - to your host. You should arrange to get the DNS mended. - -
-- There has been a rash of instances of domains being deliberately set - up with MX records pointing to "localhost", which causes this - behaviour. By default, Exim defers delivery and freezes the message. - You can change what Exim does by setting the generic "self" option - on the router, for example, to make it bounce such domains. If you - are running a release later than 3.16, you can use the option - called ignore_target_hosts instead, to get it to pretend such hosts - do not exist. - -
-Q0302: How do I configure Exim to send all non-local mail to a gateway host? - - --A0302: Replace the lookuphost router in the default configuration with the - following: - -
-- send_to_gateway: - driver = domainlist - transport = remote_smtp - route_list = * gate.way.host byname-
- This uses gethostbyname() to find the gateway's IP address. You could - alternatively have "bydns" to do a DNS lookup with MX handling, in which - case "gate.way.host" is really being treated as a mail domain name - rather than a host name. If there are several hosts you can send to, - you can specify them as a colon-separated list. See also - Q0325 and - Q0402. - -
-Q0303: How do I configure Exim to send all non-local mail to a central server - if it cannot be immediately delivered by my host? I don't want to have - queued mail waiting on my host. - - --A0303: Add to the remote_smtp transport the following: - -
-- fallback_hosts = central.server.name(s)-
- If there are several names, they must be separated by colons. - -
-Q0304: How can I arrange for messages submitted by (for example) Majordomo to - be routed specially? - - --A0304: See - A0404. - -
-Q0305: How do I arrange for all incoming email for *@some.domain to go into one - pop3 mail account? The customer doesn't want to add a list of specific - local parts to the system. - - --A0305: Set up a special transport that writes to the mailbox like this: - -
-- special_transport: - driver = appendfile - file = /pop/mailbox - envelope_to_add - return_path_add - delivery_date_add - user = exim-
- The file will be written as the user "exim". Then arrange to route all - mail for that domain to that transport, with a router like this: - -
-- special_router: - driver = domainlist - transport = special_transport - route_list = some.domain-
- Alternatively, you could make some.domain a local domain, and use a - smartuser director instead. - -
-Q0306: The route_list setting - ^foo$:^bar$ $domain byname in a domainlist - router does not work. - - --A0306: The first thing in a route_list item is a single pattern, not a list of - patterns. You need to write that as - ^(foo|bar)$ $domain byname. - Alternatively, you could use several items and write - -
-- route_list = "foo $domain byname; bar $domain byname"-
- Note the semicolon separator. This is because the second thing in each - item can be a list - of hosts. - -
-Q0307: I'm getting "permission denied" when Exim attempts to check a - require_files option. - - --A0307: See - A0410 below. - -
-Q0308: I have a domain for which some local parts must be delivered locally, - but the remainder are to be treated like any other remote addresses. - - --A0308: The way to do this is not to include the domain in local_domains, so - that addresses initially get passed to the routers. The first router - should be definied like this: - -
-- special_local: - driver = domainlist - local_parts = whatever... - domains = whatever... - route_list = * localhost byname - self = local-
- That will pick off those addresses with matching local parts and - domains, and hand them to the directors, because of the self = local - setting. Any other addresses will fall through to the other routers and - be handled as normal remote addresses. - -
-Q0309: For certain domains, I don't want Exim to use MX records. Instead, I - want it just to look up the hosts' A records. I tried using a negative - entry in mx_domains in the smtp router, but it didn't work. - - --A0309: The mx_domains option specifies domains for which there must be an MX - record (an A record isn't good enough). Consequently, a negative item in - it doesn't do what you want - any domain matching is is not required to - have an MX record, but it doesn't stop Exim from using MX records for - any that do have them. You can achieve what you want using either a - lookuphost or a domainlist router: - -
-- (A) Using lookuphost: - -
-- special_domains: - driver = lookuphost - transport = remote_smtp - domains = list:of:domains:you:want:to:do:this:for - gethostbyname-
- (B) Using domainlist: - -
-- special_domains: - driver = domainlist - transport = remote_smtp - domains = list:of:domains:you:want:to:do:this:for - route_list = * * byname-
- If the list of domains is actually a lookup in a file, you can dispense - with domains in the domainlist case, and put the lookup into the - route_list option. - -
-Q0310: How can I configure Exim on a firewall machine so that if mail arrives - addressed to a domain whose MX points to the firewall, it is forwarded - to the internal mail server, without having to have a list of all the - domains involved? - - --A0310: As your first router, have the standard lookuphost router from the - default configuration, with the added options - -
-- no_more - self = pass-
- This will handle all domains whose lowest numbered MX records do not - point to your host. Because of the no_more setting, if it encounters - an unknown domain, routing will fail. However, if it hits a domain whose - lowest numbered MX points to your host, the "self" option comes into - play, and overrides no_more. The "pass" setting causes it to pass - the address on to the next router. (The default causes it to generate an - error.) - -
-- As your second (and last) router, set up a domainlist router that sends - everything to your internal mail server. That is, use an option of the - form - -
-- route_list = * internal.server byname-Q0311: How can I arrange that messages larger than some limit are handled by - a special router? - - -
-A0311: If you are using Exim 2.10 or greater, you can use a condition option - on the router of the form - -
-- condition = ${if >{$message_size}{100K}{yes}{no}}-
- Earlier versions of Exim do not have numerical comparison operators, - though you can use tricks like - -
-- condition = ${if eq {${substr_5:$message_size}}{}{no}{yes}}-Q0312: If a DNS lookup returns no MX records why doesn't Exim just bin the - message? - - -
-A0312: If a DNS lookup returns no MXs, Exim looks for an A record, in - accordance with the rules that are defined in the RFCs. If you want to - break the rules, you can set mx_domains in the lookuphost router, but - you will cut yourself off from those sites (and there still seem to be - plenty) who do not set up MX records. - -
-Q0313: When a DNS lookup for MX records fails to complete, why doesn't Exim - send the messsage to the host defined by the A record? - - --A0313: The RFCs are quite clear on this. Only if it is known that there are no - MX records is an MTA allowed to make use of the A record. When an MX - lookup fails to complete, Exim does not know whether there are any MX - records or not. There seem to be some nameservers (or some - configurations of some nameservers) that give a "server fail" error when - asked for a non-existent MX record. Exim uses standard resolver calls, - which unfortunately do not distinguish between this case and a timeout, - so all Exim can do is try again later. - -
-Q0314: Can you specify a list of domains to explicitly reject? - - --A0314: Use a router like this: - -
-- reject_domains: - driver = domainlist - self = fail_hard - domains = list:of:domains:to:reject - route_list = * localhost byname-Q0315: Is it possible to use a conditional expression for the host item in a - route_list for the domainlist router? I tried the following, but it - doesn't work: - - -
- route_list = * ${if match{$header_from:}{.*\\.usa\\.net\\$} \ - {<smarthost1>}{<smarthost2>} bydns_a-
-A0315: The problem is that the second item in the route_list contains white - space, which means that it gets terminated prematurely. To avoid this, - you must put the second item in quotes: - -
-- route_list = * "${if match{$header_from:}{.*\\.usa\\.net\\$} \ - {<smarthost1>}{<smarthost2>}}" bydns_a-Q0316: I send all external mail to a smart host, but this means that bad - addresses also get passed to the smart host. Can I avoid this? - - -
-A0316: If you are receiving the mail via SMTP, then you can use verification to - weed out the bad addresses. Set no_verify on the router which sends - everything to your smart host, and insert a new router with verify_only - that does general routing using DNS lookups (e.g. the default lookuphost - router), or any other verification you want. Then set receiver_verify - so that addresses are accepted only if they verify successfully. - -
-Q0317: I have a dial-up machine, and I use the queue_smtp option so that remote - mail only goes out when I do a queue run. However, any email I send with - an address <anything>@aol.com is returned within about 15 mins saying - 'retry time exceeded', and all addresses are affected. - - --A0317: See - Q1401. - -
-Q0318: How can I route mail for user X@local to a smarthost if X doesn't exist - on the local host? - - --A0318: See - A0428. - -
-Q0319: How can I arrange to do my own qualification of non-fully-qualified - domains, and then pass them on to the next router? - - --A0319: If you have some list of domains that you want to qualify, you can do - this using a domainlist router. For example, - -
-- qualify: - driver = domainlist - route_list = *.a.b $domain.c.com-
- adds ".c.com" to any domain that matches "*.a.b". In the absence of any - options in the route item, the new domain is passed to the next router. - -
-- If you want to do this in conjunction with a lookuphost router, the - widen_domains option of that router may be another way of achieving what - you want. - -
-Q0320: Every system has a "nobody" account under which httpd etc run. I would - like to know how to restrict mail which comes from that account to users - on that host only. - - --A0320: Set up a router with senders=nobody@your.domain which routes all - mail to a local transport that delivers it to /dev/null (or to a pipe - that bounces with an error message, or whatever). That would catch all - mail to non-local domains. - -
-Q0321: I have a really annoying intermittent problem where attempts to mail to - valid sites are rejected with "unknown mail domain". This only happens a - few times a day and there is no particular pattern to the sites it - rejects. If I try to lookup the same domain a few minutes later then it - is OK. - - --A0321: (A) Have you linked Exim against the newest DNS resolver library that - comes with Bind? If you are using SunOS4 that may be your problem, as - the resolver that comes with that OS is known to be buggy and to give - intermittent false negatives. - -
-- (B) Effects like this are sometimes seen if a domain's nameservers get - out of step with each other. - -
-Q0322: I'd like route all mail with unresolved addresses to a relay machine. - - --A0322: Set pass_on_timeout on your lookuphost router, and add below it a - domainlist router that routes everything to the relay. - -
-Q0323: I would like to forward all incoming email for a particular domain to - another machine via SMTP. Whereabouts would I configure that? - - --A0323: First, do not list the domain in local_domains. Instead, list it in - relay_domains. Then, if the domain's lowest numbered MX record points to - your host, set up a domainlist router before your normal lookuphost - router, in order to route the domain to the specific host. - -
-Q0324: Why does Exim say "all relevant MX records point to non-existent hosts" - when MX records point to IP addresses? - - --A0324: MX records cannot point to IP addresses. They are defined to point to - host names, so Exim always interprets them that way. (An IP address is a - syntactically valid host name.) The DNS for the domain you are having - problems with is misconfigured. - -
-- However, it appears that more and more DNS zones are breaking the rules - and putting IP addresses on the RHS of MX records. Exim follows the - rules and rejects this, but other MTAs do support it, so allow_mx_to_ip - was regretfully added at release 3.14 to permit this heinous activity. - -
-Q0325: How can I arrange for mail on my local network to be delivered directly - to the relevant hosts, but all other mail to be sent to my ISP's mail - server? The local hosts are all DNS-registered and behave like normal - Internet hosts. - - --A0325: Set up a first router to pick off all the domains for your local - network. There are several ways you might do this. For example - -
-- local: - driver = lookuphost - transport = remote_smtp - domains = lsearch;/etc/local_domains.list-
- This does a perfectly conventional DNS routing operation, but only for - your local domains. Follow this with a "smarthost" router: - -
-- internet: - driver = domainlist - transport = remote_smtp - route_list = * mail.isp.net bydns_a-
- This sends anything else to the smart host. - -
-Q0326: What I'd like to do is have alternative smarthosts, where the one to be - used is determined by which ISP I'm connected to. - - --A0326: The simplest way to do this is to use a lookup in a domainlist router. - For example: - -
-- smarthost: - driver = domainlist - transport = remote_smtp - route_list = * ${lookup{smart}lsearch{/etc/smarthost}{$value}} byname-
- where you arrange for the name (or IP address) of the relevant smart - host to be placed in /etc/smarthost when you connect, in the form - -
-- smart: smart.host.name.or.ip-
- By keeping the data out of the main configuration file, you avoid having - to HUP the daemon when it changes. - -
--A0401: Adding an asterisk to a search type causes Exim to look up "*" when the - normal lookup fails. So if your director is something like this: - -
-- virtual: - driver = aliasfile - domains = virt.dom.ain - file = /usr/lib/aliases.virt - search_type = lsearch - no_more-
- you should change "lsearch" to "lsearch*", and put this in the alias - file: - -
-- *: postmaster@virt.dom.ain-
- This solution has the feature that if there are several unknown - addresses in the same message, only one copy gets sent to the - postmaster, because of Exim's normal de-duplication rules. - -
-- You can get separate deliveries for each unknown address only if you can - direct them to a specific transport, by using a smartuser director like - this: - -
-- virtual: - driver = aliasfile - domains = virt.dom.ain - file = /usr/lib/aliases.virt - search_type = lsearch-
- default_virtual: - driver = smartuser - domains = virt.dom.ain - transport = special_delivery - new_address = postmaster@virt.dom.ain - no_more-
- If an address in the virtual domain is not matched by the normal alias - lookup, then it gets picked up by the smartuser and passed to the - transport with a new address. There is no checking for duplicates, so - if there is more than one address that passes through this mechanism, - multiple copies get delivered. In order to distinguish them, the - envelope_to_add option can be set on the transport, to cause the - insertion of an Envelope-To: header containing the original recipient - address. - -
-Q0402: How do I configure Exim to send all messages to a central server? - - --A0402: This implies that you are not doing any local deliveries at all. Set - -
-- local_domains =-
- in the configuration file. This specifies that there are no local - domains (by default your host name is set up as a local domain). Then - all addresses are non-local - - A0302 tells you how to deal with them. - -
-Q0403: How do I configure Exim to send messages for unknown local users to a - central server? - - --A0403: At the end of the directors section of the configuration, insert the - following director: - -
-- unknown: - driver = smartuser - transport = unknown_transport-
- You should add no_verify to this if you are verifying addresses; - without it, all local parts will verify as valid in the local domain. - Then somewhere in the transports section of the configuration insert - -
-- unknown_transport: - driver = smtp - hosts = server.host.name-
- A colon-separated list of hosts may be given. They are tried in order. - By default, the IP address of any host is found by looking in the DNS - and doing MX processing (so really it is a domain list rather than a - host list). If you don't want MX processing, set the "gethostbyname" - option: - -
-- unknown_transport: - driver = smtp - hosts = server.host.name - gethostbyname-
- This calls the gethostbyname() function to find IP addresses. Depending - on your operating system and configuration, this usually consults - /etc/hosts and possibly other sources of information, as well as, or - instead of, the DNS. - -
-- If you want to change the recipient address when doing this, you can use - the new_address option on the smartuser director. For example, if the - address is user@foo.bar.com and the setting is - -
-- new_address = $local_part@bar.com-
- The message is sent to the server with the envelope recipient changed to - user@bar.com. However, this does not make any changes to the message's - headers. - -
-Q0404: How can I arrange for messages submitted by (for example) Majordomo to - be handled specially? - - --A0404: You can use the condition option on a director or router, with a - setting such as - -
-- condition = ${if and {{eq {$sender_host_address}{}} \ - {eq {$sender_ident}{majordom}}} {yes}{no}}-
- This first tests for a locally-submitted message, by ensuring there is - no sending host address, and then it checks the identity of the user - that ran the submitting process. - -
-Q0405: On a host that accepts mail for several domains, do I have to use fully - qualified names in /etc/aliases or do I have to set up an alias file for - each domain? - - --A0405: You can do it either way. If you use a single file, you must set - include_domain on the aliasfile director. If you use a separate file - for each domain you can use a single director with an option such as - -
-- file = /etc/aliases/$domain-
- (as in C007), or you can have several different directors, each one with - -
-- domains = domain1:domain2:...-
- so that each one processes certain domains only. That way you could have - several domains sharing an alias file. All of this assumes that you want - have different aliases for each domain. If all the domain names are in - effect just synonyms, you don't need to do anything other than ensure - they all match something in local_domains. - -
-Q0406: Some of my users are using the .forward to pipe to a shell command which - appends to the user's INBOX. How can I forbid this? - - --A0406: If you allow your users to run shells in pipes, you cannot control which - commands they run or which files they write to. However, you should point - out to them that writing to an INBOX by arbitrary commands is not - interlocked with the MTA and MUAs, and is liable to mess up the contents - of the file. - -
-- If a user simply wants to choose a specific file for the delivery of - messages, this can be done by putting a file name in a .forward file - rather than using a pipe, or by using the "save" command in an Exim - filter file. - -
-- You can set forbid_pipe on the forwardfile director, but that will - prevent them from running any pipe commands at all. Alternatively, you - can restrict which commands they may run in their pipes by setting the - allow_commands and/or restrict_to_path options in the address_pipe - transport. - -
-Q0407: How can I arrange for a default value when using a query-style lookup - such as LDAP or NIS+ to handle aliases? - - --A0407: Using the queries option for the aliasfile driver should do what you - want. You can supply a second query which gets obeyed when the first - query fails. For example, - -
-- queries = "\ - ldap:://x.y.z/l=yvr?aliasaddress?sub?(&(mail=$local_part@$domain)):\ - ldap:://x.y.z/l=yvr?aliasaddress?sub?(&(mail=default@$domain))"-Q0408: If I don't fully qualify the addresses in a virtual domain's alias file - then mail to aliases which also match the local domain get delivered to - the local domain. - - -
- For example, if the alias file for foobar.com is - -
-- foo: joe@some.place.com - postmaster: foo-
- then mail sent to postmaster@foobar.com is not delivered to - joe@some.place.com but instead goes to foo@localdomain.com. - -
--A0408: Set the qualify_preserve_domain option on the aliasfile director. - -
-Q0409: We've got users who chmod their home to 750, and home is NFS-mounted - without root privilege, so Exim cannot access ~user/.forward. - - --A0409: Set the seteuid option on the forwardfile director so that Exim - "becomes" the user before trying to read the file. However, if your - operating system does not support the seteuid() function, you cannot do - this. In that circumstance, if you cannot persuade your users to make - their .forward files world readable, you can set the ignore_eacces - option, which causes Exim to ignore unreadable files. - -
-Q0410: I'm getting "permission denied" when Exim tries to check a for the - existence of a user's .procmailrc file using require_files. - - --A0410: Exim is running under its own uid (or root if there isn't an Exim uid) - when it checks require_files. You can cause it to change to a specific - uid by putting an item not containing any / characters at the start of - the require_files list. In this case you probably want a director along - these lines: - -
-- procmail: - driver = localuser - require_files = $local_part:$home/.procmailrc - transport = procmail_pipe-Q0411: How can I deliver mail into different directories for each virtual - domain, doing user lookups not against /etc/passwd but against - /etc/passwd.domain? - - -
-A0411: See configuration sample C009. - -
-Q0412: I want mail for any local part at certain virtual domains to go - to a single address for each domain. - - --A0412: One way to to this is - -
-- virtual: - driver = smartuser - domains = lsearch;/etc/virtual - new_address = ${lookup{$domain}lsearch{/etc/virtual}{$value}fail}-
- The /etc/virtual file contains a list of domains and the addresses to - which their mail should be sent. For example: - -
-- domain1: postmaster@some.where.else - domain2: joe@xyz.plc - etc.-
- If the number of domains is large, using a DBM or cdb file would be more - efficient. - -
-Q0413: How can I make Exim look in the alias NIS map instead of /etc/aliases? - - --A0413: The default configuration does not use NIS (many hosts don't run it). - You should change the system_aliases director to - -
-- system_aliases: - driver = aliasfile - file = mail.aliases - search_type = nis-
- If you want to use /etc/aliases as well as NIS, put this director (with - a different name) before or after the default one, depending on which - data source you want to take precedence. - -
-Q0414: What does the error message "error in forward file (filtering not - enabled): missing or malformed local part ..." mean? - - --A0414: If you are trying to use an Exim filter, you have forgotten to enable - the facility, which is disabled by default. In the forwardfile director - (in the Exim configuration file) you need to set - -
-- filter = true-
- to allow a .forward file to be used as an Exim filter. If you are not - trying to use an Exim filter, then you have put a malformed address in - the .forward file. - -
-Q0415: Exim isn't recognizing certain forms of local address. - - --A0415: (A) Try using the -bt option with debugging turned on, to see how Exim - is handling the addresses. For example, - -
-- exim -d2 -bt z6abc-
- will show you how it would handle the local part "z6abc". Increase the - debug level to -d9 for more information. - -
-- (B) If the local user names contain capital letters, that is probably - the cause of your problem. Setting up such user names is a bad idea. - By default, everything is lowercased before the final delivery for the - sake of alias matching and user name matching, because people who type - email addresses often get the case wrong. You can stop this by setting - -
-- locally_caseless = false-
- but then incoming addresses are recognized only in the correct case. - See - Q0424 for a way round this. - -
-Q0416: I have a domain for which some local parts must be delivered locally, - but the remainder are to be treated like any other remote addresses. - - --A0416: See - A0308. - -
-Q0417: What I really need is the ability to obtain the result of a pipe - command so that I can filter externally and redirect internally. Is - this possible? - - --A0417: This is not possible. The result of a pipe command is not available to - a filter, because it doesn't run any deliveries while filtering. It just - sets up deliveries. They all happen later. If you want to run pipes - and examine their results, you need to set up a single delivery to a - delivery agent such as procmail which provides this kind of facility. - -
-Q0418: When I set a suffix on one of my directors, it doesn't get stripped when - checking the local_parts option. Why is this? - - --A0418: The test on local parts and domains is done early on, and only if they - match is supplementary processing such as prefix and suffix recognition - done. There is a section of the manual called "Skipping directors" which - gives details. If you want to ignore a prefix or suffix in the initial - test of the local part, you can do so by replacing local_parts with a - setting of the condition option. For example, suppose you wanted to - look up the basic local part in a file, and run the director if it is - found: - -
-- condition = ${if lookup{\ - ${if match{$local_part}{^(.*)-request}{$1}{$local_part}}\ - }lsearch{/some/file}{yes}}-
- The key that is looked up is the second line, which uses a regular - expression to strip "-request" from the local part if it is present. - -
-Q0419: Why will Exim deliver a message locally to any username that is longer - than 8 characters as long as the first 8 characters match one of the - local usernames? - - --A0419: The problem is in your operating system. Exim just calls the getpwnam() - function to test a local part for being a local login name. It does not - presume to guess the maximum length of user name for the underlying - operating system. Many operating systems correctly reject names that are - longer than the maximum length; yours is apparently deficient in this - regard. To cope with such systems, Exim has an option called - max_user_name_length which you can set to the maximum allowed length. - -
-Q0420: Why am I seeing the error "bad mode (100664) for /home/test/.forward - (userforward director)"? I've looked through the documentation but can't - see anything to suggest that exim has to do anything other than read the - .forward file. - - --A0420: For security, Exim checks for mode bits that shouldn't be set, by - default 022. You can change this by setting the "modemask" option of the - forwardfile director. - -
-Q0421: How can I arrange that messages larger than some limit are handled by - a special director? - - --A0421: See - A0311. - -
-Q0422: When a user's .forward file is syntactially invalid, Exim defers - delivery of all messages to that user, which sometimes include the - user's own test messages. Can it be told to ignore the .forward file - and/or inform the user of the error? - - --A0422: Setting skip_syntax_errors on the forwardfile director causes syntax - errors to be skipped. When dealing with users' .forward files it is best - to combine this with a setting of syntax_errors_to in order to send - a message about the error to the user. However, to avoid an infinite - cascade of messages, you have to be able to send to an address that - bypasses .forward file processing. This can be done by including a - director like this one - -
-- real_localuser: - driver = localuser - transport = local_delivery - prefix = real--
- before the forwardfile director. This will do an ordinary local - delivery without .forward processing, if the local part is prefixed by - "real-". You can then set something like the following options on the - forwardfile director: - -
-- skip_syntax_errors - syntax_errors_to = real-$local_part@$domain - syntax_errors_text = "\ - This is an automatically generated message. An error has been \ - found\nin your .forward file. Details of the error are reported \ - below. While\nthis error persists, messages addressed to you will \ - get delivered into\nyour normal mailbox and you will receive a \ - copy of this message for\neach one."-
- A final tidying setting to go with this is a rewriting rule that changes - "real-username" into just "username" in the headers of the message: - -
-- ^real-([^@]+)@your\.dom\.ain$ $1@your.dom.ain h-
- This means that users won't ever see the "real-" prefix, unless they - look at the Envelope-To header. - -
-Q0423: I have some users on my system with upper case letters in their login - names, but these are not recognized. - - --A0423: See - A0424. - -
-Q0424: I have unset locally_caseless because my users have upper case letters - in their login names, but incoming mail now has to use the correct case. - Can I relax this somehow? - - --A0424: If you really have to live with caseful user names but want incoming - local parts to be caseless, then you have to maintain a file, indexed by - the lower case forms, that gives the correct case for each login, like - this: - -
-- admin: Admin - steven: Steven - mcdonald: McDonald - lamanch: LaManche - ...-
- and at the start of your directors, put one like this: - -
-- set_case_director: - driver = smartuser - new_address = ${lookup{${lc:$local_part}}lsearch{/the/file}\ - {$value@$domain}fail}-
- For efficiency, you should also set the new_director option to cause - processing of the changed address to begin at the next director. If you - are otherwise using the default configuration, then the setting would be - -
-- new_director = system_aliases-
- If there are lots of users, then a DBM or cdb file would be more - efficient than lsearch. If you are handling several domains, then you - will have to extend this configuration to cope appropriately. - -
-Q0425: I want to look up local users in an SQL database instead of looking in - the passwd file. - - --A0425: From release 3.03, Exim contains support for calling MySQL, and from - release 3.14 there is support for PostgreSQL. - -
-- You must consider what will happen if your database is down. All local - mail delivery will be delayed until it comes up again. Whether this - matters is of course something for you to decide. If the database is - down a lot and it does matter, then consider some scheme of extracting - a list of users from the database at regular intervals, and getting Exim - to work off that. This is also likely to be more efficient. - -
-Q0426: Is it possible for Exim to use a SQL database like MySQL for its lists - of virtual domains and explicit aliases? - - --A0426: See - A0425. - -
-Q0427: Can I use my existing alias files and forward files as well as procmail - and effectively drop in exim in place of Sendmail ? - - --A0427: Yes, as long as your alias/forward files don't assume that pipes are - going to run under a shell. If they do, you either have to change them, - or configure Exim to use a shell (which it doesn't by default). - -
-Q0428: How can I route mail for user X@local to a smarthost if X doesn't exist - on the local host? - - --A0428: This is the same question as - Q0402. The duplication is a bug in the FAQ. - -
-Q0429: What is quickest way to set up Exim so any message sent to a non- - existing user would bounce back with a different message, based - on the name of non-existing user? - - --A0429: See the example in the section of the manual entitled "System-wide - automatic processing". - -
-Q0430: I am building some largish mailing lists with Majordomo, and was - wondering if it worth leaving the actually list expansion to the - aliasfile :include: mechanism or should I consider using the forwardfile - transport? Is there any real difference in terms of facilities and/or - performance, and are the expansions basically the same code anyway? - - --A0430: The code that pulls out individual addresses from a list is the same in - both cases, so it's really just a matter of which is the most convenient - for you. - -
-Q0431: What do I need to do to make Exim handle /usr/ucb/vacation processing - automatically, so that people could just create a .vacation.msg file in - their home directory and not have to edit their .forward file? - - --A0431: Add a new director like this, immediately before the normal localuser - director: - -
-- vacation: - driver = localuser - require_files = .vacation.msg - transport = vacation_transport - unseen-
- and a matching new transport like this: - -
-- vacation_transport: - driver = pipe - command = "/usr/ucb/vacation \"$local_part\""-
- However, some versions of /usr/ucb/vacation do not work properly unless - the DBM file(s) it uses are created in advance - it won't create them - itself. You also need a way of removing them when the vacation is over. - -
-- Another possibility is to use a fixed filter file which is run whenever - .vacation.msg exists, for example: - -
-- vacation: - driver = forwardfile - check_localuser - require_files = $home/.vacation.msg - file = /some/central/filter - filter-
- The filter file should use the "if personal" check before sending mail, - to avoid generating automatic responses to mailing lists. If sending a - message is all that it does, this doesn't count as a "significant" - delivery, so the message goes on to be delivered as normal. - -
-- Yet another possibility is to make use of Exim's autoreply transport. - See C033. - -
-Q0432: I want to use a default entry in my alias file, but it picks up the - local parts that the aliases generate. For example, if the alias file - is - - -- luke.skywalker: luke - ls: luke - *: postmaster-
- then messages addressed to luke.skywalker end up at postmaster. - -
--A0432: (A) If you know for certain that no alias in your alias file ever - generates another alias that is in the same file, then the most - efficient solution is to put - -
-- new_director = name-of-following-director-
- in your aliasfile director. This stops Exim from processing the - generated names as aliases the second time. - -
-- (B) If you can't give that guarantee, then you have to put dummy entries - in the alias file for all your local parts, for example: - -
-- luke: luke-
- (C) Another possibility is to put the aliasfile director for these - aliases after the localuser director, so that local parts get picked - off first. You will need to have two aliasfile directors if there are - some local parts (e.g. root) which you do want to handle as aliases - rather than local users. - -
-Q0433: I have some obsolete domains which people have been warned not to use - any more. How can I arrange to delete any mail that is sent to them? - - --A0433: If you are using release 3.10 or later, you can use a smartuser director - like this: - -
-- obsolete: - domains = lsearch;/etc/exim/obsolete.domains - new_address = :blackhole:-
- If you want to make any exceptions, for example, for mail to postmaster - at those domains, you can add the line - -
-- local_parts = !postmaster-
- If you are using an earlier release of Exim, you have to set up an alias - file in order to use :blackhole: - -
-- obsolete: - domains = lsearch;/etc/exim/obsolete.domains - file = /blackhole/all - search_type = lsearch*-
- with the file containing - -
-- *: :blackhole:-
- and possibly a postmaster alias if you want. - -
-Q0434: How can I arrange that mail addressed to anything@something.mydomain.com - gets delivered to something@mydomain.com? - - --A0434: Ensure that all the relevant domains are local, by setting - -
-- local_domains = mydomain.com : *.mydomain.com-
- Then set up a smartuser director like this: - -
-- user_from_domain: - driver = smartuser - new_address = ${if match{$domain}{^(.+)\\.mydomain.com\$}\ - {$1@mydomain.com}fail}-Q0435: I can't get a regular expression to work in this local_parts option on - one of my directors: - - -
- local_parts = ^0740\d{6}-
-A0435: The local_parts option is expanded before use, so that you can, for - example, make it dependent on the domain. Therefore, you need to write - -
-- local_parts = ^0740\\d{6}-
- so as to preserve the backslash. - -
-Q0436: How can I arrange for all addresses in a group of domains *.example.com - to share the same alias file? I have a number of such groups. - - --A0436: For a single group you could just hardwire the file name into a director - that had - -
-- domains = *.example.com-
- set, to restrict it to the relevant domains. For a number of such groups - you can create a file containing the domains, like this: - -
-- *.example1.com example1.com - *.example2.com example2.com - ...-
- Arrange that the domains are treated as local by setting - -
-- local_domains = partial-lsearch;/that/file-
- Then create a director like this - -
-- domain_aliases: - driver = aliasfile - domains = partial-lsearch;/that/file - file = /etc/aliases.d/$domain_data - search_type = lsearch*-
- The variable $domain_data contains the data that was looked up when the - domains option was matched, i.e. "example1.com", "example2.com", etc. - in this case. - -
-Q0437: When Exim tries to read /usr/lib/majordomo/lists/lists.aliases it is - giving "Permission denied", but that file is world-readable! - - --A0437: Check the permissions on the superior directories. - -
-Q0438: Some of our users have no home directories; the field in the password - file contains /no/home/dir. This causes the error "failed to stat - /no/home/dir (No such file or directory)" when Exim tries to look for a - .forward file, and the delivery is deferred. - - --A0438: With the default configuration, you are asking Exim to check for a - .forward file in the user's home directory. It looks up the home - directory and tries to stat() it before looking for .forward. This is so - that it can will notice a missing NFS home directory, and not treat it - as if the .forward file did not exist. This stat() is failing when the - home directory doesn't exist. What you should do is pick off these - special cases before looking for .forward files for normal users. Place - the following director before the userforward director: - -
-- no_home_directory_users: - driver = localuser - transport = local_delivery - match_directory = /no/home/dir - current_directory = /-Q0439: How can I disable Exim's de-duplication features? I want it to do two - deliveries if two different aliases expand to the same address. - - -
-A0439: This is not possible. Duplication has other ramifications other than - just (in)convenience. Consider: - -
-- . Message is addressed to A and to B. - -
-- . Both A and B are aliased to C. - -
-- . Without de-duplication, two deliveries to C are scheduled. - -
-- . One delivery happens, Exim records that it has delivered the message - to C. - -
-- . The next delivery fails (C's mailbox is over quota, say). - -
-- Next time round, Exim wants to know if it has already delivered to C or - not, before scheduling a new delivery. Has it? Obviously, if duplicate - deliveries are supported, it has to remember not only that it has - delivered to C but also the "history" of how that delivery happened - in - effect an ancestry list back to the original envelope address. This it - does not do, and changing it to work in that way would be a lot of work - and a big upheaval. - -
-- The best way to get duplicate deliveries if you want them is not to use - aliasfile, but to use smartuser with a transport, e.g. - -
-- alias_with_duplicates: - driver = smartuser - transport = local_delivery_for_duplicates - new_address = ${lookup {$local_part} lsearch ..... etc-
- This goes straight to the transport without generating a new address - that is considered for de-duplication or re-aliasing. In effect, it is - just re-writing the address on the way to the transport. You will need - to specify the user under which to run the delivery, either on the - transport or on the director. - -
-Q0440: I set up an aliasfile director using MySQL, but it doesn't use the new - addresses. This it my director: - - -- mysql_system_aliases: - driver = aliasfile - search_type = mysql - query = "select userid from domain_table where \ - aliasid='$local_part' and domain='$domain'" - transport = local_delivery-
-A0440: The setting of "transport" is your problem. Aliasfile operates entirely - differently if you give it a transport. It just verifies the incoming - address by doing the query, then sends it to the transport. Take away - the transport setting, and it will do normal aliasing, that is, turn one - address into another which is independently processed. - -
-Q0441: I received a message with a Subject: line that contained a non-printing - character (a carriage return). This messed up my filter file. Is there a - way to get round it? - - --A0441: Instead of $h_subject: use ${escape:$h_subject:} - -
-Q0442: My users' mailboxes are distributed between several servers according to - the first letter of the user name. All the servers receive incoming mail - at random. I would like to have the same configuration file for all the - servers, which does local delivery for the mailboxes it holds, and sends - other addresses to the correct other server. Is this possible? - - --A0442: It is easiest if you arrange for all the users to have password entries - on all the servers. This means that non-existent users can be detected - at the first server they reach. Set up a file containing a mapping from - the first letter of the user names to the servers where their mailboxes - are held. For example: - -
-- a: server1 - b: server1 - c: server2 - ...-
- Replace the normal localuser director with these two directors: - -
-- localuser: - driver = localuser - transport = local_delivery - condition = ${if eq{$primary_hostname}\ - {${lookup {${substr_0_1:$local_part}}\ - lsearch{/etc/mapfile} {$value}}}{yes}{no}}-
- check_remote: - driver = localuser - transport = send_to_correct_host-
- The first director succeeds only if the local part is a local user whose - mailbox is listed as being on the current host. The second server runs - for all other local users, directing the addresses to this transport: - -
-- send_to_correct_host: - driver = smtp - hosts = ${lookup {${substr_0_1:$local_part}}lsearch{/etc/mapfile}\ - {$value}}-
- Local parts that are not the names of local users are declined by both - directors, and so they fail. - -
-Q0443: I want to search for '$' in the subject line, but I can't seem to get - the syntax. The obvious choice, '\$' doesn't work. Any help? - - --A0443: Try one of these: - -
-- if $h_subject: contains \$ then ... - if $h_subject: contains "\\$" then ...-Q0444: One of the things I want to set up is for anything@onedomain to forward - to anything@anotherdomain. I tried adding $local_part@anotherdomain to - my aliases but it did not expand - it sent it to that literal address. - - -
-A0444: If you want to do it that way, you can make it expand by setting - the "expand" option on the aliasfile director. Another approach is to - use a smartuser director like this: - -
-- forwarddomain: - driver = smartuser - domains = onedomain - new_address = $local_part@anotherdomain-
- new_address can, of course, be more complicated, involving lookups etc. - if you have lots of different cases. - -
-Q0445: How can I have an address looked up in two different alias files, and - delivered to all the addresses that are found? - - --A0445: It is tempting to use the "unseen" option for this (see - Q0504 for an - example of the use of "unseen"). You would have two directors, the first - of which has "unseen" set, so that the address is always passed on to - the next director, even if the first one accepts it. - -
-- However, there is a problem with this approach. If an address is found - in the first director (with unseen set) but not in the second one, it - will get delivered but will also (under most normal setups) generate an - "unknown user" bounce as well. - -
-- If you want an incoming address to be "properly" delivered to - two different "child" addresses (or lists), "unseen" is not really the - right way to do it. You don't really need two different directors. You - can use a smartuser director with an option something like this: - -
-- new_address = ${lookup{$local_part}lsearch{/etc/aliases1}\ - {$value${lookup{$local_part}lsearch{/etc/aliases2}{,$value}}}\ - {${lookup{$local_part}lsearch{/etc/aliases2}{$value}fail}}}\-
- If the first lookup succeeds, the result is its data, followed by the - data from the second lookup, if any, separated by a comma. If the first - lookup fails, the result is the data from the third lookup (which also - looks in the second file), but if this also fails, the entire expansion - is forced to fail, thereby causing the director to decline. - -
-Q0446: I've converted from Sendmail, and I notice that Exim doesn't make use - of the "owner-" entries in my alias file to change the sender address in - outgoing messages to a mailing list. - - --A0446: If you have an alias file with entries like this: - -
-- somelist: a@b, c@d, ... - owner-somelist: postmaster-
- Sendmail assumes that the second entry specifies a new sender address - for the first. Exim does not make this assumption. However, you can make - it take the same action, by adding - -
-- errors_to = owner-$local_part@whatever.domain-
- to the configuration for your aliasfile director. This is fail-safe, - because Exim verifies a new sender address before using it. Thus, the - change of sender address occurs only when the owner entry exists. - -
--A0501: Whenever Exim does a local delivery, it runs a process under a specific - user and group id (uid and gid). For deliveries into mailboxes, and to - pipes and files set up by .forwarding, it normally picks up the uid/gid - of the receiving user. However, if an address is directed to a pipe or a - file by some other means, such an entry in the system alias file of the - form - -
-- majordomo: |/local/mail/majordomo ...-
- then Exim has to be told what uid/gid to use for the delivery. This can - be done either on the director that handled the address, or on the - transport that actually does the delivery. If a pipe is going to run a - setuid program, then it doesn't matter what uid Exim starts it out with, - and so the most straightforward thing is to put - -
-- user = exim-
- on either the director or the transport. A setting on the transport - overrides a setting on the director, so if the same transport is being - used with several directors, you should set the user on it only if you - want the same uid to be used in all cases. - -
-- In the default configuration, the transports used for file and pipe - deliveries are the ones called address_file and address_pipe. You - can specify different transports by setting, for example, - -
-- pipe_transport = special_pipe_transport-
- on the aliasfile director. Then you can set up special_pipe_transport - -
-- special_pipe_transport: - driver = pipe - user = ????-
- which will be used only for pipe deliveries from that one director. - What you put for the ???? is up to you, and depends on the particular - circumstances. - -
-Q0502: Exim won't deliver to a host with no MX record. - - --A0502: (A) Are you sure there really is no MX record? Sometimes a typo results - in a malformed MX record in the zone file, in which case some nameservers - give a SERVFAIL error rather than NXDOMAIN. Exim has to treat this as - a temporary error, so it can't go on to look for an A record. You can - check for this state using one of the DNS interrogation commands, such - as "nslookup", "host", or "dig". - -
-- (B) Is there a wildcard MX record for your domain? Is the - search_parents option on in your lookuphost router? (Prior to Exim - version 1.80 this was the default; it was changed because of this - problem.) If the answer to both these questions is "yes", then that is - the cause of the problem. When the DNS resolver fails to find the MX - record, it tries adding on your domain if search_parents is true, and - thereby finds your wildcard MX record. For example: - -
-- . There is a wildcard MX record for *.a.b.c. - -
-- . There is a host called x.y.z that has an A record and no MX record. - -
-- . Somebody on a machine m.a.b.c domain tries to mail to user@x.y.z. - -
-- . Exim calls the DNS to look for an MX record for x.y.z. - -
-- . The DNS doesn't find any MX record. Because search_parents is true, - it then tries searching the current host's parent domain, so it - looks for x.y.z.a.b.c and picks up the wildcard MX record. - -
-- Setting search_parents false makes this case work while retaining the - wildcard MX record. However, anybody on the machine m.a.b.c who mails to - user@n.a (expecting it to go to user@n.a.b.c) now has a problem. The - widen_domains option of the lookuphost router may be helpful in this - circumstance. - -
-Q0503: How should Exim be configured when it is acting as a temporary storage - system for a domain on a dial-up host? - - --A0503: See - Q1403, - Q0521, and - Q5014. - -
-Q0504: I would like to deliver mail addressed to a given domain normally, but - also to generate a message to the envelope sender. - - --A0504: If the domain is a local one, you can do this with an "unseen" smartuser - director and an autoreply transport, along the following lines: - -
-- # Transport - warning_t: - driver = autoreply - file = /usr/local/mail/warning.txt - file_expand - from = postmaster@your.domain - to = $sender_address - user = exim - subject = Re: Your mail to $local_part@$domain-
- # Director - auto_warning_d: - driver = smartuser - domains = <domains you want to do this for> - condition = ${if eq{$sender_address}{}{no}{yes}} - transport = warning_t - no_verify - unseen-
- Note the use of the condition option to avoid attempting to send a - message when there is no sender (that is, when the incoming message is a - delivery error report). You can of course extend this to include other - conditions. If you want to log the sending of messages, you can add - -
-- log = /some/file-
- to the transport and also make use of the "once" option if you want to - send only one message to each sender. - -
-Q0505: Exim keeps crashing with segmentation errors (signal 11 or 139) during - delivery. This seems to happen when it is about to contact a remote - host or when a delivery is deferred. - - --A0505: This could be a problem with Exim's databases. Check that your DBM - library is correctly installed. In particular, if you have installed a - second DBM library onto a system that already had one, check that its - version of ndbm.h is being seen first. For example, if the new version - is in /usr/local/include, check that there isn't another version in - /usr/include. If you are using Berkeley db, you can set USE_DB=yes in - your Local/Makefile to avoid using ndbm.h altogether. This is - particularly relevant for version 2 of Berkeley db, because no ndbm.h - file is distributed with it. - -
-Q0506: Whenever Exim tries to do a local delivery, it gives a permission denied - error for the .forward file, like this: - - -- 1998-08-10 16:55:32 0z5y2W-0000B8-00 == xxxx@yyy.zzz <xxxx@yyy.zz> - D=userforward defer (-1): failed to open /home/xxxx/.forward - (userforward director): Permission denied (euid=1234 egid=101)-
-A0506: Have you remembered to make Exim setuid root? - -
-Q0507: I have installed Exim, but now I can't mail to root any more. Why is - this? - - --A0507: Most people set up root as an alias for the manager of the machine. If - you haven't done this, Exim will attempt to deliver to root as if it - were a normal user. This isn't really a good idea because the delivery - process would run as root. Exim has a trigger guard in the option - -
-- never_users = root-
- in the default configuration file. This prevents it from running as root - when doing any local deliveries. If you really want to run local - deliveries as root, remove this line, but it would be better to create - an alias for root instead. - -
-Q0508: How can I stop undeliverable bounce messages (e.g. to routeable, but - undeliverable, spammer senders) from clogging up the queue for days? - - --A0508: Set ignore_errmsg_errors to drop them immediately, or set ignore_errmsg_ - errors_after to specify a (short) time to keep them for. I use 12h so - that I notice them, but they go away relatively quickly. - -
-Q0509: How can mails that are being routed through directors other than - localuser be delivered under the uid of the recipient? - - --A0509: - A0501 contains background information on this. If you are using, say, an - alias file to direct messages to specific mailboxes, then you can use - the "user" option on either the aliasfile director or the appendfile - transport to set the uid. What you put in the setting depends on how - the required uid is to be found. It could be looked up in a file or - computed somehow from the local part, for example. - -
-Q0510: I want to use MMDF-style mailboxes. How can I get Exim to append the - ctrl-A characters that separate indvidual emails? - - --A0510: Set the suffix option in the appendfile transport. In fact, for MMDF - mailboxes you need a prefix as well as a suffix to get it working right, - so your transport should contain these settings: - -
-- prefix = "\1\1\1\1\n" - suffix = "\1\1\1\1\n"-
- Also, you need to change the check_string and escape_string settings so - that the escaping happens for lines in the message that happen to begin - with the MMDF prefix or suffix string, rather than "From" (the default): - -
-- check_string = "\1\1\1\1\n" - escape_string = "\1\1\1\1 \n"-
- Adding a space to the line is sufficient to prevent it being taken as a - separator. - -
-Q0511: I have an ISDN connection and would like a way of running the queue - automatically when it is up. - - --A0511: The following shell commands test for the interface being up and then - run the queue: - -
-- ifconfig ppp0 | fgrep UP >/dev/null - if [ $? -eq 0 ] ; then exim -q ; fi-
- You could put these commands into a script which runs them at regular - intervals. You might want to use -qq instead of -q. - -
-- With Linux, the script /etc/ppp/ip-up is run after a ISDN connection - or a more general PPP connection has been established. If you are using - Linux, you could put the call to exim in that script. - -
-Q0512: If a user's mailbox is over quota, is there a way for me to set it up so - that the mail bounces to the sender and is NOT stored in the mail queue? - - --A0512: In the retry section of the configuration, put - -
-- *@your.dom.ain quota-
- That is, provide no retry timings for over quota errors. They will then - bounce immediately. Alternatively, you can set up retries for a short - time only, or use something like this: - -
-- *@your.dom.ain quota_7d - *@your.dom.ain quota F,2h,15m; F,3d,1h-
- which bounces immediately if the user's mailbox hasn't been read for 7 - days, but otherwise tries for up to 3 days after the first quota - failure. - -
-Q0513: I'm using tmail to do local deliveries, but when I turned on the - use_crlf option on the pipe transport (tmail prefers \r\n terminations) - message bodies started to vanish. - - --A0513: You need to unset the prefix option, or change it so that its default - \n terminator becomes \r\n. For example, the transport could be: - -
-- local_delivery_mbx: - driver = pipe - command = /usr/local/bin/tmail $local_part - user = exim - current_directory = / - use_crlf - prefix =-
- The reason for this is as follows: tmail uses the line terminator on - the first line it sees to determine whether lines are terminated by - \r\n or \n. If the latter, it moans to stderr and changes subsequent - \n terminators to \r\n. The default setting of the prefix option is - "From ...\n", and this is unaffected by the use_crlf option. If you - don't change this, tmail sees the first line terminated by \n and - prepends \r to the \n terminator on all subsequent lines. However, if - use_crlf is set, Exim makes all other lines \r\n terminated leading to - doubled \r\r\n lines and corrupt mbx mailboxes. - -
-Q0514: What does the message "Unable to get root to set uid and gid - for local delivery to xxx: uid=yyy euid=zzz" mean? - - --A0514: Have you remembered to make Exim setuid root? It needs root privilege if - it is to do any local deliveries, because it does them "as the user". - -
-Q0515: I upgraded to 2.04 and now my Envelope-To: header for my virtual domains - is gone. Any idea how to get it back? - - --A0515: Read paragraph 1 of the 1.92 information in README.UPDATING. Add - envelope_to_add to your transports for your virtual domains. You may - also want to set return_path_add and delivery_date_add. - -
-Q0516: The Exim log records the arrival of a message, and then "Completed", - without logging any deliveries. What's going on? - - --A0516: This is unlikely in current versions of Exim, because more logging - has been added. In versions before 2.053, one scenario is that the - message was addressed to some user who has set up an Exim filter - containing the command "seen finish", which discards a message without - doing any deliveries. (In current versions of Exim this is logged as - "discarded".) More information can be obtained by setting - -
-- log_received_recipients-
- so that next time you can see to whom it is addressed. Another - possibility, prior to version 2.053, was that the message was injected - using the -t option, but all the addresses in the message were also on - the command line. See - A5020 for more detail. Current versions of Exim - generate a bounce message in this case. - -
-Q0517: When I activate "return receipt" for example in Netscape Mailbox - sending options, then I get an error message from Exim... something - like "not supported". Can I activate delivery confirmations? - - --A0517: Exim does not support any kind of delivery notification. - -
-- (A) You can configure it to recognize headers such as - "Return-receipt-to:" if you wish. - -
-- (B) Some people want MSN (message status notification). Such services - are implemented in MUAs, and don't impact on the MTA at all. - -
-- (C) I investigated the RFCs which describe the DSN (delivery status - notification) system, and there is even a bit of code in there (excluded - by #ifdef) for handling some of the data. However, I was unable to - specify any sensible way of actually doing anything with the data. There - were comments on the mailing list at the time; many people, including - me, conclude that DSN is in practice unworkable. The killer problem is - with forwarding and aliasing. Do you propagate the DSN data with the - generated addresses? Do you send back a "reached end of the DSN world" - or "expanded" message? Do you do this differently for different kinds of - aliasing/forwarding? For a user who has a .forward file with a single - address in, this might seem easy - just propagate the data. But what if - there are several forwardings? If you propagate the DSN data, the sender - may get back several DSN messages - and should the sender really know - about the detail of the receiver's forwarding arrangements? There isn't - really any way to distinguish between a .forward file that is forwarding - and one that is a mini mailing list. And so on, and so on. There are so - many questions that don't have obvious answers. - -
-Q0518: When I dial up to collect mail from my ISP, only the first 10 messages - get delivered immediately; the remainder just sit on the queue until a - queue runner process finds them. - - --A0518: Your ISP is delivering all the messages in a single SMTP session. Exim - limits the number of immediate delivery processes it will create as a - result of a single SMTP connection, in order to avoid creating a zillion - processes on systems that can have many incoming connections. In your - situation, you should probably set smtp_accept_queue_per_connection to - some number larger than 10. - -
-Q0519: My ISP's mail server is rejecting bounce messages from Exim, complaining - that they have no sender. The SMTP trace does indeed show that the - sender address is "<>". Why is the Sender on the bounce message empty? - - --A0519: Because the RFCs say it must be. Your ISP is at fault. Send them this - extract from RFC 1123 section 5.3.3 ("Reliable Mail Receipt"): - -
-- If there is a delivery failure after acceptance of a message, - the receiver-SMTP MUST formulate and mail a notification - message. This notification MUST be sent using a null ("<>") - reverse path in the envelope; see Section 3.6 of RFC-821. The - recipient of this notification SHOULD be the address from the - envelope return path (or the Return-Path: line). However, if - this address is null ("<>"), the receiver-SMTP MUST NOT send a - notification. If the address is an explicit source route, it - SHOULD be stripped down to its final hop. - -
-Q0520: What does the message "retry time not reached [for any host]" on the log - mean? Why won't Exim try to deliver the message? - - --A0520: That is not an error. It means exactly what it says. A previous attempt - to deliver to that address failed with a temporary error, and Exim - computed the earliest time at which to try again. This can apply to - local as well as to remote deliveries. For remote deliveries, each host - (if there are several) has its own retry time. - -
-- If you are running on a dial-up host, the rest of this answer probably - does not apply to you. Go and read - Q1404 instead. If your host is - permanently online, read on... - -
-- Some MTAs have a retrying schedule for each message. Exim does not work - like this. Retry timing is normally host-based for remote domains and - address-based for local domains. (There are some exceptions for certain - kinds of remote failure - see "Errors in outgoing SMTP" in the manual.) - -
-- If a new message arrives for a failing address and the retry time has - not yet arrived, Exim will log "retry time not reached" and leave the - message on the queue, without attempting delivery. Similarly, if a queue - runner notices the message before the time to retry has arrived, it - writes the same log entry. When the retry time has past, Exim attempts - delivery at the next queue run. If you want to know when that will be, - run the exinext utility on the address, for example: - -
-- exinext user@some.domain-
- You can suppress these messages on the log by setting log_level to a - value that is less than 5. You can force a delivery attempt on a - specific message (overriding the retry time) by means of the -M option: - -
-- exim -M 10hCET-0000Bf-00-
- If you want to do this for the entire queue, use the -qf option. See - also - Q0533. - -
-Q0521: RFC 1985 specifies that the SMTP command "ETRN host.domain" causes all - mail queued for that host, no matter what domain it's for, to be - dequeued. Why doesn't Exim support this? - - --A0521: Exim does not keep queues of mail for specific destinations. It just - keeps one pool of undelivered messages. What is more, once you start a - delivery of a message, it tries to deliver to all the addresses in the - message, not just the one you may be interested in. (Of course, this - doesn't usually do any harm.) - -
-- The only way it could be done within Exim would be, for every message - on the queue, to go through the motions of routing each undelivered - address and see if that resulted in a delivery to the host of interest. - This could be extremely expensive (e.g. 1,000 messages on the queue, - only 1 for the given host). - -
-- The bottom line is that Exim just wasn't designed for this kind of - operation, that is, holding messages for intermittently connected hosts. - The queueing arrangements are designed for handling delivery problems - that are not expected to be common. - -
-- A better way to do this is to implement the required queues separately. - After all, keeping such mail on an "active" queue (where Exim will keep - trying to deliver) is silly. If there is a lot of mail for these hosts, - it also masks genuine delivery problems when you inspect the queue. - -
-- Large ISPs who provide this kind of functionality do not usually leave - waiting mail on the MTA's queue. Instead, they get it delivered into - per-host directories, one message per file, in one of the special - formats (BSMTP, maildir, or mailstore) and when an ETRN arrives, it - kicks off some completely different program that establishes an SMTP - connection to the host and shovels the waiting mail down it. That seems - to me to be a much neater way of doing this. It means you can easily add - additional functionality such as archiving or throwing away uncollected - mail. - -
-- One program that has this functionality is "ssmtp", which can be - found in ftp://metalab.unc.edu/pub/Linux/system/mail/mta/. - Alternatively, sample configuration C037 demonstrates an elegant way of - using Exim itself to deliver the saved messages when the client issues - an ETRN. - -
-Q0522: If email has been deferred to a member on a local mailing list - (implemented through forward files), and one of our ETRN clients is on - this mailing list, the -R won't "flush" the mailing list message for - that client. - - --A0522: That is because -R matches only original recipient addresses, not those - produced as a result of expansion, because these are not (by default) - preserved from delivery to delivery. You can get round this by setting - one_time on the forwardfile director, but you are not allowed to have - expansions to pipes or files on directors that have one_time set. - Therefore, you will have to have a separate director for mailing lists - (with one_time set) to the one used for normal forward files that might - specify pipe or file deliveries. However, the problem will then still be - present for any user who sets up a .forward file to redirect to any of - the ETRN domains. See the last 3 paragraphs of - A0521 for a discussion of - an alternative approach. - -
-Q0523: Exim seems to be sending the same message twice, according to the log, - although there is a difference in capitalization of the local part of - the address. - - --A0523: That is correct. The RFCs are explicit in stating that capitalization - matters for local parts. For remote domains, Exim is not entitled to - assume case independence of local parts. I know, it is utterly silly, - and it causes a lot of grief, but that's what the rules say. Here is a - quote from the draft of the forthcoming revision to RFC 821: - -
-- ... a command verb, an argument value other than a mailbox - local-part, and free form text MAY be encoded in upper case, - lower case, or any mixture of upper and lower case with no impact - on its meaning. This is NOT true of a mailbox local-part. The - local-part of a mailbox MUST BE treated as case sensitive. - Therefore, SMTP implementations MUST take care to preserve the - case of mailbox local-parts. Mailbox domains are not case - sensitive. However, exploiting the case sensitivity of mailbox - local-parts impedes interoperability and is discouraged. - -
-Q0524: How can I force the next retry time for a host to be now? - - --A0524: (A) You can force a particular message to be delivered with the -M - command line option. If it succeeds, the retry data will get cleared. If - the host is past the cutoff time, so that messages are bouncing - immediately without trying a delivery, you can use -odq to put a message - on the queue without a delivery attempt, and then use -M on it. - -
-- (B) You can change the retry time with the exim_fixdb utility, but its - interface is very clumsy. - -
-Q0525: I set up "|/bin/grep Subject|/usr/bin/smbclient -M <netbiosname>" as an - alias but it doesn't work. - - --A0525: That is a shell command line. Exim does not run pipe commands under a - shell by default (for added security - and it saves a process). You - need something like - -
-- "|/bin/sh -c '/bin/grep Subject|/usr/bin/smbclient -M <netbiosname>'"-Q0526: Why does the pipe transport add a line starting with ">From" to - messages? - - -
-A0526: Actually, it adds a line starting with "From", because that is the - default of the "prefix" option (/usr/ucb/vacation needs it, and that is - the most common use of piping). If you don't want it, change the setting - of "prefix". - -
-Q0527: I have set fallback_hosts on my smtp transport, but after the error - "sem@chat.ru cannot be resolved at this time" Exim isn't using them. - - --A0527: fallback_hosts only works if an attempt at delivery to the original - host(s) fails. In this case, Exim couldn't even resolve the domain - chat.ru to discover what the original hosts were, so it never got as far - as the transport. However, see - Q0322 for a possible solution. - -
-Q0528: After the holidays my ISP has always hundreds of e-mails waiting for me. - These are forced down Exim's throat in one go. Exim spawns a lot of - kids, but is there some limit to the number of processes it creates? - - --A0528: Unless you have changed smtp_accept_queue_per_connection (introduced at - release 2.03) it should only spawn that many processes per connection - (default 10). Your ISP may be making many connections, of course. That - is limited by smtp_accept_max. - -
-Q0529: When a message in the queue got to 12h old, Exim wrote 'retry timeout - exceeded' and removed all messages in the queue to this host - even - recent messages. How I can avoid this behaviour? I only want to remove - messages that have exceeded the maximum retry time. - - --A0529: Exim's retrying is host-based rather than message-based. The philosophy - is that if a host has been down for a very long time, there is no point - in keeping messages hanging around. However, you might like to check - out delay_after_cutoff in the smtp transport. It doesn't do what you - want, but it might help. - -
-Q0530: Can Exim add a Content-Length: header to messages it delivers? - - --A0530: You could include something like - -
-- headers_remove = "content-length" - headers_add = "Content-Length: $message_body_size"-
- to the appendfile transport. However, the use of Content-Length: can - cause several problems, and is not recommended unless you really know - what you are doing. There is a discussion of the problems in - -
-- http://home.netscape.com/eng/mozilla/2.0/relnotes/demo/content-length.html - -
-Q0531: Exim seems to be trying to deliver a message every 10 minutes, though - the retry rules specify longer times after a while, because it is - writing a log entry every time, like this: - - -- 1999-08-26 14:51:19 11IVsE-000MuP-00 == example@example.com T=smtp defer - (-34): some host address lookups failed and retry time not reached for - other hosts or connection limit reached-
-A0531: It is looking at the message every 10 minutes, but it isn't actually - trying to deliver. It's looking up example.com in the DNS and finding - this information: - -
-- example.com. MX 10 example-com.isp.example.com. - example.com. MX 0 mail.example.com. - mail.example.com. A 202.77.183.45 - A lookup for example-com.isp.example.com. yielded NXDOMAIN-
- The last line means that there is no address (A) record in the DNS for - example-com.isp.example.com. That accounts for "some host address - lookups failed", but the retry time for mail.example.com hasn't been - reached, which accounts for "retry time not reached for other hosts". - -
-Q0532: I am trying to set exim up to have a automatic failover if it sees that - the system that it is sending all mail to is down. - - --A0532: Add to the remote_smtp transport the following: - -
-- fallback_hosts = failover.server.name(s)-
- If there are several names, they must be separated by colons. - -
-Q0533: I can't get Exim to deliver over NFS. I get the error "fcntl() failed: - No locks available", though the lock daemon is running on the NFS server - and other hosts are able to access it. - - --A0533: Check that you have lockd running on the NFS client. This is not - always running by default on some systems (Red Hat is believed to be one - such system). - -
-Q0534: Why does Exim bounce messages without even attempting delivery, giving - the error "retry time not reached for any host after a long failure - period"? - - --A0534: This message means that all hosts to which the message could be sent - have been failing for so long that the end of the retry period - (typically 4 or 5 days) has been reached. In this situation, Exim still - computes a next time to retry, but any messages that arrive in the - meantime are bounced straight away. You can alter this behaviour by - unsetting the delay_after_cutoff option on the smtp transport. Then Exim - will try most messages for those hosts once before giving up. - -
-Q0535: My .forward file is "|/usr/bin/procmail -f-" and mail gets delivered, - but there was a bounce to the sender, sending him the output of procmail. - How can I prevent this? - - --A0535: Exim's default configuration is set up like this: - -
-- address_pipe: - driver = pipe - return_output-
- The return_output option requests that any output that the pipe - produces be returned to the sender. That is the safest default. If you - don't want this, you can either remove the option altogether, or change - it to return_fail_output, to return output only if the command fails. - Note that this will affect all pipes that users run, not just your - procmail one. It might be better to arrange for procmail not to produce - any output when it succeeds. - -
-Q0536: Can I write an ordinary file when I running a perl script as a transport - filter for remote_smtp and address_pipe transports? - - --A0536: Yes, provided the file is writeable by the Exim user. However, if two - messages are being delivered at once, their data will get mixed up in - the file unless you implement your own locking scheme. If all you want - to do is to take a copy of the message, another approach that avoids - the locking problem is to use a system filter to set up an "unseen" - delivery to a file. If you only want the message's headers, you can - set message_filter_file_transport to point to a special appendfile - transport that has headers_only set. - -
-Q0537: I have some mails on my queues that are sticking around longer than - the retry time indicates they should. They are all getting frozen - because some remote admin has set their MX record to 127.0.0.1. - - --A0537: The admin in question is an idiot. Exim will always freeze such messages - because they are apparently routed to the local host. There are two - router options that can help you deal with them. - -
-- (1) Set - -
-- self = fail-
- on the router which handles the domain - in a simple configuration this - will be the lookuphost router. This will cause the relevant addresses to - bounce, instead of freezing the message. - -
-- (2) If you are running Exim 3.20 or later, you can set - -
-- ignore_target_hosts = 127.0.0.1-
- on the router instead. This causes Exim to completely ignore any hosts - with that IP address. - -
-Q0538: My /var/spool/mail has grown drastically. Is there any possibility of - using two files in exim.cfg ? - - --A0538: You can use an expansion string to split mailboxes between two - directories. For example, - -
-- file = /var/spool/mail${nhash_2:$local_part}/$local_part-
- which does a hash on the local part, producing either 0 or 1, thereby - using mail0 or mail1. But remember, the MUAs that read these mailboxes - also have to know where they are. - -
-Q0539: Sendmail has a program called smrsh that restricts what binaries - can be run from sendmail aliases. Is there someting like this in Exim ? - - --A0539: Check out the allow_commands option in the pipe transport. - -
-Q0540: I wish to have large emails go out one at a time. - - --A0540: One possibility is to set up a router that defers all large messages, - except in queue runs. Since queue runners deliver just one - message at a time, if you limited the number of simultaneous queue - runners to 1, you would get the effect you wanted. A suitable router - might be - -
-- defer_if_large_unless_queue_run: - driver = domainlist - self = defer - condition = ${if or{{queue_running}{<{$message_size}{200K}}}{no}{yes}} - route_list = * 127.0.0.1 byname-
- Of course, this would always delay any large message until the next - queue runner, but if you run them fairly regularly, this shouldn't be a - huge problem. (May even be desirable!) - -
--A0601: There are several possibilities. One straightforward way is to set up - a domainlist router which matches the UUCP domains and routes to a - suitable transport. Sample configuration C003 is such a configuration, - while C004 shows another way to do it, by defining the domains as local - and using a smartuser director. - -
-- If all the domains whose MX records point to the local host are either - local domains or UUCP domains, you can do without the domainlist router - altogether, by making use of the "self" option. This means that only the - DNS has to be updated when a UUCP domain is added or removed. - -
-- For example, this router routes to remote hosts over SMTP using a DNS - lookup with default options, and fails for unknown domains (because of - the no_more setting), but if the MX for a domain points at the local - host, Exim continues on to the next router (self = fail_soft overrides - no_more). - -
-- lookuphost: - driver = lookuphost - transport = smtp - no_more - self = fail_soft-
- The next router can just send everything to a suitable UUCP transport: - -
-- uucp: - driver = domainlist - transport = uux_transport - route_list = "* $domain"-
- This assumes that the transport can determine the UUCP host name from - the domain name. - -
-Q0602: How can I get Exim to handle "bang path" addresses? - - --A0602: In general, you can't (Exim is an Internet mailer and recognizes only - RFC 822 addresses) but some restricted kinds of bang path can be dealt - with by appropriate rewriting - but please note the warning below. - -
-- Exim treats a bang path address as an unqualified local part, and so - will qualify it with your domain. A rule such as - -
-- ^([^!]+)!(.+)@your\.domain$ $2@$1-
- turns a!b@your.domain into b@a. You can also use a repeating rule to - turn multi-component paths into the "percent hack" notation with a rule - such as - -
-- ^([^!]+)!([^@%]+)(.+)$ $2%$1$3 R-
- which turns a!b@c into b%a@c and a!b!c@d first into b!c%a@d and then, - because of the R flag, into c%b%a@d. The R flag causes repetition up to - 10 times. - -
-- See also sample configuration C002, which contains some more - sophisticated rewriting rules. - -
-- WARNING: If you install a general rewriting rule like the above, you are - opening yourself up to the possibility of unwanted relaying. A host that - is not permitted to relay through your system could send a message with - an SMTP command line such as - -
-- RCPT TO:<victim-host!victim-user@your.domain>-
- and this would be accepted because it is addressed to your domain. - However, the rewriting then converts the address, and the message does - in fact get relayed. One way round this, if all your bang path messages - are passed to Exim via SMTP, is to use the "S" rewriting flag. This - applies a rewriting rule to incoming SMTP addresses as soon as they are - received, before checking for qualification, relaying, etc. So a rule - such as - -
-- ^([^!]+)!(.+)$ $2@$1 S-
- rewrites simple two-component bang paths before the result is checked - for relaying. However, this does not rewrite addresses in the headers of - the message. - -
-Q0603: We see something strange on our system in regards to mail comming in via - rmail from a UUCP link. The sender is being set to mailmaster instead of - the real sender, and a Sender: header is being added to the message. - - --A0603: If mailmaster is the user that is running rmail, you need to include - that user in the trusted_users configuration option. Only trusted users - are permitted to specify senders when mail is passed to Exim via the - command line. - -
--A0701: There doesn't seem to be any significant performance hit using a flat - queue on Solaris systems, so there is no need to do this for them. On - the other hand, there is a known performance problem on Linux filing - systems, where split_spool_directory can make a significant difference. - ???? Other operating systems ???? - -
-Q0702: How well does Exim scale? - - --A0702: Although the author did not specifically set out to write a high- - performance MTA, Exim does seem to be fairly efficient. The biggest - server at the University of Cambridge (a large Sun box) goes over - 100,000 deliveries per day on busy days (it has over 20,000 users). - There was a report of a mailing list exploder that sometimes handles - over 100,000 deliveries a day on a big Linux box, the record being - 177,000 deliveries (791MB in total). Up to 13,000 deliveries an hour - have been reported. - -
-- These are quotes from some Exim users: - -
-- "... Canada's largest internet provider, uses Exim on all of our mail - machines, and we're absolutely delighted with it. It brought life back - into one of our machines plagued with backlogs and high load averages. - Here's just an example of how much email our largest mail server - (quad SS1000) is seeing ... " [230,911 deliveries in a day: 4,475MB] - -
-- "... Exim has to ... do gethostbyname()s and RBL lookups on all of the - incoming mail servers, and he runs from inetd (TCP Wrappers connected). - All the same, it seems to me that he runs as fast as lightning on our - SCO 5.0.4 box (1 Pentium 166) - far faster than MMDF which I (and many - customers) had before." - -
-- "On a PII 400 with 128M of RAM running Linux 2.2.5, I have achieved - 36656 messages per hour (outgoing unique messages and recipients). For - about a 5 minute period, I was able to achieve an average of 30 messages - per second (that would be 108000 m/hour)! We are using: (options that - make a difference): - -
-- queue_only - split_spool_directory - auto_thaw 60s - max_queue_run 1 - remote_max_parallel 1-
- We have a cron job hat runs every five minutes that spawns 5 exim -q if - there are less that 120 exim processes currently running. We found - that by "manually" controlling the concurrency of exim -q processes - contending for the spool for remote_smtp delivery that we gained - considerable performance -- 10000 m/hour." - -
-Q0703: We have a large password file. Can Exim use alternative lookups during - delivery to speed things up? - - --A0703: Yes. You don't have to use the password file at all. See sample - configuration C009 for some suggestions. (It shows lsearch lookups, but - these could equally be DBM or cdb or NIS or LDAP lookups.) - -
-- If you are using FreeBSD, this problem should not arise, because it - automatically uses an indexed password file. In some other operating - systems you can arrange for this to happen too. On Linux, for example, - all you need to do is - -
-- # cd /var/db - # make-
- and put "db" before "files" in any /etc/nsswitch.conf lines you want to - use db for. - -
-Q0704: I just wondered if it might be helpful to put the hints database on a - RAM disk during regular operation. Did anybody try that yet? - - --A0704: A user reported thus: I have found that this works GREAT under Solaris. - Make a RAM disk partition and keep everything in the "db" directory on - it. However, when I try the same thing on Linux, I don't see the same - boost. I think that Linux's file buffer cache works about the same. - Plus, this leave more room for processes to run. - -
--A0801: There are several different options that can be used to block incoming - SMTP messages according to different criteria. The following are the - most commonly used: - -
-- (A) Set sender_verify; this causes rejection of any message whose - envelope sender cannot be successfully routed. This is mainly a - check on the existence of remote domains, though it the domain is a - local one, the local part also gets checked. Unfortunately, error - mesages do not have envelope sender addresses, so cannot be checked - in this way. See the headers_sender_verify options for ways of - checking header addresses. - -
-- (B) If you want to block all mail from specific hosts or IP networks, - set host_reject_recipients. The _recipients form of the option is - more likely to prevent the remote hosts from keeping on trying. For - example: - -
-- host_reject_recipients = 209.12.111.0/24-
- If you have many such blocks, they can be put in a file which is - named in the option. If you have a mixture of IP addresses and names - in your list, it is best to put the addresses first, because they - can be checked without the need for a DNS lookup. - -
-- (C) If you want to block mail from specific envelope sender addresses, - one convenient way is to organize a file of local parts indexed by - domain names, for example - -
-- x.y.z creditrepair:^betterlovelife[0-9]+$:... - p.q.r *-
- This would block creditrepair@x.y.z, any local part starting with - betterlovelife and ending with digits in the x.y.z domain, and - all addresses in the p.q.r domain. You refer to the file in the Exim - configuration as follows: - -
-- sender_reject_recipients = @@lsearch*;/name/of/the/file-
- If the file is big, you can convert it into a DBM or cdb file and - use a faster lookup method. The asterisk on the end of the search - type causes a lookup for "*" if the domain is not found; that is, it - permits a default list of local parts that are blocked at any - domain that is not specifically listed. If you use this, you - probably also want to end each local part list with ">*" (except - those that consist of "*"). This causes Exim to check the default - list of local parts if none of the specific ones for a domain are - matched. So, the file above could become - -
-- * yourfriend:a.friend:... - x.y.z creditrepair:^betterlovelife[0-9]+$:>* - p.q.r *-
- If you are using an lsearch file, putting the * entry first saves a - bit of processing. - -
-- (D) If you want to allow mail to postmaster through the blocks, you can - set - -
-- recipients_reject_except = postmaster@your.domain-
- This overrides any of the policy controls that cause rejection by - recipient. - -
-Q0802: I don't want to block spam entirely; how can I inspect each message - before deciding whether to deliver it or not? - - --A0802: This can be done by using a system filter. See the sample configuration - F003. - -
-Q0803: How can I test that my spam blocks are working? - - --A0803: The -bh option allows you to run a testing SMTP session as if from a - given IP address. For example, - -
-- exim -bh 192.203.178.39-
- In addition to the normal SMTP replies, it outputs commentary about - which tests have succeeded or failed. - -
-Q0804: How can I test that Exim is correctly configured to use the Realtime - Blocking List (RBL)? - - --A0804: The -bh option allows you to run a testing SMTP session as if from a - given address. You need to know a blocked IP address with which to test. - Such a testing address is kindly provided by Russell Nelson: - -
-- linux.crynwr.com [192.203.178.39]-
- You can also send mail to nelson@linux.crynwr.com from the server - whose RBL block you are testing. The robot that receives that email - will attempt to send a piece of test email in reply. If your RBL block - didn't work, you get a message to that effect. Regardless of whether the - RBL block succeeds or not it emails you the results of the SMTP - conversation from a host that is not on the RBL, so you can see how your - server looks from the view of someone on the RBL. - -
-Q0805: How can I use tcpwrappers in conjunction with Exim? - - --A0805: Exim's own control facilities can do all that tcpwrappers can do. - However, if you are already using tcpwrappers for other things it might - be convenient to include Exim controls in the same place. - -
-- First of all, ensure that Exim is built to call the tcpwrappers library, - by including USE_TCPWRAPPERS=yes in Local/Makefile. You also need to - ensure that the header file tcpd.h is available at compile time, and the - libwrap.a library is available at link time, typically by including it in - EXTRALIBS. You may need to copy these two files from the tcpwrappers - build directory to, for example, /usr/local/include and /usr/local/lib, - respectively. Then you could reference them by - -
-- CFLAGS=-I/usr/local/include - EXTRALIBS=-L/usr/local/lib -lwrap-
- in Local/Makefile. There are two ways to make use of the functionality, - depending on how you have tcpwrappers set up. If you have it set up to - use only one file, you ought to have something like: - -
-- /etc/hosts.allow:-
- exim : <client_list> : <allow_or_deny>-
- For example: - -
-- exim : LOCAL 192.168.0. .friendly.domain special.host : ALLOW - exim : ALL : DENY-
- This allows connections from local hosts (chiefly `localhost'), from - the subnet 192.168.0.0/24, from all hosts in *.friendly.domain, and - from a specific host called special.host. All other connections are - denied. If you have tcpwrappers set up to use two files, use the - following: - -
-- /etc/hosts.allow:-
- exim : <client_list>-
- /etc/hosts.deny:-
- exim : <client_list>-
- Read the hosts_access(5) man page for more ways of specifying clients, - including ports, etc., and on logging connections. - -
-Q0806: How can I get POP-auth-before-relay support in Exim? - - --A0806: See http://cc.ysu.edu/~doug/exim-pop.tar.Z which has some scripts for - this, courtesy of Doug S <doug@cc.ysu.edu>. See also - Q0835. - -
-Q0807: I have one or two cases where my machine correctly rejects messages, but - the remote machine is quite persistent, and keeps trying over and over. - - --A0807: It is an unfortunate fact that a number of SMTP clients, in violation of - the SMTP RFC, do not treat a permanent error code that is given after - the MAIL FROM command or the DATA portion of the transaction as a - permanent error. Consequently they keep resending the message. Failing - checks on a message's headers (the headers_... options) necessarily - result in an error code after the data has been received. - -
-Q0808: I am seeing the error "no valid sender in message headers: return path - is <>" in the reject log. Isn't <> a valid return path for error - messages? - - --A0808: It is indeed valid. The complaint here is about the contents of the - message's headers, not the return path. This message has been reworded - in later versions of Exim. You must have set the headers_sender_verify - option. Check the From:, Reply-to: and Sender: headers that were logged - with the error. You can use Exim's -bv option to find out why - verification of those addresses failed. - -
-Q0809: Let's say that we want to run a mail server that does not care if you - have proper reverse DNS. If you include host_reject lines in your - config file, Exim will always reject connections from such hosts. How - can this be avoided? - - --A0809: This is true only if you have wild-carded host names in host_reject. - For complete host names, Exim uses a DNS forward lookup to obtain an IP - address to compare. If you are using wild cards of any sort, put - +allow_unknown as an item in your host list, for example: - -
-- host_reject = +allow_unknown : *.def.zz : *.stu.yy-
- This will allow any host without reverse DNS to bypass the checks. Note - that it means that the owner of abc.def.zz (for example) can trivially - get round your block simply by deleting the PTR record for abc.def.zz. - If you use +warn_unknown instead of +allow_unknown, the action is the - same, but every time the exception is invoked, it is logged. - -
-Q0810: Is there a way to prevent lookups in the RBL for local hosts? - - --A0810: Check out the rbl_hosts option. - -
-Q0811: How can I set up the sender_reject option in my config file so I can - reject mail by matching regular expressions? - - --A0811: You must either put the regular expressions directly in the option - setting, or in a file that is referenced by a plain file name, or use - an @@ type of search. If the regular expressions match the domain as - well as the local part, then the first two approaches are the only - possible ones. For example: - -
-- sender_reject_recipients = ^.*\.spam\.com$ : ^.*@[0-9]+\.com$-
- or - -
-- sender_reject_recipients = /some/file-
- Each line of the file is treated as if it were an entry in the list, and - must begin with ^ if it is a regular expression. No keys are involved - because this is not a lookup, - -
-- If you are using version 2.10 or later, the first of those regular - expressions can be rewritten to execute much more efficiently by - using lookbehinds and once-only subpatterns: - -
-- sender_reject_recipients = ^(?>.*$)(?<=\.spam\.com)-
- See the manual section entitled "Address lists" for a description of the - @@ type of split domain/local part lookup. See also - Q0801. - -
-Q0812: Normally sender_reject_recipients works fine, but addresses that have - some uppercase letters in them seem to come through. - - --A0812: This should no longer be the case from release 3.00 onwards. Although - host and domain names are case-insensitive, the RFCs about mail specify - that local parts are case sensitive. When earlier versions of Exim - looked up a sender address in sender_reject_recipients, they did so - using the caseful form, in order to be compliant with the mail RFCs. - (In principle, user@domain and USER@domain might be different - people. Silly, I know, but that's the rule. It has caused a lot of - grief.) However, RFC 2305 (Anti-Spam Recommendations for SMTP MTAs) - recommends that address checking in blocking lists should be done - caselessly, so Exim now does this by default. - -
-Q0813: I want to accept some sender addresses, even though they do not verify. - There doesn't seem to be an option for verification exceptions, so how - can I do this? - - --A0813: Set up a special director or router to ensure that those addresses do - verify, using verify_only and verify_sender so that it is not used - during delivery or recipient verification. For example, here is a router - which verifies the address root@somedomain.com: - -
-- verify_exceptions: - driver = domainlist - verify_only - verify_sender - domains = some.domain.com - local_parts = root - route_list = *-Q0814: We are being plagued by forged mail coming from a number of different - hosts and sender addresses. The guy however leaves a fingerprint. The - first received line always contains 'Received: from baby'. What is the - best suggested way for eliminiating him from our systems? - - -
-A0814: You cannot, unfortunately, prevent the message from getting into your - system, because the message has to be read before you can inspect the - Received: header. The best you can do is to install a system filter - which junks any message containing such a header. Thus the sender still - wastes bandwidth and your resources in transporting the message to you, - but you just throw it away. A simple system filter that does this is - -
-- # Exim filter - if $h_Received: contains "from baby" then seen finish endif-Q0815: I have set host_accept_relay, but my host still refuses to relay from - matching hosts. - - -
-A0815: (A) Did you remember to HUP or restart the Exim daemon after changing - the configuration? You can get information as to what options Exim - is checking by using the -bh option to test how it would handle mail - from a specific host. - -
-- (B) Have you used any wild-card host names in host_accept_relay? E.g: - -
-- host_accept_relay = *.aaa.bbb-
- If so, the problem may be that the relevant hosts do not have - reverse DNS entries for their IP addresses. In order to match a wild - card name, Exim has to look up the calling host's name from its IP - address, and if it cannot do so, it takes a hard line by default. - Exim processes lists from left to right, and so will attempt a - reverse DNS lookup at the first wild-carded entry it reaches. If you - have IP addresses in your list, it is best to put them first for - this reason. Suppose you had - -
-- host_accept_relay = *.x.y : 10.9.8.7-
- Then when the host 10.9.8.7 connects, a reverse lookup will still - be done, because the first check is against *.x.y. If the lookup - fails, relaying is rejected. However, if the list were in the - opposite order, the IP check would succeed, and no DNS lookup would - be done. See also - Q0809. - -
-Q0816: How can I run customized verification checks on incoming addresses? - - --A0816: If you can implement your checks in Perl, then you can use Exim's - facility for running an embedded Perl interpreter. For example, if you - want to run special checks on local addresses, you could install this as - your first director: - -
-- private_verify: - driver = smartuser - condition = ${perl{verify}{$local_part}{$domain}} - verify_only-
- If you want this to be the only means of verification, you can set - no_verify on all the other directors. Otherwise, if this director fails - to verify, the address gets passed on to those that follow. - -
-- The verify_sender and verify_recipient options can be used to restrict - the director to sender or recipient verification only, and if necessary - you could have two different directors, one for senders and one for - recipients. - -
-- If the result of the expansion of condition is not "no", "false" or - "0", then address verification succeeds, because the director itself - matches any address. The expansion of condition causes the Perl - subroutine called "verify" to be run, with two arguments, the local part - and the domain. The subroutine must be provided in Perl code that is - referenced by the perl_startup option. See the chapter on embedded Perl - for details. - -
-- Remote addresses can be handled in a similar way by using a domainlist - router that matches all domains. See also - Q0813. - -
-- Starting up a Perl interpreter is not cheap. On a busy system you should - first make sure that there isn't some way of using Exim's own facilities - for doing what you want before going down this road. - -
-Q0817: Does Exim apply RBL checks to error messages, those with an envelope - sender of "<>" ? - - --A0817: Yes, it does, because the RBL check happens immediately on connection, - before any commands are passed, and so therefore before it even knows - that the envelope sender is "<>". - -
-Q0818: I want to be able to set up a list, similar to sender_reject_recipients, - but with a user-defined message. I believe I have to use a director for - this. - - --A0818: You can do this using the prohibition_message mechanism (see the section - entitled "Customizing prohibition messages" in the manual). This avoids - having to use a director, and therefore doesn't require you to let the - message into your host at all. Use something like this: - -
-- prohibition_message = "\ - ${if eq {$prohibition_reason}{sender_reject_recipients}\ - {${lookup{$sender_address}lsearch{/some/file}{$value}}}{}}"-
- This example looks up a message that is specific to the sender, but you - can of course tailor the message any way you like. Vertical bar is - treated as a line separator in prohibition texts. - -
-Q0819: I want to reject certain sender-recipient combinations, with a specific - message for each such combination. - - --A0819: That needs a special director, using the "senders" option to predicate - it on the sender, and a file of recipients to fail for each sender. - Something like this: - -
-- forced_fail: - driver = aliasfile - senders = sender@domain.com : *@otherdomain.com - file = /blocked/${lc:$sender_address} - search_type = lsearch-
- with the files containing lines like - -
-- recipient: :fail: message-
- If you are handling multiple local domains, you may want to set - include_domain so you can specify fully qualified addresses in the - files. If the files get big, an indexed search type such as DBM or cdb - should be used. - -
-- If you want to block an entire domain from a specific sender, you could - use this director: - -
-- domain_block: - driver = aliasfile - senders = dislikedsender@wherever - file = /fail/all - search_type = lsearch*-
- with the file containing - -
-- *: :fail: message-
- The message text supplied after :fail: is restricted to a single line. - If you want to send several paragraphs of message, instead of using - :fail: you could use the aliasfile to pipe the message off so some - script which generates a long message and then gives a non-zero return - code so that the message gets returned to the sender. - -
-- In all of these cases you are in trouble if the sender address is bad, - because the bounce message you generate will get stuck. - -
-Q0820: Will Exim allow me to create a file of regexs and match incoming - external email to the list - and if a match is found file the offending - message into a special location? Also is it possible to make exim only - filter parts of an incoming email - e.g. ignore large MIME attachments - for example and only process text/plain? - - --A0820: You can do some of this in a system filter. For example: - -
-- if $message_body matches <...some complicated regex...> or - $message_body matches <...some other regex...> or - $header_from: matches <...regex...> or - etc. - then - save /some/special/file - endif-
- or instead of "save" you could have "deliver" (to some address) or - "pipe" (to some script). - -
-- There isn't any mechanism for ignoring attachments, but $message_body - only looks at the first n bytes of the body, where n defaults to 500 but - can be changed. - -
-- A more expensive alternative would be to run a Perl subroutine using the - embedded Perl mechanism. If you passed over the message id, the Perl - code could read the message files on the spool and implement any - algorithm it liked for deciding what should be done. - -
-Q0821: I've hacked sendmail to make an ioctl call at the time of the SMTP RCPT - command, to check if a user has exceeded their email quota. If they have - I issue a temporary failure and a message - can I do this with Exim? - - --A0821: This could be done by arranging for a quota check to happen during the - verification of the address after RCPT, but without hacking Exim you - would have to use the embedded Perl facility to get it to run a Perl - script to do the test. - -
-- If the reason you want to do this is to avoid having messages for over- - quota users sitting on your spool for many days, there is an - alternative. In Exim you can set up special retry rules for quota - excession (what we use is "if mailbox not read for 7 days, bounce - immediately, otherwise try every hour for one day, then bounce"). - -
-Q0822: I'm looking for a rule to reject special unknown recipients. - - --A0822: If the messages in question are coming in via SMTP, you can turn on - receiver_verify (if you haven't already) and arrange for these addresses - not to verify. For example, if they are not in your local domains, you - could use a router like this: - -
-- verify_check_specials: - driver = domainlist - condition = "\ - ${if eq {$local_part@$domain}{account@host.domain}{yes}{no}}" - verify_only - fail_verify - route_list = *-
- where of course you can extend the condition setting to use regular - expressions, file lookups, Perl calls, or anything else that is - available. The failure of the verification causes an error return to the - SMTP RCPT command, so the messages never get into your system. For - addresses in your local domains you could use a smartuser director in a - similar fashion, but you could also use an alias file with :fail: - entries. - -
-- If you are receiving such messages from the local host, then they are - already in the system, and have to be failed locally as part of the - delivery process. The :fail: mechanism is the simplest for local - addresses. For remote addresses, one possibility would be to use a - router with a condition setting to send such messages to an autoreply - transport that sends back an error message to the sender. See also - - Q0826. - -
-Q0823: I'd like to pass all messages through a virus-scanning system before - delivery. Can Exim do this? - - --A0823: One way of achieving this is to deliver all messages via a pipe to a - checking program that resubmits them for delivery in some private way - that can be checked (e.g. on a specific SMTP port, or IP address). One - possibility is to use the "received protocol" field that can be set - for locally submitted mail via the -oMr command line option. This - director sends all messages that are not from the local host and whose - received protocol is not "scanned-ok" to the virus_scan transport: - -
-- vircheck: - driver = smartuser - transport = virus_scan - condition = "${if or {{eq {$received_protocol}{scanned-ok}} \ - {eq {$sender_host_address}{127.0.0.1}}}\ - {0}{1}}"-
- A similar router could be used if you want to scan messages for remote - addresses. One problem is that this approach scans the message for each - recipient, not just once per message. - -
-- The virus_scan transport should be set up to pipe the message to a - suitable checking program or script which runs as a trusted user. This - can then re-submit the message to Exim, using -oMr to set the received - protocol to "scanned-ok", and the -f option to set the correct envelope - sender address. WARNING: If you forget to make the resubmitting process - run as a trusted user, the received protocol does not get set, and you - are likely to generate a loop. - -
-Q0824: How can I accomplish this: a message sent from any host must either be - sending to a domain in a list (a dbm file) or the sender's address - domain must be in the list. - - --A0824: First of all, set - -
-- relay_domains = dbm;/the/dbm/file-
- This allows relaying from any host, provided that the recipient address - matches one of the domains in the list. Then set - -
-- host_accept_relay = * - sender_address_relay = dbm;/the/dbm/file-
- This allows relaying from any host (because of the *) to any arbitrary - domain, provided that the sender's address matches a domain in the list. - -
-- WARNING: This setting makes it possible for your host to be used as an - open relay by those unscrupulous enough to forge sender addresses. Your - host may end up on one of the open relay blocking lists as a result. - -
-Q0825: I've set relay_domains and sender_address_relay, but if user@mydomain - tries sending to an arbitrary domain, Exim rejects it. - - --A0825: The safest way to control relaying arbitrary domains is by host, not - by sender address. If you are able to specify the hosts which your users - use, then set host_accept_relay to match them. You can then remove the - setting of sender_address_relay, unless you also want to limit relaying - to specific senders. - -
-- If you want to permit relaying from specific senders on arbitrary hosts, - you can set relay_match_host_or_sender. This requires that only one of - the host or sender address be recognized, instead of both of them. - -
-- WARNING: This setting makes it possible for your host to be used as an - open relay by those unscrupulous enough to forge sender addresses. Your - host may end up on one of the open relay blocking lists as a result. - -
-Q0826: I set sender_reject_recipients, but Exim is not rejecting those - recipients. - - --A0826: You have misunderstood the option. A setting like that rejects all the - recipients of an incoming message with that sender. To reject a - specific recipient in your own domain you can set up an alias like this: - -
-- reject-me: :fail: mail for reject-me is not acceptable-
- If you want to reject a recipient that is not in a local domain, one - approach is to set up a router to send the address to your directors, - and then use an alias file to generate a :fail: message as above. - Alternatively, you can use the verification mechanism: see - Q0822. - -
-Q0827: I can't find an option to deny "RCPT TO:" addresses. - - --A0827: Denying RCPT TO addresses is the job of verifying. You can set up - directors and routers that are run only when verifying and not when - delivering. This gives you a great deal of flexibility. See - Q0822. - -
-Q0828: My problem is that Exim replaces $local_part with an empty string in the - system filtering. What's wrong or what did I miss? - - --A0828: A message may have many recipients. The system filter is run just once - at the start of a delivery attempt. Consequently, it does not make sense - to set $local_part. Which recipient should it be set to? However, you - can access all the recipients from a system filter via the variable - called $recipients. - -
-Q0829: Using $recipients in a system filter gives me another problem: how can - I do a string lookup if $recipients is a list of addresses? - - --A0829: Check out section 25 of the filter document ("Testing a list of - addresses"). If that doesn't help, you may have to resort to calling an - embedded Perl interpreter - but that is expensive. - -
-Q0830: Is there a way to configure Exim to reject mail to a certain local host? - - --A0830: No, only to certain domains. Use a configuration like this: - -
-- receiver_verify - local_domains = rejected.domain : <other local domains>-
- with the first director as - -
-- reject_domains: - driver = smartuser - domains = rejected.domain - verify_only - fail_verify-Q0831: Exim sometimes rejects messages with bad senders after the DATA and - sometimes after the MAIL command. What is the difference? - - -
-A0831: The first time Exim encounters a particular bad sender, it rejects the - message after the data has been received, so that it can log the - headers. If the same sender re-appears within 24 hours, Exim assumes - that the remote host has (in violation of RFC 821) not interpreted the - previous 550 error code correctly, so this time it rejects the MAIL - command. Some hosts don't even managed to handle that, so if the same - sender turns up for a third time within 24 hours, Exim accepts MAIL, but - rejects every RCPT command instead. - -
-Q0832: How can I get Exim to remove attachments from messages? - - --A0832: (A) The cleanest way is to check for the existence of a "Content-type" - header line, and route messages containing it down a pipe to some - other program that strips the attachments and re-submits the message - to Exim. Alternatively, a transport filter can be used to do the - job, as described in C028. - -
-- (B) A somewhat more hairy way is to use embedded Perl from a system - filter to truncate the message's data file directly, and then use - the "headers remote" filter command to get rid of the associated - headers. - -
-Q0833: I ran a relay test against my host and it failed with an address - containing a %, though I don't have percent_hack_domains set. Is Exim - broken? This is what the tester said: - - -- Relay test 6 - >>> RSET - <<< 250 Reset OK - >>> MAIL FROM:<spamtest@example.com> - <<< 250 <spamtest@example.com> is syntactically correct - >>> RCPT TO:<relaytest%mail-abuse.org@example.com> - <<< 250 <relaytest%mail-abuse.org@example.com> is syntactically correct - Relay test result - Uh oh, host appeared to accept a message for relay. - The host may reject this message internally, however-
-A0833: This does not prove that your host is open for relaying. Notice the - wording of the last two sentences: "appeared to accept" and "may reject - internally". Assuming that your Exim configuration is correct, Exim will - discover that the local part "relaytest%mail-abuse.org" is not valid on - your host, and it will bounce the message. - -
-- Why doesn't it reject the RCPT TO command? Answer: because you have not - set receiver_verify in your configuration file, or you have excluded - these particular sender or recipient domains from receiver verification. - -
-Q0834: How can I arrange for each user to have a file listing the only sender - addresses from which she will accept mail? I want to do this so my - family members don't get any spam (or other inappropriate mail). - - --A0834: Arrange for each user you want to control to have a file called - .acceptlist, ignoring for the moment how this gets maintained. Then, - turn on receiver_verify and make the following your first director: - -
-- verify_known_sender: - driver = smartuser - require_files = /home/$local_part/.acceptlist - senders = ! /home/$local_part/.acceptlist - new_address = :fail: Sender unknown-
- That will stop such messages even getting into your host. (Replace - /home/$local_part with whatever the correct path to your user's home - directories is.) As written above, the accept list is interpolated into - the senders list and can contain wild cards. If there are no wild cards - and the lists get very long, it would be more efficient to convert them - into some indexed format, e.g. cdb and use a cdb lookup. - -
-- One problem with this is that it will block bounce messages, which have - empty senders. You can get round this, by changing the "senders" line to - -
-- senders = ! : ! /home/$local_part/.acceptlist-
- However, this will, of course, let in spam that has a null sender. Since - the "senders" option is expanded, you could perhaps include something - that tested a message without a sender for being a plausible bounce - message before including the null sender in the list. Another approach - would be to use a condition option to do various tests, including - looking up $sender_address in /home/$local_part/.acceptlist. - -
-Q0835: I have the POP-auth-before-relay support in, but I see that Exim still - does an RBL lookup before checking the POP authorisation file. How can I - prevent it doing an RBL check if the caller is authorized by virtue of a - recent POP authentication? - - --A0835: If the file containing a list of recent POP-authenticated hosts is - /usr/local/etc/exim/popauth, say, set - -
-- rbl_hosts = !/usr/local/etc/exim/popauth-
- so that hosts in the list are exempted from RBL checking. - -
-Q0836: When using Nessus on a system that runs exim, a number of security - issues are raised. Nessus complains that exim answers to EXPN and/or - VRFY; sometimes it even complains that exim allows relaying. - - --A0836: Exim supports EXPN only if you permit it to do so by setting - smtp_expn_hosts. Likewise, it supports to VRFY only if you set - smtp_verify. Without these settings, its responses are - -
-- 550 EXPN not available - 252 VRFY not available-
- Maybe the use of 252 is the "problem". It is recommended that this be - done (by those that discuss these things) because there are stupid - clients that attempt VRFY before sending a message. - -
-Q0837: Could anyone points me to right rules to prevent sending/receiving - messages to/for domains which have one MX to localhost or only have - address 127.0.0.1 ? - - --A0837: You need to turn on sender_verify. With the default configuration, this - will result in a temporary verification failure for these domains. You - can make this into a permanent failure by adding - -
-- self = fail-
- to your lookuphost router. The default action on encountering a routing - to the local host is to defer, and freeze the message if it is a - delivery address. Making this change applies to any routing to the local - host, not just to 127.0.0.1. - -
-- If you are running Exim release 3.16 or later, an alternative approach - is to set ignore_target_hosts = 127.0.0.1 on the relevant routers. - -
-Q0838: How can I lock out domains that do not have any MX records? - - --A0838: You can do this by means of the mx_domains option, but you should NOT do - this for Internet domains in general. There are still a large number of - legitimate domains that do not have MX records. - -
-Q0839: I would like to have a per-user limit for the maximum size of messages - that can be sent. - - --A0839: The simplest way to do this is to put something in a system filter along - these lines: - -
-- if $message_size is above - "${lookup{$sender_address}lsearch{/some/file}{$value}{10M}}" - then - fail "Message is larger than $sender_address is allowed to send" - endif-Q0840: I have set up a DBM (or cdb, or lsearch, or MySQL or whatever) file - containing a list of IP addresses for the hosts I want to allow to - relay, but when I set host_accept_relay to do a lookup on that data, it - doesn't work. - - -
-A0840: If you include any kind of lookup in a host list, it will by default - search on the host name, not on the IP address. What you want is - something like - -
-- host_accept_relay = net-dbm;/some/file-
- The prefix net- makes it look up the IP address instead of the name. You - can also look up IP networks by using entries like - -
-- host_accept_relay = net24-dbm;/some/file-
- For a host with IP address 192.168.45.23 this would do the lookup using - the key "192.168.45.0/24". - -
--A0901: Users have found several ways of setting up Exim for use with Majordomo. - There's a web page at - -
-- http://www.netmaster.ca/exim/majordomo.html-
- which shows one way to do it, and discusses some of the issues. The - sample configuration C018 is another approach which automates a lot of - the functions based on whether the files or directories exist. Only - three aliases per list are needed. - -
-- Somewhere in the Majordomo docs or FAQ it mentions using batchmail or - other additional programs to improve the performance of large lists. - They are not needed with Exim, and their use can actually make things - worse. However, it's a good idea to set remote_max_parallel to a value - greater than 1 in the Exim configuration. - -
-Q0902: I have set $mailer in majordomo.cf, but it still isn't setting the - sender correctly in the messages it sends. - - --A0902: Make sure you have got the quoting correct in the $mailer setting. For - example, - -
-- $mailer = "$sendmail_command -oi -oee -f$sender\@lists.mydomain.de"; - -
-- is not correct. It needs three backslashes, not one, and the $ at the - start of $sender has to be escaped with a backslash. - -
-Q0903: I'm trying to set up majordomo, but I'm getting a "wrong mode" error - when I try to send it mail. The panic log entry reads: - - -- 1999-01-05 11:23:34 0zxZGY-0000vB-00 majordomo_aliases director: - /var/lib/majordomo/lists/lists.aliases (lsearch lookup): wrong mode - -
--A0903: Check the mode of /var/lib/majordomo/lists/lists.aliases and compare it - with the setting of the modemask option in the majordomo_aliases - director. This option specifies bits which must not be set for the alias - file, and it defaults to 022. - -
-Q0904: I'm getting return code 9 from /home/majordomo/majordomo-1.94.4/wrapper - when it is passed a message from Exim. - - --A0904: A problem like this turned out to be the Perl version that came with - RedHat 5.2. Rebuilding Perl 5.005x solved it. - -
-Q0905: Exim is complaining about an invalid command line when Majordomo tries - to send it a message for delivery. - - --A0905: Take a look at your majordomo.cf file, It should have something that - looks like - -
-- $sendmail_command = "/usr/lib/sendmail";-
- and another line like - -
-- $mailer = "$sendmail_command -oi -oee -f\$sender";-
- If you have modified resend (one of the majordomo programs) to use - $sendmail_command instead of $mailer you will be calling Exim with no - command line arguments. - -
--A1001: If you set up a rewriting rule in the following form: - -
-- *@*.your.domain $1@your.domain-
- then Exim will rewrite all addresses in the envelope and the headers, - removing anything between "@" and "your.domain". This applies to all - messages that Exim processes. If you want to rewrite sender addresses - only, the the rule should be - -
-- *@*.your.domain $1@your.domain Ffrs-
- This applies the rule only to the envelope "From" address and to the - From:, Reply-to:, and Sender: headers. - -
-Q1002: I have Exim configured to remove the hostname portion of the domain on - outgoing mail, and yet the hostname is present when the mail gets - delivered. - - --A1002: Check the DNS record for your domain. If the MX record points to a CNAME - record instead of to an A record, MTAs are liable to rewrite addresses, - changing your domain name to its "canonical" form, as obtained from the - CNAME record. - -
-Q1003: I want to rewrite local addresses in mail that goes to the outside - world, but not for messages that remain within the local intranet. - - --A1003: Exim wasn't really designed to handle this kind of split world, and - doing this is not entirely straightforward. - -
-- (A) If you are running version 3.20 or later, you can use the - headers_rewrite option on a transport. This will apply to just those - copies of a message that pass through the transport. The return_path - option can similarly be used to rewrite the sender address, but there is - no way of rewriting recipient addresses at transport time. However, as - these are by definition remote addresses, you probably don't want to - rewrite them. - -
-- You have to set up the configuration so that it uses different SMTP - transports for internal and external mail. Typically this would be done - by setting the domains option on a router for handling your internal - domains. However, if all domains are routed in the same way (for - example, using a DNS lookup), another approach is to use a string - expansion for the transport name. For example: - -
-- lookuphost: - driver = lookuphost - transport = ${if match{$domain}{\\.my\\.domain\$}{int_smtp}{ext_smtp}}-
- This example uses the int_smtp transport for domains ending in - .my.domain, and ext_smtp for everything else. The ext_smtp transport - could be something like this: - -
-- ext_smtp: - driver = smtp - headers_rewrite = *@*.my.domain \ - ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail} - return_path = \ - ${if match{$return_path}{^([^@]+)@(.*)\\.my\\.domain\$}\ - {\ - ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail}\ - }\ - fail}-
- This example uses a separate file of local-to-external address - translations for each domain. This is not the only possibility, of - course. The headers_rewrite and return_path options apply the same - rewriting to the header lines and the envelope sender address, - respectively. - -
-- (B) If you are running a version of Exim that is earlier than 3.20, - doing this kind of rewriting is very much more difficult. Until the - headers_rewrite option was added, all header rewriting was done at the - time a message was received. A standard configuration cannot handle - rewriting that is specific to certain recipients only. - -
-- The simplest thing to do is to upgrade to the latest current Exim - release. For those that cannot do that, this old information from the - pre-3.20 FAQ is retained: - -
-- The trick is to split off a copy of the message to be sent to all - external recipients, and do the rewriting on that. This can be achieved - by running two differently-configured versions of Exim, either on a - single host, or on two different hosts. If you have a gateway or - firewall machine, that is the natural place to run the rewriting - version. - -
-- On a single machine, the following is one way of handling this: - -
-- (1) Set up the normal configuration (in the configuration file whose - name is screwed into the binary) such that it does local deliveries - as required, but forwards a copy of the message for non-local - recipients to a different incarnation of Exim via a private SMTP - port. For example, use this transport and router: - -
-- # Transport to send SMTP using port 26 - internal_smtp: - driver = smtp - service = 26-
- # Router to send everything the internal_smtp transport - pass_remotes: - driver = domainlist - transport = internal_smtp - route_list = * localhost byname - self = send-
- This should be the only router. Because of the self = send - setting, Exim will transport the messages, even though it knows it - is going to the local host. - -
-- (2) Set up a different configuration file for the rewriting version of - Exim. This need do no local deliveries, so it needs no local - domains or directors, and as it accepts mail only from the local - host, there is no need for any spam-blocking or other policy - controls. However, it does need to have its own spool area. The main - part of the configuration could be like this: - -
-- local_domains = - local_interfaces = 127.0.0.1 - host_reject = !127.0.0.1 - spool_directory = /var/spool/exim-external - end-
- Note the use of a negated item for host_reject, causing rejection of - SMTP calls from all but the local host. - -
-- The directors section can be completely empty (apart from the line - saying "end"), while the routers section should be as in a normal - configuration, as it is going to control external delivery. - -
-- The rule(s) for rewriting your internal addresses into external ones - should be in this configuration. This is one example of what might - be done: - -
-- *@*.your.domain "\ - ${lookup{$1}cdb{/etc/$2/mail.handles.cdb}{$value}fail}"-
- which looks up each local part in a per-host file to obtain the - externally-visible address, including (in this example) the domain. - -
-- (3) You have to arrange for a daemon to be listening on port 26, and to - be using the alternate configuration file. It is necessary to do - this as root so that Exim retains its privilege after reading a - non-standard configuration. A command such as - -
-- exim -C /etc/exim-configure2 -bd -oX 26-
- could be used in a suitable system start-up file. Alternatively you - could set up inetd to run Exim with the -C option for incoming - connections on port 26. - -
-- The net result of all of this is that when a message has one or more - external recipients, a copy of it is sent via port 26 to the second - version of Exim, which rewrites any internal addresses and does the - external deliveries. The cost of this is that the message has to be - copied and spooled twice, and you have two different Exim queues to - manage. Note that if the "external" Exim has to send a delivery failure - message, it will use the rewritten sender address. - -
-Q1004: I'm using this rewriting rule to change login names into "friendly" - names, but if mail comes in for an upper case login name, it doesn't - get rewritten. - - -- *@my.domain ${lookup{$1}dbm{/usr/lib/exim/longforms}\ - {$value}fail}@my.domain bcfrtFT-
- The longforms database has entries of the form: - -
-- ano23: A.N.Other-
-A1004: Replace $1 in your rule by ${lc:$1} to force the local part to lower - case before it is used as a lookup key. - -
-Q1005: Is it possible to completely fail a message if the rewrite rules fail? - - --A1005: It depends on what you mean by "fail a message" and what addresses you - are rewriting. If you are rewriting recipient addresses for your local - domain, you can do: - -
-- *@dom.ain ${lookup{$1}dbm{/wher/ever}{$value}{failaddr}} Ehq-
- and in your alias file put something like - -
-- failaddr: :fail: Rewriting failed.-
- This fails a single recipient - others are processed independently. - -
-Q1006: I'm using $domain as the key for a lookup in a rewriting rule, but its - contents are not being lowercased. Aren't domains supposed to be handled - caselessly? - - --A1006: The value of $domain is the actual domain that appears in the address. - It could of course be lower cased, but I know that would cause some - unhappiness, because some people have mixed-case domain names which look - silly if the case is changed. Thus, one wants to preserve the case in - rewrites such as - -
-- *@*.TheRap.com <something>@$domain-
- (not the best example) because "therap" doesn't look like two words. I - know it seems trivial, but it is important to some people - especially - if by some unfortunate accident the lowercased word is something - indecent. - -
-- You can trivally force lower casing by means of the ${lc: operator. - Instead of "$domain" write "${lc:$domain}". - -
-Q1007: I want to rewrite local sender addresses depending on the domain of the - recipient. - - --A1007: In general, this is not possible, because a message may have more than - one recipient and Exim keeps just a single copy of each message. It may - also deliver one copy of a message with several recipient addresses. - You can do an incomplete job by using a regular expression match in a - rewrite rule to test, for example, the contents of the To: header. This - would work except in cases of multiple recipients. See also - Q1003. - -
--A1101: To the remote_smtp transport, add something like - -
-- headers_add = "${if and{\ - {eq{$domain}{spec.dom}}\ - {matches{$h_subject:}{whatever}}}\ - {Content-Type: text/html; charset=\"us-ascii\"} fail }"-
- This example shows a Content-Type header, but you can have anything you - like, and multiple headers can be inserted by using \n to separate them. - -
-Q1102: Is it possible to have Exim add a header to only certain local_parts of - outgoing mail? - - --A1102: Only if you arrange for each such local part to receive its own private - copy of the mail. See max_rcpt in the SMTP transport. Then you could use - conditions in an expansion string to add or not add a header. - -
-Q1103: How can I remove some part of the Received: header? - - --A1103: Set received_header_text. - -
-Q1104: How I can insert the PGP header line using exim filters? - - --A1104: You can't insert headers in a user filter. A system filter can do so, - but the inserted lines then are included for all recipients. - -
-Q1105: I know I can use a system filter to replace certain headers in messages, - but how can I add text to existing headers? I want to add [SPAM] to - the subject line of messages that appear to be spam. - - --A1105: You can only do this in a round about way, using filter commands like - this: - -
-- headers add "New-Subject: SPAM: $h_subject:" - headers remove subject - neaders add "Subject: $h_new-subject:" - headers remove new-subject-
- This trick works only in system filters, where the commands are obeyed - in order, and affect the master list of headers that apply to the whole - message. You cannot do this with the headers_add and headers_remove - options on drivers. - -
--A1201: Put "localhost" in a list of local domains, that is, add it to the - local_domains option in your Exim configuration file. - -
-Q1202: Fetchmail is passing on bounce messages to Exim with the sender address - set to <@some.domain> which causes Exim to complain, because there is no - local part. - - --A1202: This was a fetchmail problem which has been fixed. Ideally, you should - upgrade to the current fetchmail release. If you cannot do this, there - is some Exim magic that might help. The 'S' rewriting flag allows - rewriting of envelope addresses to be done as soon as they are received - in the SMTP protocol, before any kind of checking or other processing is - done. This is specifically provided for installations that have to cope - with mangled addresses coming in over SMTP. - -
-Q1203: I'm currently using Exim with fetchmail and I'd like to use the RBL on - Exim, but will it work? Do I need to configure fetchmail any particular - way? As far as Exim knows, all mail is coming from 127.0.01. Will it - check the source address against RBL? Or will it check the From: header? - - --A1203: It will check 127.0.0.1 (not very useful). The point of the RBL is to - keep messages from black-listed hosts out of your machine. If you are - using fetchmail, you have got the messages into your machine before you - approach Exim. That kind of defeats the purpose of the RBL. The right - way to do this would be for the host from which you fetchmail to do the - RBL checking and insert some kind of warning header for you to test, as - Exim does if you run RBL checks in warning mode. - -
--A1301: If you are using BSDI, see - Q9401. - -
-Q1302: Exim built with Perl support exits with several error messages of the - form "undefined reference to `PL_stack_sp'". - - --A1302: This has been seen on FreeBSD systems that had two different versions of - Perl installed, the older with an a.out library and the newer with an - ELF library. Ensure that the older package is removed. - -
--A1401: Use the queue_remote_domains option to control which domains are held - on the queue for later delivery. For example, - -
-- queue_remote_domains = ! *.localnet-
- allows delivery to domains ending in .localnet, while queueing all the - others. - -
-Q1402: I have a dial-up machine, and I use the queue_smtp_domains option so - that remote mail only goes out when I do a queue run. However, any email - I send with an address <anything>@aol.com is returned within about 15 - minutes saying 'retry time exceeded', and all addresses are affected. - - --A1402: (A) You should be using queue_remote_domains rather than queue_smtp_ - domains. With the latter, Exim is trying to route the addresses, which - involves a DNS lookup. This is presumably timing out, causing a retry - time to be set for the domain, and somehow a valid lookup never happened - before the maximum retry time (default of 4 days) passed. Hence the - bounce. The fact that it is aol.com is not relevant. You should probably - also be using -qq to do your queue run rather than -q. - -
-- (B) An alternative approach if you are sending all your outgoing mail to - the same smart host is to use a single router like this: - -
-- route_append: - driver = domainlist - transport = remote_smtp - route_list = "* smarthost.isp.net byname"-
- and put the address of the smart host in /etc/hosts, so that it can be - found without the need of a DNS lookup. Then you can use queue_smtp_ - domains so that Exim does the routing for every message, but doesn't try - to deliver it. See also - Q1403. - -
-Q1403: How should Exim be configured when it is acting as a temporary storage - system for a domain on a dial-up host? - - --A1403: Exim isn't really designed for this, but... The lowest-numbered MX - record for the domain should be pointing to your host. You should set a - large retry time for that domain, so that Exim doesn't keep trying to - deliver when the host is offline. When the host comes online, the - waiting messages have to be kicked somehow. This can be done by calling - Exim with the -R option, or via the SMTP ETRN command. This works - provided the number of messages is low. If you are handling lots of - mail, keeping messages waiting for their host to connect and those that - are having delivery problems to remote hosts all in the same queue - doesn't work so well. It is better in this case to get Exim to deliver - the mail for the dial-in hosts into some local files which then get - transmitted by other software when the host connects. See the manual - chapter entitled "Intermittently connected hosts" and also - Q5014 and - - Q0521. - -
-Q1404: I have queue_remote_domains or queue_smtp_domains set, and use -qf to - force delivery of waiting mail when I dial in. How can I arrange for any - new messages that arrive while I'm connected to be delivered immediately? - - --A1404: (A) Instead of queue_remote_domains or queue_smtp_domains, use the - queue_only_file option. This causes messages to be queued only if a - particular file exists. The word "remote" or "smtp" before the file name - controls which type of queueing is used. For example: - -
-- queue_only_file = remote/etc/present/when/not/connected-
- Then, in the scripts which are run when you connect and disconnect, - arrange to remove the file after connection, and create it just before - disconnection. - -
-- (B) An alternative is to set hold_domains to point to a file lookup and - switch that file appropriately. - -
--A1501: There are a number of technical and potential legal problems that arise - in connection with message modification. Some of them are listed below. - If, despite these considerations, you still want to modify messages, you - can do so using Exim, but not directly in Exim itself. It is not the job - of an MTA to modify messages, something that requires understanding of - their content and format. - -
-- Exim provides a hook in the form of a "transport filter" that lets you - pass any outgoing message through a program or script of your choice. It - is the job of this script to make any changes to the message that you - require. By this means, you have full control over what changes are - made, and Exim does not need to know anything about message bodies. - However, using a transport filter requires additional resources, and may - slow down mail delivery. - -
-- You can use Exim's directors and routers to arrange for those messages - that you want to modify to be delivered via a transport filter. For - example, suppose you want to do this for messages from addresses in - your domain that are being delivered to a remote host. Place the - following router before the standard lookuphost router: - -
-- filter_remote: - driver = lookuphost - transport = remote_smtp_filter - condition = ${if eq {$sender_address_domain}{your.domain}{yes}{no}}-
- This routes the relevant addresses to a transport called - remote_smtp_filter. Other addresses fall through to the normal router, - and are routed to the standard remote_smtp transport. Another way to do - this would be to use a single router, with an expanded string for the - transport setting. The new transport is defined thus: - -
-- remote_smtp_filter: - driver = smtp - transport_filter = /your/filter/command-
- The entire message is passed to your filter command on its standard - input. It must write the modified version to the standard output, taking - care not to break the RFC 822 syntax. The command is run as the Exim - user, if one is defined; otherwise it is run as root. - -
-- There are a number of potential problems in doing this kind of - modification in an MTA. Many people believe that to attempt is it wrong, - because: - -
-- 1. It breaks digital signatures, which are becoming legally binding - in some countries (already in the UK, likely to be 1 October 2000 in - the USA). It may well also break encryption. - -
-- 2. It is likely to break MIME encoding, that is, it is likely to wreck - attachments, unless great care is taken. And what about the case of a - message containing only binary MIME parts? - -
-- 3. It is illegal under German and Dutch law to change the body of - a mail message in transit. It might potentially be illegal in - the UK under European law. This consideration applies to ISPs and - other "common carriers". It would presumably not apply in a corporate - environment where modification was done only to messages originating - from the employees, before they left the company's network. It might - also not apply if the senders have explicitly given their consent - (e.g. agreed to have advertisements added to their incoming mail). - -
-- 4. Since the delivered message body was produced by the MTA (not the - originator, because it was modified), the MTA operator could - potentially be sued for any content. This again applies to "common - carrier" MTAs. It's interesting that adding a disclaimer of liability - could be making you liable for the message, but this case seems - more likely to involve adding advertisements than disclaimers. After - all, no postal service in the world opens all the mail it carries to - add disclaimers. - -
-- 5. Some mail clients (old versions of MS outlook) crash if the message - body of an incoming MIME message has been tampered with. - -
-- There are also potential problems that could arise if a scheme to add - disclaimers goes wrong for some messages: - -
-- 1. False negatives: "Ah, this guy usually says he does not represent - their views, but in this message he doesn't have the disclaimer". - -
-- 2. False positives: "This official announcement does not represent our - views, oh no". - -
-- An alternative approach to the disclaimer problem would be to insist - that all relevant messages have the disclaimer appended by the MUA. The - MTA should refuse to accept any that do not. Again, however, the MTA - must understand the format of messages in order to do this. Simply - checking for appropriate wording at the end of the body is not good - enough. It would probably be necessary to run a Perl script from within - an Exim system filter in order to adopt this approach. - -
-- Finally, it's a trivial matter to add customized headers of the sort: - -
-- X-Disclaimer: This is a standard disclaimer that says that the views - X-Disclaimer: contained within this message are somebody elses.-
- which is a much easier alternative to modifying message bodies. - -
-Q1502: How can I remove attachments from messages? - - --A1502: The answer to this is essentially the same as for - Q1501. - -
--A2000: The author of Exim believes that it is Y2K-compliant, as long as the - underlying operating system and C library are. Exim does not parse dates - or times at all. Internally, it makes some use of binary timestamps in - Unix format (number of seconds since 1-Jan-1970) and uses C library - services to convert these to printing forms (e.g. for logging). The - printing forms all use 4-digit years. Some people have tried various - tests. No problems have been reported, but details of what tests have - been done are not available. - -
-- Well, it's now August 2000, and no Y2K problems have been reported, so - it looks like I was right. - -
--A5001: This is an error that occurs when Exim is trying to find out the all the - IP addresses on all of the local host's interfaces. If you have lots of - virtual interfaces, this can occur if there are more than around 250 of - them. The solution is to set the option local_interfaces to list just - those IP addresses that you want to use for making and receiving SMTP - connections. - -
-Q5002: How can I arrange to allow a limited set of users to perform a limited - set of Exim administration functions? I don't want to put them all in - the exim group. - - --A5002: See http://www.chiark.greenend.org.uk/~ian/userv/. Using userv you can - arrange (for example) for certain users to be able to invoke mailq or - runq or other preset commands as exim (or any other user, as configured) - with only userv configuration. If you want to check the particular Exim - options available you can easily do it with shell or Perl scripts and - userv configuration, and provided you know how to do argument - `unparsing' properly in shell or Perl it will be secure. - -
-Q5003: How can I test for a message's size being greater or less than a given - value in an expansion string? - - --A5003: This isn't straightforward in versions of Exim prior to 2.10, because - there were no arithmetic operators in expansion strings. In version - 2.10 or later you can write, straightforwardly, - -
-- ${if > {$message_size}{10K} {yes} {no}}-
- In earlier versions, low cunning can be used to achieve certain - kinds of test. For example, to test if the message size is less than - or equal to 1000000: - -
-- ${if eq{${expand:\$\{substr_-1000000_$message_size:x\}}} {} {yes} {no}}-Q5004: I want to "tail" the Exim log, but I have a number of other logs I also - want to "tail", and the number of tailing windows is getting to be a - nuisance. - - -
-A5004: Look for a program called 'xtail' (despite its name, it's not an - X-windows application). It allows you to do multiple tails, even of - entire directories. - -
-Q5005: I would like to have Exim log information written to syslog. - - --A5005: Support for this is available from version 3.10 onwards. - -
-Q5006: What does the error "Failed to create spool file" mean? - - --A5006: Exim has been unable to create a file in its spool area in which to - store an incoming message. This is most likely to be either a - permissions problem in the file hierarchy, or a problem with the uid - under which Exim is running, though it could be something more drastic - such as your disc being full. Check that you have defined the spool - directory correctly by running - -
-- exim -bP spool_directory-
- and examining the output. Check the mode of this directory. It should - look like this, assuming you are running Exim as user `exim': - -
-- drwxr-x--- 6 exim exim 512 Jul 16 12:29 /var/spool/exim-
- If there are any subdirectories already in existence, they should have - the same permissions, owner, and group. Check also that you haven't got - incorrect permissions on superior directories (for example, /var/spool). - Check that you have set up the exim binary to be setuid root. It should - look like this: - -
-- -rwsr-xr-x 1 root xxx 502780 Jul 16 14:16 exim-
- Note that it is not just the owner that must be root, but also the third - permission must be "s" rather than "x". - -
-Q5007: Exim keeps crashing with segmentation errors (signal 11 or 139). - - --A5007: This might be a problem with the db library. See - Q0505. - -
-Q5008: Exim's databases keep getting corrupted. - - --A5008: See - Q0505. - -
-Q5009: I've been using an autoreply director to try and mimic a bounce message, - but I can't get it to have an envelope from of <>. - - --A5009: You haven't, by any chance, put "exim" in the list of never_users, have - you? - -
-Q5010: I see entries in the log that mention two different IP addresses for the - same connection. Why is this? For example: - - -- H=tip-mp8-ncs-13.stanford.edu ([36.173.0.189]) [36.173.0.156]-
-A5010: The actual IP address from which the call came is the final one. - Whenever there's something in parentheses in a host name, it is what the - host quoted as the domain part of an SMTP HELO or EHLO command. So in - this case, the client, despite being 36.173.0.156, issued the command - -
-- HELO [36.173.0.189]-
- when it sent your server the message. This is, of course, very - misleading. - -
-Q5011: How can I persuade Exim to accept ETRN commands without the leading - # character? - - --A5011: Set the option - -
-- smtp_etrn_command = /usr/lib/sendmail -R $domain-
- This causes Exim to run that command, with $domain replaced by the - argument of ETRN. The default action of Exim is to require the # sign - in order to be RFC-compliant, and to run the equivalent of - -
-- smtp_etrn_command = /usr/lib/sendmail -R ${substr_1:$domain}-
- which uses the argument without the leading # as the value for the -R - option. You aren't restricted to running Exim with the -R option, of - course. You can specify any command you like, with any number of - arguments. In particular, you can pass over the IP address of the caller - via $sender_host_address. However, if you make use of expansion strings - in the arguments, each one must be entirely contained in a single - argument. For example, if you want to remove the first character of the - ETRN argument when it is @ or #, you could use - -
-- smtp_etrn_command = "/usr/lib/sendmail -R \ - \"${if match {$domain}{^[@#]}{${substr_1:$domain}}{$domain}}\""-
- The internal quotes are necessary because of the white space inside the - expansion string. - -
-- If you use smtp_etrn_command to run something other than Exim with the - -R option, you must disable smtp_etrn_serialize, because otherwise the - serialization lock (which is set by default) never gets removed. - -
-Q5012: I've recently noticed that emails I send with a Bcc: line are being - delivered to their final destination with the Bcc: line still present. - - --A5012: Exim removes Bcc lines only if you call it with the -t option (i.e. - when it is acting partly as an MUA). It does not remove Bcc lines that - are present in incoming SMTP mail or command-line mail that does not - use -t. Indeed, it should not remove them. From RFC 822: - -
-- 5.3. BCC / RESENT-BCC - -
-- This field contains the identity of additional recipients of the - message. The contents of this field are not included in copies of the - message sent to the primary and secondary recipients. Some systems may - choose to include the text of the "Bcc" field only in the author(s)'s - copy, while others may also include it in the text sent to all those - indicated in the "Bcc" list. - -
-- Only the initiating software (i.e. the MUA) can tell what to do with - Bcc; any MTA software has to leave it alone. - -
-Q5013: I used gv v3.5.8 (ghostview) to try printing spec.ps. After every - printed page, the printer ejects a blank sheet. Is this something to do - with using "letter" rather than A4 paper? - - --A5013: This seems to be an effect of using ghostview. Although the PostScript - is generated for A4 pages, the size of the page images is such that they - should fit on a letter page (they are shorter than would normally be - used on A4 paper). If the PostScript file is sent directly to a - PostScript printer, there is no problem. An alternative is to get hold - of the "psutils" toolset, which is available from - -
-- ftp://ftp.dcs.ed.ac.uk/pub/psutils/psutils.tar.gz-
- It contains utilities for extracting pages (which can be useful for - double-sided printing) and for resizing pages. If you resize from A4 to - letter the text shrinks a bit, but should then be printable via - ghostview. - -
-Q5014: I would like to have a separate queue per domain for hosts which dial - in to collect their mail. - - --A5014: Exim isn't really designed for this kind of operation. The only way to - do this would be to cause it to send those messages to a differently - configured version of Exim with its own spool area. This could be done - via a pipe or SMTP to a private port. The main Exim, listening on port - 25, would then be configured to run an appropriate command to prod one - of the others when it received ETRN, by means of the etrn_command option. - -
-- You could probably manage this with a single Exim binary and a number of - different configuration files, passed to the special versions using the - -C option. For this application they could all run as exim, since no - root privilege would be needed. - -
-- An alternative approach id to get Exim to deliver mail for such hosts - in batch SMTP format into some directory, and have the ETRN run - something to pass such messages to the dialled-in host. See also - Q0503 - and - Q0521. - -
-Q5015: A short time after I start Exim I see a <defunct> zombie process. What - is causing this? - - --A5015: Your system must be lightly loaded as far as mail is concerned. The - daemon sets off a queue runner process when it is started, but it only - tidies up completed child processes when it wakes up for some other - reason. When there's nothing much going on, you occasionally see - <defunct> processes like this waiting to be dealt with. This is - perfectly normal. - -
-Q5016: On a reboot, or a restart of the mail system, I see the message "Mailer - daemons: exim abandoned: unknown, malformed, or incomplete option - -bz sendmail". What does this mean? - - --A5016: -bz is a Sendmail option requesting it to create a "configuration freeze - file". Exim has no such concept and so does not support the option. You - probably have a line like - -
-- /usr/lib/sendmail -bz-
- in some start-up script (e.g. /etc/init.d/mail) immedately before - -
-- /usr/lib/sendmail -bd -q15m-
- The first of these lines should be commented out. - -
-Q5017: I would like to restrict e-mail usage for some users to the local - machine, ideally on a group basis. - - --A5017: See - A9802 - -
-Q5018: Whenever exim restarts it takes up to 3-5 minutes to start responding on - the SMTP port. Why is this? - - --A5018: Something else is hanging onto port 25 and not releasing it. One place - to look is /etc/inetd.conf in case for any reason an SMTP stream is - configured there. - -
-Q5019: Why aren't there any man pages for Exim? I don't always carry my printed - documentation. - - --A5019: As well as plain ASCII text, the Exim documentation is provided in two - online forms - texinfo and HTML - which have a certain amount of built- - in indexing for ease of finding your way around. There are no man pages - because the author of Exim hasn't the time (or desire :-) to maintain - yet another documentation format. Besides, it is hard to know how to - split the Exim manual up. - -
-- There is a contributed man page for a previous version of Exim in - -
-- ftp://ftp.cus.cam.ac.uk/pub/software/programs/exim/Contrib/doc/exim.8 - -
-- This was written by a previous maintainer of the Debian GNU/Linux Exim - package. You can view a nicely formated version at: - -
-- http://dwww.jimpick.com/cgi-bin/dwww?type=man&location=/usr/man/man8/exim.8.gz - -
-- This contains some introductory text and the command line options only. - -
-Q5020: When I send a message using the -t command line option, Exim sends only - to the addresses within the message, not to those on the command line. - - --A5020: By default Exim operates according to the Sendmail documentation, and - interprets addresses on the command line as addresses not to send to. - You can set - -
-- extract_addresses_remove_arguments = false-
- to change this behaviour. There is some confusion in the Sendmail - community about the interpretation of recipient addresses on the command - line if the -t option is used. - -
-- Here is an except from one version of the sendmail documentation - -
-- -t Read message for recipients. To:, Cc:, and Bcc: lines will - be scanned for recipient addresses. The Bcc: line will be - deleted before transmission. Any addresses in the argument - list will be suppressed, that is, they will not receive - copies even if listed in the message header. - -
-- Earlier versions of the sendmail documentation are ambiguous (unlike the - snippet above). Apparently the code and documentation streams resolved - the ambiguity differently. - -
-Q5021: If I set up, for example, - local_domains = *customer.com, then it matches - "customer.com" and "abc.customer.com" as required, but it also matches - "noncustomer.com", which is wrong. How can I get round this? - - --A5021: (A) You have to specify two entries in the list: - -
-- local_domains = customer.com : *.customer.com-
- because * in a domain list matches any characters, including "." and - including a null sequence. - -
-- (B) Alternatively, you could use a regular expression: - -
-- local_domains = ^(.+\.|)customer\.com$-
- but that probably will not be as efficient. - -
-- (C) If you have lots of local domains, you could put them into a file to - be searched (using lsearch, dbm, cdb, or whatever) and use a partial - search such as - -
-- local_domains = partial-dbm;/list/of/domains-
- If the file contains the key *.customer.com then the desired effect is - achieved, because partial lookups do operate on a component basis. See - the section entitled "Partial matching in domain lists". It is a bit - confusing that "*" is used in this context, because its meaning is not - the same as when it appears directly in a domain list. - -
-Q5022: I want to match all local domains of the form *.oyoy.org but want a few - exceptions. For instance I don't want foo.oyoy.org or bar.oyoy.org to be - treated as local. What is the best way to do this? - - --A5022: (A) From release 3.00 onwards, you can put negative items in the - local_domains setting, like this: - -
-- local_domains = !foo.oyoy.org : !bar.oyoy.org : *.oyoy.org-
- If there are many exceptions, you can use a lookup instead of listing - them all inline. - -
-- (B) Otherwise, you can use a regular expression: - -
-- local_domains = ^.*(?<!^foo|^bar)\.oyoy\.org$-
- An alternative formulation that is more efficient in execution (because - it doesn't backtrack for .* in cases that don't match) is - -
-- local_domains = ^(?>.*$)(?<=\.oyoy\.org)(?<!^(foo|bar)\.oyoy\.org)-
- If you are using an earlier version of Exim in which the regular - expression library does not have lookbehind support (versions prior to - 2.051, but after 1.735): - -
-- local_domains = ^(?!(foo|bar)\.oyoy\.org$).+\.oyoy\.org$-
- If you are using a version of Exim that is earlier than 1.735, consider - upgrading! - -
-Q5023: I can't seem to find a pre-built version of Exim anywhere. The machine - is a Sparc 5 running Solaris 2.6. - - --A5023: The problem is that there are a number of build-time options, requiring - the answer to questions like: - -
-- . Which DBM library do you have? (On Solaris probably ndbm, but no easy - default on some other systems.) - -
-- . Which uid/gid do you want to use for Exim? - -
-- . Where do you want the configuration file to be? (Many different - answers, even on the same OS, depending on local policy.) - -
-- . Ditto for the binaries. - -
-- . Which optional bits of Exim do you want to include? - -
-- ... and so on. One could impose a set of values, but I suspect they - would probably please nobody. - -
-Q5024: Is there a Windows NT version of Exim available? - - --A5024: A long time ago somebody took a copy of the Exim source with the aim of - trying to port it to NT. However, I never heard anything more. - -
-Q5025: Does Exim support Delivery Status Notificaion (DSN), Message Status - Notification (MSN), or any other form of delivery acknowledgement? - - --A5025: See - A0517. - -
-Q5026: What does "Exim" stand for? - - --A5026: Originally, it was "EXperimental Internet Mailer", which was the best I - could come up with when I was starting out. At that point it was - experimental - I wanted to see if the ideas I had for extending Smail's - approach actually worked. Then somebody discovered about it and wanted - to start using it, and told other people about it... - -
-Q5027: What does the log message "no immediate delivery: more than 10 messages - received in one connection" mean? - - --A5027: See - A0518. - -
-Q5028: Although I haven't set check_spool_space, Exim is still checking the - amount of space on the spool for incoming SMTP messages that use the - SIZE option. Can I suppress this? - - --A5028: The RFC for the SIZE option says - -
-- If the server currently lacks sufficient resources to accept a - message of the indicated size, but may be able to accept the - message at a later time, it responds with code "452 - insufficient system storage". - -
-- and that is what Exim is trying to implement. This is entirely - independent from check_spool_space, which says "don't accept any mail - if there is less than so much space in the spool partition", though the - code is optimised to do both checks at the same time if required. - However, you can suppress the SIZE check if you want to, by unsetting - smtp_check_spool_space. - -
-Q5029: I just noticed log entries that start off "<= <>". Am I correct in - assuming that the "<>" indicates that the envelope did not contain any - "From" data? - - --A5029: Yes. This indicates a delivery failure report (aka "bounce message"). - Here is what RFC 1123 has to say about this: - -
-- "If there is a delivery failure after acceptance of a message, - the receiver-SMTP MUST formulate and mail a notification - message. This notification MUST be sent using a null ("<>") - reverse path in the envelope; see Section 3.6 of RFC-821. The - recipient of this notification SHOULD be the address from the - envelope return path (or the Return-Path: line). However, if - this address is null ("<>"), the receiver-SMTP MUST NOT send a - notification. If the address is an explicit source route, it - SHOULD be stripped down to its final hop." - -
-- The reason for using empty sender addresses is to identify bounce - messages so that they themselves do not cause further bounces. However, - this has made life harder for those that want to check incoming mail for - valid senders. It is a pity that some other mechanism (e.g. a keyword - on the MAIL command) was not used instead, but it is far too late to - change now. - -
-- Empty senders are also used for other kinds of report which should not - themselves cause the generation of bounce messages. For example, Exim - uses them when sending out warnings about delivery delays. - -
-Q5030: I've received a message which does not have my address in the To: - line. It is a spam message with the same address in both the From: and - the To: headers. How can this happen, and why doesn't Exim reject it? - - --A5030: There is an important distinction between the "envelope" from and to and - the "header" from and to. The former are sometimes called the "sender" - and "recipient". An email message needs an "envelope" for the same - reason that paper mail does - the envelope tells the delivery mechanism - what to do with *this copy* of the message, whereas the To: header lists - all the recipients, including those who have been sent different copies - of the message because their mailbox is on some other host. - -
-- An MTA such as Exim normally works entirely with the "envelope" - addresses, not with those in the header lines. However, you can specify - that it should do some checking of header addresses by setting a - number of options whose names begin with headers_. - -
-- Don't try to block mail where envelope from and the header from differ. - There are common legitimate cases where this happens, for example, - messages forwarded from mailing lists and delivery failure reports. - -
-Q5031: Can (or will) Exim ever handle a message delivery purely in memory, - that is, it is handled without it ever hitting the disc? - - --A5031: It doesn't, and never will. Accepting and delivering a message are two - entirely separate, independent processes, which communicate only by - writing/reading the message on the disc. - -
-Q5032: If I am using dbm files for data that Exim reads, can I rebuild them - on the fly, or do I need to restart Exim every time I make a change? - - --A5032: Exim re-reads the file every time it consults it, so if you are using a - cdb or a DBM library that uses just a single file (i.e. NOT ndbm) then - you can just build the new file with a temporary file name, and use "mv" - to rename it into the correct place on the fly. If there are two files - to rename, there is a window of time during which the DBM database is - inconsistent. On lightly loaded systems this may not matter. - -
-Q5033: What are the main differences between using an Exim filter and using - procmail? - - --A5033: Exim filters and procmail provide different facilities. Exim filters run - at directing time, before any deliveries are done. A filter is like a - ".forward file with conditions". One of the benefits is de-duplication. - Another is that if you forward, you are forwarding the original message. - -
-- However, this does mean that pipes etc. are not run at filtering time, - nor can you change the headers, because the message may have other - recipients and Exim keeps only a single set of headers. - -
-- Procmail runs at delivery time. This is for one recipient only, and so - it can change headers, run pipes and check the results, etc. However, if - it wants to forward, it has to create a new message containing a copy - of the original message. - -
-- It's your choice as to which of these you use. You can of course use - both. - -
-Q5034: I need an option that is the opposite of -bpa, that is, a listing of - those addresses generated from a top-level address that have not yet - been delivered. - - --A5034: Exim does not keep this information. It saves only the top-level - addresses and the list of addresses that are finished with. At each - delivery attempt, generated addresses are recomputed from scratch. This - makes it possible to correct errors in .forward and alias files that are - causing delivery delays. However, there is an option you can set on an - aliasfile or forwardfile director that changes things. It is called - one_time, and if it is set, the list of generated addresses gets added - to the top-level list at the first delivery attempt, and is never - regenerated. Because top-level address lists must be real email - addresses, this option cannot be used if any of the generated addresses - are pipes, files, or autoreplies. - -
-Q5035: I am getting complaints from a customer who uses my EXIM server for - relaying that they are being blocked with a "Too many connections" - error. - - --A5035: See smtp_accept_max and related options such as smtp_accept_reserve. - -
-Q5036: When I try "exim -bf" to test a system filter, I received the following - error message: "Filter error: unavailable filtering command "fail" near - line 8 of filter file". - - --A5036: Use the -bF option to test system filters. This gives you access to the - freeze and fail actions. - -
-Q5037: How can I make Exim receive incoming mail, queue it, but NOT attempt to - deliver it? I want to be in this state while moving some mailboxes. - - --A5037: (1) Set queue_only in the Exim configuration. (2) Kill off your daemon, - and restart it without the -q option (i.e. with just the -bd option), - so that it does not spawn any queue runners. This stops all deliveries, - remote as well as local. To stop just local deliveries, assuming that - none of your routers are configured to send messages directly to a local - transport, make this your first director: - -
-- defer_all: - driver = smartuser - new_address = :defer:-
- When you are ready to go again, remove that director and do a -qf run to - override the retry times. This solution works from release 3.10 onwards. - In earlier releases an aliasfile director must be used because :defer: - was not available for use in smartuser. - -
-Q5038: What does the rejection message "reject all recipients: 3 times bad - sender" mean? - - --A5038: See the section of the manual entitled "Sender verification". Exim has - failed to verify a sender from the same host 3 times within a period of - 24 hours. - -
-Q5039: The menu in Eximon isn't working. It displays, but I can't select - anything from it. - - --A5039: On some X implementations, if the numlock key is pressed (so that the - numeric keypad is working) then the menu didn't work properly in - versions of Eximon before Exim release 3.10. The problem is an - infelicity in the particular implementation of X. A workaround was - introduced at release 3.10, so this problem should no longer be - encountered. - -
-Q5040: What does "ridiculously long message header" in an error report mean? - - --A5040: There has to be some limit to the length of a message's header lines, - because otherwise a malefactor could open an SMTP channel to your host, - start a message, and then just send characters continuously until your - machine ran out of memory. (Exim stores all the header lines in main - memory). For this reason a limit is imposed on the total amount of - memory that can be used for header lines. The default is 1MB, but this - can be changed by setting HEADER_MAXSIZE in Local/Makefile. Exceeding - the limit provokes the "ridiculous" error message. - -
-- Prior to release 3.022 Exim used two separate limits, one on the length - of an individual header line and one on the total number of header - lines. A header line longer than 8192 used to provoke the error "Header - line is ridiculously overlong". In subsequent releases there is no limit - on individual header lines; only the total header size matters. - -
-Q5041: What does Exim use for POP as a default? Do I have to install anything - else? - - --A5041: Yes. Exim provides MTA functionality. That is, it delivers mail. POP is - one of several ways of reading previously-delivered mail. Exim does not - provide that functionality. - -
-Q5042: I see that Exim doesn't support SSL. Can it be made to work with stunnel? - - --A5042: From release 3.20, Exim does support SSL/TLS, by making use of the - OpenSSL library. - -
-- The problem with using stunnel is that all your SSL connections look - like they come from 127.0.0.1 - none of your IP based policies will - have any effect. This means that you are basically an open relay, - anyone who connects to your server via SSL can relay through you, - whether they are local or not (and who knows, spammers may someday - evolve brains enough to try using SSL ports). - -
-- One solution to this is to force all SSL connections to authenticate - before relaying. This is how one user has done this: - -
-- First make sure you are set up to do SMTP AUTH properly (see the sample - configuration C034). Then add MUSTAUTH to the auth_hosts line in your - configure file. If you don't already have a list of IPs there, it will - look like this: - -
-- auth_hosts = MUSTAUTH-
- If you have some IPs you want to authenticate, add them like this: - -
-- auth_hosts = MUSTAUTH:10.1.1.1:10.1.1.2-
- Then invoke stunnel like this: - -
-- /usr/local/sbin/stunnel -d 465 -l /usr/exim/bin/exim \ - -p /usr/local/ssl/certs/exim.pem -- exim -bs -DMUSTAUTH=127.0.0.1-
- Whenever an SSL connection is established, Exim is invoked with the - macro MUSTAUTH defined as 127.0.0.1, which forces that one particular - instance to authenticate, without disrupting normal 127.0.0.1 operations - via non-SSL sessions. - -
-Q5043: Is there an easy way of removing all queued messages at once in a safe - way? - - --A5043: Try this command: - -
-- exim -bp | awk '/^ *[0-9]+[mhd]/{print "exim -Mrm " $3}' | sh-Q5044: What is the best way to provide backup MX for clients? - - -
-A5044: If the clients are always online, all you need to do is to have MX - records for their domains pointing to your host, with suitable - preference values, and ensure that their domains are listed in - relay_domains. If the clients are not always online, see - Q1403. - -
-Q5045: Why does Exim do "ident" callbacks by default? Isn't this just a waste - of resources? I've been told this is an ancient way of authentication. - Is it obsolete? - - --A5045: This is a common mistake, at least partially resulting from the - incorrect naming of the protocol when it was first published. - The service on port 113 is an identification service, which allows a - target host to record information identifying the user responsible for - making a connection to it. The information may not be intelligible to - the recording host - it could, for example, be encrypted so that only - someone on the calling host can make sense of it. It is useful for - providing additional information in an audit trail. - -
-- The data should not be used for authentication in any form except - on a closed secure network between cooperating hosts (probably not - even then). The information from the source host is only as reliable - as the host itself - if it's not under your control then you have to - treat the information as opaque data that can be used by the sysadmin - of the source system to trace back connection data - and some ident - implementations send out opaque cookies or DES encrypted information. - Ident is hugely useful at times - especially for checking back on - connections from multiuser machines (as opposed to one-person desktop - boxes). - -
-- You can stop Exim making ident calls by adding - -
-- rfc1413_query_timeout = 0s-
- to its configuration, but it is better to leave it active (reducing the - timeout if it is causing problems) - it costs very little, and in cases - of mail forgery from a multiuser system can track the sinner concerned - very quickly. - -
-Q5046: I often have the problem that a message gets stuck in the mailq and I - want it to be bounced to a certain address. - - --A5046: You can do this using a combination of four command line options, like - this: - -
-- exim -Mf 14Fdlq-0003kM-00 - exim -Mmad 14Fdlq-0003kM-00 - exim -Mar 14Fdlq-0003kM-00 new@ddress - exim -M 14Fdlq-0003kM-00-
- The first command freezes the message so that a queue runner won't start - to deliver it while you are changing things. The second command marks - all existing recipients as delivered. The third command adds a new - recipient, and the fourth command forces a delivery of the message, - which will cause it to be delivered to the new address, and then - deleted. - -
-Q5047: What precautions should I take when editing exim.conf? - - --A5047: Edit exim.conf to exim.conf.new. Then run - -
-- exim -bV -C exim.conf.new-
- That will check for syntax errors without disturbing your running - configuration. If you are paranoid enough, as root run - -
-- exim -C exim.conf.new <some address> - <some message> - .-
- and see if it delivers it. Carry on testing until happy. When happy, - -
-- mv exim.conf.new exim.conf - kill -HUP `cat /var/spool/exim/exim-daemon.pid`-
- Then check the Exim log to be sure the daemon restarted OK. Watch the - log for a bit to see that mail is flowing. - -
-Q5048: Is exim able to use RFC 2645, On-demand Mail Relay (ODMR)? - - --A5048: No. - -
-Q5049: I want to send every bounced mail that is received by my server, as - "headers-only" to the sysadmin. How can I do this? - - --A5049: 1. Set up a transport with headers_only to do the delivery. - -
-- 2. Set up a smartuser director that directs messages to a special local - alias (e.g. "sysadmin-header") to that transport. - -
-- 3. Set up a system filter file, containing something like - -
-- if first_delivery and error_message then - unseen deliver sysadmin-header@your.domain - endif-Q5050: What POP3 daemon should I use with Exim? I want something with - configurable authentication mechanisms. - - -
-A5050: Qmail-pop has a checkpasswd part that can be hacked to add whatever - authentication you want. There is also Solid POP which has a lot of - Exim support in it (e.g. nhash). There is also Cyrus, which is - self-contained, so you don't have to worry about ownership of mailboxes - and also it can be poked into authenticating from just about anything. - However, in general, YMMV, and really what suits one user may not suit - another. There is a mailing list at pop-imap@exim.org for the discussion - of POP/IMAP issues. More information can be found in its archives. - -
-Q5051: Is there any way I can send bounces to the postmaster, and nobody else? - Basically, I want to recieve them, and I don't want the reply/from - person to get them. If I think they need it I will forward it myself. - - --A5051: Put errors_to=postmaster on every router and director. - -
-- (Bundled) cc: "buildconfig.c", line 54: error 1705: Function prototypes - are an ANSI feature.-
-A9301: The bundled compiler is not an ANSI C compiler. You either have to get a - copy of gcc from the HPUX Software Porting Archives or buy the ANSI cc - from HP. The advice given by one user of HP systems on the Exim - mailing list was as follows: - -
-- "Personally, I wouldn't use anything but the ANSI C compiler. gcc - works for compilation, but it doesn't know squat about PA-RISC chips - past the 1.0 rev. Since then, HP has come out with PA-RISC 1.1, 2.0, - and 2.1, each with better features. gcc will compile for them, but it - doesn't produce anywhere near the optimization that HP's compiler - does. - -
-- I took the gcc road when we moved from FreeBSD to HP-UX because I was - familiar with it. After 6 months, I had to go and re-port everything - over when we realized that gcc wasn't going to do it for us long-term. - If I could give advice to any new HP-UX admin: don't use gcc if you - can afford the ANSI C compiler. Based on the cost of even the lowest - HP workstation, that usually isn't a problem." - -
-- ./exim: can't load library 'libperl.so'-
-A9401: You probably compiled perl5 yourself, without looking into - -
-- /usr/src/contrib/perl5/perl5.004_02/hints/bsdos.sh-
- first. The problem is that the command - -
-- perl5 -MExtUtils::Embed -e ldopts-
- doesn't give you sufficient flags to link something with libperl. - Since 5.004_02 the hints/bsdos.sh file has changed to adapt to the - changes between BSDI 3.1 and 4.0, but it is still not entirely right. - -
-- The solution is, when you compile perl, change the "ccdlflags" - variable in config.sh to: - -
-- -rdynamic -Wl,-rpath,/usr/local/lib/perl5/5.00502/i386-bsdos/CORE-
- (or something similar). Alternatively, you can run ./Configure and - answering the question "Any special flags to pass to cc to use dynamic - loading?" with the above line. It is not known what -rdynamic means - (it's not apparently documented in any man page), but that's what BSDI - guys did to compile perl5 which comes with BSDI 4.0 distribution. - -
--A9501: This problem was fixed in Exim release 2.03. If you are running an - earlier version you should use the local_interfaces option to specify - all your IP addresses explicitly. - -
-Q9502: The IP addresses for incoming calls are all being given as - 255.255.255.255 or 0.0.0.0. - - --A9502: From release 3.21, Exim contains a workaround that should fix this - problem. If you are using an earlier release, read on... - -
-- If you used the gcc compiler 2.8.x or a version in the 2.95 series, - there is a known bug with the "gethost" function under Irix. SGI - recommends using either their cc compiler in Irix 6.5, or a lesser - version of the gnu compiler. Version 2.7.2.3 is known to work. - Alternatively, there is an Inst-able port of Exim for Irix at - http://freeware.sgi.com, but it is not likely to be the latest release. - There is further information about this problem, which is described as a - "classic gcc structure-in-a-register bug" at this URL: - -
-- http://www.ccp14.ac.uk/ccp14admin/apache13/apache255error.html - -
-- This is a summary that I was sent: - -
-- "Gcc does not correctly pass/return structures which are smaller than - 16 bytes and which are not 8 bytes. The problem is very involved and - difficult to fix. It affects a number of other targets also, but irix6 - is affected the most, because it is a 64 bit target, and 4 byte - structures are common. The exact problem is that structures are being - padded at the wrong end, e.g. a 4 byte structure is loaded into the - lower 4 bytes of the register when it should be loaded into the upper - 4 bytes of the register." - -
--A9601: This has been seen in cases where Exim has been incorrectly built with - a muddled combination of an ndbm.h include file and a non-matching - DBM library. - -
-- Faults like this have also been seen on systems with faulty motherboards. - You could try to compile the Linux kernel 10 times - if the compile - process stops with signal 11, your hardware is to blame. - -
-Q9602: Exim has created a directory called build-Linux-libc5-i386 but is - trying to reference build-Linux-libc5-i386-linux while building. - - --A9602: You have several shells installed, which are setting conflicting values - in the HOSTTYPE environment variable that is used to construct the name - of the build directory. One way round this is to run this command: - -
-- ln -s build-Linux-libc5-i386-linux build-Linux-libc5-i386-
- This problem should no longer be encountered in release 3.10 or later. - Exim has been changed to get the host type from the "uname" command - preferentially. - -
-Q9603: I want to use logrotate which is standard with RH5.2 Linux to rotate - my mail logs. Anyone worked out the logrotate config file that will - do this? - - --A9603: Here's one suggestion: - -
-- /var/log/exim/main.log { - create 644 exim exim - rotate 4 - compress - delaycompress - }-
- The sleep is added to allow things to close the log file prior to - compression. You also need similar entries for the panic log and the - reject log, of course. - -
-Q9604: I'm seeing the message "inetd[334]: imap/tcp server failing (looping), - service terminated" on a RedHat 5.2 system, causing imap connections to - be refused. The imapd in use is Washington Uni vers 12.250. Could this - be anything to do with Exim? - - --A9604: No, it's nothing to do with Exim, but here's the answer anyway: there - is a maximum connection rate for inetd. If connections come in faster - than that, it thinks a caller is looping. The default setting on RedHat - 5.2 is 40 calls in any one minute before inetd thinks there's a problem - and suspends further calls for 10 mins. This default setting is very - conservative. You should probably increase it by a factor of 10 or 20. - For example: - -
-- imap stream tcp nowait.400 root /usr/sbin/tcpd /usr/local/etc/imapd-
- The rate setting is the number following "nowait". This syntax seems to - be specific to the Linux version of inetd. Other operating systems - provide similar functionality, but in different ways. - -
-Q9605: I get the "too many open files" error especially when a lot of messages - land for majordomo at the same time. - - --A9605: The problem appears to be the number of open files the system can - handle. This is changable by using the proc filesystem. To your - /etc/rc.d/rc.local file append something like the following: - -
-- # Now System is up, Modify kernel parameters for max open etc.-
- if [ -f /proc/sys/kernel/file-max ]; then - echo 16384 >> /proc/sys/kernel/file-max - fi - if [ -f /proc/sys/kernel/inode-max ]; then - echo 24576 >> /proc/sys/kernel/inode-max - fi - if [ -f /proc/sys/kernel/file-nr ]; then - echo 2160 >> /proc/sys/kernel/file-nr - fi-
- By echoing the value you want for file-max to the file file-max etc., - you actually change the kernel parameters. - -
-Q9606: I'm having a problem with an Exim RPM. - - --A9606: Normally the thing to do if you have a problem with an RPM package is - to contact the person who built the package first, not the person who - made the software that's in the package. You can usually find out who - made a package using the following command: - -
-- rpm --query --package --queryformat '%{PACKAGER}\n' <rpm-package-file>-
- where <rpm-package-file> is the actual file, e.g. `exim-3.03-2.i386.rpm'. - Or, if the package is installed on your system: - -
-- rpm --query --queryformat '%{PACKAGER}\n' <package-name>-
- where <package-name> is the name component of the package, e.g. `exim'. - If the packager is unable or unwilling to help, only then should you - contact the actual author or associated mailing list of the software. - -
-- If you discover through the querying process that you can't tell who - the person (or company or group) is who built the package, or that they - no longer exist at the given address, then you should reconsider - whether you want a package from an unknown source on your system. - -
-- If you discover through the querying process that you yourself are the - person who built the package, then you should either (a) contact the - author or associated mailing list, or (b) reconsider whether you ought - to be building and distributing RPM packages of software you don't - understand. - -
-- Similar rules of thumb govern other binary package formats, including - debs, tarballs, and POSIX packages. - -
-Q9607: I installed debian 2.2 linux on a small 325mb 486 laptop. When I try - to test the Mail program, I get the following error: "Failed to open - configuration file /etc/exim.conf". - - --A9607: The Debian installation should have given you /usr/sbin/eximconfig, - which asks you some questions and then sets up the configuration file - in /etc/exim.conf. Try running that (you'll probably need root) and see - how it goes. In any case you get a thoroughly commented conf file at - the end, which will give you a sample from which to work if you need - further modification. - -
-- The exim docs in the Debian package are in /usr/doc/exim and the full - reference manual is spec.txt.gz - -
-Q9608: I'm getting the error "db.h: No such file or directory" when I try to - build Exim under RedHat 7.0. - - --A9608: See - Q0113. - -
--A9701: Make sure you are liking with the GNU ld linker and not the system - version of ld. - -
-Q9702: How can I get rid of spurious ^M characters in messages sent from - CDE dtmail? - - --A9702: CDE dtmail passes messages to Exim via the command line interface with - lines terminated by CRLF, instead of the Unix convention of just LF. As - Exim is an 8-bit clean program it treats the CR as just another data - character. Exim has a command line option called -dropcr which causes - it to ignore all CR characters in an incoming non-SMTP message. You - should configure dtmail to add this option to the command it uses to - call Exim (using the path /usr/lib/sendmail). However, it has been - reported that it isn't possible to change this call from dtmail by any - official means. An alternative approach is to replace /usr/lib/sendmail - by a filtering script which removes the spurious CRs from the input - before passing it to Exim. - -
-Q9703: On SunOS 4 Exim crashes when looking up domains in the DNS that have - more than 10 A records. - - --A9703: There are Sun library patches to fix this. It is not Exim's problem. - For 4.13_U1 the patch is 101558-xx; for 4.1.3 the patch is 100891-xx. - From the README: 1054748 ftp, ping dump core when connecting to a host - with multiple DNS A records. - -
-- An alternative is to build another resolver library - such as the ones - that are part of the bind distribution - and explicitly link against - those. - -
-Q9704: The menu in Eximon isn't working on my Sun system. - - --A9704: With OpenWindows, if the numlock key is pressed (so that the numeric - pad is working) then some menus don't work. This appears to be true for - the console and (some) remote X-window servers. A workaround for this - problem was introduced in the 3.10 Exim release, so it should no longer - be encountered. - -
-Q9705: I am experiencing mailbox locking problems with Sun's mailtool used - over a network. - - --A9705: Under the "Expert" settings of mailtool is a option to turn on "Use - network aware mail file locking". By default dtmail has this set, but - mailtool doesn't. You should set it. The help info on dtmail has this - to say about it: - -
-- "Mailer tries to prevent two different instances of itself from opening - the same mail file at the same time through a technique that detects - this access when both instances of Mailer and the file are all on the - same machine. A network-aware mail file locking protocol is available - that uses ToolTalk to coordinate instances of Mailer running from more - than one machine, or mail files accessed over the network. Mailer can - only change this option when first opening a mail file." - -
-- If you are using the SunOS4 version of mailtool, this apparently - doesn't work. The only thing which does seem to work it getting the user - to hit the "done" button to make it release the lock. - -
-Q9706: Exim has been crashing on my Solaris x86 system, apparently while - running DBM functions. - - --A9706: The use of ndbm with gcc has caused problems on x86 Solaris systems. - Try changing one or the other; using either db 1.85 with gcc, or Sun's - WS compiler with ndbm, has fixed this in the past. - -
-Q9707: The exiwhat utility isn't working for me on a Solaris 2 system. - - --A9707: Have you got /usr/ucb on your path? If so, it is probably picking up the - wrong version of the ps command. The exiwhat script is built on - Solaris to expect the normal Solaris version of ps. - -
-Q9708: How do I stop Sun's dtcm from hanging? - - --A9708: From qmail's FAQ: "There is a novice programming error in dtcm, known as - ``failure to close the output side of the pipe in the child.'' Sun has, - at the time of this writing, not yet provided a patch." - -
-Q9709: I want Exim to use only the resolver (i.e. ignore /etc/hosts), but don't - want to alter the nsswitch.conf file in Solaris 2. - - --A9709: You need to rebuild Exim after fiddling with OS/os.h-SunOS5: - -
-- #define gethostbyaddr res_gethostbyaddr - #define gethostbyname res_gethostbyname - #define endhostent res_endhostent - #define endnetent res_endnetent - #define gethostent res_gethostent - #define getnetbyaddr res_getnetbyaddr - #define getnetbyname res_getnetbyname - #define getnetent res_getnetent - #define sethostent res_sethostent - #define setnetent res_setnetent-
- Exim uses gethostbyname and gethostbyaddr only, but may use others in - the future. Note that -lnsl is still needed in the Makefile as it - contains code used by the NIS lookup and also the inet_addr function - that Exim uses. - -
--A9801: (1) add partial-lsearch;/etc/mail/tpc.domains to local_domains; - /etc/mail/tpc.domains is a text file with lines in this format: - -
-- 9.3.5.1.0.8.1.tpc.int.-
- This sample line indicates that we accept faxes destined for - 1(801)539-*. - -
-- (2) Set up the following transport: - -
-- tpc: - driver = pipe - command = /usr/local/tpc/tpcmailer.pl ${local_part}@${domain} \ - ${sender_address} - pipe_as_creator-
- /usr/local/tpc/tpcmailer.pl is the mail processing script that can - be obtained from the TPC distribution. - -
-- (3) Set up the following director: - -
-- tpc_director: - driver = smartuser - transport = tpc - domains = partial-lsearch;/etc/mail/tpc.domains-
- Of course, there are other things to do as well before your system is - a functioning TPC server. - -
-Q9802: How do I configure Exim so that it sends mail to the outside world only - from a restricted list of our local users? - - --A9802: There are several possible ways that this can be done. - -
-- (A) You can restrict the senders directly by putting a setting such as - this one on all the drivers that route to the outside (usually this - is just the final lookuphost router): - -
-- senders = :^[^@]+@(?!${rxquote:your.domain}\$):\ - lsearch;/permitted/senders-
- The first item in this list is empty, to match the empty sender. - This is necessary because bounce messages have null senders. The - second item is a regular expression that matches any address whose - domain is not your domain. This caters for cases when mail from - an external user has arrived for a local user who has forwarding - set up to some outside address. - -
-- If the first two items do not match (that is, the address is in your - domain) the sender is looked up in a file of permitted senders; each - item in the file must be a complete address, including the domain. - If the sender is unacceptable, an "unrouteable mail domain" error - will occur because the router won't run, and there are no more to - try. - -
-- (B) If your local users are in many domains, it may be easier to use a - condition option to test the domain and local part independently, - along these lines: - -
-- condition = \ - ${lookup{${domain:$sender_address}}lsearch{/domain/list}\ - {\ - ${lookup{${local_part:$sender_address}}lsearch\ - {/permitted/senders}{yes}{no}}\ - }\ - {yes}}-
- Obviously other means of testing the domain and local part could be - substituted, for example, by having separate files of valid local - parts for each local domain. - -
-- (C) If your local users are logged in to your host, you could use a - special group for those that are permitted to mail to the world. - Assuming your groups are defined in /etc/group you could arrange to - look up the group in that file and then check that the sender was in - the group,using something along these lines: - -
-- condition = \ - ${lookup{groupname}lsearch{/etc/group}\ - {${if match {$value}\ - {[:,]${rxquote:${local_part:$sender_address}}(,|\$)}\ - {yes}{no}}}{no}}-
- This is checking the local part of the sender; a alternative might - be to check $sender_ident. However, you should really also check - that $sender_host_address is either unset or set to 127.0.0.1 or - your IP address, so you check only locally-originated mail. - -
-- A block like this does not prevent a logged in user from sending - mail by telnetting to another host's SMTP port, or indeed from - installing a private version of Exim to do the job for her. - -
-- (D) On a gateway server that has no local users and so receives all the - mail via SMTP from client hosts, you could use a rewriting rule to - rewrite sender addresses in your local domain from a table of legal - local parts, replacing any illegal addresses with an address such as - unknown@your.domain. If this is combined with sender_verify=true - it causes messages from users that are not in the table to be - refused, assuming that the gateway is capable of verifying the local - part of user@your.domain. - -
-Q9803: How do I configure Exim to run with SmartList? - - --A9803: This is what was done for Exim's own mailing list, using SmartList/ - procmail 3.11pre7. It runs as its own user - trying to manage mailing - lists under your own ID can be hard work. Smartlist is installed into - /var/spool/slist, and there is an slist user defined. Each list appears - as a directory under /var/spool/slist (as per usual for Smarlist). - Exim is configured like this: - -
-- # slist added to list of trusted users so it can - # manipulate sender addresses-
- trusted_users = exim:slist-
- # in transports, a list transport is defined:-
- list_transport: - driver = pipe - command = /var/spool/slist/.bin/flist \ - ${local_part}${local_part_suffix} - current_directory = /var/spool/slist - home_directory = /var/spool/slist - user = slist - group = slist-
- # in directors a list director is defined:-
- list_director: - driver = smartuser - suffix = -request - suffix_optional - local_parts = !.bin:!.etc - require_files = /var/spool/slist/${local_part}/rc.init - transport = list_transport-
- and thats it - no aliases, no special handling of out lists etc. - What you do need is to ensure that choplist is used for distribution - (that is, do not uncomment the alt_sendmail entry which is blank). - -
-- A couple of other things are forced - for example since the list runs in - its own domain the domain value is forced to exim.org. - -
-- Then everything else is basic SmartList configuration - and that's - moderately well documented. A confirmation stage on signup was added - - now when you subscribe you are sent a confirmation which you must - return before the system subscribes you (this prevents people - subscribing their "friends" and makes sure that the addresses really do - work). The confirm package is available at: - -
-- ftp://ftp.fatfree.com/confirm-1.1.tar.gz-
- and was written by Michelle Dick. - -
-Q9804: How do I configure Exim to minic PP's "tripnote" facility? - - --A9804: See C005. - -
-Q9805: How do I configure Exim to handle local parts with extensions? - - --A9805: See C010. - -
-Q9806: How do I configure Exim so that only a restricted list of users can - receive mail from external domains? - - --A9806: See C013. - -
-Q9807: I have someuser@mydomain.com that I only want certain users to be able - to mail to. How do I accomplish this? - - --A9807: This is a transport: - -
-- bounce: - driver = autoreply - from = postmaster@mydomain.com - to = $sender_address - user = exim - subject = "Re: Your mail to ${local_part}" - text = "You are not allowed to mail to ${local_part}."-
- This is a director that should come before all the others: - -
-- special_user: - driver = smartuser - local_parts = someuser - transport = bounce - senders = !: !lsearch;/list/of/permitted/senders-
- Note that leading "!:" in senders. It allows the null sender <> to be - valid (i.e. not to match this director). This is necessary, since bounce - messages have null senders. All other permitted senders must be in the - file as complete addresses, including a domain. - -
-Q9808: A site for which I provide secondary MX is down for some time. Is there - a way to run the queue for that destination separately from the main - queue? - - --A9808: No, because Exim does not have the concept of "the queue for that - destination". It simply has a single pool of messages awaiting delivery - (and some of them may have several destinations). The best approach to - this is to arrange for all messages for the site to be saved somewhere - other than the main spool, either on a separate dedicated MTA, or in - BSMTP files. There is an example of the latter approach in C014. - -
-Q9809: How do I implement VERP (Variable Envelope Return Paths) in Exim? - - --A9809: See C017. - -
-Q9810: I'd like to make a copy of all outgoing messages to a local mailbox. Is - there a solution for this using an Exim filter? - - --A9810: The following filter makes a copy of every message, except for delivery - failure reports: - -
-- # Exim filter-
- # Ignore error messages - if error_message then finish endif-
- # Copy if this is the first delivery attempt - if first_delivery then - unseen deliver copy@your.domain errors_to postmaster@your.domain - endif-
- The keyword "unseen" stops this being a "significant delivery", so that - the message goes on to be delivered as normal. The errors_to setting - changes the envelope sender on the copy so that if there is a problem - delivering it, the bounce message is sent to postmaster. - -
-- You can add to the condition setting to select specific messages. - To make a copy of outgoing messages only requires a definition - of "outgoing". Because a message may have many recipients, simply - testing for your own domain in both the From: and the To: headers is not - enough. You can craft your own conditions, but here is one suggestion: - -
-- if $h_from: contains your.domain and - foranyaddress $h_to:,$h_cc: - ($thisaddress does not contain your.domain) - then - unseen deliver copy@your.domain errors_to postmaster@your.domain - endif-
- This takes copies of messages whose From: header contains your.domain - and whose To: and Cc: headers contain at least one address that does not - contain your.domain. See also - Q9817. - -
-Q9811: I want to make a copy of outgoing messages to a specific file for each - user in a specific directory, using a "save" command in a system filter. - How can I arrange for Exim to write to these files under the correct - UID/GID? - - --A9811: You need to set up a special transport and tell Exim to use it for - file deliveries from the system filter. Add the following setting to - your configuration: - -
-- message_filter_file_transport = copy_transport-
- Then define copy_transport like this - -
-- copy_transport: - driver = appendfile - delivery_date_add - envelope_to_add - user = ${local_part:$sender_address}-
- This assumes that you want to run the delivery under the uid associated - with the local part of the sender address. Alternatively, you could just - use user=exim and do all the writing under the same UID/GID. - -
-Q9812: How can I keep an archive of all mail for some specific local email - addresses? - - --A9812: You could use a system filter, along the lines of - -
-- if - first_delivery and <tests for appropriate addresses> - then - unseen save - /mail/archive/${substr_0_10:$tod_log} - endif-
- That would create a new file for each day. However, in order to use - this, you will need to set message_filter_file_transport to point to an - appropriate transport which includes a setting of "user" to specify - which uid to run the saving under, as is described in - Q9811. - -
-Q9813: How can I configure Exim to provide a vacation message when there are - no local users on my mail hub? - - --A9813: See C019. - -
-Q9814: We want to be able to temporarily lock out a user by disabling the - password and moving the home directory to another place. How can we - arrange to reject mail for users in this state? - - --A9814: Change the home directory pointer in the passwd file to something - distinctive. For example, we use /home/CANCELLED for cancelled users. - Then you can pick up such users with this director, which is placed - immediately after system_aliases: - -
-- cancelled_users: - driver = localuser - transport = cancelleduser_pipe - fail_verify - match_directory = /home/CANCELLED-
- This sends messages for cancelled users to the following special - transport: - -
-- cancelleduser_pipe: - driver = pipe - command = "/opt/exim/util/cancelleduser.sh" - ignore_status - return_output - user = nobody-
- The script simply generates a message saying that the user is cancelled - on its standard output. This gets returned to the original message - sender in an error report. - -
-- If you don't want to change the home directory in the passwd file, - an alternative is to check for the non-existence of the home directory - with - -
-- require_files = +!$home-
- instead of setting match_directory. - -
-Q9815: I need an alias, say "fakeaddress" that should receive a message, - strip all reply-to: headers present, substitute another one pointing to - "otheraddress" and forward a message to "realaddress". - - --A9815: Add this director: - -
-- fakeaddress_director: - driver = smartuser - domain = (if necessary to restrict the domain) - local_parts = fakeaddress - headers_remove = reply-to - headers_add = reply-to: otheraddress - new_address = realaddress-
- If there are several of these aliases then you could list them in a file - along with the corresponding other addresses, and use lookups instead of - the fixed values shown above. - -
-Q9816: How can I set up Exim to work with Listar? - - --A9816: See http://www.cs.huji.ac.il/~vadik/listar-exim/. - -
-Q9817: I need to take copies of all incoming and outgoing mail for certain - users. For each user there may be a different monitoring address. - - --A9817: You can adapt the filter solution given in - Q9810 by adding a test for - the relevant local parts. Create a file containing lines like this: - -
-- user1@domain1: monitor1@monitor.domain1 - user2@domain2: monitor2@monitor.domain2-
- and then use the following command in a system filter: - -
-- if ${lookup{$sender_address}lsearch{/some/file}{$value}{}} is not "" - then - unseen deliver ${lookup{$sender_address}lsearch{/some/file}{$value}} - errors_address = postmaster@your.domain - else - if foranyaddress $recipients - (${lookup{$thisaddress}lsearch{/some/file}{$value}{}} is not "") - then - unseen deliver ${lookup{$thisaddress}lsearch{/some/file}{$value}} - errors_address = postmaster@your.domain - endif - endif-
- It is messy to have to repeat the lookups, but it won't be inefficient, - because Exim caches the results of successful lookups. - -
-Q9818: How can I add a disclaimer to the end of every message? - - --A9818: See - Q1501. - -
-Q9819: I would like to append a simple advertisement text to all outgoing - and local mails. - - --A9819: See - Q1501. - -
-Q9820: How can I configure Exim so that all mails adressed to - something@username.domain.net get delivered to /var/spool/mail/username? - - --A9820: There are several possibilities, depending on exactly how you are set - up. Here is one approach: First, arrange that all the domains you are - interested in are local domains, for example, by listing them in a file: - -
-- local_domains = /list/of/domains-
- If there are lots of them, a DBM or cdb file should be used for a faster - lookup. Assuming that "username" is set up as a user on your system, and - you have a configuration that can handle username@domain.net in the - normal way, all you have to do is to arrange to convert the recipient - address by means of a smartuser director like this: - -
-- user_in_domain: - driver = smartuser - domains = /list/of/domains - new_address = ${if match{$domain}{^([^.]+)\\.domain\\.net\$}{$1}fail}@domain.net-
- This should be the first director. - -
-Q9821: How do I get exim not to add a Sender: header to locally originated - mail? - - --A9821: It only adds it if the From: header doesn't correspond to the user - sending the message. From release 3.14 onwards, you can suppress this - by setting no_local_from_check. Alternatively, - -
-- (1) You can get it removed later, by putting - -
-- headers_remove = Sender-
- on all your transports. This doesn't test for locally originated mail, - but you could use a more complicated expansion string to make that test. - For example - -
-- headers_remove = ${if eq{$sender_host_address}{}{Sender}}-
- which removes it only if there is no sending host address. - -
-- (2) If your real question "how do I submit mail from UUCP - without it adding Sender:?" Then see - Q0603. - -
-Q9822: How can I get Exim to work with mailman? - - --A9822: The configuration in http://www.exim.org/howto/mailman.html was used for - the Exim mailing list before it switched to SmartList. - -
-Q9823: Is there any way to have messages sent to a specific local address - delayed by - say - 24 hours? - - --A9823: Using Exim 3.10 or later, the answer is "yes". Set up a smartuser - director like this: - -
-- delay: - driver = smartuser - domains = the.domain - local_parts = thelocalpart - condition = ${if < ${$message_age}{86400}{yes}{no}} - new_address = :defer: message not old enough-
- Of course, this will also have the effect of setting a retry time for - the address. You may want to set a special retry rule for it. - -
-Q9824: I have a mailing list exploder on one host, and three other hosts where - I want to do the actual deliveries from. How can I get Exim to split - a message into groups of recipients between the three hosts? - - --A9824: Splitting into groups of recipients can be done by setting max_rcpt in - the SMTP transport. Persuading Exim to spread the groups between three - hosts is a little harder. Suppose you have 300 addresses, and max_rcpt - is set to 100. One approach is to try hosts_randomize in a domainlist - router, like this: - -
-- split: - driver = domainlist - transport = remote_smtp - hosts_randomize - route_list = * hostA:hostB:hostC byname-
- Unfortunately, this doesn't work quite as you might expect. There are - six different permutations of the host list, and so if the randomizing - works perfectly, Exim will end up with - -
-- 50 addresses routed to hostA:hostB:hostC - 50 addresses routed to hostA:hostC:hostB - 50 addresses routed to hostB:hostC:hostA - 50 addresses routed to hostB:hostA:hostC - 50 addresses routed to hostC:hostA:hostB - 50 addresses routed to hostC:hostB:hostA-
- Although a total of 100 addresses have hostA as their first host, Exim - will still send them in two separate SMTP calls, because it can only - batch up addresses that have identical host lists. If hostA is down, it - will send 50 of these to host B and 50 to host C. It will aways send six - copies of the message. - -
-- With only three hosts, this isn't a major problem, but if the number of - hosts increases, it becomes more serious. If there are four delivery - hosts, there are 24 different permuations, and with five hosts there are - 120, so 120 messages are sent. When the hosts are not all of the same - power, you might want to use a list like - -
-- hostA:hostA:hostA:hostB:hostB:hostC-
- to send more to hostA, and this makes the situation worse. There is, - however, a way to solve this. Instead of putting the host list on the - router, put it on the transport. The router just contains one host: - -
-- split: - driver = domainlist - transport = special_smtp - route_list = * hostA byname-
- and the transport has the full list, set to override the router's host: - -
-- special_smtp: - driver = smtp - hosts = hostA:hostA:hostA:hostB:hostB:hostC - hosts_override - hosts_randomize - max_rcpt = 100-
- Now all 300 addresses are routed to the same host, so they are sent to - the transport 100 at a time. The transport overrides the router's host - with its own list, which it randomizes each time. (This works only for - releases of Exim after 3.16 - up to and including that release, there is - a bug that prevents it re-randomizing for each group.) See also C040. - -
--Each sample configuration is held in a separate file in the config.samples -directory. Those with names of the form Cnnn are Exim configurations; those -with names of the form Fnnn are filter file fragments. - -
--C001: "This config will support delivery across multiple systems using NIS to - look up delivery addresses from the mail.aliases database." - -
--C002: "Although exim not intended for use in UUCP environment (it doesn't - know anything about bang!path addresses), I'm successfully using it for - delivering mail to UUCP clients." - -
--C003: "I've read down through - Q0601 and your request for UUCP examples. Here's - how I'm doing it." (This example uses routers.) - -
--C004: "Here's a BSMTP over UUCP [configuration] - the transport is Taylor/GNU - UUCP - which takes the long option types." (This example uses - directors.) - -
--C005: "I am using a virus scanner program that is invoked by a pipe, scans the - mail and re-invokes Exim to do the delivery. The pipe is invoking a perl - script that tries to unpack and MIME, zip and other archives and then - applies the McAfee scanner on the results." - -
--C006: "This is how I have configured a PP-inspired vacationnote, there is - (was?) such a feature in PP. The user makes a file "tripnote" in his/her - home directory, the message is passed to the sender once with a short - leading text." - -
--C007: "If I host a domain foo.dom on my machine as a virtual domain I expect - it to be completely virtual and separate from other mail domains that - end up on my machine." - -
--C008: "And of course it is possible to do a very interesting solution to - this [virtual domains] using LDAP." - -
--C009: "These are suggested parts of a configuration for looking up users in - /etc/passwd.domain rather than in /etc/passwd ..." - -
--C010: "One of our customers is looking for us to support addresses of the form - username+extension@domain.com, primarily for use with procmail." - -
--C011: "Thanks to Philip and others I now have my ISP style config built and - therefore am posting the final configuration fragments to the list in - case anyone else wants to do a similar thing." - -
--C012: "I've written a small chapter how-to configure Exim for use with UUCP - (mostly condensed from the exim-user mailing list plus some - experimenting) and would be glad if it could be included in the Exim - documentation." - -
--C013: "I've take some tips from the FAQ about permitting only certain users - to send to external mail and came up with my own for the receiving - part." - -
--C014: "If I have a situation where a site I MX for has a known outage I stash - all their mail into a directory in BSMTP format." - -
--C015: "This approach to virtual domains has helped me a great deal, and is so - easy to maintain (add and modify as appropriate)." - -
--C016: "Herewith my configuration." (A complete configuration, including simple - virtual domains, along the lines of C015). - -
--C017: "I have gotten the new VERP feature of Exim 2.054 working in test, along - with some supporting programs to handle bounces that do come back." - -
--C018: "This Majordomo configuration removes a lot of the aliases, and - automates a lot of the other functions based on whether the files or - directories exist." - -
--C019: "The following configuration file entries can be used to provide a - 'vacation'-style function for a mailhub which has no local users." - -
--C020: "I was asked for a copy of the programs we were using to mail - everybody." - -
--C021: "Here is some sample code that might be useful for handling - X-Failed-Recipients headers generated by Exim, with mailing lists." - -
--C022: "This is the Exim configuration file of a machine which delivers mail to - several local domains where the mail is delivered locally, several hairy - domains, handled as described below, and a half-virtual domain, which is - first processed by its special alias file, then processed as other local - domains (including the processing by the global alias file)." - -
--C023: A Perl script and instructions for hooking it into Exim in order to - handle disposition-notification-to and return-receipt-to by using a - shadow transport to send copies of delivered messages to the script. - -
--C024: "In case anybody wants to use a MySql database to store aliases this is - how I managed to get my site working." - -
--C025: "As promised here is the way I got Exim to delver to Cyrus mailboxes if - the user exists in the MySql database." - -
--C026: "The following configuration and program will allow messages going to - AOL only, to be filtered thru a Perl script. This Perl script will - convert any URL's to the HTML syntax. In addition, the transport will - use VERP to send a unique envelope sender with each message." - -
--C027: "This is an FYI to demonstrate how to have exim work with SSL using the - stunnel wrapper and its underlying OpenSSL libraries and toolkit." - -
--C028: "This Python script reads from stdin and writes to stdout. It strips all - the MIME attachments from a mail message that are one of the mime types - listed on the command line. Exim can use it in its configuration file, - for example, as follows:" - -
--C029: "The standard way to connect one's MTA to a list manager seems to be to - add a set of aliases for every list one creates. Once upon a time, I - crufted a set of configs from Smail to work with majordomo, to - automaticaly recognize the standard patterns, for all lists in - existence...I have setup a set of transports and directors for Exim, - which will do the same thing for mailman." - -
--C030: "I am currently configuring an exim for a site that will to mail - hosting for several domains. I want the domain holders to have control - over 'their' alias files, being able to create their own aliases. - However, I don't want them to have postmaster, abuse and other role - accounts under their control." - -
--C031: "These are config file snippets for handling certain remote addresses as - local, and making only real external addresses visible to users." - -
--C032: "This is the Exim Nervous Mailbox Quota Suite. It does not impose - hard quotas on users' mailboxes, but it makes a user nervous by - putting all his mail in a secondary mailbox, inaccessible to the - user, when he is over his quota. When the user clears his - mailbox (i.e., deletes mail to make his mailbox below the quota - again), mail from his secondary mailbox is transferred back to - his primary mailbox, in FIFO order." - -
--C033: "Here's our current automatic vacation recipe". - -
--C034: "This is a HOW-TO for setting up Exim to support SMTP authentication - under different environments, including regular password files, PAM - and NIS." - -
--C035: "These configurations enable exim and hylafax (www.hylafax.org) work - together, I mean sending fax by email (user@123456.fax)." - -
--C036: "My aim was to have an LDAP-driven system for mail delivery." - -
--C037: An elegant way of using ETRN, which does immediate delivery if the host - is online, but saves mail in a BSMTP file after some time on the queue. - ETRN then re-injects the mail. - -
--C038: Amavis virus scanning: "Here ya go. This is the config we use... this - box is our main MX host then relays it to our real server for delivery." - -
--C039: "For reference, this is how I got PAM authentication from a standard - UNIX password database with Eudora 4.3 clients to work on a Debian 2.2 - (Intel) system. This configuration assumes that you are using standard - UNIX crypt passwords; pam-pwdfile is NOT compatible with MD5 encrypted - passwords." - -
--C040: "Exim 3.20 has a feature that allows a large mailing of a single message - to be sent to many different relays. This is useful for mailing lists, - as it allows the message to be relayed to multiple machines, in groups - of 100 addresses, for final delivery." - -
--C041: "Attached you will find a plain text file where I explain how to set up - mailman to use virtual environment (single setup for many domains)." - -
--F001: "I thought that the rest of the list may be interested in reviewing our - filter as a starting point for their own system message filter." - -
--F002: "... program which refused mail from unknown addresses until they mailed - me promising not to spam me ... since I'd already thought through how - to do it in Exim, and knew it'd be slightly easier than falling out of - bed, I went ahead and did it." - -
--F003: "Here's four checks installed in our system wide filter that knock out - a lot of otherwise hard to detect rubbish." - -
--F004: "This is an Exim filter snippet to change locally-generated Message-Id: - and Resent-Message-Id: headers to world-unique values." - -
-