settings can be obtained by using &%routers%&, &%transports%&, or
&%authenticators%&.
+.cindex "environment"
+If &%environment%& is given as an argument, the set of environment
+variables is output, line by line. Using the &%-n%& flag supresses the value of the
+variables.
+
.cindex "options" "macro &-- extracting"
If invoked by an admin user, then &%macro%&, &%macro_list%& and &%macros%&
are available, similarly to the drivers. Because macros are sometimes used
file that exists is used. Failure to open an existing file stops Exim from
proceeding any further along the list, and an error is generated.
+The file names need to be absolute names.
+
When this option is used by a caller other than root, and the list is different
from the compiled-in list, Exim gives up its root privilege immediately, and
runs with the real and effective uid and gid set to those of the caller.
-.section "Expansion of lists" "SECID75"
+.section "Expansion of lists" "SECTlistexpand"
.cindex "expansion" "of lists"
Each list is expanded as a single string before it is used. The result of
expansion must be a list, possibly containing empty items, which is split up
Only a single host name may be given, but if looking it up yields more than
one IP address, they are each tried in turn until a connection is made. For
both kinds of socket, Exim makes a connection, writes the request string
-(unless it is an empty string) and reads from the socket until an end-of-file
+unless it is an empty string; and no terminating NUL is ever sent)
+and reads from the socket until an end-of-file
is read. A timeout of 5 seconds is applied. Additional, optional arguments
extend what can be done. Firstly, you can vary the timeout. For example:
.code
.cindex "expansion" "base64 encoding"
.cindex "base64 encoding" "in string expansion"
.cindex "&%base64%& expansion item"
+.cindex certificate "base64 of DER"
This operator converts a string into one that is base64 encoded.
+If the string is a single variable of type certificate,
+returns the base64 encoding of the DER form of the certificate.
+
+
.vitem &*${base64d:*&<&'string'&>&*}*&
.cindex "expansion" "base64 decoding"
.cindex "base64 decoding" "in string expansion"
.row &%bounce_message_file%& "content of bounce"
.row &%bounce_message_text%& "content of bounce"
.row &%bounce_return_body%& "include body if returning message"
+.row &%bounce_return_linesize_limit%& "limit on returned message line length"
.row &%bounce_return_message%& "include original message in bounce"
.row &%bounce_return_size_limit%& "limit on returned message"
.row &%bounce_sender_authentication%& "send authenticated sender with bounce"
This option defines the ACL that is run when an SMTP VRFY command is
received. See chapter &<<CHAPACL>>& for further details.
+.new
+.option add_environment main "string list" empty
+.cindex "environment" "inherited"
+This option allows to set individual environment variables that the
+currently linked libraries and programs in child processes use. The
+default list is empty,
+.wen
+
.option admin_groups main "string list&!!" unset
.cindex "admin user"
This option is expanded just once, at the start of Exim's processing. If the
point at which the error was detected are returned.
.cindex "bounce message" "including original"
+.option bounce_return_linesize_limit main integer 998
+.cindex "size" "of bounce lines, limit"
+.cindex "bounce message" "line length limit"
+.cindex "limit" "bounce message line length"
+This option sets a limit in bytes on the line length of messages
+that are returned to senders due to delivery problems,
+when &%bounce_return_message%& is true.
+The default value corresponds to RFC limits.
+If the message being returned has lines longer than this value it is
+treated as if the &%bounce_return_size_limit%& (below) restriction was exceeded.
+
+The option also applies to bounces returned when an error is detected
+during reception of a messsage.
+In this case lines from the original are truncated.
+
+The option does not apply to messages generated by an &(autoreply)& transport.
+
+
.option bounce_return_message main boolean true
If this option is set false, none of the original message is included in
bounce messages generated by Exim. See also &%bounce_return_size_limit%& and
.option ignore_fromline_local main boolean false
See &%ignore_fromline_hosts%& above.
+.new
+.option keep_environment main "string list" unset
+.cindex "environment" "inherited"
+This option contains a string list of environment variables to keep.
+You have to trust these variables or you have to be sure that
+these variables do not impose any security risk. Keep in mind that
+during the startup phase Exim is running with an effective UID 0 in most
+installations. As the default value is an empty list, the default
+environment for using libraries, running embedded Perl code, or running
+external binaries is empty, and does not not even contain PATH or HOME.
+
+Actually the list is interpreted as a list of patterns
+(&<<SECTlistexpand>>&), except that it is not expanded first.
+
+WARNING: Macro substitution is still done first, so having a macro
+FOO and having FOO_HOME in your &%keep_environment%& option may have
+unexpected results. You may work around this using a regular expression
+that does not match the macro name: ^[F]OO_HOME$.
+
+Current versions of Exim issue a warning during startupif you do not mention
+&%keep_environment%& or &%add_environment%& in your runtime configuration
+file.
+.wen
+
.option keep_malformed main time 4d
This option specifies the length of time to keep messages whose spool files
transport driver.
-.option openssl_options main "string list" "+no_sslv2"
+.option openssl_options main "string list" "+no_sslv2 +single_dh_use"
.cindex "OpenSSL "compatibility options"
This option allows an administrator to adjust the SSL options applied
by OpenSSL to connections. It is given as a space-separated list of items,
&%sender_unqualified_hosts%&, or if the message was submitted locally (not
using TCP/IP), and the &%-bnq%& option was not set.
+.option set_environment main "string list" empty
+.cindex "environment"
+This option allows to set individual environment variables that the
+currently linked libraries and programs in child processes use. The
+default list is empty,
+
.option slow_lookup_log main integer 0
.cindex "logging" "slow lookups"
of the message. Its value must not be zero. See also &%final_timeout%&.
+.option dkim_domain smtp string&!! unset
+.option dkim_selector smtp string&!! unset
+.option dkim_private_key smtp string&!! unset
+.option dkim_canon smtp string&!! unset
+.option dkim_strict smtp string&!! unset
+.option dkim_sign_headers smtp string&!! unset
+DKIM signing options. For details see &<<SECDKIMSIGN>>&.
+
+
.option delay_after_cutoff smtp boolean true
This option controls what happens when all remote IP addresses for a given
domain have been inaccessible for so long that they have passed their retry
.option tls_verify_hosts smtp "host list&!!" unset
.cindex "TLS" "server certificate verification"
.cindex "certificate" "verification of server"
-This option gives a list of hosts for which. on encrypted connections,
+This option gives a list of hosts for which, on encrypted connections,
certificate verification must succeed.
The &%tls_verify_certificates%& option must also be set.
If both this option and &%tls_try_verify_hosts%& are unset
.section "Testing ACLs" "SECID188"
The &%-bh%& command line option provides a way of testing your ACL
configuration locally by running a fake SMTP session with which you interact.
-The host &'relay-test.mail-abuse.org'& provides a service for checking your
-relaying configuration (see section &<<SECTcheralcon>>& for more details).
-
.section "Specifying when ACLs are used" "SECID189"
session, and indeed is required to issue a new EHLO or HELO after successfully
setting up encryption following a STARTTLS command.
+.new
+Note also that a deny neither forces the client to go away nor means that
+mail will be refused on the connection. Consider checking for
+&$sender_helo_name$& being defined in a MAIL or RCPT ACL to do that.
+.wen
+
If the command is accepted by an &%accept%& verb that has a &%message%&
modifier, the message may not contain more than one line (it will be truncated
at the first newline and a panic logged if it does). Such a message cannot
modified by any of the post-data ACLs (DATA, MIME and DKIM).
Headers may be modified by routers (subject to the above) and transports.
+.new
+All the usual ACLs are called; if one results in the message being
+rejected, all effort spent in delivery (including the costs on
+the ultimate destination) will be wasted.
+Note that in the case of data-time ACLs this includes the entire
+message body.
+.wen
+
Cutthrough delivery is not supported via transport-filters or when DKIM signing
of outgoing messages is done, because it sends data to the ultimate destination
before the entire message has been received from the source.
You can check the relay characteristics of your configuration in the same way
that you can test any ACL behaviour for an incoming SMTP connection, by using
the &%-bh%& option to run a fake SMTP session with which you interact.
-
-For specifically testing for unwanted relaying, the host
-&'relay-test.mail-abuse.org'& provides a useful service. If you telnet to this
-host from the host on which Exim is running, using the normal telnet port, you
-will see a normal telnet connection message and then quite a long delay. Be
-patient. The remote host is making an SMTP connection back to your host, and
-trying a number of common probes to test for open relay vulnerability. The
-results of the tests will eventually appear on your terminal.
.ecindex IIDacl
When Exim receives a VRFY or EXPN command on a TCP/IP connection, it
runs the ACL specified by &%acl_smtp_vrfy%& or &%acl_smtp_expn%& (as
appropriate) in order to decide whether the command should be accepted or not.
-If no ACL is defined, the command is rejected.
+.new
.cindex "VRFY" "processing"
+When no ACL is defined for VRFY, or if it rejects without
+setting an explicit response code, the command is accepted
+(with a 252 SMTP response code)
+in order to support awkward clients that do a VRFY before every RCPT.
+.wen
When VRFY is accepted, it runs exactly the same code as when Exim is
-called with the &%-bv%& option.
+called with the &%-bv%& option, and returns 250/451/550
+SMTP response codes.
.cindex "EXPN" "processing"
+If no ACL for EXPN is defined, the command is rejected.
When EXPN is accepted, a single-level expansion of the address is done.
EXPN is treated as an &"address test"& (similar to the &%-bt%& option) rather
than a verification (the &%-bv%& option). If an unqualified local part is given
&` `& on &"Completed"& lines: time spent on queue
&`R `& on &`<=`& lines: reference for local bounce
&` `& on &`=>`& &`**`& and &`==`& lines: router name
-&`S `& size of message
+&`S `& size of message in bytes
&`SNI `& server name indication from TLS client hello
&`ST `& shadow transport name
&`T `& on &`<=`& lines: message subject (topic)
be tracked on a per-domain basis, rather than merely upon source IP address.
DKIM is documented in RFC 4871.
-Since version 4.70, DKIM support is compiled into Exim by default. It can be
-disabled by setting DISABLE_DKIM=yes in &_Local/Makefile_&.
+.new
+DKIM support is compiled into Exim by default if TLS support is present.
+.wen
+It can be disabled by setting DISABLE_DKIM=yes in &_Local/Makefile_&.
Exim's DKIM implementation allows to
.olist
senders).
-.section "Signing outgoing messages" "SECID513"
+.section "Signing outgoing messages" "SECDKIMSIGN"
.cindex "DKIM" "signing"
Signing is implemented by setting private options on the SMTP transport.
MANDATORY:
This sets the key selector string. You can use the &%$dkim_domain%& expansion
variable to look up a matching selector. The result is put in the expansion
-variable &%$dkim_selector%& which should be used in the &%dkim_private_key%&
+variable &%$dkim_selector%& which may be used in the &%dkim_private_key%&
option along with &%$dkim_domain%&.
.option dkim_private_key smtp string&!! unset