.cindex "&'From:'& header line"
.cindex "&'Sender:'& header line"
+.cindex "header lines" "From:"
+.cindex "header lines" "Sender:"
For a trusted user, there is never any check on the contents of the &'From:'&
header line, and a &'Sender:'& line is never added. Furthermore, any existing
&'Sender:'& line in incoming local (non-TCP/IP) messages is not removed.
section &<<SECTnamedlists>>&.
+.new
+.section "Builtin macros" "SECTbuiltinmacros"
+Exim defines some macros depending on facilities available, which may
+differ due to build-time definitions and from one release to another.
+All of these macros start with an underscore.
+They can be used to conditionally include parts of a configuration
+(see below).
+
+The following classes of macros are defined:
+.display
+&` _HAVE_ `& build-time defines
+&` _DRVR_AUTH_ `& authehticator drivers
+&` _DRVR_RTR_ `& router drivers
+&` _DRVR_TPT_ `& transport drivers
+&` _OPT_ `& configuration option support
+.endd
+
+Use an &"exim -bP macros"& command to get the list of macros.
+.wen
+
+
.section "Conditional skips in the configuration file" "SECID46"
.cindex "configuration file" "conditional skips"
.cindex "&`.ifdef`&"
hexadecimal number.
If an integer value is followed by the letter K, it is multiplied by 1024; if
-it is followed by the letter M, it is multiplied by 1024x1024. When the values
+it is followed by the letter M, it is multiplied by 1024x1024;
+.new
+if by the letter G, 1024x1024x1024.
+.wen
+When the values
of integer option settings are output, values which are an exact multiple of
1024 or 1024x1024 are sometimes, but not always, printed using the letters K
and M. The printing style is independent of the actual input format that was
Exim supports the use of regular expressions in many of its options. It
uses the PCRE regular expression library; this provides regular expression
matching that is compatible with Perl 5. The syntax and semantics of
-regular expressions is discussed in many Perl reference books, and also in
+regular expressions is discussed in
+.new
+online Perl manpages, in
+.wen
+many Perl reference books, and also in
Jeffrey Friedl's &'Mastering Regular Expressions'&, which is published by
O'Reilly (see &url(http://www.oreilly.com/catalog/regex2/)).
user@example.com
.endd
+.new
+.vitem &*${base32:*&<&'digits'&>&*}*&
+.cindex "&%base32%& expansion item"
+.cindex "expansion" "conversion to base 32"
+The string must consist entirely of decimal digits. The number is converted to
+base 32 and output as a (empty, for zero) string of characters.
+Only lowercase letters are used.
+
+.vitem &*${base32d:*&<&'base-32&~digits'&>&*}*&
+.cindex "&%base32d%& expansion item"
+.cindex "expansion" "conversion to base 32"
+The string must consist entirely of base-32 digits.
+The number is converted to decimal and output as a string.
+.wen
+
.vitem &*${base62:*&<&'digits'&>&*}*&
.cindex "&%base62%& expansion item"
.cindex "expansion" "conversion to base 62"
significant bit set (so-called &"8-bit characters"&) count as printing or not
is controlled by the &%print_topbitchars%& option.
+.new
+.vitem &*${escape8bit:*&<&'string'&>&*}*&
+.cindex "expansion" "escaping 8-bit characters"
+.cindex "&%escape8bit%& expansion item"
+If the string contains and characters with the most significant bit set,
+they are converted to escape sequences starting with a backslash.
+Backslashes and DEL characters are also converted.
+.wen
+
.vitem &*${eval:*&<&'string'&>&*}*&&~and&~&*${eval10:*&<&'string'&>&*}*&
.cindex "expansion" "expression evaluation"
.vitem &$verify_mode$&
.vindex "&$verify_mode$&"
-While a router or transport is being run in verify mode
-or for cutthrough delivery,
+While a router or transport is being run in verify mode or for cutthrough delivery,
contains "S" for sender-verification or "R" for recipient-verification.
Otherwise, empty.
.table2
.row &%accept_8bitmime%& "advertise 8BITMIME"
.row &%auth_advertise_hosts%& "advertise AUTH to these hosts"
+.row &%chunking_advertise_hosts%& "advertise CHUNKING to these hosts"
.row &%dsn_advertise_hosts%& "advertise DSN extensions to these hosts"
.row &%ignore_fromline_hosts%& "allow &""From ""& from these hosts"
.row &%ignore_fromline_local%& "allow &""From ""& from local SMTP"
See section &<<CALLaddparcall>>& for details of how this value is used.
-.option check_log_inodes main integer 0
+.new
+.option check_log_inodes main integer 100
+.wen
See &%check_spool_space%& below.
-.option check_log_space main integer 0
+.new
+.option check_log_space main integer 10M
+.wen
See &%check_spool_space%& below.
.oindex "&%check_rfc2047_length%&"
set false, Exim recognizes encoded words of any length.
-.option check_spool_inodes main integer 0
+.new
+.option check_spool_inodes main integer 100
+.wen
See &%check_spool_space%& below.
-.option check_spool_space main integer 0
+.new
+.option check_spool_space main integer 10M
+.wen
.cindex "checking disk space"
.cindex "disk space, checking"
.cindex "spool directory" "checking space"
.vindex "&$log_space$&"
.vindex "&$spool_inodes$&"
.vindex "&$spool_space$&"
-When any of these options are set, they apply to all incoming messages. If you
+When any of these options are nonzero, they apply to all incoming messages. If you
want to apply different checks to different kinds of message, you can do so by
testing the variables &$log_inodes$&, &$log_space$&, &$spool_inodes$&, and
&$spool_space$& in an ACL with appropriate additional conditions.
&%check_spool_space%& and &%check_spool_inodes%& check the spool partition if
either value is greater than zero, for example:
.code
-check_spool_space = 10M
+check_spool_space = 100M
check_spool_inodes = 100
.endd
The spool partition is the one that contains the directory defined by
&%check_spool_space%& is zero, unless &%no_smtp_check_spool_space%& is set.
The values for &%check_spool_space%& and &%check_log_space%& are held as a
-number of kilobytes. If a non-multiple of 1024 is specified, it is rounded up.
+number of kilobytes (though specified in bytes).
+If a non-multiple of 1024 is specified, it is rounded up.
For non-SMTP input and for batched SMTP input, the test is done at start-up; on
failure a message is written to stderr and Exim exits with a non-zero code, as
it obviously cannot send an error message of any kind.
+.new
+There is a slight performance penalty for these checks.
+Versions of Exim preceding 4.88 had these disabled by default;
+high-rate intallations confident they will never run out of resources
+may wish to deliberately disable them.
+.wen
+
+.new
+.option chunking_advertise_hosts main "host list&!!" *
+.cindex CHUNKING advertisement
+.cindex "RFC 3030" "CHUNKING"
+The CHUNKING extension (RFC3030) will be advertised in the EHLO message to
+these hosts.
+Hosts may use the BDAT command as an alternate to DATA.
+.wen
+
.option daemon_smtp_ports main string &`smtp`&
.cindex "port" "for daemon"
.cindex "TCP/IP" "setting listening ports"
.option delay_warning main "time list" 24h
.cindex "warning of delay"
.cindex "delay warning, specifying"
+.cindex "queue" "delay warning"
When a message is delayed, Exim sends a warning message to the sender at
intervals specified by this option. The data is a colon-separated list of times
after which to send warning messages. If the value of the option is an empty
The value of this option is expanded and indicates the source of DH parameters
to be used by Exim.
-If it is a filename starting with a &`/`&, then it names a file from which DH
+.new
+&*Note: The Exim Maintainers strongly recommend using a filename with site-generated
+local DH parameters*&, which has been supported across all versions of Exim. The
+other specific constants available are a fallback so that even when
+"unconfigured", Exim can offer Perfect Forward Secrecy in older ciphersuites in TLS.
+.wen
+
+If &%tls_dhparam%& is a filename starting with a &`/`&,
+then it names a file from which DH
parameters should be loaded. If the file exists, it should hold a PEM-encoded
PKCS#3 representation of the DH prime. If the file does not exist, for
OpenSSL it is an error. For GnuTLS, Exim will attempt to create the file and
does not exist, Exim will attempt to create it.
See section &<<SECTgnutlsparam>>& for further details.
+.new
If Exim is using OpenSSL and this option is empty or unset, then Exim will load
-a default DH prime; the default is the 2048 bit prime described in section
+a default DH prime; the default is Exim-specific but lacks verifiable provenance.
+
+In older versions of Exim the default was the 2048 bit prime described in section
2.2 of RFC 5114, "2048-bit MODP Group with 224-bit Prime Order Subgroup", which
in IKE is assigned number 23.
Otherwise, the option must expand to the name used by Exim for any of a number
-of DH primes specified in RFC 2409, RFC 3526 and RFC 5114. As names, Exim uses
-"ike" followed by the number used by IKE, or "default" which corresponds to
-"ike23".
+of DH primes specified in RFC 2409, RFC 3526, RFC 5114, RFC 7919, or from other
+sources. As names, Exim uses a standard specified name, else "ike" followed by
+the number used by IKE, or "default" which corresponds to
+&`exim.dev.20160529.3`&.
-The available primes are:
+The available standard primes are:
+&`ffdhe2048`&, &`ffdhe3072`&, &`ffdhe4096`&, &`ffdhe6144`&, &`ffdhe8192`&,
&`ike1`&, &`ike2`&, &`ike5`&,
&`ike14`&, &`ike15`&, &`ike16`&, &`ike17`&, &`ike18`&,
-&`ike22`&, &`ike23`& (aka &`default`&) and &`ike24`&.
+&`ike22`&, &`ike23`& and &`ike24`&.
+
+The available additional primes are:
+&`exim.dev.20160529.1`&, &`exim.dev.20160529.2`& and &`exim.dev.20160529.3`&.
Some of these will be too small to be accepted by clients.
Some may be too large to be accepted by clients.
+The open cryptographic community has suspicions about the integrity of some
+of the later IKE values, which led into RFC7919 providing new fixed constants
+(the "ffdhe" identifiers).
+
+At this point, all of the "ike" values should be considered obsolete;
+they're still in Exim to avoid breaking unusual configurations, but are
+candidates for removal the next time we have backwards-incompatible changes.
+.wen
The TLS protocol does not negotiate an acceptable size for this; clients tend
to hard-drop connections if what is offered by the server is unacceptable,
.endd
.next
.cindex "address redirection" "to black hole"
-Sometimes you want to throw away mail to a particular local part. Making the
-&%data%& option expand to an empty string does not work, because that causes
-the router to decline. Instead, the alias item
+.cindex "delivery" "discard"
+.cindex "delivery" "blackhole"
.cindex "black hole"
.cindex "abandoning mail"
-&':blackhole:'& can be used. It does what its name implies. No delivery is
+Sometimes you want to throw away mail to a particular local part. Making the
+&%data%& option expand to an empty string does not work, because that causes
+the router to decline. Instead, the alias item
+.code
+:blackhole:
+.endd
+can be used. It does what its name implies. No delivery is
done, and no error message is generated. This has the same effect as specifying
&_/dev/null_& as a destination, but it can be independently disabled.
unauthenticated. See also &%hosts_require_auth%&, and chapter
&<<CHAPSMTPAUTH>>& for details of authentication.
+.new
+.option hosts_try_chunking smtp "host list&!!" *
+.cindex CHUNKING "enabling, in client"
+.cindex BDAT "SMTP command"
+.cindex "RFC 3030" "CHUNKING"
+This option provides a list of server to which, provided they announce
+CHUNKING support, Exim will attempt to use BDAT commands rather than DATA.
+BDAT will not be used in conjuction with a transport filter.
+.wen
+
.option hosts_try_prdr smtp "host list&!!" *
.cindex "PRDR" "enabling, optional in client"
This option provides a list of servers to which, provided they announce
Great care should be taken to deal with matters of case, various injection
attacks in the string (&`../`& or SQL), and ensuring that a valid filename
-can always be referenced; it is important to remember that &$tls_sni$& is
+can always be referenced; it is important to remember that &$tls_in_sni$& is
arbitrary unverified data provided prior to authentication.
+.new
+Further, the initial cerificate is loaded before SNI is arrived, so
+an expansion for &%tls_certificate%& must have a default which is used
+when &$tls_in_sni$& is empty.
+.wen
The Exim developers are proceeding cautiously and so far no other TLS options
are re-expanded.
the ACL specified by &%acl_smtp_data%&, which is the second ACL that is
associated with the DATA command.
+.new
+.cindex CHUNKING "BDAT command"
+.cindex BDAT "SMTP command"
+.cindex "RFC 3030" CHUNKING
+If CHUNKING was advertised and a BDAT command sequence is received,
+the &%acl_smtp_predata%& ACL is not run.
+. XXX why not? It should be possible, for the first BDAT.
+The &%acl_smtp_data%& is run after the last BDAT command and all of
+the data specified is received.
+.wen
+
For both of these ACLs, it is not possible to reject individual recipients. An
error response rejects the entire message. Unfortunately, it is known that some
MTAs do not treat hard (5&'xx'&) responses to the DATA command (either
example:
.code
deny dnslists = list1.example
-dnslists = list2.example
+ dnslists = list2.example
.endd
If there are no conditions, the verb is always obeyed. Exim stops evaluating
the conditions and modifiers when it reaches a condition that fails. What
check a RCPT command:
.code
accept domains = +local_domains
-endpass
-verify = recipient
+ endpass
+ verify = recipient
.endd
If the recipient domain does not match the &%domains%& condition, control
passes to the next statement. If it does match, the recipient is verified, and
is what is wanted for subsequent tests.
-.vitem &*control&~=&~cutthrough_delivery*&
+.vitem &*control&~=&~cutthrough_delivery/*&<&'options'&>
.cindex "&ACL;" "cutthrough routing"
.cindex "cutthrough" "requesting"
This option requests delivery be attempted while the item is being received.
Should the ultimate destination system positively accept or reject the mail,
a corresponding indication is given to the source system and nothing is queued.
-If there is a temporary error the item is queued for later delivery in the
-usual fashion. If the item is successfully delivered in cutthrough mode
+If the item is successfully delivered in cutthrough mode
the delivery log lines are tagged with ">>" rather than "=>" and appear
before the acceptance "<=" line.
+.new
+If there is a temporary error the item is queued for later delivery in the
+usual fashion.
+This behaviour can be adjusted by appending the option &*defer=*&<&'value'&>
+to the control; the default value is &"spool"& and the alternate value
+&"pass"& copies an SMTP defer response from the target back to the initiator
+and does not queue the message.
+Note that this is independent of any receipient verify conditions in the ACL.
+.wen
+
Delivery in this mode avoids the generation of a bounce mail to a
(possibly faked)
sender when the destination system is doing content-scan based rejection.
Unix and TCP socket specifications may be mixed in any order.
Each element of the list is a list itself, space-separated by default
-and changeable in the usual way.
+and changeable in the usual way; take care to not double the separator.
For TCP socket specifications a host name or IP (v4 or v6, but
subject to list-separator quoting rules) address can be used,
A multiline text table, containing the full SpamAssassin report for the
message. Useful for inclusion in headers or reject messages.
This variable is only usable in a DATA-time ACL.
+.new
+Beware that SpamAssassin may return non-ASCII characters, especially
+when running in country-specific locales, which are not legal
+unencoded in headers.
+.wen
.vitem &$spam_action$&
For SpamAssassin either 'reject' or 'no action' depending on the
.section "Resent- header lines" "SECID220"
.cindex "&%Resent-%& header lines"
+.cindex "header lines" "Resent-"
RFC 2822 makes provision for sets of header lines starting with the string
&`Resent-`& to be added to a message when it is resent by the original
recipient to somebody else. These headers are &'Resent-Date:'&,
.section "The Date: header line" "SECID223"
.cindex "&'Date:'& header line"
+.cindex "header lines" "Date:"
If a locally-generated or submission-mode message has no &'Date:'& header line,
Exim adds one, using the current date and time, unless the
&%suppress_local_fixups%& control has been specified.
.section "The Envelope-to: header line" "SECID225"
.cindex "&'Envelope-to:'& header line"
+.cindex "header lines" "Envelope-to:"
.oindex "&%envelope_to_remove%&"
&'Envelope-to:'& header lines are not part of the standard RFC 2822 header set.
Exim can be configured to add them to the final delivery of messages. (See the
.section "The From: header line" "SECTthefrohea"
.cindex "&'From:'& header line"
+.cindex "header lines" "From:"
.cindex "Sendmail compatibility" "&""From""& line"
.cindex "message" "submission"
.cindex "submission mode"
.section "The Message-ID: header line" "SECID226"
.cindex "&'Message-ID:'& header line"
+.cindex "header lines" "Message-ID:"
.cindex "message" "submission"
.oindex "&%message_id_header_text%&"
If a locally-generated or submission-mode incoming message does not contain a
.section "The Received: header line" "SECID227"
.cindex "&'Received:'& header line"
+.cindex "header lines" "Received:"
A &'Received:'& header line is added at the start of every message. The
contents are defined by the &%received_header_text%& configuration option, and
Exim automatically adds a semicolon and a timestamp to the configured string.
.section "The References: header line" "SECID228"
.cindex "&'References:'& header line"
+.cindex "header lines" "References:"
Messages created by the &(autoreply)& transport include a &'References:'&
header line. This is constructed according to the rules that are described in
section 3.64 of RFC 2822 (which states that replies should contain such a
.section "The Return-path: header line" "SECID229"
.cindex "&'Return-path:'& header line"
+.cindex "header lines" "Return-path:"
.oindex "&%return_path_remove%&"
&'Return-path:'& header lines are defined as something an MTA may insert when
it does the final delivery of messages. (See the generic &%return_path_add%&
.section "The Sender: header line" "SECTthesenhea"
.cindex "&'Sender:'& header line"
.cindex "message" "submission"
+.cindex "header lines" "Sender:"
For a locally-originated message from an untrusted user, Exim may remove an
existing &'Sender:'& header line, and it may add a new one. You can modify
these actions by setting the &%local_sender_retain%& option true, the
timestamp. The flags are:
.display
&`<=`& message arrival
+&`(=`& message fakereject
&`=>`& normal message delivery
&`->`& additional address in same delivery
&`>>`& cutthrough message delivery
&`F `& sender address (on delivery lines)
&`H `& host name and IP address
&`I `& local interface used
+&`K `& CHUNKING extension used
&`id `& message id for incoming message
&`P `& on &`<=`& lines: protocol used
&` `& on &`=>`& and &`**`& lines: return path
-&`PRX `& on &'<='& and&`=>`& lines: proxy address
+&`PRDR`& PRDR extension used
+&`PRX `& on &`<=`& and &`=>`& lines: proxy address
&`Q `& alternate queue name
&`QT `& on &`=>`& lines: time spent on queue so far
&` `& on &"Completed"& lines: time spent on queue
DKIM support is compiled into Exim by default if TLS support is present.
It can be disabled by setting DISABLE_DKIM=yes in &_Local/Makefile_&.
-Exim's DKIM implementation allows to
+Exim's DKIM implementation allows for
.olist
-Sign outgoing messages: This function is implemented in the SMTP transport.
+Signing outgoing messages: This function is implemented in the SMTP transport.
It can co-exist with all other Exim features
(including transport filters)
except cutthrough delivery.
.next
-Verify signatures in incoming messages: This is implemented by an additional
+Verifying signatures in incoming messages: This is implemented by an additional
ACL (acl_smtp_dkim), which can be called several times per message, with
different signature contexts.
.endlist
.section "Signing outgoing messages" "SECDKIMSIGN"
.cindex "DKIM" "signing"
-Signing is implemented by setting private options on the SMTP transport.
+Signing is enabled by setting private options on the SMTP transport.
These options take (expandable) strings as arguments.
.option dkim_domain smtp string&!! unset
The signer that is being evaluated in this ACL run. This can be a domain or
an identity. This is one of the list items from the expanded main option
&%dkim_verify_signers%& (see above).
+
.vitem &%$dkim_verify_status%&
A string describing the general status of the signature. One of
.ilist
.next
&%pass%&: The signature passed verification. It is valid.
.endlist
+
.vitem &%$dkim_verify_reason%&
A string giving a little bit more detail when &%$dkim_verify_status%& is either
"fail" or "invalid". One of
re-written or otherwise changed in a way which is incompatible with
DKIM verification. It may of course also mean that the signature is forged.
.endlist
+
.vitem &%$dkim_domain%&
The signing domain. IMPORTANT: This variable is only populated if there is
an actual signature in the message for the current domain or identity (as
reflected by &%$dkim_cur_signer%&).
+
.vitem &%$dkim_identity%&
The signing identity, if present. IMPORTANT: This variable is only populated
if there is an actual signature in the message for the current domain or
identity (as reflected by &%$dkim_cur_signer%&).
+
.vitem &%$dkim_selector%&
The key record selector string.
+
.vitem &%$dkim_algo%&
The algorithm used. One of 'rsa-sha1' or 'rsa-sha256'.
+
.vitem &%$dkim_canon_body%&
The body canonicalization method. One of 'relaxed' or 'simple'.
+
.vitem &%dkim_canon_headers%&
The header canonicalization method. One of 'relaxed' or 'simple'.
+
.vitem &%$dkim_copiedheaders%&
A transcript of headers and their values which are included in the signature
(copied from the 'z=' tag of the signature).
+.new
+Note that RFC6376 requires that verification fail if the From: header is
+not included in the signature. Exim does not enforce this; sites wishing
+strict enforcement should code the check explicitly.
+.wen
+
.vitem &%$dkim_bodylength%&
The number of signed body bytes. If zero ("0"), the body is unsigned. If no
limit was set by the signer, "9999999999999" is returned. This makes sure
that this variable always expands to an integer value.
+
.vitem &%$dkim_created%&
UNIX timestamp reflecting the date and time when the signature was created.
When this was not specified by the signer, "0" is returned.
+
.vitem &%$dkim_expires%&
UNIX timestamp reflecting the date and time when the signer wants the
signature to be treated as "expired". When this was not specified by the
signer, "9999999999999" is returned. This makes it possible to do useful
integer size comparisons against this value.
+
.vitem &%$dkim_headernames%&
A colon-separated list of names of headers included in the signature.
+
.vitem &%$dkim_key_testing%&
"1" if the key record has the "testing" flag set, "0" if not.
+
.vitem &%$dkim_key_nosubdomains%&
"1" if the key record forbids subdomaining, "0" otherwise.
+
.vitem &%$dkim_key_srvtype%&
Service type (tag s=) from the key record. Defaults to "*" if not specified
in the key record.
+
.vitem &%$dkim_key_granularity%&
Key granularity (tag g=) from the key record. Defaults to "*" if not specified
in the key record.
+
.vitem &%$dkim_key_notes%&
Notes from the key record (tag n=).
+
.vitem &%$dkim_key_length%&
Number of bits in the key.
.endlist
verb to a group of domains or identities. For example:
.code
-# Warn when Mail purportedly from GMail has no signature at all
-warn log_message = GMail sender without DKIM signature
+# Warn when Mail purportedly from GMail has no gmail signature
+warn log_message = GMail sender without gmail.com DKIM signature
sender_domains = gmail.com
dkim_signers = gmail.com
dkim_status = none
.endd
+.new
+Note that the above does not check for a total lack of DKIM signing;
+for that check for empty &$h_DKIM-Signature:$& in the data ACL.
+.wen
+
.vitem &%dkim_status%&
ACL condition that checks a colon-separated list of possible DKIM verification
results against the actual result of verification. This is typically used