1 . $Cambridge: exim/doc/doc-docbook/filter.xfpt,v 1.3 2006/04/27 15:19:27 ph10 Exp $
3 . /////////////////////////////////////////////////////////////////////////////
4 . This is the primary source of the document that describes Exim's filtering
5 . facilities. It is an xfpt document that is converted into DocBook XML for
6 . subsequent conversion into printing and online formats. The markup used
7 . herein is "standard" xfpt markup, with some extras. The markup is summarized
8 . in a file called Markup.txt.
9 . /////////////////////////////////////////////////////////////////////////////
16 . ===========================================================================
17 . Additional xfpt markup used by this document, over and above the default
18 . provided in the xfpt library.
20 . Override the &$ flag to automatically insert a $ with the variable name
22 .flag &$ $& "<varname>$" "</varname>"
24 . A macro for the common 2-column tables
26 .macro table2 100pt 300pt
27 .itable none 0 0 2 $1 left $2 left
29 . ===========================================================================
32 . This preliminary stuff creates a <bookinfo> entry in the XML. This is removed
33 . when creating the PostScript/PDF output, because we do not want a full-blown
34 . title page created for those versions. The stylesheet fudges up a title line
35 . to replace the text "Table of contents". However, for the other forms of
36 . output, the <bookinfo> element is retained and used.
40 <title>Exim's interfaces to mail filtering</title>
41 <titleabbrev>Exim filtering</titleabbrev>
42 <date>27 April 2006</date>
43 <author><firstname>Philip</firstname><surname>Hazel</surname></author>
44 <authorinitials>PH</authorinitials>
45 <revhistory><revision>
46 <revnumber>4.62</revnumber>
47 <date>27 April 2006</date>
48 <authorinitials>PH</authorinitials>
49 </revision></revhistory>
50 <copyright><year>2006</year><holder>University of Cambridge</holder></copyright>
55 .chapter "Forwarding and filtering in Exim"
56 This document describes the user interfaces to Exim's in-built mail filtering
57 facilities, and is copyright © University of Cambridge 2006. It
58 corresponds to Exim version 4.62.
62 .section "Introduction"
63 Most Unix mail transfer agents (programs that deliver mail) permit individual
64 users to specify automatic forwarding of their mail, usually by placing a list
65 of forwarding addresses in a file called &_.forward_& in their home
66 directories. Exim extends this facility by allowing the forwarding instructions
67 to be a set of rules rather than just a list of addresses, in effect providing
68 &"&_.forward_& with conditions"&. Operating the set of rules is called
69 &'filtering'&, and the file that contains them is called a &'filter file'&.
71 Exim supports two different kinds of filter file. An &'Exim filter'& contains
72 instructions in a format that is unique to Exim. A &'Sieve filter'& contains
73 instructions in the Sieve format that is defined by RFC 3028. As this is a
74 standard format, Sieve filter files may already be familiar to some users.
75 Sieve files should also be portable between different environments. However,
76 the Exim filtering facility contains more features (such as variable
77 expansion), and better integration with the host environment (such as the use
78 of external processes and pipes).
80 The choice of which kind of filter to use can be left to the end-user, provided
81 that the system administrator has configured Exim appropriately for both kinds
82 of filter. However, if interoperability is important, Sieve is the only
85 The ability to use filtering or traditional forwarding has to be enabled by the
86 system administrator, and some of the individual facilities can be separately
87 enabled or disabled. A local document should be provided to describe exactly
88 what has been enabled. In the absence of this, consult your system
91 This document describes how to use a filter file and the format of its
92 contents. It is intended for use by end-users. Both Sieve filters and Exim
93 filters are covered. However, for Sieve filters, only issues that relate to the
94 Exim implementation are discussed, since Sieve itself is described elsewhere.
96 The contents of traditional &_.forward_& files are not described here. They
97 normally contain just a list of addresses, file names, or pipe commands,
98 separated by commas or newlines, but other types of item are also available.
99 The full details can be found in the chapter on the &(redirect)& router in the
100 Exim specification, which also describes how the system administrator can set
101 up and control the use of filtering.
105 .section "Filter operation"
106 It is important to realize that, in Exim, no deliveries are actually made while
107 a filter or traditional &_.forward_& file is being processed. Running a filter
108 or processing a traditional &_.forward_& file sets up future delivery
109 operations, but does not carry them out.
111 The result of filter or &_.forward_& file processing is a list of destinations
112 to which a message should be delivered. The deliveries themselves take place
113 later, along with all other deliveries for the message. This means that it is
114 not possible to test for successful deliveries while filtering. It also means
115 that any duplicate addresses that are generated are dropped, because Exim never
116 delivers the same message to the same address more than once.
121 .section "Testing a new filter file" "SECTtesting"
122 Filter files, especially the more complicated ones, should always be tested, as
123 it is easy to make mistakes. Exim provides a facility for preliminary testing
124 of a filter file before installing it. This tests the syntax of the file and
125 its basic operation, and can also be used with traditional &_.forward_& files.
127 Because a filter can do tests on the content of messages, a test message is
128 required. Suppose you have a new filter file called &_myfilter_& and a test
129 message in a file called &_test-message_&. Assuming that Exim is installed with
130 the conventional path name &_/usr/sbin/sendmail_& (some operating systems use
131 &_/usr/lib/sendmail_&), the following command can be used:
133 /usr/sbin/sendmail -bf myfilter <test-message
135 The &%-bf%& option tells Exim that the following item on the command line is
136 the name of a filter file that is to be tested. There is also a &%-bF%& option,
137 which is similar, but which is used for testing system filter files, as opposed
138 to user filter files, and which is therefore of use only to the system
141 The test message is supplied on the standard input. If there are no
142 message-dependent tests in the filter, an empty file (&_/dev/null_&) can be
143 used. A supplied message must start with header lines or the &"From&~"& message
144 separator line that is found in many multi-message folder files. Note that
145 blank lines at the start terminate the header lines. A warning is given if no
146 header lines are read.
148 The result of running this command, provided no errors are detected in the
149 filter file, is a list of the actions that Exim would try to take if presented
150 with the message for real. For example, for an Exim filter, the output
152 Deliver message to: gulliver@lilliput.fict.example
153 Save message to: /home/lemuel/mail/archive
155 means that one copy of the message would be sent to
156 &'gulliver@lilliput.fict.example'&, and another would be added to the file
157 &_/home/lemuel/mail/archive_&, if all went well.
159 The actions themselves are not attempted while testing a filter file in this
160 way; there is no check, for example, that any forwarding addresses are valid.
161 For an Exim filter, if you want to know why a particular action is being taken,
162 add the &%-v%& option to the command. This causes Exim to output the results of
163 any conditional tests and to indent its output according to the depth of
164 nesting of &(if)& commands. Further additional output from a filter test can be
165 generated by the &(testprint)& command, which is described below.
167 When Exim is outputting a list of the actions it would take, if any text
168 strings are included in the output, non-printing characters therein are
169 converted to escape sequences. In particular, if any text string contains a
170 newline character, this is shown as &"\n"& in the testing output.
172 When testing a filter in this way, Exim makes up an &"envelope"& for the
173 message. The recipient is by default the user running the command, and so is
174 the sender, but the command can be run with the &%-f%& option to supply a
175 different sender. For example,
177 /usr/sbin/sendmail -bf myfilter \
178 -f islington@never.where <test-message
180 Alternatively, if the &%-f%& option is not used, but the first line of the
181 supplied message is a &"From&~"& separator from a message folder file (not the
182 same thing as a &'From:'& header line), the sender is taken from there. If
183 &%-f%& is present, the contents of any &"From&~"& line are ignored.
185 The &"return path"& is the same as the envelope sender, unless the message
186 contains a &'Return-path:'& header, in which case it is taken from there. You
187 need not worry about any of this unless you want to test out features of a
188 filter file that rely on the sender address or the return path.
190 It is possible to change the envelope recipient by specifying further options.
191 The &%-bfd%& option changes the domain of the recipient address, while the
192 &%-bfl%& option changes the &"local part"&, that is, the part before the @
193 sign. An adviser could make use of these to test someone else's filter file.
195 The &%-bfp%& and &%-bfs%& options specify the prefix or suffix for the local
196 part. These are relevant only when support for multiple personal mailboxes is
197 implemented; see the description in section &<<SECTmbox>>& below.
200 .section "Installing a filter file"
201 A filter file is normally installed under the name &_.forward_& in your home
202 directory &-- it is distinguished from a conventional &_.forward_& file by its
203 first line (described below). However, the file name is configurable, and some
204 system administrators may choose to use some different name or location for
208 .section "Testing an installed filter file"
209 Testing a filter file before installation cannot find every potential problem;
210 for example, it does not actually run commands to which messages are piped.
211 Some &"live"& tests should therefore also be done once a filter is installed.
213 If at all possible, test your filter file by sending messages from some other
214 account. If you send a message to yourself from the filtered account, and
215 delivery fails, the error message will be sent back to the same account, which
216 may cause another delivery failure. It won't cause an infinite sequence of such
217 messages, because delivery failure messages do not themselves generate further
218 messages. However, it does mean that the failure won't be returned to you, and
219 also that the postmaster will have to investigate the stuck message.
221 If you have to test an Exim filter from the same account, a sensible precaution
222 is to include the line
224 if error_message then finish endif
226 as the first filter command, at least while testing. This causes filtering to
227 be abandoned for a delivery failure message, and since no destinations are
228 generated, the message goes on to be delivered to the original address. Unless
229 there is a good reason for not doing so, it is recommended that the above test
230 be left in all Exim filter files. (This does not apply to Sieve files.)
234 .section "Details of filtering commands"
235 The filtering commands for Sieve and Exim filters are completely different in
236 syntax and semantics. The Sieve mechanism is defined in RFC 3028; in the next
237 chapter we describe how it is integrated into Exim. The subsequent chapter
238 covers Exim filtering commands in detail.
242 .chapter "Sieve filter files" "CHAPsievefilter"
243 The code for Sieve filtering in Exim was contributed by Michael Haardt, and
244 most of the content of this chapter is taken from the notes he provided. Since
245 Sieve is an extensible language, it is important to understand &"Sieve"& in
246 this context as &"the specific implementation of Sieve for Exim"&.
248 This chapter does not contain a description of Sieve, since that can be found
249 in RFC 3028, which should be read in conjunction with these notes.
251 The Exim Sieve implementation offers the core as defined by RFC 3028,
252 comparison tests, the &*copy*&, &*envelope*&, &*fileinto*&, and &*vacation*&
253 extensions, but not the &*reject*& extension. Exim does not support message
254 delivery notifications (MDNs), so adding it just to the Sieve filter (as
255 required for &*reject*&) makes little sense.
257 In order for Sieve to work properly in Exim, the system administrator needs to
258 make some adjustments to the Exim configuration. These are described in the
259 chapter on the &(redirect)& router in the full Exim specification.
262 .section "Recognition of Sieve filters"
263 A filter file is interpreted as a Sieve filter if its first line is
267 This is what distinguishes it from a conventional &_.forward_& file or an Exim
272 .section "Saving to specified folders"
273 If the system administrator has set things up as suggested in the Exim
274 specification, and you use &(keep)& or &(fileinto)& to save a mail into a
275 folder, absolute files are stored where specified, relative files are stored
276 relative to &$home$&, and &_inbox_& goes to the standard mailbox location.
280 .section "Strings containing header names"
281 RFC 3028 does not specify what happens if a string denoting a header field does
282 not contain a valid header name, for example, it contains a colon. This
283 implementation generates an error instead of ignoring the header field in order
284 to ease script debugging, which fits in with the common picture of Sieve.
288 .section "Exists test with empty list of headers"
289 The &*exists*& test succeeds only if all the specified headers exist. RFC 3028
290 does not explicitly specify what happens on an empty list of headers. This
291 implementation evaluates that condition as true, interpreting the RFC in a
296 .section "Header test with invalid MIME encoding in header"
297 Some MUAs process invalid base64 encoded data, generating junk. Others ignore
298 junk after seeing an equal sign in base64 encoded data. RFC 2047 does not
299 specify how to react in this case, other than stating that a client must not
300 forbid to process a message for that reason. RFC 2045 specifies that invalid
301 data should be ignored (apparently looking at end of line characters). It also
302 specifies that invalid data may lead to rejecting messages containing them (and
303 there it appears to talk about true encoding violations), which is a clear
304 contradiction to ignoring them.
306 RFC 3028 does not specify how to process incorrect MIME words. This
307 implementation treats them literally, as it does if the word is correct but its
308 character set cannot be converted to UTF-8.
312 .section "Address test for multiple addresses per header"
313 A header may contain multiple addresses. RFC 3028 does not explicitly specify
314 how to deal with them, but since the address test checks if anything matches
315 anything else, matching one address suffices to satisfy the condition. That
316 makes it impossible to test if a header contains a certain set of addresses and
317 no more, but it is more logical than letting the test fail if the header
318 contains an additional address besides the one the test checks for.
322 .section "Semantics of keep"
323 The &(keep)& command is equivalent to
327 It saves the message and resets the implicit keep flag. It does not set the
328 implicit keep flag; there is no command to set it once it has been reset.
332 .section "Semantics of fileinto"
333 RFC 3028 does not specify whether &(fileinto)& should try to create a mail
334 folder if it does not exist. This implementation allows the sysadmin to
335 configure that aspect using the &(appendfile)& transport options
336 &%create_directory%&, &%create_file%&, and &%file_must_exist%&. See the
337 &(appendfile)& transport in the Exim specification for details.
341 .section "Semantics of redirect"
342 Sieve scripts are supposed to be interoperable between servers, so this
343 implementation does not allow mail to be redirected to unqualified addresses,
344 because the domain would depend on the system being used. On systems with
345 virtual mail domains, the default domain is probably not what the user expects
350 .section "String arguments"
351 There has been confusion if the string arguments to &(require)& are to be
352 matched case-sensitively or not. This implementation matches them with the
353 match type &(:is)& (default, see section 2.7.1 of the RFC) and the comparator
354 &(i;ascii-casemap)& (default, see section 2.7.3 of the RFC). The RFC defines
355 the command defaults clearly, so any different implementations violate RFC
356 3028. The same is valid for comparator names, also specified as strings.
360 .section "Number units"
361 There is a mistake in RFC 3028: the suffix G denotes gibi-, not tebibyte.
362 The mistake is obvious, because RFC 3028 specifies G to denote 2^30
363 (which is gibi, not tebi), and that is what this implementation uses as
364 the scaling factor for the suffix G.
368 .section "RFC compliance"
369 Exim requires the first line of a Sieve filter to be
373 Of course the RFC does not specify that line. Do not expect examples to work
374 without adding it, though.
376 RFC 3028 requires the use of CRLF to terminate a line. The rationale was that
377 CRLF is universally used in network protocols to mark the end of the line. This
378 implementation does not embed Sieve in a network protocol, but uses Sieve
379 scripts as part of the Exim MTA. Since all parts of Exim use LF as the newline
380 character, this implementation does, too, by default, though the system
381 administrator may choose (at Exim compile time) to use CRLF instead.
383 Exim violates RFC 2822, section 3.6.8, by accepting 8-bit header names, so this
384 implementation repeats this violation to stay consistent with Exim. This is in
385 preparation for UTF-8 data.
387 Sieve scripts cannot contain NUL characters in strings, but mail headers could
388 contain MIME encoded NUL characters, which could never be matched by Sieve
389 scripts using exact comparisons. For that reason, this implementation extends
390 the Sieve quoted string syntax with \0 to describe a NUL character, violating
391 \0 being the same as 0 in RFC 3028. Even without using \0, the following tests
392 are all true in this implementation. Implementations that use C-style strings
393 will only evaluate the first test as true.
395 Subject: =?iso-8859-1?q?abc=00def
397 header :contains "Subject" ["abc"]
398 header :contains "Subject" ["def"]
399 header :matches "Subject" ["abc?def"]
401 Note that by considering Sieve to be an MUA, RFC 2047 can be interpreted in a
402 way that NUL characters truncating strings is allowed for Sieve
403 implementations, although not recommended. It is further allowed to use encoded
404 NUL characters in headers, but that's not recommended either. The above example
407 RFC 3028 states that if an implementation fails to convert a character set to
408 UTF-8, two strings cannot be equal if one contains octets greater than 127.
409 Assuming that all unknown character sets are one-byte character sets with the
410 lower 128 octets being US-ASCII is not sound, so this implementation violates
411 RFC 3028 and treats such MIME words literally. That way at least something
414 The folder specified by &(fileinto)& must not contain the character sequence
415 &".."& to avoid security problems. RFC 3028 does not specify the syntax of
416 folders apart from &(keep)& being equivalent to
420 This implementation uses &_inbox_& instead.
422 Sieve script errors currently cause messages to be silently filed into
423 &_inbox_&. RFC 3028 requires that the user is notified of that condition.
424 This may be implemented in the future by adding a header line to mails that
425 are filed into &_inbox_& due to an error in the filter.
429 .chapter "Exim filter files" "CHAPeximfilter"
430 This chapter contains a full description of the contents of Exim filter files.
433 .section "Format of Exim filter files"
434 Apart from leading white space, the first text in an Exim filter file must be
438 This is what distinguishes it from a conventional &_.forward_& file or a Sieve
439 filter file. If the file does not have this initial line (or the equivalent for
440 a Sieve filter), it is treated as a conventional &_.forward_& file, both when
441 delivering mail and when using the &%-bf%& testing mechanism. The white space
442 in the line is optional, and any capitalization may be used. Further text on
443 the same line is treated as a comment. For example, you could have
445 # Exim filter <<== do not edit or remove this line!
447 The remainder of the file is a sequence of filtering commands, which consist of
448 keywords and data values. For example, in the command
450 deliver gulliver@lilliput.fict.example
452 the keyword is &`deliver`& and the data value is
453 &`gulliver@lilliput.fict.example`&. White space or line breaks separate the
454 components of a command, except in the case of conditions for the &(if)&
455 command, where round brackets (parentheses) also act as separators. Complete
456 commands are separated from each other by white space or line breaks; there are
457 no special terminators. Thus, several commands may appear on one line, or one
458 command may be spread over a number of lines.
460 If the character # follows a separator anywhere in a command, everything from
461 # up to the next newline is ignored. This provides a way of including comments
465 .section "Data values in filter commands"
466 There are two ways in which a data value can be input:
469 If the text contains no white space, it can be typed verbatim. However, if it
470 is part of a condition, it must also be free of round brackets (parentheses),
471 as these are used for grouping in conditions.
473 Otherwise, text must be enclosed in double quotation marks. In this case, the
474 character \ (backslash) is treated as an &"escape character"& within the
475 string, causing the following character or characters to be treated specially:
477 &`\n`& is replaced by a newline
478 &`\r`& is replaced by a carriage return
479 &`\t`& is replaced by a tab
483 Backslash followed by up to three octal digits is replaced by the character
484 specified by those digits, and &`\x`& followed by up to two hexadecimal digits
485 is treated similarly. Backslash followed by any other character is replaced by
486 the second character, so that in particular, &`\"`& becomes &`"`& and &`\\`&
487 becomes &`\`&. A data item enclosed in double quotes can be continued onto the
488 next line by ending the first line with a backslash. Any leading white space at
489 the start of the continuation line is ignored.
491 In addition to the escape character processing that occurs when strings are
492 enclosed in quotes, most data values are also subject to &'string expansion'&
493 (as described in the next section), in which case the characters &`$`& and
494 &`\`& are also significant. This means that if a single backslash is actually
495 required in such a string, and the string is also quoted, &`\\\\`& has to be
498 The maximum permitted length of a data string, before expansion, is 1024
502 .section "String expansion" "SECTfilterstringexpansion"
503 Most data values are expanded before use. Expansion consists of replacing
504 substrings beginning with &`$`& with other text. The full expansion facilities
505 available in Exim are extensive. If you want to know everything that Exim can
506 do with strings, you should consult the chapter on string expansion in the Exim
509 In filter files, by far the most common use of string expansion is the
510 substitution of the contents of a variable. For example, the substring
514 is replaced by the address to which replies to the message should be sent. If
515 such a variable name is followed by a letter or digit or underscore, it must be
516 enclosed in curly brackets (braces), for example,
520 If a &`$`& character is actually required in an expanded string, it must be
521 escaped with a backslash, and because backslash is also an escape character in
522 quoted input strings, it must be doubled in that case. The following two
523 examples illustrate two different ways of testing for a &`$`& character in a
526 if $message_body contains \$ then ...
527 if $message_body contains "\\$" then ...
529 You can prevent part of a string from being expanded by enclosing it between
530 two occurrences of &`\N`&. For example,
532 if $message_body contains \N$$$$\N then ...
534 tests for a run of four dollar characters.
537 .section "Some useful general variables"
538 A complete list of the available variables is given in the Exim documentation.
539 This shortened list contains the ones that are most likely to be useful in
540 personal filter files:
542 &$body_linecount$&: The number of lines in the body of the message.
544 &$body_zerocount$&: The number of binary zero characters in the body of the
547 &$home$&: In conventional configurations, this variable normally contains the
548 user's home directory. The system administrator can, however, change this.
550 &$local_part$&: The part of the email address that precedes the @ sign &--
551 normally the user's login name. If support for multiple personal mailboxes is
552 enabled (see section &<<SECTmbox>>& below) and a prefix or suffix for the local
553 part was recognized, it is removed from the string in this variable.
555 &$local_part_prefix$&: If support for multiple personal mailboxes is enabled
556 (see section &<<SECTmbox>>& below), and a local part prefix was recognized,
557 this variable contains the prefix. Otherwise it contains an empty string.
559 &$local_part_suffix$&: If support for multiple personal mailboxes is enabled
560 (see section &<<SECTmbox>>& below), and a local part suffix was recognized,
561 this variable contains the suffix. Otherwise it contains an empty string.
563 &$message_body$&: The initial portion of the body of the message. By default,
564 up to 500 characters are read into this variable, but the system administrator
565 can configure this to some other value. Newlines in the body are converted into
568 &$message_body_end$&: The final portion of the body of the message, formatted
569 and limited in the same way as &$message_body$&.
571 &$message_body_size$&: The size of the body of the message, in bytes.
573 &$message_exim_id$&: The message's local identification string, which is unique
574 for each message handled by a single host.
576 &$message_headers$&: The header lines of the message, concatenated into a
577 single string, with newline characters between them.
579 &$message_size$&: The size of the entire message, in bytes.
581 &$original_local_part$&: When an address that arrived with the message is
582 being processed, this contains the same value as the variable &$local_part$&.
583 However, if an address generated by an alias, forward, or filter file is being
584 processed, this variable contains the local part of the original address.
586 &$reply_address$&: The contents of the &'Reply-to:'& header, if the message
587 has one; otherwise the contents of the &'From:'& header. It is the address to
588 which normal replies to the message should be sent.
590 &$return_path$&: The return path &-- that is, the sender field that will be
591 transmitted as part of the message's envelope if the message is sent to another
592 host. This is the address to which delivery errors are sent. In many cases,
593 this variable has the same value as &$sender_address$&, but if, for example,
594 an incoming message to a mailing list has been expanded, &$return_path$& may
595 have been changed to contain the address of the list maintainer.
597 &$sender_address$&: The sender address that was received in the envelope of
598 the message. This is not necessarily the same as the contents of the &'From:'&
599 or &'Sender:'& header lines. For delivery error messages (&"bounce messages"&)
600 there is no sender address, and this variable is empty.
602 &$tod_full$&: A full version of the time and date, for example: Wed, 18 Oct
603 1995 09:51:40 +0100. The timezone is always given as a numerical offset from
606 &$tod_log$&: The time and date in the format used for writing Exim's log files,
607 without the timezone, for example: 1995-10-12 15:32:29.
609 &$tod_zone$&: The local timezone offset, for example: +0100.
613 .section "Header variables" "SECTheadervariables"
614 There is a special set of expansion variables containing the header lines of
615 the message being processed. These variables have names beginning with
616 &$header_$& followed by the name of the header line, terminated by a colon.
622 The whole item, including the terminating colon, is replaced by the contents of
623 the message header line. If there is more than one header line with the same
624 name, their contents are concatenated. For header lines whose data consists of
625 a list of addresses (for example, &'From:'& and &'To:'&), a comma and newline
626 is inserted between each set of data. For all other header lines, just a
629 Leading and trailing white space is removed from header line data, and if there
630 are any MIME &"words"& that are encoded as defined by RFC 2047 (because they
631 contain non-ASCII characters), they are decoded and translated, if possible, to
632 a local character set. Translation is attempted only on operating systems that
633 have the &[iconv()]& function. This makes the header line look the same as it
634 would when displayed by an MUA. The default character set is ISO-8859-1, but
635 this can be changed by means of the &(headers)& command (see below).
637 If you want to see the actual characters that make up a header line, you can
638 specify &$rheader_$& instead of &$header_$&. This inserts the &"raw"&
639 header line, unmodified.
641 There is also an intermediate form, requested by &$bheader_$&, which removes
642 leading and trailing space and decodes MIME &"words"&, but does not do any
643 character translation. If an attempt to decode what looks superficially like a
644 MIME &"word"& fails, the raw string is returned. If decoding produces a binary
645 zero character, it is replaced by a question mark.
647 The capitalization of the name following &$header_$& is not significant.
648 Because any printing character except colon may appear in the name of a
649 message's header (this is a requirement of RFC 2822, the document that
650 describes the format of a mail message) curly brackets must &'not'& be used in
651 this case, as they will be taken as part of the header name. Two shortcuts are
652 allowed in naming header variables:
655 The initiating &$header_$&, &$rheader_$&, or &$bheader_$& can be
656 abbreviated to &$h_$&, &$rh_$&, or &$bh_$&, respectively.
658 The terminating colon can be omitted if the next character is white space. The
659 white space character is retained in the expanded string. However, this is not
660 recommended, because it makes it easy to forget the colon when it really is
664 If the message does not contain a header of the given name, an empty string is
665 substituted. Thus it is important to spell the names of headers correctly. Do
666 not use &$header_Reply_to$& when you really mean &$header_Reply-to$&.
669 .section "User variables"
670 There are ten user variables with names &$n0$& &-- &$n9$& that can be
671 incremented by the &(add)& command (see section &<<SECTadd>>&). These can be
672 used for &"scoring"& messages in various ways. If Exim is configured to run a
673 &"system filter"& on every message, the values left in these variables are
674 copied into the variables &$sn0$& &-- &$sn9$& at the end of the system filter,
675 thus making them available to users' filter files. How these values are used is
676 entirely up to the individual installation.
679 .section "Current directory"
680 The contents of your filter file should not make any assumptions about the
681 current directory. It is best to use absolute paths for file names; you can
682 normally make use of the &$home$& variable to refer to your home directory. The
683 &(save)& command automatically inserts &$home$& at the start of non-absolute
689 .section "Significant deliveries" "SECTsigdel"
690 When in the course of delivery a message is processed by a filter file, what
691 happens next, that is, after the filter file has been processed, depends on
692 whether or not the filter sets up any &'significant deliveries'&. If at least
693 one significant delivery is set up, the filter is considered to have handled
694 the entire delivery arrangements for the current address, and no further
695 processing of the address takes place. If, however, no significant deliveries
696 are set up, Exim continues processing the current address as if there were no
697 filter file, and typically sets up a delivery of a copy of the message into a
698 local mailbox. In particular, this happens in the special case of a filter file
699 containing only comments.
701 The delivery commands &(deliver)&, &(save)&, and &(pipe)& are by default
702 significant. However, if such a command is preceded by the word &"unseen"&, its
703 delivery is not considered to be significant. In contrast, other commands such
704 as &(mail)& and &(vacation)& do not set up significant deliveries unless
705 preceded by the word &"seen"&. The following example commands set up
706 significant deliveries:
708 deliver jack@beanstalk.example
709 pipe $home/bin/mymailscript
710 seen mail subject "message discarded"
713 The following example commands do not set up significant deliveries:
715 unseen deliver jack@beanstalk.example
716 unseen pipe $home/bin/mymailscript
717 mail subject "message discarded"
723 .section "Filter commands"
724 The filter commands that are described in subsequent sections are listed
725 below, with the section in which they are described in brackets:
728 .row &(add)& "&~&~increment a user variable (section &<<SECTadd>>&)"
729 .row &(deliver)& "&~&~deliver to an email address (section &<<SECTdeliver>>&)"
730 .row &(fail)& "&~&~force delivery failure (sysadmin use) (section &<<SECTfail>>&)"
731 .row &(finish)& "&~&~end processing (section &<<SECTfinish>>&)"
732 .row &(freeze)& "&~&~freeze message (sysadmin use) (section &<<SECTfreeze>>&)"
733 .row &(headers)& "&~&~set the header character set (section &<<SECTheaders>>&)"
734 .row &(if)& "&~&~test condition(s) (section &<<SECTif>>&)"
735 .row &(logfile)& "&~&~define log file (section &<<SECTlog>>&)"
736 .row &(logwrite)& "&~&~write to log file (section &<<SECTlog>>&)"
737 .row &(mail)& "&~&~send a reply message (section &<<SECTmail>>&)"
738 .row &(pipe)& "&~&~pipe to a command (section &<<SECTpipe>>&)"
739 .row &(save)& "&~&~save to a file (section &<<SECTsave>>&)"
740 .row &(testprint)& "&~&~print while testing (section &<<SECTtestprint>>&)"
741 .row &(vacation)& "&~&~tailored form of &(mail)& (section &<<SECTmail>>&)"
744 The &(headers)& command has additional parameters that can be used only in a
745 system filter. The &(fail)& and &(freeze)& commands are available only when
746 Exim's filtering facilities are being used as a system filter, and are
747 therefore usable only by the system administrator and not by ordinary users.
748 They are mentioned only briefly in this document; for more information, see the
749 main Exim specification.
753 .section "The add command" "SECTadd"
755 &` add `&<&'number'&>&` to `&<&'user variable'&>
759 There are 10 user variables of this type, with names &$n0$& &-- &$n9$&. Their
760 values can be obtained by the normal expansion syntax (for example &$n3$&) in
761 other commands. At the start of filtering, these variables all contain zero.
762 Both arguments of the &(add)& command are expanded before use, making it
763 possible to add variables to each other. Subtraction can be obtained by adding
768 .section "The deliver command" "SECTdeliver"
770 &` deliver`& <&'mail address'&>
771 &`e.g. deliver "Dr Livingstone <David@somewhere.africa.example>"`&
774 This command provides a forwarding operation. The delivery that it sets up is
775 significant unless the command is preceded by &"unseen"& (see section
776 &<<SECTsigdel>>&). The message is sent on to the given address, exactly as
777 happens if the address had appeared in a traditional &_.forward_& file. If you
778 want to deliver the message to a number of different addresses, you can use
779 more than one &(deliver)& command (each one may have only one address).
780 However, duplicate addresses are discarded.
782 To deliver a copy of the message to your normal mailbox, your login name can be
783 given as the address. Once an address has been processed by the filtering
784 mechanism, an identical generated address will not be so processed again, so
785 doing this does not cause a loop.
787 However, if you have a mail alias, you should &'not'& refer to it here. For
788 example, if the mail address &'L.Gulliver'& is aliased to &'lg303'& then all
789 references in Gulliver's &_.forward_& file should be to &'lg303'&. A reference
790 to the alias will not work for messages that are addressed to that alias,
791 since, like &_.forward_& file processing, aliasing is performed only once on an
792 address, in order to avoid looping.
794 Following the new address, an optional second address, preceded by
795 &"errors_to"& may appear. This changes the address to which delivery errors on
796 the forwarded message will be sent. Instead of going to the message's original
797 sender, they go to this new address. For ordinary users, the only value that is
798 permitted for this address is the user whose filter file is being processed.
799 For example, the user &'lg303'& whose mailbox is in the domain
800 &'lilliput.example'& could have a filter file that contains
802 deliver jon@elsewhere.example errors_to lg303@lilliput.example
804 Clearly, using this feature makes sense only in situations where not all
805 messages are being forwarded. In particular, bounce messages must not be
806 forwarded in this way, as this is likely to create a mail loop if something
811 .section "The save command" "SECTsave"
813 &` save `&<&'file name'&>
814 &`e.g. save $home/mail/bookfolder`&
817 This command specifies that a copy of the message is to be appended to the
818 given file (that is, the file is to be used as a mail folder). The delivery
819 that &(save)& sets up is significant unless the command is preceded by
820 &"unseen"& (see section &<<SECTsigdel>>&).
822 More than one &(save)& command may be obeyed; each one causes a copy of the
823 message to be written to its argument file, provided they are different
824 (duplicate &(save)& commands are ignored).
826 If the file name does not start with a / character, the contents of the
827 &$home$& variable are prepended, unless it is empty. In conventional
828 configurations, this variable is normally set in a user filter to the user's
829 home directory, but the system administrator may set it to some other path. In
830 some configurations, &$home$& may be unset, in which case a non-absolute path
831 name may be generated. Such configurations convert this to an absolute path
832 when the delivery takes place. In a system filter, &$home$& is never set.
834 The user must of course have permission to write to the file, and the writing
835 of the file takes place in a process that is running as the user, under the
836 user's primary group. Any secondary groups to which the user may belong are not
837 normally taken into account, though the system administrator can configure Exim
838 to set them up. In addition, the ability to use this command at all is
839 controlled by the system administrator &-- it may be forbidden on some systems.
841 An optional mode value may be given after the file name. The value for the mode
842 is interpreted as an octal number, even if it does not begin with a zero. For
845 save /some/folder 640
847 This makes it possible for users to override the system-wide mode setting for
848 file deliveries, which is normally 600. If an existing file does not have the
849 correct mode, it is changed.
851 An alternative form of delivery may be enabled on your system, in which each
852 message is delivered into a new file in a given directory. If this is the case,
853 this functionality can be requested by giving the directory name terminated by
854 a slash after the &(save)& command, for example
856 save separated/messages/
858 There are several different formats for such deliveries; check with your system
859 administrator or local documentation to find out which (if any) are available
860 on your system. If this functionality is not enabled, the use of a path name
861 ending in a slash causes an error.
865 .section "The pipe command" "SECTpipe"
867 &` pipe `&<&'command'&>
868 &`e.g. pipe "$home/bin/countmail $sender_address"`&
871 This command specifies that the message is to be delivered to the specified
872 command using a pipe. The delivery that it sets up is significant unless the
873 command is preceded by &"unseen"& (see section &<<SECTsigdel>>&). Remember,
874 however, that no deliveries are done while the filter is being processed. All
875 deliveries happen later on. Therefore, the result of running the pipe is not
876 available to the filter.
878 When the deliveries are done, a separate process is run, and a copy of the
879 message is passed on its standard input. The process runs as the user, under
880 the user's primary group. Any secondary groups to which the user may belong are
881 not normally taken into account, though the system administrator can configure
882 Exim to set them up. More than one &(pipe)& command may appear; each one causes
883 a copy of the message to be written to its argument pipe, provided they are
884 different (duplicate &(pipe)& commands are ignored).
886 When the time comes to transport the message, the command supplied to &(pipe)&
887 is split up by Exim into a command name and a number of arguments. These are
888 delimited by white space except for arguments enclosed in double quotes, in
889 which case backslash is interpreted as an escape, or in single quotes, in which
890 case no escaping is recognized. Note that as the whole command is normally
891 supplied in double quotes, a second level of quoting is required for internal
892 double quotes. For example:
894 pipe "$home/myscript \"size is $message_size\""
896 String expansion is performed on the separate components after the line has
897 been split up, and the command is then run directly by Exim; it is not run
898 under a shell. Therefore, substitution cannot change the number of arguments,
899 nor can quotes, backslashes or other shell metacharacters in variables cause
902 Documentation for some programs that are normally run via this kind of pipe
903 often suggest that the command should start with
907 This is a shell command, and should &'not'& be present in Exim filter files,
908 since it does not normally run the command under a shell.
910 However, there is an option that the administrator can set to cause a shell to
911 be used. In this case, the entire command is expanded as a single string and
912 passed to the shell for interpretation. It is recommended that this be avoided
913 if at all possible, since it can lead to problems when inserted variables
914 contain shell metacharacters.
916 The default PATH set up for the command is determined by the system
917 administrator, usually containing at least &_/bin_& and &_/usr/bin_& so that
918 common commands are available without having to specify an absolute file name.
919 However, it is possible for the system administrator to restrict the pipe
920 facility so that the command name must not contain any / characters, and must
921 be found in one of the directories in the configured PATH. It is also possible
922 for the system administrator to lock out the use of the &(pipe)& command
925 When the command is run, a number of environment variables are set up. The
926 complete list for pipe deliveries may be found in the Exim reference manual.
927 Those that may be useful for pipe deliveries from user filter files are:
930 &`DOMAIN `& the domain of the address
931 &`HOME `& your home directory
932 &`LOCAL_PART `& see below
933 &`LOCAL_PART_PREFIX `& see below
934 &`LOCAL_PART_SUFFIX `& see below
935 &`LOGNAME `& your login name
936 &`MESSAGE_ID `& the unique id of the message
937 &`PATH `& the command search path
938 &`RECIPIENT `& the complete recipient address
939 &`SENDER `& the sender of the message
940 &`SHELL `& &`/bin/sh`&
944 LOCAL_PART, LOGNAME, and USER are all set to the same value, namely, your login
945 id. LOCAL_PART_PREFIX and LOCAL_PART_SUFFIX may be set if Exim is configured to
946 recognize prefixes or suffixes in the local parts of addresses. For example, a
947 message addressed to &'pat-suf2@domain.example'& may cause the filter for user
948 &'pat'& to be run. If this sets up a pipe delivery, LOCAL_PART_SUFFIX is
949 &`-suf2`& when the pipe command runs. The system administrator has to configure
950 Exim specially for this feature to be available.
952 If you run a command that is a shell script, be very careful in your use of
953 data from the incoming message in the commands in your script. RFC 2822 is very
954 generous in the characters that are permitted to appear in mail addresses, and
955 in particular, an address may begin with a vertical bar or a slash. For this
956 reason you should always use quotes round any arguments that involve data from
957 the message, like this:
959 /some/command '$SENDER'
961 so that inserted shell meta-characters do not cause unwanted effects.
963 Remember that, as was explained earlier, the pipe command is not run at the
964 time the filter file is interpreted. The filter just defines what deliveries
965 are required for one particular addressee of a message. The deliveries
966 themselves happen later, once Exim has decided everything that needs to be done
969 A consequence of this is that you cannot inspect the return code from the pipe
970 command from within the filter. Nevertheless, the code returned by the command
971 is important, because Exim uses it to decide whether the delivery has succeeded
974 The command should return a zero completion code if all has gone well. Most
975 non-zero codes are treated by Exim as indicating a failure of the pipe. This is
976 treated as a delivery failure, causing the message to be returned to its
977 sender. However, there are some completion codes that are treated as temporary
978 errors. The message remains on Exim's spool disk, and the delivery is tried
979 again later, though it will ultimately time out if the delivery failures go on
980 too long. The completion codes to which this applies can be specified by the
981 system administrator; the default values are 73 and 75.
983 The pipe command should not normally write anything to its standard output or
984 standard error file descriptors. If it does, whatever is written is normally
985 returned to the sender of the message as a delivery error, though this action
986 can be varied by the system administrator.
990 .section "Mail commands" "SECTmail"
991 There are two commands that cause the creation of a new mail message, neither
992 of which count as a significant delivery unless the command is preceded by the
993 word &"seen"& (see section &<<SECTsigdel>>&). This is a powerful facility, but
994 it should be used with care, because of the danger of creating infinite
995 sequences of messages. The system administrator can forbid the use of these
998 To help prevent runaway message sequences, these commands have no effect when
999 the incoming message is a bounce (delivery error) message, and messages sent by
1000 this means are treated as if they were reporting delivery errors. Thus, they
1001 should never themselves cause a bounce message to be returned. The basic
1002 mail-sending command is
1004 &`mail [to `&<&'address-list'&>&`]`&
1005 &` [cc `&<&'address-list'&>&`]`&
1006 &` [bcc `&<&'address-list'&>&`]`&
1007 &` [from `&<&'address'&>&`]`&
1008 &` [reply_to `&<&'address'&>&`]`&
1009 &` [subject `&<&'text'&>&`]`&
1010 &` [extra_headers `&<&'text'&>&`]`&
1011 &` [text `&<&'text'&>&`]`&
1012 &` [[expand] file `&<&'filename'&>&`]`&
1013 &` [return message]`&
1014 &` [log `&<&'log file name'&>&`]`&
1015 &` [once `&<&'note file name'&>&`]`&
1016 &` [once_repeat `&<&'time interval'&>&`]`&
1018 &`e.g. mail text "Your message about $h_subject: has been received"`&
1020 Each <&'address-list'&> can contain a number of addresses, separated by commas,
1021 in the format of a &'To:'& or &'Cc:'& header line. In fact, the text you supply
1022 here is copied exactly into the appropriate header line. It may contain
1023 additional information as well as email addresses. For example:
1025 mail to "Julius Caesar <jc@rome.example>, \
1026 <ma@rome.example> (Mark A.)"
1028 Similarly, the texts supplied for &%from%& and &%reply_to%& are copied into
1029 their respective header lines.
1031 As a convenience for use in one common case, there is also a command called
1032 &(vacation)&. It behaves in the same way as &(mail)&, except that the defaults
1033 for the &%subject%&, &%file%&, &%log%&, &%once%&, and &%once_repeat%& options
1036 subject "On vacation"
1037 expand file .vacation.msg
1042 respectively. These are the same file names and repeat period used by the
1043 traditional Unix &(vacation)& command. The defaults can be overridden by
1044 explicit settings, but if a file name is given its contents are expanded only
1045 if explicitly requested.
1047 &*Warning*&: The &(vacation)& command should always be used conditionally,
1048 subject to at least the &(personal)& condition (see section &<<SECTpersonal>>&
1049 below) so as not to send automatic replies to non-personal messages from
1050 mailing lists or elsewhere. Sending an automatic response to a mailing list or
1051 a mailing list manager is an Internet Sin.
1053 For both commands, the key/value argument pairs can appear in any order. At
1054 least one of &%text%& or &%file%& must appear (except with &(vacation)&, where
1055 there is a default for &%file%&); if both are present, the text string appears
1056 first in the message. If &%expand%& precedes &%file%&, each line of the file is
1057 subject to string expansion before it is included in the message.
1059 Several lines of text can be supplied to &%text%& by including the escape
1060 sequence &"\n"& in the string wherever a newline is required. If the command is
1061 output during filter file testing, newlines in the text are shown as &"\n"&.
1063 Note that the keyword for creating a &'Reply-To:'& header is &%reply_to%&,
1064 because Exim keywords may contain underscores, but not hyphens. If the &%from%&
1065 keyword is present and the given address does not match the user who owns the
1066 forward file, Exim normally adds a &'Sender:'& header to the message, though it
1067 can be configured not to do this.
1069 The &%extra_headers%& keyword allows you to add custom header lines to the
1070 message. The text supplied must be one or more syntactically valid RFC 2822
1071 header lines. You can use &"\n"& within quoted text to specify newlines between
1072 headers, and also to define continued header lines. For example:
1074 extra_headers "h1: first\nh2: second\n continued\nh3: third"
1076 No newline should appear at the end of the final header line.
1078 If no &%to%& argument appears, the message is sent to the address in the
1079 &$reply_address$& variable (see section &<<SECTfilterstringexpansion>>& above).
1080 An &'In-Reply-To:'& header is automatically included in the created message,
1081 giving a reference to the message identification of the incoming message.
1083 If &%return message%& is specified, the incoming message that caused the filter
1084 file to be run is added to the end of the message, subject to a maximum size
1087 If a log file is specified, a line is added to it for each message sent.
1089 If a &%once%& file is specified, it is used to hold a database for remembering
1090 who has received a message, and no more than one message is ever sent to any
1091 particular address, unless &%once_repeat%& is set. This specifies a time
1092 interval after which another copy of the message is sent. The interval is
1093 specified as a sequence of numbers, each followed by the initial letter of one
1094 of &"seconds"&, &"minutes"&, &"hours"&, &"days"&, or &"weeks"&. For example,
1098 causes a new message to be sent if at least 5 days and 4 hours have elapsed
1099 since the last one was sent. There must be no white space in a time interval.
1101 Commonly, the file name specified for &%once%& is used as the base name for
1102 direct-access (DBM) file operations. There are a number of different DBM
1103 libraries in existence. Some operating systems provide one as a default, but
1104 even in this case a different one may have been used when building Exim. With
1105 some DBM libraries, specifying &%once%& results in two files being created,
1106 with the suffixes &_.dir_& and &_.pag_& being added to the given name. With
1107 some others a single file with the suffix &_.db_& is used, or the name is used
1110 Using a DBM file for implementing the &%once%& feature means that the file
1111 grows as large as necessary. This is not usually a problem, but some system
1112 administrators want to put a limit on it. The facility can be configured not to
1113 use a DBM file, but instead, to use a regular file with a maximum size. The
1114 data in such a file is searched sequentially, and if the file fills up, the
1115 oldest entry is deleted to make way for a new one. This means that some
1116 correspondents may receive a second copy of the message after an unpredictable
1117 interval. Consult your local information to see if your system is configured
1120 More than one &(mail)& or &(vacation)& command may be obeyed in a single filter
1121 run; they are all honoured, even when they are to the same recipient.
1125 .section "Logging commands" "SECTlog"
1126 A log can be kept of actions taken by a filter file. This facility is normally
1127 available in conventional configurations, but there are some situations where
1128 it might not be. Also, the system administrator may choose to disable it. Check
1129 your local information if in doubt.
1131 Logging takes place while the filter file is being interpreted. It does not
1132 queue up for later like the delivery commands. The reason for this is so that a
1133 log file need be opened only once for several write operations. There are two
1134 commands, neither of which constitutes a significant delivery. The first
1135 defines a file to which logging output is subsequently written:
1137 &` logfile `&<&'file name'&>
1138 &`e.g. logfile $home/filter.log`&
1140 The file name must be fully qualified. You can use &$home$&, as in this
1141 example, to refer to your home directory. The file name may optionally be
1142 followed by a mode for the file, which is used if the file has to be created.
1145 logfile $home/filter.log 0644
1147 The number is interpreted as octal, even if it does not begin with a zero.
1148 The default for the mode is 600. It is suggested that the &(logfile)& command
1149 normally appear as the first command in a filter file. Once a log file has
1150 been obeyed, the &(logwrite)& command can be used to write to it:
1152 &` logwrite "`&<&'some text string'&>&`"`&
1153 &`e.g. logwrite "$tod_log $message_id processed"`&
1155 It is possible to have more than one &(logfile)& command, to specify writing to
1156 different log files in different circumstances. Writing takes place at the end
1157 of the file, and a newline character is added to the end of each string if
1158 there isn't one already there. Newlines can be put in the middle of the string
1159 by using the &"\n"& escape sequence. Lines from simultaneous deliveries may get
1160 interleaved in the file, as there is no interlocking, so you should plan your
1161 logging with this in mind. However, data should not get lost.
1165 .section "The finish command" "SECTfinish"
1166 The command &(finish)&, which has no arguments, causes Exim to stop
1167 interpreting the filter file. This is not a significant action unless preceded
1168 by &"seen"&. A filter file containing only &"seen finish"& is a black hole.
1171 .section "The testprint command" "SECTtestprint"
1172 It is sometimes helpful to be able to print out the values of variables when
1173 testing filter files. The command
1175 &` testprint `&<&'text'&>
1176 &`e.g. testprint "home=$home reply_address=$reply_address"`&
1178 does nothing when mail is being delivered. However, when the filtering code is
1179 being tested by means of the &%-bf%& option (see section &<<SECTtesting>>&
1180 above), the value of the string is written to the standard output.
1183 .section "The fail command" "SECTfail"
1184 When Exim's filtering facilities are being used as a system filter, the
1185 &(fail)& command is available, to force delivery failure. Because this command
1186 is normally usable only by the system administrator, and not enabled for use by
1187 ordinary users, it is described in more detail in the main Exim specification
1188 rather than in this document.
1191 .section "The freeze command" "SECTfreeze"
1192 When Exim's filtering facilities are being used as a system filter, the
1193 &(freeze)& command is available, to freeze a message on the queue. Because this
1194 command is normally usable only by the system administrator, and not enabled
1195 for use by ordinary users, it is described in more detail in the main Exim
1196 specification rather than in this document.
1200 .section "The headers command" "SECTheaders"
1201 The &(headers)& command can be used to change the target character set that is
1202 used when translating the contents of encoded header lines for insertion by the
1203 &$header_$& mechanism (see section &<<SECTheadervariables>>& above). The
1204 default can be set in the Exim configuration; if not specified, ISO-8859-1 is
1205 used. The only currently supported format for the &(headers)& command in user
1206 filters is as in this example:
1208 headers charset "UTF-8"
1210 That is, &(headers)& is followed by the word &"charset"& and then the name of a
1211 character set. This particular example would be useful if you wanted to compare
1212 the contents of a header to a UTF-8 string.
1214 In system filter files, the &(headers)& command can be used to add or remove
1215 header lines from the message. These features are described in the main Exim
1220 .section "Obeying commands conditionally" "SECTif"
1221 Most of the power of filtering comes from the ability to test conditions and
1222 obey different commands depending on the outcome. The &(if)& command is used to
1223 specify conditional execution, and its general form is
1225 &`if `&<&'condition'&>
1226 &`then `&<&'commands'&>
1227 &`elif `&<&'condition'&>
1228 &`then `&<&'commands'&>
1229 &`else `&<&'commands'&>
1232 There may be any number of &(elif)& and &(then)& sections (including none) and
1233 the &(else)& section is also optional. Any number of commands, including nested
1234 &(if)& commands, may appear in any of the <&'commands'&> sections.
1236 Conditions can be combined by using the words &(and)& and &(or)&, and round
1237 brackets (parentheses) can be used to specify how several conditions are to
1238 combine. Without brackets, &(and)& is more binding than &(or)&. For example:
1241 $h_subject: contains "Make money" or
1242 $h_precedence: is "junk" or
1243 ($h_sender: matches ^\\d{8}@ and not personal) or
1244 $message_body contains "this is not spam"
1249 A condition can be preceded by &(not)& to negate it, and there are also some
1250 negative forms of condition that are more English-like.
1254 .section "String testing conditions"
1255 There are a number of conditions that operate on text strings, using the words
1256 &"begins"&, &"ends"&, &"is"&, &"contains"& and &"matches"&. If you want to
1257 apply the same test to more than one header line, you can easily concatenate
1258 them into a single string for testing, as in this example:
1260 if "$h_to:, $h_cc:" contains me@domain.example then ...
1262 If a string-testing condition name is written in lower case, the testing
1263 of letters is done without regard to case; if it is written in upper case
1264 (for example, &"CONTAINS"&), the case of letters is taken into account.
1267 &` `&<&'text1'&>&` begins `&<&'text2'&>
1268 &` `&<&'text1'&>&` does not begin `&<&'text2'&>
1269 &`e.g. $header_from: begins "Friend@"`&
1272 A &"begins"& test checks for the presence of the second string at the start of
1273 the first, both strings having been expanded.
1276 &` `&<&'text1'&>&` ends `&<&'text2'&>
1277 &` `&<&'text1'&>&` does not end `&<&'text2'&>
1278 &`e.g. $header_from: ends "public.com.example"`&
1281 An &"ends"& test checks for the presence of the second string at the end of
1282 the first, both strings having been expanded.
1285 &` `&<&'text1'&>&` is `&<&'text2'&>
1286 &` `&<&'text1'&>&` is not `&<&'text2'&>
1287 &`e.g. $local_part_suffix is "-foo"`&
1290 An &"is"& test does an exact match between the strings, having first expanded
1294 &` `&<&'text1'&>&` contains `&<&'text2'&>
1295 &` `&<&'text1'&>&` does not contain `&<&'text2'&>
1296 &`e.g. $header_subject: contains "evolution"`&
1299 A &"contains"& test does a partial string match, having expanded both strings.
1302 &` `&<&'text1'&>&` matches `&<&'text2'&>
1303 &` `&<&'text1'&>&` does not match `&<&'text2'&>
1304 &`e.g. $sender_address matches "(bill|john)@"`&
1307 For a &"matches"& test, after expansion of both strings, the second one is
1308 interpreted as a regular expression. Exim uses the PCRE regular expression
1309 library, which provides regular expressions that are compatible with Perl.
1311 The match succeeds if the regular expression matches any part of the first
1312 string. If you want a regular expression to match only at the start or end of
1313 the subject string, you must encode that requirement explicitly, using the
1314 &`^`& or &`$`& metacharacters. The above example, which is not so constrained,
1315 matches all these addresses:
1319 spoonbill@example.com
1320 littlejohn@example.com
1322 To match only the first two, you could use this:
1324 if $sender_address matches "^(bill|john)@" then ...
1326 Care must be taken if you need a backslash in a regular expression, because
1327 backslashes are interpreted as escape characters both by the string expansion
1328 code and by Exim's normal processing of strings in quotes. For example, if you
1329 want to test the sender address for a domain ending in &'.com'& the regular
1334 The backslash and dollar sign in that expression have to be escaped when used
1335 in a filter command, as otherwise they would be interpreted by the expansion
1336 code. Thus, what you actually write is
1338 if $sender_address matches \\.com\$
1340 An alternative way of handling this is to make use of the &`\N`& expansion
1341 flag for suppressing expansion:
1343 if $sender_address matches \N\.com$\N
1345 Everything between the two occurrences of &`\N`& is copied without change by
1346 the string expander (and in fact you do not need the final one, because it is
1347 at the end of the string). If the regular expression is given in quotes
1348 (mandatory only if it contains white space) you have to write either
1350 if $sender_address matches "\\\\.com\\$"
1354 if $sender_address matches "\\N\\.com$\\N"
1357 If the regular expression contains bracketed sub-expressions, numeric
1358 variable substitutions such as &$1$& can be used in the subsequent actions
1359 after a successful match. If the match fails, the values of the numeric
1360 variables remain unchanged. Previous values are not restored after &(endif)&.
1361 In other words, only one set of values is ever available. If the condition
1362 contains several sub-conditions connected by &(and)& or &(or)&, it is the
1363 strings extracted from the last successful match that are available in
1364 subsequent actions. Numeric variables from any one sub-condition are also
1365 available for use in subsequent sub-conditions, because string expansion of a
1366 condition occurs just before it is tested.
1369 .section "Numeric testing conditions"
1370 The following conditions are available for performing numerical tests:
1373 &` `&<&'number1'&>&` is above `&<&'number2'&>
1374 &` `&<&'number1'&>&` is not above `&<&'number2'&>
1375 &` `&<&'number1'&>&` is below `&<&'number2'&>
1376 &` `&<&'number1'&>&` is not below `&<&'number2'&>
1377 &`e.g. $message_size is not above 10k`&
1380 The <&'number'&> arguments must expand to strings of digits, optionally
1381 followed by one of the letters K or M (upper case or lower case) which cause
1382 multiplication by 1024 and 1024x1024 respectively.
1385 .section "Testing for significant deliveries"
1386 You can use the &(delivered)& condition to test whether or not any previously
1387 obeyed filter commands have set up a significant delivery. For example:
1389 if not delivered then save mail/anomalous endif
1391 &"Delivered"& is perhaps a poor choice of name for this condition, because the
1392 message has not actually been delivered; rather, a delivery has been set up for
1396 .section "Testing for error messages"
1397 The condition &(error_message)& is true if the incoming message is a bounce
1398 (mail delivery error) message. Putting the command
1400 if error_message then finish endif
1402 at the head of your filter file is a useful insurance against things going
1403 wrong in such a way that you cannot receive delivery error reports. &*Note*&:
1404 &(error_message)& is a condition, not an expansion variable, and therefore is
1405 not preceded by &`$`&.
1408 .section "Testing a list of addresses"
1409 There is a facility for looping through a list of addresses and applying a
1410 condition to each of them. It takes the form
1412 &`foranyaddress `&<&'string'&>&` (`&<&'condition'&>&`)`&
1414 where <&'string'&> is interpreted as a list of RFC 2822 addresses, as in a
1415 typical header line, and <&'condition'&> is any valid filter condition or
1416 combination of conditions. The &"group"& syntax that is defined for certain
1417 header lines that contain addresses is supported.
1419 The parentheses surrounding the condition are mandatory, to delimit it from
1420 possible further sub-conditions of the enclosing &(if)& command. Within the
1421 condition, the expansion variable &$thisaddress$& is set to the non-comment
1422 portion of each of the addresses in the string in turn. For example, if the
1425 B.Simpson <bart@sfld.example>, lisa@sfld.example (his sister)
1427 then &$thisaddress$& would take on the values &`bart@sfld.example`& and
1428 &`lisa@sfld.example`& in turn.
1430 If there are no valid addresses in the list, the whole condition is false. If
1431 the internal condition is true for any one address, the overall condition is
1432 true and the loop ends. If the internal condition is false for all addresses in
1433 the list, the overall condition is false. This example tests for the presence
1434 of an eight-digit local part in any address in a &'To:'& header:
1436 if foranyaddress $h_to: ( $thisaddress matches ^\\d{8}@ ) then ...
1438 When the overall condition is true, the value of &$thisaddress$& in the
1439 commands that follow &(then)& is the last value it took on inside the loop. At
1440 the end of the &(if)& command, the value of &$thisaddress$& is reset to what it
1441 was before. It is best to avoid the use of multiple occurrences of
1442 &(foranyaddress)&, nested or otherwise, in a single &(if)& command, if the
1443 value of &$thisaddress$& is to be used afterwards, because it isn't always
1444 clear what the value will be. Nested &(if)& commands should be used instead.
1446 Header lines can be joined together if a check is to be applied to more than
1447 one of them. For example:
1449 if foranyaddress $h_to:,$h_cc: ....
1451 This scans through the addresses in both the &'To:'& and the &'Cc:'& headers.
1454 .section "Testing for personal mail" "SECTpersonal"
1455 A common requirement is to distinguish between incoming personal mail and mail
1456 from a mailing list, or from a robot or other automatic process (for example, a
1457 bounce message). In particular, this test is normally required for &"vacation
1460 The &(personal)& condition checks that the message is not a bounce message and
1461 that the current user's email address appears in the &'To:'& header. It also
1462 checks that the sender is not the current user or one of a number of common
1463 daemons, and that there are no header lines starting &'List-'& in the message.
1464 Finally, it checks the content of the &'Precedence:'& header line, if there is
1467 You should always use the &(personal)& condition when generating automatic
1468 responses. This example shows the use of &(personal)& in a filter file that is
1469 sending out vacation messages:
1472 mail to $reply_address
1473 subject "I am on holiday"
1474 file $home/vacation/message
1475 once $home/vacation/once
1479 It is tempting, when writing commands like the above, to quote the original
1480 subject in the reply. For example:
1482 subject "Re: $h_subject:"
1484 There is a danger in doing this, however. It may allow a third party to
1485 subscribe you to an opt-in mailing list, provided that the list accepts bounce
1486 messages as subscription confirmations. (Messages sent from filters are always
1487 sent as bounce messages.) Well-managed lists require a non-bounce message to
1488 confirm a subscription, so the danger is relatively small.
1490 If prefixes or suffixes are in use for local parts &-- something which depends
1491 on the configuration of Exim (see section &<<SECTmbox>>& below) &-- the tests
1492 for the current user are done with the full address (including the prefix and
1493 suffix, if any) as well as with the prefix and suffix removed. If the system is
1494 configured to rewrite local parts of mail addresses, for example, to rewrite
1495 &`dag46`& as &`Dirk.Gently`&, the rewritten form of the address is also used in
1500 .section "Alias addresses for the personal condition"
1501 It is quite common for people who have mail accounts on a number of different
1502 systems to forward all their mail to one system, and in this case a check for
1503 personal mail should test all their various mail addresses. To allow for this,
1504 the &(personal)& condition keyword can be followed by
1506 &`alias `&<&'address'&>
1508 any number of times, for example:
1510 if personal alias smith@else.where.example
1511 alias jones@other.place.example
1514 The alias addresses are treated as alternatives to the current user's email
1515 address when testing the contents of header lines.
1518 .section "Details of the personal condition"
1519 The basic &(personal)& test is roughly equivalent to the following:
1521 not error_message and
1522 $message_headers does not contain "\nList-Id:" and
1523 $message_headers does not contain "\nList-Help:" and
1524 $message_headers does not contain "\nList-Subscribe:" and
1525 $message_headers does not contain "\nList-Unsubscribe:" and
1526 $message_headers does not contain "\nList-Post:" and
1527 $message_headers does not contain "\nList-Owner:" and
1528 $message_headers does not contain "\nList-Archive:" and
1530 "${if def h_auto-submitted:{present}{absent}}" is "absent" or
1531 $header_auto-submitted: is "no"
1533 $header_precedence: does not contain "bulk" and
1534 $header_precedence: does not contain "list" and
1535 $header_precedence: does not contain "junk" and
1536 foranyaddress $header_to:
1537 ( $thisaddress contains "$local_part$domain" ) and
1538 not foranyaddress $header_from:
1540 $thisaddress contains "$local_part@$domain" or
1541 $thisaddress contains "server@" or
1542 $thisaddress contains "daemon@" or
1543 $thisaddress contains "root@" or
1544 $thisaddress contains "listserv@" or
1545 $thisaddress contains "majordomo@" or
1546 $thisaddress contains "-request@" or
1547 $thisaddress matches "^owner-[^@]+@"
1550 The variable &$local_part$& contains the local part of the mail address of
1551 the user whose filter file is being run &-- it is normally your login id. The
1552 &$domain$& variable contains the mail domain. As explained above, if aliases
1553 or rewriting are defined, or if prefixes or suffixes are in use, the tests for
1554 the current user are also done with alternative addresses.
1559 .section "Testing delivery status"
1560 There are two conditions that are intended mainly for use in system filter
1561 files, but which are available in users' filter files as well. The condition
1562 &(first_delivery)& is true if this is the first process that is attempting to
1563 deliver the message, and false otherwise. This indicator is not reset until the
1564 first delivery process successfully terminates; if there is a crash or a power
1565 failure (for example), the next delivery attempt is also a &"first delivery"&.
1567 In a user filter file &(first_delivery)& will be false if there was previously
1568 an error in the filter, or if a delivery for the user failed owing to, for
1569 example, a quota error, or if forwarding to a remote address was deferred for
1572 The condition &(manually_thawed)& is true if the message was &"frozen"& for
1573 some reason, and was subsequently released by the system administrator. It is
1574 unlikely to be of use in users' filter files.
1577 .section "Multiple personal mailboxes" "SECTmbox"
1578 The system administrator can configure Exim so that users can set up variants
1579 on their email addresses and handle them separately. Consult your system
1580 administrator or local documentation to see if this facility is enabled on your
1581 system, and if so, what the details are.
1583 The facility involves the use of a prefix or a suffix on an email address. For
1584 example, all mail addressed to &'lg303-'&<&'something'&> would be the property
1585 of user &'lg303'&, who could determine how it was to be handled, depending on
1586 the value of <&'something'&>.
1588 There are two possible ways in which this can be set up. The first possibility
1589 is the use of multiple &_.forward_& files. In this case, mail to &'lg303-foo'&,
1590 for example, is handled by looking for a file called &_.forward-foo_& in
1591 &'lg303'&'s home directory. If such a file does not exist, delivery fails
1592 and the message is returned to its sender.
1594 The alternative approach is to pass all messages through a single &_.forward_&
1595 file, which must be a filter file so that it can distinguish between the
1596 different cases by referencing the variables &$local_part_prefix$& or
1597 &$local_part_suffix$&, as in the final example in section &<<SECTex>>& below.
1599 It is possible to configure Exim to support both schemes at once. In this case,
1600 a specific &_.forward-foo_& file is first sought; if it is not found, the basic
1601 &_.forward_& file is used.
1603 The &(personal)& test (see section &<<SECTpersonal>>&) includes prefixes and
1604 suffixes in its checking.
1608 .section "Ignoring delivery errors"
1609 As was explained above, filtering just sets up addresses for delivery &-- no
1610 deliveries are actually done while a filter file is active. If any of the
1611 generated addresses subsequently suffers a delivery failure, an error message
1612 is generated in the normal way. However, if a filter command that sets up a
1613 delivery is preceded by the word &"noerror"&, errors for that delivery,
1614 and any deliveries consequent on it (that is, from alias, forwarding, or
1615 filter files it invokes) are ignored.
1619 .section "Examples of Exim filter commands" "SECTex"
1624 deliver baggins@rivendell.middle-earth.example
1627 Vacation handling using traditional means, assuming that the &_.vacation.msg_&
1628 and other files have been set up in your home directory:
1632 unseen pipe "/usr/ucb/vacation \"$local_part\""
1635 Vacation handling inside Exim, having first created a file called
1636 &_.vacation.msg_& in your home directory:
1640 if personal then vacation endif
1643 File some messages by subject:
1647 if $header_subject: contains "empire" or
1648 $header_subject: contains "foundation"
1654 Save all non-urgent messages by weekday:
1658 if $header_subject: does not contain "urgent" and
1659 $tod_full matches "^(...),"
1665 Throw away all mail from one site, except from postmaster:
1669 if $reply_address contains "@spam.site.example" and
1670 $reply_address does not contain "postmaster@"
1676 Handle multiple personal mailboxes:
1680 if $local_part_suffix is "-foo"
1683 elif $local_part_suffix is "-bar"