X-Git-Url: https://git.exim.org/users/jgh/exim.git/blobdiff_plain/9cc891cbbae246cb4d90b1f01aa01c70954fafdc..f08724248e7a36fab313e332288de73165d07fe5:/doc/doc-src/spec.src diff --git a/doc/doc-src/spec.src b/doc/doc-src/spec.src index 31d0a2d42..dd7685689 100644 --- a/doc/doc-src/spec.src +++ b/doc/doc-src/spec.src @@ -1,8 +1,8 @@ -. $Cambridge: exim/doc/doc-src/spec.src,v 1.3 2005/01/14 16:18:57 tom Exp $ +. $Cambridge: exim/doc/doc-src/spec.src,v 1.8 2005/02/17 11:58:25 ph10 Exp $ . .set version "4.50" .set previousversion "4.40" -.set versionmonth "January" +.set versionmonth "February" .set versionyear "2005" .set ACL "ACL" @@ -138,7 +138,8 @@ .blank .endm -.macro startconf +.macro startconf "" +.set confsection "~~1" .newline .push .if ~~sys.fancy @@ -166,8 +167,13 @@ .else .index \~~1\ option .fi +.if "~~confsection" == "" +.set inssect "" +.else +.set inssect "$rm{Use:} $it{~~confsection}###" +.fi .tempindent 0 -\**~~1**\ $c $rm{Type:} $it{~~2} $e $rm{Default:} $it{~~3} +\**~~1**\ $c ~~inssect$rm{Type:} $it{~~2} $e $rm{Default:} $it{~~3} .blank .endm @@ -189,6 +195,7 @@ .index LF character $it{see linefeed} .index maximum $it{see limit} .index NUL $it{see binary zero} +.index passwd file $it{see \(/etc/passwd)\} .index process id $it{see pid} .index RBL $it{see DNS list} .index redirection $it{see address redirection} @@ -335,14 +342,17 @@ systems. I am grateful to them all. The distribution now contains a file called \(ACKNOWLEDGMENTS)\, in which I have started recording the names of contributors. + .section Exim documentation .index documentation +.em This edition of the Exim specification applies to version ~~version of Exim. Substantive changes from the ~~previousversion edition are marked by bars in the right-hand margin in the PostScript, PDF, and plain text versions of the document, and by green text in the HTML version, as shown by this paragraph. Changes are not marked in the Texinfo version, because Texinfo doesn't support change bars. Minor corrections and rewordings are not marked. +.nem This document is very much a reference manual; it is not a tutorial. The reader is expected to have some familiarity with the SMTP mail transfer protocol and @@ -376,11 +386,19 @@ published by O'Reilly, covers Exim 3, and many things have changed in Exim 4.) .index change log As the program develops, there may be features in newer versions that have not yet made it into this document, which is updated only when the most significant -digit of the fractional part of the version number changes. However, -specifications of new features that are not yet in this manual are placed in -the file \(doc/NewStuff)\ in the Exim distribution. All changes to the program -(whether new features, bug fixes, or other kinds of change) are noted briefly -in the file called \(doc/ChangeLog)\. +digit of the fractional part of the version number changes. Specifications of +new features that are not yet in this manual are placed in the file +\(doc/NewStuff)\ in the Exim distribution. + +.em +Some features may be classified as `experimental'. These may change +incompatibly while they are developing, or even be withdrawn. For this reason, +they are not documented in this manual. Information about experimental features +can be found in the file \(doc/experimental.txt)\. +.nem + +All changes to the program (whether new features, bug fixes, or other kinds of +change) are noted briefly in the file called \(doc/ChangeLog)\. .index \(doc/spec.txt)\ This specification itself is available as an ASCII file in \(doc/spec.txt)\ so @@ -391,6 +409,11 @@ directory are: \(OptionLists.txt)\ $t $rm{list of all options in alphabetical order} \(dbm.discuss.txt)\ $t $rm{discussion about DBM libraries} \(exim.8)\ $t $rm{a man page of Exim's command line options} +.newline +.em +\(experimental.txt)\ $t $rm{documentation of experimental features} +.nem +.newline \(filter.txt)\ $t $rm{specification of the filter language} \(pcrepattern.txt)\ $t $rm{specification of PCRE regular expressions} \(pcretest.txt)\ $t $rm{specification of the PCRE testing program} @@ -402,16 +425,34 @@ available in other formats (HTML, PostScript, PDF, and Texinfo). Section ~~SECTavail below tells you how to get hold of these. -.section FTP and web sites, and mailing list +.section FTP and web sites .index web site .index FTP site -The primary distribution site for Exim is an FTP site, whose contents are -described in \*Where to find the Exim distribution*\ below. In addition, -there is a web site at \?http://www.exim.org?\ by courtesy of Energis Squared, -formerly Planet Online Ltd, who are situated in the UK. The site is mirrored in -a number of other countries; links to the mirrors are listed on the home page. -The web site contains the Exim distribution, and you can also find the -documentation and the +.em +The primary distribution site for Exim is currently the University of +Cambridge's FTP site, whose contents are described in \*Where to find the Exim +distribution*\ below. In addition, there is a +.if ~~html +[(A HREF="http://www.exim.org/")] +.fi +web site +.if ~~html +[(/A)] +.fi +and an +.if ~~html +[(A HREF="ftp://ftp.exim.org/")] +.fi +FTP site +.if ~~html +[(/A)] +.fi +at \exim.org\. These are now also hosted at the University of Cambridge. +The \exim.org\ site was previously hosted for a number of years by Energis +Squared, formerly Planet Online Ltd, whose support I gratefully acknowledge. + +As well as Exim distribution tar files, the Exim web site contains a number of +differently formatted versions of the documentation, including the .index FAQ .if ~~html [(A HREF="FAQ.html")] @@ -420,15 +461,31 @@ FAQ .if ~~html [(/A)] .fi -online there, as well as other relevant material. +in both text and HTML formats. The HTML version comes with a keyword-in-context +index. A recent addition to the online information is the +.index wiki +.if ~~html +[(A HREF="http://www.exim.org/eximwiki/")] +Exim wiki. +[(/A)] +.else +Exim wiki (\?http://www.exim.org/eximwiki/?\). +.fi +We hope that this will make it easier for Exim users to contribute examples, +tips, and know-how for the benefit of others. +.nem +.section Mailing lists .index mailing lists||for Exim users -Energis Squared also provide resources for the following mailing lists: +.em +The following are the three main Exim mailing lists: .display rm .tabs 28 $it{exim-users@@exim.org} $t general discussion list +$it{exim-dev@@exim.org} $t discussion of bugs, enhancements, etc. $it{exim-announce@@exim.org} $t moderated, low volume announcements list .endd +.nem You can subscribe to these lists, change your existing subscriptions, and view or search the archives via the .if ~~html @@ -463,6 +520,7 @@ you are unsure whether some behaviour is a bug or not, the best thing to do is to post a message to the $it{exim-users} mailing list and have it discussed. +.em .section Where to find the Exim distribution .rset SECTavail "~~chapter.~~section" .index FTP site @@ -474,18 +532,23 @@ The master ftp site for the Exim distribution is .fi \?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim?\ .endd -Within that directory there are subdirectories called \(exim3)\ (for previous -Exim 3 distributions), \(exim4)\ (for the latest Exim 4 distributions), and -\(Testing)\ for occasional testing versions. Those mirror sites that I know -about are listed in the file +This is mirrored by .display rm .if ! ~~sys.fancy .indent 0 .fi -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Mirrors?\ +\?ftp://ftp.exim.org/pub/exim?\ .endd -In the \(exim4)\ subdirectory, the current release can always be found in -files called +The file references that follow are relative to the \(exim)\ directories at +these sites. + +There are now quite a number of independent mirror sites around the world. +Those that I know about are listed in the file called \(Mirrors)\. + +Within the \(exim)\ directory there are subdirectories called \(exim3)\ (for +previous Exim 3 distributions), \(exim4)\ (for the latest Exim 4 +distributions), and \(Testing)\ for testing versions. In the \(exim4)\ +subdirectory, the current release can always be found in files called .display rm \(exim-$it{n.nn}.tar.gz)\ \(exim-$it{n.nn}.tar.bz2)\ @@ -496,33 +559,17 @@ The \(.bz2)\ file is usually a lot smaller than the \(.gz)\ file. .index distribution||signing details .index distribution||public key .index public key for signed distribution -The distributions are signed with Philip Hazel's GPG key. -The corresponding public key is available from a number of keyservers, and -there is also a copy in the file: -.display rm -.if ! ~~sys.fancy -.indent 0 -.fi -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/Public-Key?\ -.endd -The signatures for the tar bundles are in: +The distributions are currently signed with Philip Hazel's GPG key. The +corresponding public key is available from a number of keyservers, and there is +also a copy in the file \(Public-Key)\. The signatures for the tar bundles are +in: .display rm \(exim-$it{n.nn}.tar.gz.sig)\ \(exim-$it{n.nn}.tar.bz2.sig)\ .endd - -When there is only a small amount of change from one release to the next, a -patch file may be provided, with a final component name of the form -.display rm -\(exim-patch-$it{n.nn}-$it{m.mm}.gz)\ -.endd -For each released version, the log of changes is made separately available in -the directory -.display rm -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/ChangeLogs?\ -.endd -so that it is possible to find out what has changed without having to download -the entire distribution. +For each released version, the log of changes is made separately available in a +separate file in the directory \(ChangeLogs)\ so that it is possible to +find out what has changed without having to download the entire distribution. .index documentation||available formats The main distribution contains ASCII versions of this specification and other @@ -538,13 +585,10 @@ These tar files contain only the \(doc)\ directory, not the complete distribution, and are also available in \(.bz2)\ as well as \(.gz)\ forms. .index FAQ -The FAQ is available for downloading in two different formats from +The FAQ is available for downloading in two different formats in these files: .display rm -.if ! ~~sys.fancy -.indent 0 -.fi -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/FAQ.txt.gz?\ -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/FAQ.html.tar.gz?\ +\(exim4/FAQ.txt.gz)\ +\(exim4/FAQ.html.tar.gz)\ .endd The first of these is a single ASCII file that can be searched with a text editor. The second is a directory of HTML files, normally accessed by starting @@ -555,32 +599,17 @@ often the most convenient way of finding your way around. .section Wish list .index wish list A wish list is maintained, containing ideas for new features that have been -submitted. From time to time the file is exported to the ftp site: -.display rm -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/WishList?\ -.endd -Items are removed from the list if they get implemented. +submitted. From time to time the file is exported to the ftp site into the file +\(exim4/WishList)\. Items are removed from the list if they get implemented. .section Contributed material .index contributed material -At the ftp site, there is a directory called -.display rm -.if ! ~~sys.fancy -.indent 0 -.fi -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/Contrib/?\ -.endd -which contains miscellaneous files contributed to the Exim community by Exim -users. There is also a collection of contributed configuration examples in -.display rm -.if ! ~~sys.fancy -.indent 0 -.fi -\?ftp://ftp.csx.cam.ac.uk/pub/software/email/exim/exim4/config.samples.tar.gz?\ -.endd -These samples are referenced from the FAQ. - +At the ftp site, there is a directory called \(Contrib)\ that contains +miscellaneous files contributed to the Exim community by Exim users. There is +also a collection of contributed configuration examples in +\(exim4/config.samples.tar.gz)\. These samples are referenced from the FAQ. +.nem .section Limitations .index limitations of Exim @@ -615,9 +644,13 @@ such mail are large, it is better to get the messages `delivered' into files (that is, off Exim's queue) and subsequently passed on to the dial-in hosts by other means. .nextp -Although Exim does have some facilities for scanning incoming messages, these +.em +Although Exim does have basic facilities for scanning incoming messages, these are not comprehensive enough to do full virus or spam scanning. Such operations -are best carried out using additional specialized software packages. +are best carried out using additional specialized software packages. If you +compile Exim with the content-scanning extension, straightforward interfaces to +a number of common scanners are provided. +.nem .endp @@ -658,11 +691,12 @@ below) by a blank line. .index bounce message||definition of When a message cannot be delivered, it is normally returned to the sender in a -delivery failure message. The term \*bounce*\ is commonly used for this action, -and the error reports are often called \*bounce messages*\. This is a -convenient shorthand for `delivery failure error report'. Such messages have an -empty sender address in the message's \*envelope*\ (see below) to ensure that -they cannot themselves give rise to further bounce messages. +delivery failure message or a `non-delivery report' (NDR). The term \*bounce*\ +is commonly used for this action, and the error reports are often called +\*bounce messages*\. This is a convenient shorthand for `delivery failure error +report'. Such messages have an empty sender address in the message's +\*envelope*\ (see below) to ensure that they cannot themselves give rise to +further bounce messages. The term \*default*\ appears frequently in this manual. It is used to qualify a value which is used in the absence of any setting in the configuration. It may @@ -745,18 +779,18 @@ the Exim documentation, `spool' is always used in the first sense. A number of pieces of external code are included in the Exim distribution. .numberpars $. Regular expressions are supported in the main Exim program and in the Exim -monitor using the freely-distributable PCRE library, copyright (c) 2003 -University of Cambridge. The source is distributed in the directory -\(src/pcre)\. However, this is a cut-down version of PCRE. If you want to use -the PCRE library in other programs, you should obtain and install the full -version from \?ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre?\. +monitor using the freely-distributable PCRE library, copyright (c) University +of Cambridge. The source is distributed in the directory \(src/pcre)\. However, +this is a cut-down version of PCRE. If you want to use the PCRE library in +other programs, you should obtain and install the full version from +\?ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre?\. .space 1ld .nextp .index cdb||acknowledgement Support for the cdb (Constant DataBase) lookup method is provided by code -contributed by Nigel Metheringham of Planet Online Ltd. which contains the -following statements: +contributed by Nigel Metheringham of (at the time he contributed it) Planet +Online Ltd. which contains the following statements: .rule .push .if ~~sgcal @@ -904,6 +938,13 @@ SOFTWARE. .newline .pop .rule +.space 1ld +.nextp +.em +Many people have contributed code fragments, some large, some small, that were +not covered by any specific licence requirements. It is assumed that the +contributors are happy to see their code incoporated into Exim under the GPL. +.nem .endp @@ -936,23 +977,37 @@ specifying policy controls on incoming mail: .numberpars $. .index ~~ACL||introduction Exim 4 (unlike previous versions of Exim) implements policy controls on -incoming SMTP mail by means of \*Access Control Lists*\ (ACLs). Each list is a +incoming mail by means of \*Access Control Lists*\ (ACLs). Each list is a series of statements that may either grant or deny access. ACLs can be used at -several places in the SMTP dialogue while receiving a message. However, the -most common places are after each \\RCPT\\ command, and at the very end of the -message. The sysadmin can specify conditions for accepting or rejecting -individual recipients or the entire message, respectively, at these two points -(see chapter ~~CHAPACL). Denial of access results in an SMTP error code. +several places in the SMTP dialogue while receiving a message from a remote +host. However, the most common places are after each \\RCPT\\ command, and at +the very end of the message. The sysadmin can specify conditions for accepting +or rejecting individual recipients or the entire message, respectively, at +these two points (see chapter ~~CHAPACL). Denial of access results in an SMTP +error code. .nextp An ACL is also available for locally generated, non-SMTP messages. In this case, the only available actions are to accept or deny the entire message. .nextp +.em +When Exim is compiled with the content-scanning extension, facilities are +provided in the ACL mechanism for passing the message to external virus and/or +spam scanning software. The result of such a scan is passed back to the ACL, +which can then use it to decide what to do with the message. +.nem +.nextp When a message has been received, either from a remote host or from the local host, but before the final acknowledgement has been sent, a locally supplied C function called \*local@_scan()*\ can be run to inspect the message and decide whether to accept it or not (see chapter ~~CHAPlocalscan). If the message is accepted, the list of recipients can be modified by the function. .nextp +.em +Using the \*local@_scan()*\ mechanism is another way of calling external +scanner software. The \SA-Exim\ add-on package works this way. It does not +require Exim to be compiled with the content-scanning extension. +.nem +.nextp After a message has been accepted, a further checking mechanism is available in the form of the $it{system filter} (see chapter ~~CHAPsystemfilter). This runs at the start of every delivery process. @@ -1901,6 +1956,18 @@ you specify them in \(Local/Makefile)\ instead of at run time, so that errors detected early in Exim's execution (such as a malformed configuration file) can be logged. +.index content scanning||specifying at build time +.em +Exim's interfaces for calling virus and spam scanning sofware directly from +access control lists are not compiled by default. If you want to include these +facilities, you need to set +.display asis +WITH_CONTENT_SCAN=yes +.endd +in your \(Local/Makefile)\. For details of the facilities themselves, see +chapter ~~CHAPexiscan. +.nem + .index \(Local/eximon.conf)\ .index \(exim@_monitor/EDITME)\ If you are going to build the Exim monitor, a similar configuration process is @@ -1948,7 +2015,8 @@ to your \(Local/Makefile)\ and rebuild Exim. Exim can be built to support encrypted SMTP connections, using the \\STARTTLS\\ command as per RFC 2487. It can also support legacy clients that expect to start a TLS session immediately on connection to a non-standard port (see the -\-tls-on-connect-\ command line option). +\tls@_on@_connect@_ports\ runtime option and the \-tls-on-connect-\ command +line option). If you want to build Exim with TLS support, you must first install either the OpenSSL or GnuTLS library. There is no cryptographic code in Exim itself for @@ -2025,13 +2093,16 @@ it may also be necessary to set \\IPV6@_INCLUDE\\ and \\IPV6@_LIBS\\ on systems where the IPv6 support is not fully integrated into the normal include and library files. -IPv6 is still changing rapidly. Two different types of DNS record for handling -IPv6 addresses have been defined. AAAA records are already in use, and are -currently seen as the `mainstream', but another record type called A6 is being -argued about. Its status is currently `experimental'. Exim has support for A6 -records, but this is included only if you set \\SUPPORT@_A6=YES\\ in -\(Local/Makefile)\. - +.em +Two different types of DNS record for handling IPv6 addresses have been +defined. AAAA records (analagous to A records for IPv4) are in use, and are +currently seen as the mainstream. Another record type called A6 was proposed +as better than AAAA because it had more flexibility. However, it was felt to +be over-complex, and its status was reduced to `experimental'. It is not known +if anyone is actually using A6 records. Exim has support for A6 records, but +this is included only if you set \\SUPPORT@_A6=YES\\ in \(Local/Makefile)\. The +support has not been tested for some time. +.nem .section The building process .index build directory @@ -2726,15 +2797,22 @@ the controlling terminal, even when no debugging is specified. Run Exim in expansion testing mode. Exim discards its root privilege, to prevent ordinary users from using this mode to read otherwise inaccessible files. If no arguments are given, Exim runs interactively, prompting for lines -of data. Long expressions can be split over several lines by using backslash -continuations. -As in Exim's run time configuration, whitespace at the start of continuation -lines is ignored. +of data. +.em +If Exim was built with \\USE@_READLINE\\=yes in \(Local/Makefile)\, it tries +to load the \libreadline\ library dynamically whenever the \-be-\ option is +used without command line arguments. If successful, it uses the \*readline()*\ +function, which provides extensive line-editing facilities, for reading the +test data. A line history is supported. +.nem -Each argument or data line is passed through the string expansion mechanism, -and the result is output. Variable values from the configuration file (for -example, \$qualify@_domain$\) are available, but no message-specific values -(such as \$domain$\) are set, because no message is being processed. +Long expansion expressions can be split over several lines by using backslash +continuations. As in Exim's run time configuration, whitespace at the start of +continuation lines is ignored. Each argument or data line is passed through the +string expansion mechanism, and the result is output. Variable values from the +configuration file (for example, \$qualify@_domain$\) are available, but no +message-specific values (such as \$domain$\) are set, because no message is +being processed. .option bF #<> .index system filter||testing @@ -2749,12 +2827,22 @@ system filters are recognized. .index forward file||testing .index testing||forward file .index Sieve filter||testing -This option runs Exim in filter testing mode; the file is the filter file to be -tested, and a test message must be supplied on the standard input. If there are -no message-dependent tests in the filter, an empty file can be supplied. If a -system filter file is being tested, \-bF-\ should be used instead of \-bf-\. If -the test file does not begin with -one of the special lines +This option runs Exim in user filter testing mode; the file is the filter file +to be tested, and a test message must be supplied on the standard input. If +there are no message-dependent tests in the filter, an empty file can be +supplied. +.em +If you want to test a system filter file, use \-bF-\ instead of \-bf-\. You can +use both \-bF-\ and \-bf-\ on the same command, in order to +test a system filter and a user filter in the same run. For example: +.display asis +exim -bF /system/filter -bf /user/filter > $t $rm{default is the qualify domain} -\-bfl-\ $t <> $t $rm{default is the logged in user} -\-bfp-\ $t <> $t $rm{default is null} -\-bfs-\ $t <> $t $rm{default is null} -.endd -The local part should always be set to the incoming address with any prefix or +be set by means of additional command line options (see the next four options). + +.em +.option bfd #<> +This sets the domain of the recipient address when a filter file is being +tested by means of the \-bf-\ option. The default is the value of +\$qualify@_domain$\. + +.option bfl #<> +This sets the local part of the recipient address when a filter file is being +tested by means of the \-bf-\ option. The default is the username of the +process that calls Exim. A local part should be specified with any prefix or suffix stripped, because that is how it appears to the filter when a message is actually being delivered. +.option bfp #<> +This sets the prefix of the local part of the recipient address when a filter +file is being tested by means of the \-bf-\ option. The default is an empty +prefix. + +.option bfp #<> +This sets the suffix of the local part of the recipient address when a filter +file is being tested by means of the \-bf-\ option. The default is an empty +suffix. +.em + + .option bh #<> .index testing||incoming SMTP .index SMTP||testing incoming @@ -2805,6 +2903,12 @@ after a full stop. For example: exim -bh 10.9.8.7.1234 exim -bh fe80::a00:20ff:fe86:a061.5678 .endd +.em +When an IPv6 address is given, it is converted into canonical form. In the case +of the second example above, the value of \$sender@_host@_address$\ after +conversion to the canonical form is \"fe80:0000:0000:0a00:20ff:fe86:a061.5678"\. +.nem + Comments as to what is going on are written to the standard error file. These include lines beginning with `LOG' for anything that would have been logged. This facility is provided for testing configuration options for incoming @@ -3129,18 +3233,24 @@ the listening daemon. .index address||testing This option runs Exim in address testing mode, in which each argument is taken as an address to be tested for deliverability. The results are written to the -standard output. -If a test fails, and the caller is not an admin user, no details of the -failure are output, because these might contain sensitive information such as -usernames and passwords for database lookups. +standard output. If a test fails, and the caller is not an admin user, no +details of the failure are output, because these might contain sensitive +information such as usernames and passwords for database lookups. If no arguments are given, Exim runs in an interactive manner, prompting with a -right angle bracket for addresses to be tested. Each address is handled as if -it were the recipient address of a message (compare the \-bv-\ option). It is -passed to the routers and the result is written to the standard output. -However, any router that has \no@_address@_test\ set is bypassed. This can -make \-bt-\ easier to use for genuine routing tests if your first router passes -everything to a scanner program. +right angle bracket for addresses to be tested. +.em +Unlike the \-be-\ test option, you cannot arrange for Exim to use the +\*readline()*\ function, because it is running as \*root*\ and there are +security issues. +.nem + +Each address is handled as if it were the recipient address of a message +(compare the \-bv-\ option). It is passed to the routers and the result is +written to the standard output. However, any router that has +\no@_address@_test\ set is bypassed. This can make \-bt-\ easier to use for +genuine routing tests if your first router passes everything to a scanner +program. .index return code||for \-bt-\ The return code is 2 if any address failed outright; it is 1 if no address @@ -3166,6 +3276,17 @@ It also lists the DBM library this is being used, the optional modules (such as specific lookup types), the drivers that are included in the binary, and the name of the run time configuration file that is in use. +.em +As part of its operation, \-bV-\ causes Exim to read and syntax check its +configuration file. However, this is a static check only. It cannot check +values that are to be expanded. For example, although a misspelt ACL verb is +detected, an error in the verb's arguments is not. You cannot rely on \-bV-\ +alone to discover (for example) all the typos in the configuration; some +realistic testing is needed. The \-bh-\ and \-N-\ options provide more dynamic +testing facilities. +.nem + + .option bv .index verifying||address, using \-bv-\ .index address||verification @@ -3179,11 +3300,18 @@ failure are output, because these might contain sensitive information such as usernames and passwords for database lookups. If no arguments are given, Exim runs in an interactive manner, prompting with a -right angle bracket for addresses to be verified. Verification differs from -address testing (the \-bt-\ option) in that routers that have \no@_verify\ set -are skipped, and if the address is accepted by a router that has \fail@_verify\ -set, verification fails. The address is verified as a recipient if \-bv-\ is -used; to test verification for a sender address, \-bvs-\ should be used. +right angle bracket for addresses to be verified. +.em +Unlike the \-be-\ test option, you cannot arrange for Exim to use the +\*readline()*\ function, because it is running as \*exim*\ and there are +security issues. +.nem + +Verification differs from address testing (the \-bt-\ option) in that routers +that have \no@_verify\ set are skipped, and if the address is accepted by a +router that has \fail@_verify\ set, verification fails. The address is verified +as a recipient if \-bv-\ is used; to test verification for a sender address, +\-bvs-\ should be used. If the \-v-\ option is not set, the output consists of a single line for each address, stating whether it was verified or not, and giving a reason in the @@ -3218,13 +3346,18 @@ name, but it can be a colon-separated list of names. In this case, the first file that exists is used. Failure to open an existing file stops Exim from proceeding any further along the list, and an error is generated. -When this option is used by a caller other than root or the Exim user, -and the list is different from the compiled-in list, Exim gives up -its root privilege immediately, and runs with the real and effective uid and -gid set to those of the caller. -However, if \\ALT@_CONFIG@_ROOT@_ONLY\\ is defined in \(Local/Makefile)\, root -privilege is retained for \-C-\ only if the caller of Exim is root. -This option is not set by default. +When this option is used by a caller other than root or the Exim user, and the +list is different from the compiled-in list, Exim gives up its root privilege +immediately, and runs with the real and effective uid and gid set to those of +the caller. However, if \\ALT@_CONFIG@_ROOT@_ONLY\\ is defined in +\(Local/Makefile)\, root privilege is retained for \-C-\ only if the caller of +Exim is root. +.em +That is, the Exim user is no longer privileged in this regard. This build-time +option is not set by default in the Exim source distribution tarbundle. +However, if you are using a `packaged' version of Exim (source or binary), the +packagers might have enabled it. +.nem Setting \\ALT@_CONFIG@_ROOT@_ONLY\\ locks out the possibility of testing a configuration using \-C-\ right through message reception and delivery, even if @@ -3351,6 +3484,14 @@ in processing. If the \debug@_print\ option is set in any driver, it produces output whenever any debugging is selected, or if \-v-\ is used. +.em +.option dd <> +This option behaves exactly like \-d-\ except when used on a command that +starts a daemon process. In that case, debugging is turned off for the +subprocesses that the daemon creates. Thus, it is useful for monitoring the +behaviour of the daemon without creating as much output as full debugging does. +.nem + .option dropcr This is an obsolete option that is now a no-op. It used to affect the way Exim handled CR and LF characters in incoming messages. What happens now is @@ -3391,15 +3532,20 @@ between \-F-\ and the <> is optional. This option sets the address of the envelope sender of a locally-generated message (also known as the return path). The option can normally be used only by a trusted user, but \untrusted@_set@_sender\ can be set to allow untrusted -users to use it. In the absence of \-f-\, or if the caller is not allowed to -use it, the sender of a local message is set to the caller's login name at the -default qualify domain. +users to use it. +.em +Processes running as root or the Exim user are always trusted. Other +trusted users are defined by the \trusted@_users\ or \trusted@_groups\ options. + +In the absence of \-f-\, or if the caller is not trusted, the sender of a local +message is set to the caller's login name at the default qualify domain. There is one exception to the restriction on the use of \-f-\: an empty sender -can be specified by any user, to create a message that can never provoke a -bounce. An empty sender can be specified either as an empty string, or as a -pair of angle brackets with nothing between them, as in these examples of shell -commands: +can be specified by any user, trusted or not, +.nem +to create a message that can never provoke a bounce. An empty sender can be +specified either as an empty string, or as a pair of angle brackets with +nothing between them, as in these examples of shell commands: .display asis exim -f '<>' user@domain exim -f "" user@domain @@ -3658,10 +3804,15 @@ transport. If <> is omitted, the limit is set to 1. .index delivery||in the background This option applies to all modes in which Exim accepts incoming messages, including the listening daemon. It requests `background' delivery of such -messages, which means that the accepting process automatically starts delivery -process for each message received, but does not wait for the delivery process -to complete. This is the default action if none of the \-od-\ options are -present. +messages, which means that the accepting process automatically starts a +delivery process for each message received, but does not wait for the delivery +processes to finish. +.em +When all the messages have been received, the reception process exits, leaving +the delivery processes to finish in their own time. The standard output and +error streams are closed at the start of each delivery process. +.nem +This is the default action if none of the \-od-\ options are present. If one of the queueing options in the configuration file (\queue@_only\ or \queue@_only@_file\, for example) is in effect, \-odb-\ @@ -3675,9 +3826,21 @@ This option requests `foreground' (synchronous) delivery when Exim has accepted a locally-generated message. (For the daemon it is exactly the same as \-odb-\.) A delivery process is automatically started to deliver the message, and Exim waits for it to complete before proceeding. +.em +The original Exim reception process does not finish until the delivery +process for the final message has ended. The standard error stream is left open +during deliveries. +.nem However, like \-odb-\, this option has no effect if \queue@_only@_override\ is false and one of the queueing options in the configuration file is in effect. +.em +If there is a temporary delivery error during foreground delivery, the message +is left on the queue for later delivery, and the original reception process +exists. See chapter ~~CHAPnonqueueing for a way of setting up a restricted +configuration that never queues messages. +.nem + .option odi This option is synonymous with \-odf-\. It is provided for compatibility with Sendmail. @@ -3817,12 +3980,14 @@ if present, in \$interface@_port$\. .option oMr #<> .index protocol||incoming, specifying for local message See \-oMa-\ above for general remarks about the \-oM-\ options. The \-oMr-\ -option sets the received protocol value -in \$received@_protocol$\. -However, this applies only when \-bs-\ is not used. For interactive SMTP input, -the protocol is determined by whether \\EHLO\\ or \\HELO\\ is used, and is -always either `local-esmtp' or `local-smtp'. For \-bS-\ (batch SMTP) however, -the protocol can be set by \-oMr-\. +option sets the received protocol value that is stored in +\$received@_protocol$\. However, this applies only when \-bs-\ is not used. For +interactive SMTP input (\-bs-\), the protocol is always +.em +`local-' followed by one of the standard SMTP protocol names (see the +description of \$received@_protocol$\ in section ~~SECTexpvar). +.nem +For \-bS-\ (batch SMTP) however, the protocol can be set by \-oMr-\. .option oMs #<> .index sender||host name, specifying for local message @@ -4146,18 +4311,12 @@ compatibility with Sendmail. .option tls-on-connect .index TLS||use without STARTTLS .index TLS||automatic start -This option is available when Exim is compiled with TLS support. It makes it -possible to support legacy clients that do not support the \\STARTTLS\\ -command, but instead expect to start up a TLS session as soon as a connection -to the server is established. These clients use a special port (usually called -the `ssmtp' port) instead of the normal SMTP port 25. The \-tls-on-connect-\ -option can be used to run Exim in this way from \*inetd*\, and it can also be -used to run a special daemon that operates in this manner (use \-oX-\ to -specify the port). However, although it is possible to run one daemon that -listens on several ports, it is not possible to have some of them operate one -way and some the other. With only a few clients that need the legacy support, a -convenient approach is to use a daemon for normal SMTP (with or without -\\STARTTLS\\) and \*inetd*\ with \-tls-on-connect-\ for the legacy clients. +This option is available when Exim is compiled with TLS support. +.em +It forces all incoming SMTP connections to behave as if the incoming port is +listed in the \tls@_on@_connect@_ports\ option. See section ~~SECTsupobssmt and +chapter ~~CHAPTLS for further details. +.nem .option U .index Sendmail compatibility||\-U-\ option ignored @@ -4196,11 +4355,24 @@ option. .index run time configuration .index configuration file||general description .index \\CONFIGURE@_FILE\\ +.index configuration file||errors in +.index error||in configuration file +.index return code||for bad configuration Exim uses a single run time configuration file that is read whenever an Exim binary is executed. Note that in normal operation, this happens frequently, because Exim is designed to operate in a distributed manner, without central control. +.em +If a syntax error is detected while reading the configuration file, Exim +writes a message on the standard error, and exits with a non-zero return code. +The message is also written to the panic log. \**Note**\: only simple syntax +errors can be detected at this time. The values of any expanded options are +not checked until the expansion happens, even when the expansion does not +actually alter the string. +.nem + + The name of the configuration file is compiled into the binary for security reasons, and is specified by the \\CONFIGURE@_FILE\\ compilation option. In most configurations, this specifies a single file. However, it is permitted to @@ -4209,14 +4381,18 @@ existing file in the list. .index \\EXIM@_USER\\ .index \\EXIM@_GROUP\\ +.index \\CONFIGURE@_OWNER\\ +.index \\CONFIGURE@_GROUP\\ .index configuration file||ownership .index ownership||configuration file -The run time configuration file must be owned by root or by the user that -is specified at compile time by the \\EXIM@_USER\\ option, -or by the user that is specified at compile time by the \\CONFIGURE@_OWNER\\ -option (if set). -The configuration file must not be world-writeable or group-writeable, unless -its group is the one specified at compile time by the \\EXIM@_GROUP\\ option. +The run time configuration file must be owned by root or by the user that is +specified at compile time by the \\EXIM@_USER\\ option, or by the user that is +specified at compile time by the \\CONFIGURE@_OWNER\\ option (if set). The +configuration file must not be world-writeable or group-writeable, unless its +group is the one specified at compile time by the \\EXIM@_GROUP\\ option +.em +or by the \\CONFIGURE@_GROUP\\ option. +.nem \**Warning**\: In a conventional configuration, where the Exim binary is setuid to root, anybody who is able to edit the run time configuration file has an @@ -4224,21 +4400,12 @@ easy way to run commands as root. If you make your mail administrators members of the Exim group, but do not trust them with root, make sure that the run time configuration is not group writeable. - A default configuration file, which will work correctly in simple situations, -is provided in the file \(src/configure.default)\. -If \\CONFIGURE@_FILE\\ defines just one file name, the installation process -copies the default configuration to a new file of that name if it did not -previously exist. If \\CONFIGURE@_FILE\\ is a list, no default is automatically -installed. Chapter ~~CHAPdefconfil is a `walk-through' discussion of the -default configuration. - -.index configuration file||errors in -.index error||in configuration file -.index return code||for bad configuration -If a syntax error is detected while reading the configuration file, Exim -writes a message on the standard error, and exits with a non-zero return code. -The message is also written to the panic log. +is provided in the file \(src/configure.default)\. If \\CONFIGURE@_FILE\\ +defines just one file name, the installation process copies the default +configuration to a new file of that name if it did not previously exist. If +\\CONFIGURE@_FILE\\ is a list, no default is automatically installed. Chapter +~~CHAPdefconfil is a `walk-through' discussion of the default configuration. .section Using a different configuration file @@ -4323,14 +4490,23 @@ LOCAL_SCAN_HAS_OPTIONS=yes in \(Local/Makefile)\ before building Exim. Full details of the \*local@_scan()*\ facility are given in chapter ~~CHAPlocalscan. .endp +.index configuration file||leading whitespace in +.index configuration file||trailing whitespace in +.index whitespace||in configuration file +.em +Leading and trailing whitespace in configuration lines is always ignored. +.nem Blank lines in the file, and lines starting with a @# character (ignoring leading white space) are treated as comments and are ignored. \**Note**\: a @# character other than at the beginning of a line is not treated specially, and does not introduce a comment. -Any non-comment line can be continued by ending it with a backslash. Trailing -white space after the backslash is ignored, and leading white space at the -start of continuation lines is also ignored. +Any non-comment line can be continued by ending it with a backslash. +.em +Note that the general rule for whitespace means that trailing white space after +the backslash is ignored, and leading white space at the start of continuation +lines is also ignored. +.nem Comment lines beginning with @# (but not empty lines) may appear in the middle of a sequence of continuation lines. @@ -4641,12 +4817,12 @@ either consist entirely of digits, or be a name that can be looked up using the .index format||list item in configuration .index string list, definition .rset SECTlistconstruct "~~chapter.~~section" -The data for some configuration options is a colon-separated list of items. -Many of these options are shown with type `string list' in the descriptions -later in this document. Others are listed as `domain list', `host list', -`address list', or `local part list'. Syntactically, they are all the same; -however, those other than `string list' are subject to particular kinds of -interpretation, as described in chapter ~~CHAPdomhosaddlists. +The data for some configuration options is a list of items, with colon as the +default separator. Many of these options are shown with type `string list' in +the descriptions later in this document. Others are listed as `domain list', +`host list', `address list', or `local part list'. Syntactically, they are all +the same; however, those other than `string list' are subject to particular +kinds of interpretation, as described in chapter ~~CHAPdomhosaddlists. In all these cases, the entire list is treated as a single string as far as the input syntax is concerned. The \trusted@_users\ setting in section @@ -4659,15 +4835,14 @@ example, the list local_interfaces = 127.0.0.1 : ::::1 .endd contains two IP addresses, the IPv4 address 127.0.0.1 and the IPv6 address -@:@:1. IPv6 addresses are going to become more and more common as the new -protocol gets more widely deployed. +@:@:1. .index list||separator, changing .index IPv6||addresses in lists -Doubling their colons is an unwelcome chore, so a mechanism was introduced to -allow the separator character to be changed. If a list begins with a left angle -bracket, followed by any punctuation character, that character is used instead -of colon as the list separator. For example, the list above can be rewritten to -use a semicolon separator like this: +Doubling colons in IPv6 addresses is an unwelcome chore, so a mechanism was +introduced to allow the separator character to be changed. If a list begins +with a left angle bracket, followed by any punctuation character, that +character is used instead of colon as the list separator. For example, the list +above can be rewritten to use a semicolon separator like this: .display asis local_interfaces = <; 127.0.0.1 ; ::1 .endd @@ -4676,6 +4851,33 @@ This facility applies to all lists, with the exception of the list in confined to circumstances where they really are needed. +.em +.section Empty items in lists +.rset SECTempitelis "~~chapter.~~section" +.index list||empty item in +An empty item at the end of a list is always ignored. In other words, trailing +separator characters are ignored. Thus, the list in +.display asis +senders = user@domain : +.endd +contains only a single item. If you want to include an empty string as one item +in a list, it must not be the last item. For example, this list contains three +items, the second of which is empty: +.display asis +senders = user1@domain : : user2@domain +.endd +\**Note**\: there must be whitespace between the two colons, as otherwise they +are interpreted as representing a single colon data character (and the list +would then contain just one item). If you want to specify a list that contains +just one, empty item, you can do it as in this example: +.display asis +senders = : +.endd +In this case, the first item is empty, and the second is discarded because it +is at the end of the list. +.nem + + .section Format of driver configurations .rset SECTfordricon "~~chapter.~~section" .index drivers||configuration format @@ -5592,8 +5794,11 @@ above. The syntax requirements for the two cases are described in chapters Two different styles of data lookup are implemented: .numberpars $. The \*single-key*\ style requires the specification of a file in which to look, -and a single key to search for. The lookup type determines how the file is -searched. +and a single key to search for. +.em +The key must be a non-empty string for the lookup to succeed. +.nem +The lookup type determines how the file is searched. .nextp .index query-style lookup||definition of The \*query*\ style accepts a generalized database query. @@ -5726,14 +5931,14 @@ that the keys in an \%lsearch%\ file are literal strings. There is no wildcarding of any kind. .index lookup||lsearch, colons in keys -In most \%lsearch%\ files, keys are not required to contain colons -or @# characters, or -whitespace. However, if you need this feature, it is available. If a key begins -with a doublequote character, it is terminated only by a matching quote (or end -of line), and the normal escaping rules apply to its contents (see section -~~SECTstrings). An optional colon is permitted after quoted keys (exactly as -for unquoted keys). There is no special handling of quotes for the data part of -an \%lsearch%\ line. +.index whitespace||in lsearch key +In most \%lsearch%\ files, keys are not required to contain colons or @# +characters, or whitespace. However, if you need this feature, it is available. +If a key begins with a doublequote character, it is terminated only by a +matching quote (or end of line), and the normal escaping rules apply to its +contents (see section ~~SECTstrings). An optional colon is permitted after +quoted keys (exactly as for unquoted keys). There is no special handling of +quotes for the data part of an \%lsearch%\ line. .nextp .index NIS lookup type .index lookup||NIS @@ -5757,7 +5962,7 @@ whereas for \%nwildlsearch%\, no expansion takes place. Like \%lsearch%\, the testing is done case-insensitively. The following forms of wildcard are recognized: .numberpars "$*$" -The string may begin with an asterisk to mean `begins with'. For example: +The string may begin with an asterisk to mean `ends with'. For example: .display asis *.a.b.c data for anything.a.b.c *fish data for anythingfish @@ -5808,9 +6013,12 @@ many of them are given in later sections. .numberpars $. .index DNS||as a lookup type .index lookup||DNS -\%dnsdb%\: This does a DNS search for a record whose domain name is the supplied -query. The resulting data is the contents of the record. See section -~~SECTdnsdb. +\%dnsdb%\: This does a DNS search for +.em +one or more records whose domain names are given in the supplied query. The +resulting data is the contents of the records. +.nem +See section ~~SECTdnsdb. .nextp .index Interbase lookup type .index lookup||Interbase @@ -5841,6 +6049,7 @@ Oracle database. See section ~~SECTsql. .nextp .index lookup||passwd .index passwd lookup type +.index \(/etc/passwd)\ \%passwd%\ is a query-style lookup with queries that are just user names. The lookup calls \*getpwnam()*\ to interrogate the system password data, and on success, the result string is the same as you would get from an \%lsearch%\ @@ -6037,18 +6246,22 @@ subject key is always followed by a dot. .section Lookup caching .index lookup||caching .index caching||lookup data -An Exim process -caches the most recent lookup result on a per-file basis for single-key -lookup types, and keeps the relevant files open. In some types of configuration -this can lead to many files being kept open for messages with many recipients. -To avoid hitting the operating system limit on the number of simultaneously -open files, Exim closes the least recently used file when it needs to open more -files than its own internal limit, which can be changed via the -\lookup@_open@_max\ option. - -For query-style lookups, a single data cache per lookup type is kept. The files -are closed and the caches flushed at strategic points during delivery -- for -example, after all routing is complete. +.em +Exim caches all lookup results in order to avoid needless repetition of +lookups. However, because (apart from the daemon) Exim operates as a collection +of independent, short-lived processes, this caching applies only within a +single Exim process. There is no inter-process caching facility. + +For single-key lookups, Exim keeps the relevant files open in case there is +another lookup that needs them. In some types of configuration this can lead to +many files being kept open for messages with many recipients. To avoid hitting +the operating system limit on the number of simultaneously open files, Exim +closes the least recently used file when it needs to open more files than its +own internal limit, which can be changed via the \lookup@_open@_max\ option. + +The single-key lookup files are closed and the lookup caches are flushed at +strategic points during delivery -- for example, after all routing is complete. +.nem .section Quoting lookup data @@ -6087,32 +6300,111 @@ lookups, since no quoting is ever needed in their key strings. .index dnsdb lookup .index lookup||dnsdb .index DNS||as a lookup type -The \%dnsdb%\ lookup type uses the DNS as its database. A query consists of a -record type and a domain name, separated by an equals sign. For example, an -expansion string could contain: +The \%dnsdb%\ lookup type uses the DNS as its database. A simple query consists +of a record type and a domain name, separated by an equals sign. For example, +an expansion string could contain: .display asis ${lookup dnsdb{mx=a.b.example}{$value}fail} .endd -The supported record types are A, CNAME, MX, NS, PTR, SRV, and TXT, -and, when Exim is compiled with IPv6 support, AAAA (and A6 if that is also -configured). If no type is given, TXT is assumed. When the type is PTR, the -address should be given as normal; it is converted to the necessary inverted -format internally. For example: +The supported DNS record types are A, CNAME, MX, NS, PTR, SRV, and TXT, and, +when Exim is compiled with IPv6 support, AAAA (and A6 if that is also +configured). If no type is given, TXT is assumed. When the type is PTR, +.em +the data can be an IP address, written as normal; inversion and the addition of +\in-addr.arpa\ or \ip6.arpa\ happens automatically. For example: .display asis ${lookup dnsdb{ptr=192.168.4.5}{$value}fail} .endd +If the data for a PTR record is not a syntactically valid IP address, it is not +altered and nothing is added. + +For any record type, if multiple records are found (or, for A6 lookups, if a +single record leads to multiple addresses), the data is returned as a +concatenation, with newline as the default separator. The order, of course, +depends on the DNS resolver. You can specify a different separator character +between multiple records by putting a right angle-bracket followed immediately +by the new separator at the start of the query. For example: +.display asis +${lookup dnsdb{>: a=host1.example}} +.endd +It is permitted to specify a space as the separator character. Further +whitespace is ignored. -.index MX record||in \%dnsdb%\ lookup -For MX records, both the preference value and the host name are returned, -separated by a space. .index SRV record||in \%dnsdb%\ lookup -For SRV records, the priority, weight, port, and host name are returned, -separated by spaces. For any record type, -if multiple records are found (or, for A6 lookups, if a single record leads to -multiple addresses), the data is returned as a concatenation, separated by -newlines. The order, of course, depends on the DNS resolver. +For SRV records, the priority, weight, port, and host name are returned for +each record, separated by spaces. + +.index MX record||in \%dnsdb%\ lookup +For MX records, both the preference value and the host name are returned for +each record, separated by a space. However, if you want only host names, you +can use the pseudo-type MXH: +.display asis +${lookup dnsdb{mxh=a.b.example}} +.endd +In this case, the preference values are omitted. + +.index name server||for enclosing domain +Another pseudo-type is ZNS (for `zone NS'). It performs a lookup for NS +records on the given domain, but if none are found, it removes the first +component of the domain name, and tries again. This process continues until NS +records are found or there are no more components left (or there is a DNS +error). In other words, it may return the name servers for a top-level domain, +but it never returns the root name servers. If there are no NS records for the +top-level domain, the lookup fails. Consider these examples: +.display asis +${lookup dnsdb{zns=xxx.quercite.com}} +${lookup dnsdb{zns=xxx.edu}} +.endd +Assuming that in each case there are no NS records for the full domain name, +the first returns the name servers for \quercite.com\, and the second returns +the name servers for \edu\. + +You should be careful about how you use this lookup because, unless the +top-level domain does not exist, the lookup always returns some host names. The +sort of use to which this might be put is for seeing if the name servers for a +given domain are on a blacklist. You can probably assume that the name servers +for the high-level domains such as \com\ or \co.uk\ are not going to be on such +a list. +.nem +.em +.section Multiple dnsdb lookups +In the previous section, \%dnsdb%\ lookups for a single domain are described. +However, you can specify a list of domains or IP addresses in a single +\%dnsdb%\ lookup. The list is specified in the normal Exim way, with colon as +the default separator, but with the ability to change this. For example: +.display asis +${lookup dnsdb{one.domain.com:two.domain.com}} +${lookup dnsdb{a=one.host.com:two.host.com}} +${lookup dnsdb{ptr = <; 1.2.3.4 ; 4.5.6.8}} +.endd +In order to retain backwards compatibility, there is one special case: if +the lookup type is PTR and no change of separator is specified, Exim looks +to see if the rest of the string is precisely one IPv6 address. In this +case, it does not treat it as a list. + +The data from each lookup is concatenated, with newline separators by default, +in the same way that multiple DNS records for a single item are handled. A +different separator can be specified, as described above. + +The \%dnsdb%\ lookup fails only if all the DNS lookups fail. If there is a +temporary DNS error for any of them, the behaviour is controlled by +an optional keyword followed by a comma that may appear before the record +type. The possible keywords are `defer@_strict', `defer@_never', and +`defer@_lax'. With `strict' behaviour, any temporary DNS error causes the +whole lookup to defer. With `never' behaviour, a temporary DNS error is +ignored, and the behaviour is as if the DNS lookup failed to find anything. +With `lax' behaviour, all the queries are attempted, but a temporary DNS +error causes the whole lookup to defer only if none of the other lookups +succeed. The default is `lax', so the following lookups are equivalent: +.display asis +${lookup dnsdb{defer_lax,a=one.host.com:two.host.com}} +${lookup dnsdb{a=one.host.com:two.host.com}} +.endd +Thus, in the default case, as long as at least one of the DNS lookups +yields some data, the lookup succeeds. +.nem .section More about LDAP @@ -6306,13 +6598,14 @@ information to the server. To make this possible, the URL in an LDAP query may be preceded by any number of `<>=<>' settings, separated by spaces. If a value contains spaces it must be enclosed in double quotes, and when double quotes are used, backslash is interpreted in the usual way inside -them. - -The following names are recognized: +them. The following names are recognized: .display -CONNECT $rm{set a connection timeout} -.newline DEREFERENCE $rm{set the dereferencing parameter} +.newline +.em +NETTIME $rm{set a timeout for a network operation} +.nem +.newline USER $rm{set the DN, for authenticating the LDAP bind} PASS $rm{set the password, likewise} SIZE $rm{set the limit for the number of entries returned} @@ -6321,6 +6614,21 @@ TIME $rm{set the maximum waiting time for a query} The value of the \\DEREFERENCE\\ parameter must be one of the words `never', `searching', `finding', or `always'. +.em +The name \\CONNECT\\ is an obsolete name for \\NETTIME\\, retained for +backwards compatibility. This timeout (specified as a number of seconds) is +enforced from the client end for operations that can be carried out over a +network. Specifically, it applies to network connections and calls to the +\*ldap@_result()*\ function. If the value is greater than zero, it is used if +\\LDAP@_OPT@_NETWORK@_TIMEOUT\\ is defined in the LDAP headers (OpenLDAP), or +if \\LDAP@_X@_OPT@_CONNECT@_TIMEOUT\\ is defined in the LDAP headers (Netscape +SDK 4.1). A value of zero forces an explicit setting of `no timeout' for +Netscape SDK; for OpenLDAP no action is taken. + +The \\TIME\\ parameter (also a number of seconds) is passed to the server to +set a server-side limit on the time taken to complete a search. +.nem + Here is an example of an LDAP query in an Exim lookup that uses some of these values. This is a single line, folded for ease of reading: .display asis @@ -6339,11 +6647,6 @@ The auxiliary data items may be given in any order. The default is no connection timeout (the system timeout is used), no user or password, no limit on the number of entries returned, and no time limit on queries. -The time limit for connection is given in seconds; zero means use the default. -This facility is available in Netscape SDK 4.1; it may not be available in -other LDAP implementations. Exim uses the given value if -\\LDAP@_X@_OPT@_CONNECT@_TIMEOUT\\ is defined in the LDAP headers. - When a DN is quoted in the \\USER=\\ setting for LDAP authentication, Exim removes any URL quoting that it may contain before passing it LDAP. Apparently some libraries do this for themselves, but some do not. Removing the URL @@ -6382,10 +6685,10 @@ cn=manager, o=University of Cambridge, c=UK .endd The \%ldap%\ lookup type generates an error if more than one entry matches the -search filter, whereas \%ldapm%\ permits this case, and inserts a newline in the -result between the data from different entries. It is possible for multiple -values to be returned for both \%ldap%\ and \%ldapm%\, but in the former case you -know that whatever values are returned all came from a single entry in the +search filter, whereas \%ldapm%\ permits this case, and inserts a newline in +the result between the data from different entries. It is possible for multiple +values to be returned for both \%ldap%\ and \%ldapm%\, but in the former case +you know that whatever values are returned all came from a single entry in the directory. In the common case where you specify a single attribute in your LDAP query, the @@ -6537,7 +6840,11 @@ the queries. If a MySQL query is issued that does not request any data (an insert, update, or delete command), the result of the lookup is the number of rows affected. - +.em +\**Warning**\: this can be misleading. If an update does not actually change +anything (for example, setting a field to the value it already has), the result +is zero because no rows are affected. +.nem .section Special PostgreSQL features @@ -6582,10 +6889,18 @@ general facilities that apply to all four kinds of list. .section Expansion of lists .index expansion||of lists -Each list is expanded as a single string before it is used. If the expansion is -forced to fail, Exim behaves as if the item it is testing (domain, host, -address, or local part) is not in the list. Other expansion failures cause -temporary errors. +.em +Each list is expanded as a single string before it is used. The result of +expansion must be a list, possibly containing empty items, which is split up +into separate items for matching. By default, colon is the separator character, +but this can be varied if necessary. See sections ~~SECTlistconstruct and +~~SECTempitelis for details of the list syntax; the second of these discusses +the way you specify empty list items. +.nem + +If the string expansion is forced to fail, Exim behaves as if the item it is +testing (domain, host, address, or local part) is not in the list. Other +expansion failures cause temporary errors. If an item in a list is a regular expression, backslashes, dollars and possibly other special characters in the expression must be protected against @@ -6600,9 +6915,6 @@ The first item is a regular expression that is protected from expansion by \"@\N"\, whereas the second uses the expansion to obtain a list of unwanted senders based on the receiving domain. -After expansion, the list is split up into separate items for matching. -Normally, colon is used as the separator character, but this can be varied if -necessary, as described in section ~~SECTlistconstruct. .section Negated items in lists @@ -7305,10 +7617,10 @@ data that is looked up is not used. The variables \$sender@_host@_address$\ and hosts_lookup = pgsql;\ select ip from hostlist where ip='$sender_host_address' .endd -The value of \$sender@_host@_address$\ for an IPv6 address uses colon -separators. You can use the \sg\ expansion item to change this if you need to. -If you want to use masked IP addresses in database queries, you can use the -\mask\ expansion operator. +The value of \$sender@_host@_address$\ for an IPv6 address contains colons. You +can use the \sg\ expansion item to change this if you need to. If you want to +use masked IP addresses in database queries, you can use the \mask\ expansion +operator. If the query contains a reference to \$sender@_host@_name$\, Exim automatically looks up the host name if has not already done so. (See section @@ -7318,7 +7630,8 @@ Historical note: prior to release 4.30, Exim would always attempt to find a host name before running the query, unless the search type was preceded by \"net-"\. This is no longer the case. For backwards compatibility, \"net-"\ is still recognized for query-style lookups, but its presence or absence has no -effect. (Of course, for single-key lookups, \"net-"\ $it{is} important.) +effect. (Of course, for single-key lookups, \"net-"\ $it{is} important. +See section ~~SECThoslispatsikey.) .section Mixing wildcarded host names and addresses in host lists @@ -7364,10 +7677,19 @@ senders = : .endd The presence of the colon creates an empty item. If you do not provide any data, the list is empty and matches nothing. The empty sender can also be -detected by a regular expression that matches an empty string. +detected by a regular expression that matches an empty string, +.em +and by a query-style lookup that succeeds when \$sender@_address$\ is empty. -The following kinds of pattern are supported in address lists: +The following kinds of address list pattern can match any address, including +the empty address that is characteristic of bounce message senders: +.nem .numberpars $. +.em +As explained above, if a pattern item is empty, it matches the empty address +(and no others). +.nem +.nextp .index regular expressions||in address list .index address list||regular expression in If (after expansion) a pattern starts with `@^', a regular expression match is @@ -7381,38 +7703,97 @@ deny senders = \N^\d{8}.+@spamhaus.example$\N : ... The \"@\N"\ sequences are removed by the expansion, so the item does start with `@^' by the time it is being interpreted as an address pattern. .nextp -.index @@@@ with single-key lookup -.index address list||@@@@ lookup type -.index address list||split local part and domain -If a pattern starts with `@@@@' followed by a single-key lookup item -(for example, \"@@@@lsearch;/some/file"\), the address that is being checked is -split into a local part and a domain. The domain is looked up in the file. If -it is not found, there is no match. If it is found, the data that is looked up -from the file is treated as a colon-separated list of local part patterns, each -of which is matched against the subject local part in turn. - -.index asterisk||in address list -The lookup may be a partial one, and/or one involving a search for a default -keyed by `$*$' (see section ~~SECTdefaultvaluelookups). The local part patterns -that are looked up can be regular expressions or begin with `$*$', or even be -further lookups. They may also be independently negated. For example, with +.index address list||lookup for complete address +Complete addresses can be looked up by using a pattern that starts with a +lookup type terminated by a semicolon, followed by the data for the lookup. For +example: .display asis -deny senders = @@dbm;/etc/reject-by-domain +deny senders = cdb;/etc/blocked.senders : \ + mysql;select address from blocked where \ + address='${quote_mysql:$sender_address}' .endd -the data from which the DBM file is built could contain lines like +.em +Both query-style and single-key lookup types can be used. For a single-key +lookup type, Exim uses the complete address as the key. However, empty keys are +not supported for single-key lookups, so a match against the empty address +always fails. This restriction does not apply to query-style lookups. + +.nem +Partial matching for single-key lookups (section ~~SECTpartiallookup) cannot be +used, and is ignored if specified, with an entry being written to the panic +log. +.index @*@@ with single-key lookup +However, you can configure lookup defaults, as described in section +~~SECTdefaultvaluelookups, but this is useful only for the `$*$@@' type of +default. For example, with this lookup: .display asis -baddomain.com: !postmaster : * +accept senders = lsearch*@;/some/file .endd -to reject all senders except \postmaster\ from that domain. -.index local part||starting with ! -If a local part that actually begins with an exclamation mark is required, it -has to be specified using a regular expression. In \%lsearch%\ files, an entry -may be split over several lines by indenting the second and subsequent lines, -but the separating colon must still be included at line breaks. White space -surrounding the colons is ignored. For example: +the file could contains lines like this: .display asis -aol.com: spammer1 : spammer2 : ^[0-9]+$ : - spammer3 : spammer4 +user1@domain1.example +*@domain2.example +.endd +and for the sender address \*nimrod@@jaeger.example*\, the sequence of keys +that are tried is: +.display asis +nimrod@jaeger.example +*@jaeger.example +* +.endd +\**Warning 1**\: Do not include a line keyed by `$*$' in the file, because that +would mean that every address matches, thus rendering the test useless. + +\**Warning 2**\: Do not confuse these two kinds of item: +.display asis +deny recipients = dbm*@;/some/file +deny recipients = *@dbm;/some/file +.endd +The first does a whole address lookup, with defaulting, as just described, +because it starts with a lookup type. The second matches the local part and +domain independently, as described in a bullet point below. +.endp + + +.em +The following kinds of address list pattern can match only non-empty addresses. +If the subject address is empty, a match against any of these pattern types +always fails. +.nem + +.numberpars $. +.index @@@@ with single-key lookup +.index address list||@@@@ lookup type +.index address list||split local part and domain +If a pattern starts with `@@@@' followed by a single-key lookup item +(for example, \"@@@@lsearch;/some/file"\), the address that is being checked is +split into a local part and a domain. The domain is looked up in the file. If +it is not found, there is no match. If it is found, the data that is looked up +from the file is treated as a colon-separated list of local part patterns, each +of which is matched against the subject local part in turn. + +.index asterisk||in address list +The lookup may be a partial one, and/or one involving a search for a default +keyed by `$*$' (see section ~~SECTdefaultvaluelookups). The local part patterns +that are looked up can be regular expressions or begin with `$*$', or even be +further lookups. They may also be independently negated. For example, with +.display asis +deny senders = @@dbm;/etc/reject-by-domain +.endd +the data from which the DBM file is built could contain lines like +.display asis +baddomain.com: !postmaster : * +.endd +to reject all senders except \postmaster\ from that domain. +.index local part||starting with ! +If a local part that actually begins with an exclamation mark is required, it +has to be specified using a regular expression. In \%lsearch%\ files, an entry +may be split over several lines by indenting the second and subsequent lines, +but the separating colon must still be included at line breaks. White space +surrounding the colons is ignored. For example: +.display asis +aol.com: spammer1 : spammer2 : ^[0-9]+$ : + spammer3 : spammer4 .endd As in all colon-separated lists in Exim, a colon can be included in an item by doubling. @@ -7438,58 +7819,12 @@ The @@@@<> style of item can also be used with a query-style lookup, but in this case, the chaining facility is not available. The lookup can only return a single list of local parts. .nextp -.index address list||lookup for complete address -Complete addresses can be looked up by using a pattern that -starts with a lookup type terminated by a semicolon, follwed by the data for -the lookup. -For example: -.display asis -deny senders = cdb;/etc/blocked.senders : \ - mysql;select address from blocked where \ - address='${quote_mysql:$sender_address}' -.endd -For a single-key lookup type, Exim uses the complete address as the key. -Partial matching (section ~~SECTpartiallookup) cannot be used, and is ignored -if specified, with an entry being written to the panic log. - -.index @*@@ with single-key lookup -You can configure lookup defaults, as described in section -~~SECTdefaultvaluelookups, but this is useful only for the `$*$@@' type of -default. For example, with this lookup: -.display asis -accept senders = lsearch*@;/some/file -.endd -the file could contains lines like this: -.display asis -user1@domain1.example -*@domain2.example -.endd -and for the sender address \*nimrod@@jaeger.example*\, the sequence of keys -that are tried is: -.display asis -nimrod@jaeger.example -*@jaeger.example -* -.endd -\**Warning 1**\: Do not include a line keyed by `$*$' in the file, because that -would mean that every address matches, thus rendering the test useless. - -\**Warning 2**\: Do not confuse these two kinds of item: -.display asis -deny recipients = dbm*@;/some/file -deny recipients = *@dbm;/some/file -.endd -The first does a whole address lookup, with defaulting, as just described, -because it starts with a lookup type. The second matches the local part and -domain independently, as described in the next paragraph. -.nextp -If a pattern contains an @@ character, but is not a regular expression -and does not begin with a lookup type -as described above, the local part of the subject address is compared with the -local part of the pattern, which may start with an asterisk. If the local parts -match, the domain is checked in exactly the same way as for a pattern in a -domain list. For example, the domain can be wildcarded, refer to a named list, -or be a lookup: +If a pattern contains an @@ character, but is not a regular expression and does +not begin with a lookup type as described above, the local part of the subject +address is compared with the local part of the pattern, which may start with an +asterisk. If the local parts match, the domain is checked in exactly the same +way as for a pattern in a domain list. For example, the domain can be +wildcarded, refer to a named list, or be a lookup: .display asis deny senders = *@*.spamming.site:\ *@+hostile_domains:\ @@ -7503,12 +7838,15 @@ If a local part that begins with an exclamation mark is required, it has to be specified using a regular expression, because otherwise the exclamation mark is treated as a sign of negation. .nextp -If a pattern is not one of the above syntax forms, that is, if a pattern which -is not a regular expression or a lookup does not contain an @@ character, it is -matched against the domain part of the subject address. The only two formats -that are recognized this way are a literal domain, or a domain pattern that -starts with $*$. In both these cases, the effect is the same as if \"*@@"\ -preceded the pattern. +If a pattern is not one of the above syntax forms, that is, if a +.em +non-empty +.nem +pattern that is not a regular expression or a lookup does not contain an @@ +character, it is matched against the domain part of the subject address. The +only two formats that are recognized this way are a literal domain, or a domain +pattern that starts with $*$. In both these cases, the effect is the same as if +\"*@@"\ preceded the pattern. .endp \**Warning**\: there is an important difference between the address list items @@ -7648,6 +7986,23 @@ instead runs under the uid and gid it was called with, to prevent users from using \-be-\ for reading files to which they do not have access. +.em +.section Forced expansion failure +.rset SECTforexpfai "~~chapter.~~section" +.index expansion||forced failure +A number of expansions that are described in the following section have +alternative `true' and `false' substrings, enclosed in curly brackets. Which +one is used depends on some condition that is evaluated as part of the +expansion. If, instead of a `false' substring, the word `fail' is used (not in +curly brackets), the entire string expansion fails in a way that can be +detected by the code that requested the expansion. This is called `forced +expansion failure', and its consequences depend on the circumstances. In some +cases it is no different from any other expansion failure, but in others a +different action may be taken. Such variations are mentioned in the +documentation of the option that is being expanded. +.nem + + .section Expansion items .rset SECTexpansionitems "~~chapter.~~section" The following items are recognized in expanded strings. White space may be used @@ -7716,13 +8071,8 @@ for example: .display @$@{extract@{Z@}@{A=... B=...@}@{@$value@} fail @} .endd -@{<>@} must be present for `fail' to be recognized. When this syntax -is used, if the extraction fails, the entire string expansion fails in a way -that can be detected by the code in Exim which requested the expansion. This is -called `forced expansion failure', and its consequences depend on the -circumstances. In some cases it is no different from any other expansion -failure, but in others a different action may be taken. Such variations are -mentioned in the documentation of the option which is expanded. +This forces an expansion failure (see section ~~SECTforexpfai); @{<>@} +must be present for `fail' to be recognized. .item "@$@{extract@{<>@}@{<>@}@{<>@}@{<>@}@{<>@}@}" @@ -7807,6 +8157,7 @@ lines) may be present. The difference between \rheader\, \bheader\, and \header\ is in the way the data in the header line is interpreted. .numberpars $. +.index whitespace||in header lines \rheader\ gives the original `raw' content of the header line, with no processing at all, and without the removal of leading and trailing whitespace. .nextp @@ -7915,19 +8266,32 @@ Exim's \-be-\ option, or by other means, for example by using the \*hmac@_md5@_hex()*\ function in Perl. - .item "@${if <> @{<>@}@{<>@}@}" .index expansion||conditional If <> is true, <> is expanded and replaces the whole item; -otherwise <> is used. For example, +otherwise <> is used. The available conditions are described in +section ~~SECTexpcond below. For example: .display asis ${if eq {$local_part}{postmaster} {yes}{no} } .endd The second string need not be present; if it is not and the condition is not true, the item is replaced with nothing. Alternatively, the word `fail' may be present instead of the second string (without any curly brackets). In this -case, the expansion is forced to fail if the condition is not true. The -available conditions are described in section ~~SECTexpcond below. +case, the expansion is forced to fail if the condition is not true (see section +~~SECTforexpfai). + +.em +If both strings are omitted, the result is the string \"true"\ if the condition +is true, and the empty string if the condition is false. This makes it less +cumbersome to write custom ACL and router conditions. For example, instead of +.display asis +condition = ${if >{$acl_m4}{3}{true}{false}} +.endd +you can use +.display asis +condition = ${if >{$acl_m4}{3}} +.endd +.nem .item "@$@{length@{<>@}@{<>@}@}" @@ -7966,10 +8330,10 @@ If the lookup succeeds, <> is expanded and replaces the entire item. During its expansion, the variable \$value$\ contains the data returned by the lookup. Afterwards it reverts to the value it had previously (at the outer level it is empty). If the lookup fails, <> is expanded and replaces -the entire item. If @{<>@} is omitted, the replacement is null on -failure. Alternatively, <> can itself be a nested lookup, thus -providing a mechanism for looking up a default value when the original lookup -fails. +the entire item. If @{<>@} is omitted, the replacement is the empty +string on failure. If <> is provided, it can itself be a nested +lookup, thus providing a mechanism for looking up a default value when the +original lookup fails. If a nested lookup is used as part of <>, \$value$\ contains the data for the outer lookup while the parameters of the second lookup are expanded, @@ -7977,9 +8341,10 @@ and also while <> of the second lookup is expanded, should the second lookup fail. Instead of @{<>@} the word `fail' can appear, and in this case, if the -lookup fails, the entire expansion is forced to fail. If both @{<>@} -and @{<>@} are omitted, the result is the looked up value in the case -of a successful lookup, and nothing in the case of failure. +lookup fails, the entire expansion is forced to fail (see section +~~SECTforexpfai). If both @{<>@} and @{<>@} are omitted, the +result is the looked up value in the case of a successful lookup, and nothing +in the case of failure. For single-key lookups, the string `partial' is permitted to precede the search type in order to do partial matching, and $*$ or $*$@@ may follow a @@ -8193,6 +8558,10 @@ the simpler operator notation that avoids some of the braces: @$@{substr@_<>@_<>:<>@} .endd The second number is optional (in both notations). +.em +If it is absent in the simpler format, the preceding underscore must also be +omitted. +.nem The \substr\ item can be used to extract more general substrings than \length\. The first number, <>, is a starting offset, and <> is the length @@ -8223,10 +8592,15 @@ ${substr{-3}{2}{12}} .endd yields `1'. -If the second number is omitted from \substr\, the remainder of the string is -taken if the offset was positive. If it was negative, all characters in the +When the second number is omitted from \substr\, the remainder of the string is +taken if the offset is positive. If it is negative, all characters in the string preceding the offset point are taken. For example, an offset of -1 and -no length yields all but the last character of the string. +no length, as in these semantically identical examples: +.display asis +${substr_-1:abcde} +${substr{-1}{abcde}} +.endd +yields all but the last character of the string, that is, `abcd'. @@ -8521,14 +8895,16 @@ variables or headers inside regular expressions. This operator encodes text according to the rules of RFC 2047. This is an encoding that is used in header lines to encode non-ASCII characters. It is assumed that the input string is in the encoding specified by the -\headers@_charset\ option, which defaults to ISO-8859-1. -If the string contains only characters in the range 33--126, and no instances -of the characters +\headers@_charset\ option, which defaults to ISO-8859-1. If the string contains +only characters in the range 33--126, and no instances of the characters .display asis ? = ( ) < > @ , ; : \ " . [ ] _ .endd -it is not modified. Otherwise, the result is the RFC 2047 encoding, as a single -`coded word'. +it is not modified. Otherwise, the result is the RFC 2047 encoding of the +string, +.em +using as many `coded words' as necessary to encode all the characters. +.nem .item "@$@{sha1:<>@}" @@ -8553,6 +8929,14 @@ fields using the \extract\ expansion item. \**Warning**\: The file size may be incorrect on 32-bit systems for files larger than 2GB. +.em +.item "@$@{str2b64:<>@}" +.index expansion||base64 encoding +.index base64 encoding||in string expansion +This operator converts a string into one that is base64 encoded. +.nem + + .item "@$@{strlen:<>@}" .index expansion||string length .index string||length in expansion @@ -8675,12 +9059,20 @@ If the length is 40, Exim assumes that it is a hexadecimal encoding of the SHA-1 digest. If the length is not 28 or 40, the comparison fails. .nextp .index \*crypt()*\ -\@{crypt@}\ calls the \*crypt()*\ function, which uses only the first eight -characters of the password. +\@{crypt@}\ calls the \*crypt()*\ function, +.em +which traditionally used to use only the first eight characters of the +password. However, in modern operating systems this is no longer true, and in +many cases the entire password is used, whatever its length. +.nem .nextp .index \*crypt16()*\ \@{crypt16@}\ calls the \*crypt16()*\ function (also known as \*bigcrypt()*\), -which uses up to 16 characters of the password. +which +.em +was orginally created to use up to 16 characters of the password. Again, in +modern operating systems, more characters may be used. +.nem .endp Exim has its own version of \*crypt16()*\ (which is just a double call to \*crypt()*\). For operating systems that have their own version, setting @@ -8966,8 +9358,18 @@ Radius authentication (RFC 2865) is supported in a similar way to PAM. You must set \\RADIUS@_CONFIG@_FILE\\ in \(Local/Makefile)\ to specify the location of the Radius client configuration file in order to build Exim with Radius support. +.em +With just that one setting, Exim expects to be linked with the \radiusclient\ +library. You can also link Exim with the \libradius\ library that comes with +FreeBSD. To do this, set +.display asis +RADIUS_LIB_TYPE=RADLIB +.endd +in \(Local/Makefile)\, in addition to setting \\RADIUS@_CONFIGURE@_FILE\\. +.nem You may also have to supply a suitable setting in \\EXTRALIBS\\ so that the Radius library can be found when Exim is linked. + The string specified by \\RADIUS@_CONFIG@_FILE\\ is expanded and passed to the Radius client library, which calls the Radius server. The condition is true if the authentication is successful. For example @@ -9049,12 +9451,16 @@ parsed but not evaluated. .rset SECTexpvar "~~chapter.~~section" .index expansion||variables, list of -The variables that are available for use in expansion strings are: +.em +This section contains an alphabetical list of all the expansion variables. Some +of them are available only when Exim is compiled with specific options such as +support for TLS or the content scanning extension. +.nem .push .indent 2em -.tempindent 0 .index numerical variables (\$1$\, \$2$\, etc) +.tempindent 0 \$0$\, \$1$\, etc: When a \match\ expansion condition succeeds, these variables contain the captured substrings identified by the regular expression during subsequent processing of the success string of the containing \if\ @@ -9093,14 +9499,26 @@ overridden by the expanded string. option in routers. The value then remains with the address while it is processed by subsequent routers and eventually a transport. If the transport is handling multiple addresses, the value from the first address is used. See -chapter ~~CHAProutergeneric for more details. -\**Note**\: the contents of \$address@_data$\ are visible in user filter files. +chapter ~~CHAProutergeneric for more details. \**Note**\: the contents of +\$address@_data$\ are visible in user filter files. -If \$address@_data$\ is set when the routers are called to verify an address -from an ACL, the final value remains available in subsequent conditions in the -ACL statement. If routing the address caused it to be redirected to a single -address, the child address is also routed as part of the verification, and in -this case the final value of \$address@_data$\ is from the child's routing. +.em +If \$address@_data$\ is set when the routers are called from an ACL to verify +a recipient address, the final value is still in the variable for subsequent +conditions and modifiers of the ACL statement. If routing the address caused it +to be redirected to just one address, the child address is also routed as part +of the verification, and in this case the final value of \$address@_data$\ is +from the child's routing. + +If \$address@_data$\ is set when the routers are called from an ACL to verify a +sender address, the final value is also preserved, but this time in +\$sender@_address@_data$\, to distinguish it from data from a recipient +address. + +In both cases (recipient and sender verification), the value does not persist +after the end of the current ACL statement. If you want to preserve +these values for longer, you can save them in ACL variables. +.nem .tempindent 0 \$address@_file$\: When, as a result of aliasing, forwarding, or filtering, a @@ -9218,6 +9636,18 @@ incarnation normally contains the Exim uid. of times it has been compiled. This serves to distinguish different compilations of the same version of the program. +.em +.tempindent 0 +\$demime@_errorlevel$\: This variable is available when Exim is compiled with +the content-scanning extension and the obsolete \demime\ condition. For +details, see section ~~SECTdemimecond. + +.tempindent 0 +\$demime@_reason$\: This variable is available when Exim is compiled with the +content-scanning extension and the obsolete \demime\ condition. For details, +see section ~~SECTdemimecond. +.nem + .index black list (DNS) .tempindent 0 \$dnslist@_domain$\: When a client host is found to be on a DNS (black) list, @@ -9301,6 +9731,13 @@ to nothing. .tempindent 0 \$exim@_uid$\: This variable contains the numerical value of the Exim user id. +.em +.tempindent 0 +\$found@_extension$\: This variable is available when Exim is compiled with the +content-scanning extension and the obsolete \demime\ condition. For details, +see section ~~SECTdemimecond. +.nem + .tempindent 0 \$header@_<>$\: This is not strictly an expansion variable. It is expansion syntax for inserting the message header line with the given name. @@ -9337,6 +9774,10 @@ name of the first host. \$host@_address$\: This variable is set to the remote host's IP address whenever \$host$\ is set for a remote connection. +.em +It is also set to the IP address that is being checked when the +\ignore@_target@_hosts\ option is being processed. +.nem .tempindent 0 \$host@_data$\: @@ -9348,18 +9789,36 @@ deny hosts = net-lsearch;/some/file message = $host_data .endd +.em .index host||name lookup, failure of .tempindent 0 -\$host@_lookup@_failed$\: -This variable contains `1' if the message came from a remote host and there was -an attempt to look up the host's name from its IP address, but the attempt -failed. Otherwise the value of the variable is `0'. -Exim checks that a forward lookup of at least one of the names it receives from -a reverse lookup yields the original IP address. If this is not the case, Exim -does not accept the looked up name(s), and \$host@_lookup@_failed$\ is set to -`1'. Thus, being able to find a name from an IP address (for example, the -existence of a PTR record in the DNS) is not sufficient on its own for the -success of a host name lookup. +\$host@_lookup@_deferred$\: +This variable normally contains `0', as does \$host@_lookup@_failed$\. When a +message comes from a remote host and there is an attempt to look up the host's +name from its IP address, and the attempt is not successful, one of these +variables is set to `1'. +.numberpars $. +If the lookup receives a definite negative response (for example, a DNS lookup +succeeded, but no records were found), \$host@_lookup@_failed$\ is set to `1'. +.nextp +If there is any kind of problem during the lookup, such that Exim cannot +tell whether or not the host name is defined (for example, a timeout for a DNS +lookup), \$host@_lookup@_deferred$\ is set to `1'. +.endp +Looking up a host's name from its IP address consists of more than just a +single reverse lookup. Exim checks that a forward lookup of at least one of the +names it receives from a reverse lookup yields the original IP address. If this +is not the case, Exim does not accept the looked up name(s), and +\$host@_lookup@_failed$\ is set to `1'. Thus, being able to find a name from an +IP address (for example, the existence of a PTR record in the DNS) is not +sufficient on its own for the success of a host name lookup. If the reverse +lookup succeeds, but there is a lookup problem such as a timeout when checking +the result, the name is not accepted, and \$host@_lookup@_deferred$\ is set to +`1'. See also \$sender@_host@_name$\. + +.tempindent 0 +\$host@_lookup@_failed$\: See \$host@_lookup@_deferred$\. +.nem .tempindent 0 \$inode$\: @@ -9388,7 +9847,6 @@ This variable, which is available only when Exim is compiled with LDAP support, contains the DN from the last entry in the most recently successful LDAP lookup. - .tempindent 0 \$load@_average$\: This variable contains the system load average, multiplied by 1000 to that it @@ -9483,12 +9941,26 @@ expansion, and for any router-specific expansions. At all other times, the values in these variables are \"(uid@_t)(-1)"\ and \"(gid@_t)(-1)"\, respectively. - .tempindent 0 \$localhost@_number$\: This contains the expanded value of the \localhost@_number\ option. The expansion happens after the main options have been read. +.em +.tempindent 0 +\$log@_inodes$\: The number of free inodes in the disk partition where Exim's +log files are being written. The value is recalculated whenever the variable is +referenced. If the relevant file system does not have the concept of inodes, +the value of is -1. See also the \check@_log@_inodes\ option. + +.tempindent 0 +\$log@_space$\: The amount of free space (as a number of kilobytes) in the disk +partition where Exim's log files are being written. The value is recalculated +whenever the variable is referenced. If the operating system does not have the +ability to find the amount of free space (only true for experimental systems), +the space value is -1. See also the \check@_log@_space\ option. +.nem + .tempindent 0 \$mailstore@_basename$\: This variable is set only when doing deliveries in `mailstore' format in the \%appendfile%\ transport. During the expansion of the @@ -9497,6 +9969,13 @@ been read. written, that is, the name without the `.tmp', `.env', or `.msg' suffix. At all other times, this variable is empty. +.em +.tempindent 0 +\$malware@_name$\: This variable is available when Exim is compiled with the +content-scanning extension. It is set to the name of the virus that was found +when the ACL \malware\ condition is true (see section ~~SECTscanvirus). +.nem + .index message||age of .tempindent 0 \$message@_age$\: This variable is set at the start of a delivery attempt to @@ -9525,10 +10004,11 @@ body while it is being delivered. The format and maximum size are as for .index body of message||size .index message||body, size .tempindent 0 -\$message@_body@_size$\: When a message is being processed, this variable +\$message@_body@_size$\: When a message is being delivered, this variable contains the size of the body in bytes. The count starts from the character after the blank line that separates the body from the header. Newlines are -included in the count. See also \$message@_size$\ and \$body@_linecount$\. +included in the count. See also \$message@_size$\, \$body@_linecount$\, and +\$body@_zerocount$\. .tempindent 0 \$message@_headers$\: @@ -9557,7 +10037,7 @@ deliveries as they are written. However, there is one special case: during the expansion of the \maildir@_tag\ option in the \%appendfile%\ transport while doing a delivery in maildir format, the value of \$message@_size$\ is the precise size of the file that has been written. See also -\$message@_body@_size$\ and \$body@_linecount$\. +\$message@_body@_size$\, \$body@_linecount$\, and \$body@_zerocount$\. .index \\RCPT\\||value of \$message@_size$\ While running an ACL at the time of an SMTP \\RCPT\\ command, \$message@_size$\ @@ -9565,6 +10045,13 @@ contains the size supplied on the \\MAIL\\ command, or -1 if no size was given. The value may not, of course, be truthful. +.em +.tempindent 0 +\$mime@_$\\*xxx*\: A number of variables whose names start with \$mime$\ are +available when Exim is compiled with the content-scanning extension. For +details, see section ~~SECTscanmimepart. +.nem + .tempindent 0 \$n0$\ -- \$n9$\: These variables are counters that can be incremented by means of the \add\ command in filter files. @@ -9585,15 +10072,16 @@ part \*system-filter*\ and the default qualify domain. .tempindent 0 \$original@_local@_part$\: When a top-level address is being processed for delivery, this contains the same value as \$local@_part$\, unless a prefix or -suffix was removed from the local part, in which case \$original@_local@_part$\ -contains the full local part. When a `child' address (for example, generated by -an alias, forward, or filter file) is being processed, this variable contains -the full local part of the original address. If the router that did the -redirection processed the local part case-insensitively, the value in -\$original@_local@_part$\ is in lower case. This variable differs from -\$parent@_local@_part$\ only when there is more than one level of aliasing or -forwarding. When more than one address is being delivered in a single transport -run, \$original@_local@_part$\ is not set. +suffix was removed from the local part, because \$original@_local@_part$\ +always contains the full local part. When a `child' address (for example, +generated by an alias, forward, or filter file) is being processed, this +variable contains the full local part of the original address. + +If the router that did the redirection processed the local part +case-insensitively, the value in \$original@_local@_part$\ is in lower case. +This variable differs from \$parent@_local@_part$\ only when there is more than +one level of aliasing or forwarding. When more than one address is being +delivered in a single transport run, \$original@_local@_part$\ is not set. If new an address is created by means of a \deliver\ command in a system filter, it is set up with an artificial `parent' address. This has the local @@ -9683,8 +10171,26 @@ The value is copied after recipient rewriting has happened, but before the .tempindent 0 \$received@_protocol$\: When a message is being processed, this variable -contains the name of the protocol by which it was received. See also the -\-oMr-\ option. +contains the name of the protocol by which it was received. +.em +Most of the names used by Exim are defined by RFCs 821, 2821, and 3848. They +start with `smtp' (the client used \\HELO\\) or `esmtp' (the client used +\\EHLO\\). This can be followed by `s' for secure (encrypted) and/or `a' for +authenticated. Thus, for example, if the protocol is set to `esmtpsa', the +message was received over an encrypted SMTP connection and the client was +successfully authenticated. + +Exim uses the protocol name `smtps' for the case when encryption is +automatically set up on connection without the use of \\STARTTLS\\ (see +\tls@_on@_connect@_ports\), and the client uses \\HELO\\ to initiate the +encrypted SMTP session. The name `smtps' is also used for the rare situation +where the client initially uses \\EHLO\\, sets up an encrypted connection using +\\STARTTLS\\, and then uses \\HELO\\ afterwards. + +The \-oMr-\ option provides a way of specifying a custom protocol name for +messages that are injected locally by trusted callers. This is commonly used to +identify messages that are being re-injected after some kind of scanning. +.nem .tempindent 0 \$recipient@_data$\: This variable is set after an indexing lookup success in @@ -9700,16 +10206,42 @@ method in the address list, using the semicolon syntax as in the example above. The variable is not set for a lookup that is used as part of the string expansion that all such lists undergo before being interpreted. +.em +.tempindent 0 +\$recipient@_verify@_failure$\: In an ACL, when a recipient verification fails, +this variable contains information about the failure. It is set to one of the +following words: +.numberpars " " +`qualify': The address was unqualified (no domain), and the message +was neither local nor came from an exempted host. +.nextp +`route': Routing failed. +.nextp +`mail': Routing succeeded, and a callout was attempted; rejection occurred at +or before the \\MAIL\\ command (that is, on initial connection, \\HELO\\, or +\\MAIL\\). +.nextp +`recipient': The \\RCPT\\ command in a callout was rejected. +.nextp +`postmaster': The postmaster check in a callout was rejected. +.endp +The main use of this variable is expected to be to distinguish between +rejections of \\MAIL\\ and rejections of \\RCPT\\. +.nem + .tempindent 0 \$recipients$\: This variable contains a list of envelope recipients for a message. A comma and a space separate the addresses in the replacement text. However, the variable is not generally available, to prevent exposure of Bcc recipients in unprivileged users' filter files. You can use \$recipients$\ only +in these two cases: .numberpars In a system filter file. .nextp -In the \\DATA\\ or non-SMTP ACL, that is, in the final ACL for accepting a -message. +.em +In the ACLs associated with the \\DATA\\ command, that is, the ACLs defined by +\acl@_smtp@_predata\ and \acl@_smtp@_data\. +.nem .endp .tempindent 0 @@ -9766,6 +10298,15 @@ the sender's address that was received in the message's envelope. For bounce messages, the value of this variable is the empty string. See also \$return@_path$\. +.em +.tempindent 0 +\$sender@_address@_data$\: If \$address@_data$\ is set when the routers are +called from an ACL to verify a sender address, the final value is preserved in +\$sender@_address@_data$\, to distinguish it from data from a recipient +address. The value does not persist after the end of the current ACL statement. +If you want to preserve it for longer, you can save it in an ACL variable. +.nem + .tempindent 0 \$sender@_address@_domain$\: The domain portion of \$sender@_address$\. @@ -9825,10 +10366,23 @@ For messages received by other means, this variable is empty. If the host name has not previously been looked up, a reference to \$sender@_host@_name$\ triggers a lookup (for messages from remote hosts). A looked up name is accepted only if it leads back to the original IP address -via a forward lookup. If either the reverse or the forward lookup fails, or if -the forward lookup does not yield the original IP address, +via a forward lookup. If either the reverse or the forward lookup fails +.em +to find any data, +.nem +or if the forward lookup does not yield the original IP address, \$sender@_host@_name$\ remains empty, and \$host@_lookup@_failed$\ is set to `1'. +.em +However, if either of the lookups cannot be completed (for example, there is a +DNS timeout), \$host@_lookup@_deferred$\ is set to `1', and +\$host@_lookup@_failed$\ remains set to `0'. + +Once \$host@_lookup@_failed$\ is set to `1', Exim does not try to look up the +host name again if there is a subsequent reference to \$sender@_host@_name$\ +in the same Exim process, but it does try again if \$sender@_host@_deferred$\ +is set to `1'. +.nem Exim does not automatically look up every calling host's name. If you want maximum efficiency, you should arrange your configuration so that it avoids @@ -9886,6 +10440,19 @@ address, and `ident=$it{xxxx}' if an RFC 1413 ident string is available. If all three items are present in the parentheses, a newline and tab are inserted into the string, to improve the formatting of the ::Received:: header. +.em +.tempindent 0 +\$sender@_verify@_failure$\: In an ACL, when a sender verification fails, this +variable contains information about the failure. The details are the same as +for \$recipient@_verify@_failure$\. + +.tempindent 0 +\$smtp@_active@_hostname$\: During an SMTP session, this variable contains the +value of the active host name, as specified by the \smtp@_active@_hostname\ +option. The value of \$smtp@_active@_hostname$\ is saved with any message that +is received, so its value can be consulted during routing and delivery. +.nem + .index \\AUTH\\||argument .index \\EXPN\\||argument .index \\ETRN\\||argument @@ -9902,9 +10469,37 @@ This allows a system filter file to set values that can be tested in users' filter files. For example, a system filter could set a value indicating how likely it is that a message is junk mail. +.em +.tempindent 0 +\$spam@_$\\*xxx*\: A number of variables whose names start with \$spam$\ are +available when Exim is compiled with the content-scanning extension. For +details, see section ~~SECTscanspamass. +.nem + .tempindent 0 \$spool@_directory$\: The name of Exim's spool directory. +.em +.tempindent 0 +\$spool@_inodes$\: The number of free inodes in the disk partition where Exim's +spool files are being written. The value is recalculated whenever the variable +is referenced. If the relevant file system does not have the concept of inodes, +the value of is -1. +See also the \check@_spool@_inodes\ option. + +.tempindent 0 +\$spool@_space$\: The amount of free space (as a number of kilobytes) in the +disk partition where Exim's spool files are being written. The value is +recalculated whenever the variable is referenced. If the operating system does +not have the ability to find the amount of free space (only true for +experimental systems), the space value is -1. For example, to check in an ACL +that there is at least 50 megabytes free on the spool, you could write: +.display asis +condition = ${if > {$spool_space}{50000}} +.endd +See also the \check@_spool@_space\ option. +.nem + .tempindent 0 \$thisaddress$\: This variable is set only during the processing of the \foranyaddress\ command in a filter file. Its use is explained in the @@ -10003,6 +10598,7 @@ EXIM_PERL = perl.o .endd in your \(Local/Makefile)\ and then build Exim in the normal way. +.section Setting up so Perl can be used Access to Perl subroutines is via a global configuration option called .index \perl@_startup\ \perl@_startup\ and an expansion string operator \@$@{perl ...@}\. If there is @@ -10038,6 +10634,7 @@ overriding the setting of \perl@_at@_start\. There is also a command line option \-pd-\ (for delay) which suppresses the initial startup, even if \perl@_at@_start\ is set. +.section Calling Perl subroutines When the configuration file includes a \perl@_startup\ option you can make use of the string expansion item to call the Perl subroutines that are defined by the \perl@_startup\ code. The operator is used in any of the following @@ -10055,11 +10652,12 @@ Too many arguments passed to Perl subroutine "foo" (max is 8) .endd The return value of the Perl subroutine is evaluated in a scalar context before it is passed back to Exim to be inserted into the expanded string. If the -return value is \*undef*\, the expansion fails in the same way as an explicit -`fail' on an \@$@{if ...@}\ or \@$@{lookup...@}\ item. -If the subroutine aborts by obeying Perl's \die\ function, the expansion fails -with the error message that was passed to \die\. +return value is \*undef*\, the expansion is forced to fail in the same way as +an explicit `fail' on an \@$@{if ...@}\ or \@$@{lookup...@}\ item. If the +subroutine aborts by obeying Perl's \die\ function, the expansion fails with +the error message that was passed to \die\. +.section Calling Exim functions from Perl Within any Perl code called from Exim, the function \*Exim@:@:expand@_string*\ is available to call back into Exim's string expansion function. For example, the Perl code @@ -10084,6 +10682,32 @@ must supply it. \*Exim@:@:log@_write(<>)*\ writes the string to Exim's main log, adding a leading timestamp. In this case, you should not supply a terminating newline. +.em +.section Use of standard output and error by Perl +.index Perl||standard output and error +You should not write to the standard error or output streams from within your +Perl code, as it is not defined how these are set up. In versions of Exim +before 4.50, it is possible for the standard output or error to refer to the +SMTP connection during message reception via the daemon. Writing to this stream +is certain to cause chaos. From Exim 4.50 onwards, the standard output and +error streams are connected to \(/dev/null)\ in the daemon. The chaos is +avoided, but the output is lost. + +.index Perl||\warn\, use of +The Perl \warn\ statement writes to the standard error stream by default. Calls +to \warn\ may be embedded in Perl modules that you use, but over which you have +no control. When Exim starts up the Perl interpreter, it arranges for output +from the \warn\ statement to be written to the Exim main log. You can change +this by including appropriate Perl magic somewhere in your Perl code. For +example, to discard \warn\ output completely, you need this: +.display asis +$SIG{__WARN__} = sub { }; +.endd +Whenever a \warn\ is obeyed, the anonymous subroutine is called. In this +example, the code for the subroutine is empty, so it does nothing, but you can +include any Perl code that you like. The text of the \warn\ message is passed +as the first subroutine argument. +.nem . @@ -10235,6 +10859,33 @@ overrides \local@_interfaces\, leaving \daemon@_smtp@_ports\ unchanged. value of \daemon@_smtp@_ports\ is no longer relevant in this example.) +.em +.section Support for the obsolete SSMTP (or SMTPS) protocol +.rset SECTsupobssmt "~~chapter.~~section" +.index ssmtp protocol +.index smtps protocol +.index SMTP||ssmtp protocol +.index SMTP||smtps protocol +Exim supports the obsolete SSMTP protocol (also known as SMTPS) that was used +before the \\STARTTLS\\ command was standardized for SMTP. Some legacy clients +still use this protocol. If the \tls@_on@_connect@_ports\ option is set to a +list of port numbers, connections to those ports must use SSMTP. The most +common use of this option is expected to be +.display asis +tls_on_connect_ports = 465 +.endd +because 465 is the usual port number used by the legacy clients. There is also +a command line option \-tls-on-connect-\, which forces all ports to behave in +this way when a daemon is started. + +\**Warning**\: Setting \tls@_on@_connect@_ports\ does not of itself cause the +daemon to listen on those ports. You must still specify them in +\daemon@_smtp@_ports\, \local@_interfaces\, or the \-oX-\ option. (This is +because \tls@_on@_connect@_ports\ applies to \inetd\ connections as well as to +connections via the daemon.) +.nem + + .section IPv6 address scopes IPv6 addresses have `scopes', and a host with multiple hardware interfaces can, in principle, have the same link-local IPv6 address on different @@ -10243,7 +10894,7 @@ address, to distinguish individual interfaces. A convention of using a percent sign followed by something (often the interface name) has been adopted in some cases, leading to addresses like this: .display asis -3ffe:2101:12:1:a00:20ff:fe86:a061%eth0 +fe80::202:b3ff:fe03:45c1%eth0 .endd To accommodate this usage, a percent sign followed by an arbitrary string is allowed at the end of an IPv6 address. By default, Exim calls \*getaddrinfo()*\ @@ -10264,7 +10915,7 @@ function.) Of course, this means that the additional functionality of .section Examples of starting a listening daemon The default case in an IPv6 environment is .display asis -daemon_smtp_port = smtp +daemon_smtp_ports = smtp local_interfaces = <; ::0 ; 0.0.0.0 .endd This specifies listening on the smtp port on all IPv6 and IPv4 interfaces. @@ -10290,7 +10941,7 @@ To specify listening on the default port on specific interfaces only: .display asis local_interfaces = 192.168.34.67 : 192.168.34.67 .endd -\**Note**\: such a setting excludes listening on the loopback interfaces. +\**Warning**\: such a setting excludes listening on the loopback interfaces. .section Recognising the local host @@ -10343,7 +10994,6 @@ description of the smtp transport in chapter ~~CHAPsmtptrans for more details. - . . . @@ -10372,8 +11022,8 @@ This chapter specifies all the main configuration options, along with their types and default values. For ease of finding a particular option, they appear in alphabetical order in section ~~SECTalomo below. However, because there are now so many options, they are first listed briefly in functional groups, as an -aid to finding the name of the option you are looking for. -Some options are listed in more than one group. +aid to finding the name of the option you are looking for. Some options are +listed in more than one group. .set savedisplayflowcheck ~~displayflowcheck .set displayflowcheck 0 @@ -10385,6 +11035,11 @@ Some options are listed in more than one group. \keep@_malformed\ $t$rm{for broken files -- should not happen} \localhost@_number\ $t$rm{for unique message ids in clusters} \message@_body@_visible\ $t$rm{how much to show in \$message@_body$\} +.newline +.em +\mua@_wrapper\ $t$rm{run in `MUA wrapper' mode} +.nem +.newline \print@_topbitchars\ $t$rm{top-bit characters are printing} \timezone\ $t$rm{force time zone} .endd @@ -10419,6 +11074,10 @@ Some options are listed in more than one group. .section Logging .display flow rm .tabs 31 +.em +\hosts@_connection@_nolog\ $t$rm{exemption from connect logging} +.nem +.newline \log@_file@_path\ $t$rm{override compiled-in value} \log@_selector\ $t$rm{set/unset optional logging} \log@_timezone\ $t$rm{add timezone to log lines} @@ -10515,9 +11174,21 @@ Some options are listed in more than one group. \acl@_smtp@_helo\ $t$rm{set ACL for \\EHLO\\ or \\HELO\\} \acl@_smtp@_mail\ $t$rm{set ACL for \\MAIL\\} \acl@_smtp@_mailauth\ $t$rm{set ACL for \\AUTH\\ on \\MAIL\\ command} +.newline +.em +\acl@_smtp@_mime\ $t$rm{set ACL for MIME parts} +\acl@_smtp@_predata\ $t$rm{set ACL for start of data} +\acl@_smtp@_quit\ $t$rm{set ACL for \\QUIT\\} +.nem +.newline \acl@_smtp@_rcpt\ $t$rm{set ACL for \\RCPT\\} \acl@_smtp@_starttls\ $t$rm{set ACL for \\STARTTLS\\} \acl@_smtp@_vrfy\ $t$rm{set ACL for \\VRFY\\} +.newline +.em +\av@_scanner\ $t$rm{specify virus scanner} +.nem +.newline \header@_maxsize\ $t$rm{total size of message header} \header@_line@_maxsize\ $t$rm{individual header line limit} \helo@_accept@_junk@_hosts\ $t$rm{allow syntactic junk from these hosts} @@ -10532,6 +11203,11 @@ Some options are listed in more than one group. \local@_scan@_timeout\ $t$rm{timeout for \*local@_scan()*\} \message@_size@_limit\ $t$rm{for all messages} \percent@_hack@_domains\ $t$rm{recognize %-hack for these domains} +.newline +.em +\spamd@_address\ $t$rm{set interface to SpamAssassin} +.nem +.newline .endd .section Callout cache @@ -10549,15 +11225,16 @@ Some options are listed in more than one group. .tabs 31 \tls@_advertise@_hosts\ $t$rm{advertise TLS to these hosts} \tls@_certificate\ $t$rm{location of server certificate} -.newline \tls@_crl\ $t$rm{certificate revocation list} -.newline \tls@_dhparam\ $t$rm{DH parameters for server} +.newline +.em +\tls@_on@_connect@_ports\ $t$rm{specify SSMTP (SMTPS) ports} +.nem +.newline \tls@_privatekey\ $t$rm{location of server private key} \tls@_remember@_esmtp\ $t$rm{don't reset after starting TLS} -.newline \tls@_require@_ciphers\ $t$rm{specify acceptable cipers} -.newline \tls@_try@_verify@_hosts\ $t$rm{try to verify client certificate} \tls@_verify@_certificates\ $t$rm{expected client certificates} \tls@_verify@_hosts\ $t$rm{insist on client certificate verify} @@ -10726,7 +11403,7 @@ See also the \*Policy controls*\ section above. Those options that undergo string expansion before use are marked with $**$. .fi -.startconf +.startconf main .index \\8BITMIME\\ .index 8-bit characters @@ -10743,18 +11420,18 @@ Consequently, this option is turned off by default. This option defines the ACL that is run when a non-SMTP message is on the point of being accepted. See chapter ~~CHAPACL for further details. -.index ~~ACL||on SMTP connection -.conf acl@_smtp@_connect string$**$ unset -This option defines the ACL that is run when an SMTP connection is received. -See chapter ~~CHAPACL for further details. - .index ~~ACL||setting up for SMTP commands .index \\AUTH\\||ACL for .conf acl@_smtp@_auth string$**$ unset This option defines the ACL that is run when an SMTP \\AUTH\\ command is received. See chapter ~~CHAPACL for further details. -.index \\DATA\\, ACL for +.index ~~ACL||on SMTP connection +.conf acl@_smtp@_connect string$**$ unset +This option defines the ACL that is run when an SMTP connection is received. +See chapter ~~CHAPACL for further details. + +.index \\DATA\\, ACL for .conf acl@_smtp@_data string$**$ unset This option defines the ACL that is run after an SMTP \\DATA\\ command has been processed and the message itself has been received, but before the final @@ -10787,6 +11464,24 @@ This option defines the ACL that is run when there is an \\AUTH\\ parameter on a \\MAIL\\ command. See chapter ~~CHAPACL for details of ACLs, and chapter ~~CHAPSMTPAUTH for details of authentication. +.em +.index MIME content scanning||ACL for +.conf acl@_smtp@_mime string$**$ unset +This option is available when Exim is built with the content-scanning +extension. It defines the ACL that is run for each MIME part in a message. See +section ~~SECTscanmimepart for details. + +.conf acl@_smtp@_predata string$**$ unset +This option defines the ACL that is run when an SMTP \\DATA\\ command is +received, before the message itself is received. See chapter ~~CHAPACL for +further details. + +.index \\QUIT\\||ACL for +.conf acl@_smtp@_quit string$**$ unset +This option defines the ACL that is run when an SMTP \\QUIT\\ command is +received. See chapter ~~CHAPACL for further details. +.nem + .index \\RCPT\\||ACL for .conf acl@_smtp@_rcpt string$**$ unset This option defines the ACL that is run when an SMTP \\RCPT\\ command is @@ -10900,6 +11595,17 @@ changed since the last attempt. It is a way of saying `keep on trying, even though there are big problems'. See also \timeout@_frozen@_after\ and \ignore@_bounce@_errors@_after\. +.em +.conf av@_scanner string "see below" +This option is available if Exim is built with the content-scanning extension. +It specifies which anti-virus scanner to use. The default value is: +.display asis +sophie:/var/run/sophie +.endd +If the value of \av@_scanner\ starts with dollar character, it is expanded +before use. See section ~~SECTscanvirus for further details. +.nem + .conf bi@_command string unset .index \-bi-\ option This option supplies the name of a command that is run when Exim is called with @@ -11008,13 +11714,22 @@ See \check@_spool@_space\ below. .index disk space, checking .index spool directory||checking space The four \check@_...\ options allow for checking of disk resources before a -message is accepted. \check@_spool@_space\ and \check@_spool@_inodes\ check the -spool partition if either value is greater than zero, for example: +message is accepted. +.em +When any of these options are set, they apply to all incoming messages. If you +want to apply different checks to different kinds of message, you can do so +by testing the the variables \$log@_inodes$\, \$log@_space$\, +\$spool@_inodes$\, and \$spool@_space$\ in an ACL with appropriate additional +conditions. +.nem + +\check@_spool@_space\ and \check@_spool@_inodes\ check the spool partition if +either value is greater than zero, for example: .display asis check_spool_space = 10M check_spool_inodes = 100 .endd -The spool partition is the one which contains the directory defined by +The spool partition is the one that contains the directory defined by \\SPOOL@_DIRECTORY\\ in \(Local/Makefile)\. It is used for holding messages in transit. @@ -11047,11 +11762,15 @@ backward compatibility, \daemon@_smtp@_port\ (singular) is a synonym. .index warning of delay .index delay warning, specifying When a message is delayed, Exim sends a warning message to the sender at -intervals specified by this option. If it is set to a zero, no warnings are -sent. The data is a colon-separated list of times after which to send warning -messages. Up to 10 times may be given. If a message has been on the queue for -longer than the last time, the last interval between the times is used to -compute subsequent warning times. For example, with +intervals specified by this option. The data is a colon-separated list of times +after which to send warning messages. +.em +If the value of the option is an empty string or a zero time, no warnings are +sent. +.nem +Up to 10 times may be given. If a message has been on the queue for longer than +the last time, the last interval between the times is used to compute +subsequent warning times. For example, with .display asis delay_warning = 4h:8h:24h .endd @@ -11121,6 +11840,12 @@ You can make it apply to reverse lookups by a setting such as this: .display asis dns_again_means_nonexist = *.in-addr.arpa .endd +.em +This option applies to all DNS lookups that Exim does. The \%dnslookup%\ router +has some options of its own for controlling what happens when lookups for MX or +SRV records give temporary errors. These more specific options are applied +after the global option. +.nem .index DNS||pre-check of name syntax .conf dns@_check@_names@_pattern string "see below" @@ -11277,7 +12002,7 @@ envelope from a message's ::To::, ::Cc:: and ::Bcc:: headers, the command line addresses are removed from the recipients list. This is also how Smail behaves. However, other Sendmail documentation (the O'Reilly book) states that command line addresses are added to those obtained from the header lines. When -\extract@_addresses@_remove@_arguments\ is true (the default), Exim subtracts +\extract__addresses__remove__arguments\ is true (the default), Exim subtracts argument headers. If it is set false, Exim adds rather than removes argument addresses. @@ -11291,6 +12016,13 @@ errors. If \finduser@_retries\ is set greater than zero, Exim will try that many extra times to find a user or a group, waiting for one second between retries. +.index \(/etc/passwd)\, multiple reading of +.em +You should not set this option greater than zero if your user information is in +a traditional \(/etc/passwd)\ file, because it will cause Exim needlessly to +search the file multiple times for non-existent users, and also cause delay. +.nem + .conf freeze@_tell "string list, comma separated" unset .index freezing messages||sending a message when freezing On encountering certain errors, or when configured to do so in a system filter, @@ -11501,6 +12233,22 @@ sometimes without much delay. Normally, it is better to use an ACL to reject incoming messages at a later stage, such as after \\RCPT\\ commands. See chapter ~~CHAPACL. +.em +.conf hosts@_connection@_nolog "host list$**$" unset +.index host||not logging connections from +This option defines a list of hosts for which connection logging does not +happen, even though the \smtp@_connection\ log selector is set. For example, +you might want not to log SMTP connections from local processes, or from +127.0.0.1, or from your local LAN. This option is consulted in the main loop of +the daemon; you should therefore strive to restrict its value to a short inline +list of IP addresses and networks. To disable logging SMTP connections from +local processes, you must create a host list with an empty item. For example: +.display asis +hosts_connection_nolog = : +.endd +If the \smtp@_connection\ log selector is not set, this option has no effect. +.nem + .conf hosts@_treat@_as@_local "domain list$**$" unset .index local host||domains treated as .index host||treated as local @@ -11584,11 +12332,19 @@ has been built with LDAP support. .index ::From:: header line||disabling checking of When a message is submitted locally (that is, not over a TCP/IP connection) by an untrusted user, Exim removes any existing ::Sender:: header line, and checks -that the ::From:: header line matches the login of the calling user. You can -use \local@_from@_prefix\ and \local@_from@_suffix\ to permit affixes on the -local part. If the ::From:: header line does not match, Exim adds a ::Sender:: -header with an address constructed from the calling user's login and the -default qualify domain. +that the ::From:: header line matches +.em +the login of the calling user and the domain specified by \qualify@_domain\. + +\**Note**\: An unqualified address (no domain) in the ::From:: header in a +locally submitted message is automatically qualified by Exim, unless the +\-bnq-\ command line option is used. +.nem + +You can use \local@_from@_prefix\ and \local@_from@_suffix\ to permit affixes +on the local part. If the ::From:: header line does not match, Exim adds a +::Sender:: header with an address constructed from the calling user's login and +the default qualify domain. If \local@_from@_check\ is set false, the ::From:: header check is disabled, and no ::Sender:: header is ever added. If, in addition, you want to retain @@ -11599,7 +12355,12 @@ and no ::Sender:: header is ever added. If, in addition, you want to retain These options affect only the header lines in the message. The envelope sender is still forced to be the login id at the qualify domain unless \untrusted@_set@_sender\ permits the user to supply an envelope sender. -Section ~~SECTthesenhea has more details about ::Sender:: processing. + +.em +For messages received over TCP/IP, an ACL can specify `submission mode' to +request similar header line checking. See section ~~SECTthesenhea, which has +more details about ::Sender:: processing. +.nem .conf local@_from@_prefix string unset @@ -11628,8 +12389,12 @@ See \local@_from@_prefix\ above. This option controls which network interfaces are used by the daemon for listening; they are also used to identify the local host when routing. Chapter ~~CHAPinterfaces contains a full description of this option and the related -options \extra@_local@_interfaces\ and \hosts@_treat@_as@_local\. The default -value for \local@_interfaces\ is +options +.em +\daemon@_smtp@_ports\, \extra@_local@_interfaces\, \hosts@_treat@_as@_local\, +and \tls@_on@_connect@_ports\. +.nem +The default value for \local@_interfaces\ is .display asis local_interfaces = 0.0.0.0 .endd @@ -11810,6 +12575,13 @@ and \(Fmsglog)\, respectively. There is currently no support in Exim or the standard utilities for handling such moved messages, and they do not show up in lists generated by \-bp-\ or by the Exim monitor. +.em +.conf mua@_wrapper boolean false +Setting this option true causes Exim to run in a very restrictive mode in which +it passes messages synchronously to a smart host. Chapter ~~CHAPnonqueueing +contains a full description of this facility. +.nem + .conf mysql@_servers "string list" unset .index MySQL||server list This option provides a list of MySQL servers and associated connection data, to @@ -11960,26 +12732,31 @@ admin user unless \prod@_requires@_admin\ is set false. See also .conf qualify@_domain string "see below" .index domain||for qualifying addresses .index address||qualification -This option specifies the domain name that is added to any sender addresses -that do not have a domain qualification. It also applies to recipient addresses -if \qualify@_recipient\ is not set. Such addresses are accepted by default only -for locally-generated messages. Messages from external sources must always -contain fully qualified addresses, unless the sending host matches -\sender@_unqualified@_hosts\ or \recipient@_unqualified@_hosts\ (as -appropriate), in which case incoming addresses are qualified with -\qualify@_domain\ or \qualify@_recipient\ as necessary. Internally, Exim always -works with fully qualified addresses. -If \qualify@_domain\ is not set, it defaults to the \primary@_hostname\ value. +This option specifies the domain name that is added to any envelope sender +addresses that do not have a domain qualification. It also applies to +recipient addresses if \qualify@_recipient\ is not set. +.em +Unqualified addresses are accepted by default only for locally-generated +messages. + +Qualification is also applied to addresses in header lines such as ::From:: and +::To:: for locally-generated messages, unless the \-bnq-\ command line option +is used. +.nem + +Messages from external sources must always contain fully qualified addresses, +unless the sending host matches \sender@_unqualified@_hosts\ or +\recipient@_unqualified@_hosts\ (as appropriate), in which case incoming +addresses are qualified with \qualify@_domain\ or \qualify@_recipient\ as +necessary. Internally, Exim always works with fully qualified envelope +addresses. If \qualify@_domain\ is not set, it defaults to the +\primary@_hostname\ value. .conf qualify@_recipient string "see below" -This specifies the domain name that is added to any recipient addresses that do -not have a domain qualification. Such addresses are accepted by default only -for locally-generated messages. Messages from external sources must always -contain fully qualified recipient addresses, unless the sending host matches -\recipient@_unqualified@_hosts\, -in which case incoming recipient addresses are qualified with -\qualify@_recipient\. -If \qualify@_recipient\ is not set, it defaults to the \qualify@_domain\ value. +.em +This option allows you to specify a different domain for qualifying recipient +addresses to the one that is used for senders. See \qualify@_domain\ above. +.nem .conf queue@_domains "domain list$**$" unset .index domain||specifying non-immediate delivery @@ -12047,13 +12824,18 @@ override; they are accepted, but ignored. .index queue runner||processing messages in order If this option is set, queue runs happen in order of message arrival instead of in an arbitrary order. For this to happen, a complete list of the entire queue -must be set up before the deliveries start. When the queue is all in a single -directory (the default), this happens anyway, but if \split@_spool@_directory\ -is set it does not -- for delivery in random order, the sub-directories are -processed one at a time (in random order), to avoid setting up one huge list. -Thus, setting \queue@_run@_in@_order\ with \split@_spool@_directory\ may -degrade performance when the queue is large. In most situations, -\queue@_run@_in@_order\ should not be set. +must be set up before the deliveries start. When the queue is all held in a +single directory (the default), +.em +a single list is created for both the ordered and the non-ordered cases. +However, if \split@_spool@_directory\ is set, a single list is not created when +\queue@_run@_in@_order\ is false. In this case, the sub-directories are +processed one at a time (in a random order), and this avoids setting up one +huge list for the whole queue. Thus, setting \queue@_run@_in@_order\ with +\split@_spool@_directory\ may degrade performance when the queue is large, +because of the extra work in setting up the single, large list. In most +situations, \queue@_run@_in@_order\ should not be set. +.nem .conf queue@_run@_max integer 5 .index queue runner||maximum number of @@ -12201,10 +12983,10 @@ delivers only one message at a time, the maximum number of deliveries that can then take place at once is \queue@_run@_max\ multiplied by \remote@_max@_parallel\. -If it is purely remote deliveries you want to control, use \queue@_smtp\ -instead of \queue@_only\. This has the added benefit of doing the SMTP routing -before queuing, so that several messages for the same host will eventually get -delivered down the same connection. +If it is purely remote deliveries you want to control, use +\queue@_smtp@_domains\ instead of \queue@_only\. This has the added benefit of +doing the SMTP routing before queuing, so that several messages for the same +host will eventually get delivered down the same connection. .conf remote@_sort@_domains "domain list$**$" unset .index sorting remote deliveries @@ -12396,18 +13178,24 @@ This option is provided for multi-homed servers that want to masquerade as several different hosts. At the start of an SMTP connection, its value is expanded and used instead of the value of \$primary@_hostname$\ in SMTP responses. For example, it is used as domain name in the response to an -incoming \\HELO\\ or \\EHLO\\ command. If this option is unset, or if its -expansion is forced to fail, or if the expansion results in an empty string, -the value of \$primary@_hostname$\ is used. Other expansion failures cause a -message to be written to the main and panic logs, and the SMTP command receives -a temporary error. Typically, the value of \smtp@_active@_hostname\ depends on -the incoming interface address. For example: +incoming \\HELO\\ or \\EHLO\\ command. +.em +It is also used in \\HELO\\ commands for callout verification. +The active hostname is placed in the \$smtp__active__hostname$\ variable, which +is saved with any messages that are received. It is therefore available for use +in routers and transports when the message is later delivered. +.nem + +If this option is unset, or if its expansion is forced to fail, or if the +expansion results in an empty string, the value of \$primary@_hostname$\ is +used. Other expansion failures cause a message to be written to the main and +panic logs, and the SMTP command receives a temporary error. Typically, the +value of \smtp@_active@_hostname\ depends on the incoming interface address. +For example: .display asis smtp_active_hostname = ${if eq{$interface_address}{10.0.0.1}\ {cox.mydomain}{box.mydomain}} .endd -If you set \smtp@_active@_hostname\, you probably also want to set -\smtp@_banner\, since its default value references \$primary@_hostname$\. .conf smtp@_banner string$**$ "see below" .index SMTP||welcome banner @@ -12417,8 +13205,10 @@ If you set \smtp@_active@_hostname\, you probably also want to set This string, which is expanded every time it is used, is output as the initial positive response to an SMTP connection. The default setting is: .display asis -smtp_banner = $primary_hostname ESMTP Exim $version_number \ - $tod_full +.em +smtp_banner = $smtp_active_hostname ESMTP Exim \ + $version_number $tod_full +.nem .endd Failure to expand the string causes a panic error. If you want to create a multiline response to the initial SMTP connection, use `@\n' in the string at @@ -12455,15 +13245,22 @@ attacks by SYN flooding. The SMTP protocol specification requires the client to wait for a response from the server at certain points in the dialogue. Without \\PIPELINING\\ these synchronization points are after every command; with \\PIPELINING\\ they are -fewer, but they still exist. Some spamming sites send out a complete set of -SMTP commands without waiting for any response. Exim protects against this by -rejecting a message if the client has sent further input when it should not -have. The error response `554 SMTP synchronization error' is sent, and the -connection is dropped. Testing for this error cannot be perfect because of -transmission delays (unexpected input may be on its way but not yet received -when Exim checks). However, it does detect many instances. The check can be -disabled by setting \smtp@_enforce@_sync\ false. -See also \pipelining@_advertise@_hosts\. +fewer, but they still exist. + +Some spamming sites send out a complete set of SMTP commands without waiting +for any response. Exim protects against this by rejecting a message if the +client has sent further input when it should not have. The error response `554 +SMTP synchronization error' is sent, and the connection is dropped. Testing for +this error cannot be perfect because of transmission delays (unexpected input +may be on its way but not yet received when Exim checks). However, it does +detect many instances. + +.em +The check can be globally disabled by setting \smtp@_enforce@_sync\ false. +If you want to disable the check selectively (for example, only for certain +hosts), you can do so by an appropriate use of a \control\ modifier in an ACL +(see section ~~SECTcontrols). See also \pipelining@_advertise@_hosts\. +.nem .conf smtp@_etrn@_command string$**$ unset .index \\ETRN\\||command to be run @@ -12617,6 +13414,13 @@ example, instead of `Administrative prohibition', it might give: 550 failing address in "From" header is: {$message_age}{600}} +.endd +Because of the default behaviour of the string expansion, this is equivalent to +.display asis +condition = ${if >{$message_age}{600}{true}{}} +.endd +.nem If the expansion fails (other than forced failure) delivery is deferred. Some -of the other options below are common special cases that could in fact be -specified using \condition\. -Note that \condition\ is the last precondition to be evaluated (see -section ~~SECTrouprecon). +of the other precondition options are common special cases that could in fact +be specified using \condition\. .conf debug@_print string$**$ unset @@ -13333,66 +14179,41 @@ the discussion in chapter ~~CHAPenvironment. .conf headers@_add string$**$ unset .index header lines||adding .index router||adding header lines +.em This option specifies a string of text that is expanded at routing time, and -associated with any addresses that are processed by the router -when delivering a message. This option has no effect when an address is just -being verified. +associated with any addresses that are accepted by the router. However, this +option has no effect when an address is just being verified. The way in which +the text is used to add header lines at transport time is described in section +~~SECTheadersaddrem. The \headers@_add\ option is expanded after \errors@_to\, but before -\headers@_remove\ and \transport\. -If the expanded string is empty, or if the expansion is forced to fail, the -option has no effect. Other expansion failures are treated as configuration -errors. The expanded string must be in the form of one or more RFC 2822 header -lines, separated by newlines (coded as `@\n'). For example: -.display asis -headers_add = X-added-header: added by $primary_hostname\n\ - X-added-second: another added header line -.endd -Exim does not check the syntax of these added header lines. If an address -passes through several routers as a result of aliasing or forwarding -operations, any \headers@_add\ or \headers@_remove\ specifications are -cumulative. This does not apply for multiple routers that result from the use -of `unseen'. +\headers@_remove\ and \transport\. If the expanded string is empty, or if the +expansion is forced to fail, the option has no effect. Other expansion failures +are treated as configuration errors. -At transport time, all the original headers listed in \headers__remove\ are -removed. If there are multiple instances of any listed header, they are all -removed. -Then the new headers specified by \headers@_add\ are added, in the order in -which they were attached to the address. Finally, any additional headers -specified by the transport are added. It is not possible to remove headers -added to an address by \headers@_add\. - -Because the addition does not happen until transport time, header lines that -are added by \headers@_add\ are not accessible by means of the \$header@_xxx$\ -expansion syntax. Conversely, header lines that are removed by -\headers@_remove\ remain visible. - -Addresses with different \headers@_add\ or \headers@_remove\ settings cannot be -delivered together in a batch. The \headers@_add\ option cannot be used for a -\%redirect%\ router that has the \one@_time\ option set. +\**Warning**\: The \headers@_add\ option cannot be used for a \%redirect%\ +router that has the \one@_time\ option set. +.nem .conf headers@_remove string$**$ unset .index header lines||removing .index router||removing header lines -The string is expanded at routing time and is then associated with any -addresses that are processed by the router when delivering a message. This -option has no effect when an address is being verified. The \headers@_remove\ -option is expanded after \errors@_to\ and \headers@_add\, but before -\transport\. If the expansion is forced to fail, the option has no effect. -Other expansion failures are treated as configuration errors. - -After expansion, the string must consist of a colon-separated list of header -names. This is confusing, because header names themselves are often terminated -by colons. In this case, the colons are the list separators, not part of the -names. -For example: -.display asis -headers_remove = return-receipt-to:acknowledge-to -.endd -The list is used at transport time as described under \headers@_add\ above. The -\headers@_remove\ option cannot be used for a \%redirect%\ router that has the -\one@_time\ option set. +.em +This option specifies a string of text that is expanded at routing time, and +associated with any addresses that are accepted by the router. However, this +option has no effect when an address is just being verified. The way in which +the text is used to remove header lines at transport time is described in +section ~~SECTheadersaddrem. + +The \headers@_remove\ option is expanded after \errors@_to\ and \headers@_add\, +but before \transport\. If the expansion is forced to fail, the option has no +effect. Other expansion failures are treated as configuration errors. + +\**Warning**\: The \headers@_remove\ option cannot be used for a \%redirect%\ +router that has the \one@_time\ option set. +.nem + .conf ignore@_target@_hosts "host list$**$" unset .index IP address||discarding @@ -13409,11 +14230,10 @@ by setting .display asis ignore_target_hosts = 127.0.0.1 .endd -on the relevant router. -If all the hosts found by a \%dnslookup%\ router are discarded in this way, the -router declines. In a conventional configuration, an attempt to mail to such a -domain would then normally provoke the `unrouteable domain' error, and an -attempt to verify an address in the domain would fail. +on the relevant router. If all the hosts found by a \%dnslookup%\ router are +discarded in this way, the router declines. In a conventional configuration, an +attempt to mail to such a domain would normally provoke the `unrouteable +domain' error, and an attempt to verify an address in the domain would fail. Similarly, if \ignore@_target@_hosts\ is set on an \%ipliteral%\ router, the router declines if presented with one of the listed addresses. @@ -13422,6 +14242,10 @@ This option may also be useful for ignoring link-local and site-local IPv6 addresses. Because, like all host lists, the value of \ignore@_target@_hosts\ is expanded before use as a list, it is possible to make it dependent on the domain that is being routed. +.em +During its expansion, \$host@_address$\ is set to the IP address that is being +checked. +.nem @@ -13656,16 +14480,22 @@ may yield the error \\EACCES\\ (`Permission denied'). This means that the Exim user is not permitted to read one of the directories on the file's path. \**Warning 2**\: Even when Exim is running as root while delivering a message, -\*stat()*\ can yield \\EACCES\\ for a file on an NFS directory that is mounted +\*stat()*\ can yield \\EACCES\\ for a file in an NFS directory that is mounted without root access. +.em +In this case, if a check for access by a particular user is requested, Exim +creates a subprocess that runs as that user, and tries the check again in that +process. -In both cases, -the default action is to consider this a configuration error, and routing is -deferred because the existence or non-existence of the file cannot be -determined. However, in some circumstances it may be desirable to treat this -condition as if the file did not exist. If the file name (or the exclamation -mark that precedes the file name for non-existence) is preceded by a plus sign, -the \\EACCES\\ error is treated as if the file did not exist. For example: +The default action for handling an unresolved \\EACCES\\ is to consider it to +be caused by a configuration error, +.nem +and routing is deferred because the existence or non-existence of the file +cannot be determined. However, in some circumstances it may be desirable to +treat this condition as if the file did not exist. If the file name (or the +exclamation mark that precedes the file name for non-existence) is preceded by +a plus sign, the \\EACCES\\ error is treated as if the file did not exist. For +example: .display asis require_files = +/some/file .endd @@ -13855,10 +14685,9 @@ are doing. This option specifies the transport to be used when a router accepts an address and sets it up for delivery. A transport is never needed if a router is used only for verification. The value of the option is expanded at routing time, -after the expansion of \errors@_to\, -\headers@_add\, and \headers@_remove\, -and result must be the name of one of the configured transports. If it is -not, delivery is deferred. +after the expansion of \errors@_to\, \headers@_add\, and \headers@_remove\, and +result must be the name of one of the configured transports. If it is not, +delivery is deferred. The \transport\ option is not used by the \%redirect%\ router, but it does have some private options that set up transports for pipe and file deliveries (see @@ -14030,9 +14859,9 @@ address for the \%local@_delivery%\ transport. .set runningfoot "dnslookup router" .index \%dnslookup%\ router .index routers||\%dnslookup%\ -The \%dnslookup%\ router looks up the hosts that handle mail for the given -domain in the DNS. A transport must always be set for this router, unless -\verify@_only\ is set. +The \%dnslookup%\ router looks up the hosts that handle mail for the +recipient's domain in the DNS. A transport must always be set for this router, +unless \verify@_only\ is set. If SRV support is configured (see \check@_srv\ below), Exim first searches for SRV records. If none are found, or if SRV support is not configured, @@ -14057,11 +14886,33 @@ If the host pointed to by the highest priority MX record, or looked up as an address record, is the local host, or matches \hosts__treat__as__local\, what happens is controlled by the generic \self\ option. -There are a number of private options that can be used to vary the way the DNS -lookup is handled. +.em +.section Problems with DNS lookups +.rset SECTprowitdnsloo "~~chapter.~~section" +There have been problems with DNS servers when SRV records are looked up. +Some mis-behaving servers return a DNS error or timeout when a non-existent +SRV record is sought. Similar problems have in the past been reported for +MX records. The global \dns@_again@_means@_nonexist\ option can help with this +problem, but it is heavy-handed because it is a global option. + +For this reason, there are two options, \srv@_fail@_domains\ and +\mx@_fail@_domains\, that control what happens when a DNS lookup in a +\%dnslookup%\ router results in a DNS failure or a `try again' response. If an +attempt to look up an SRV or MX record causes one of these results, and the +domain matches the relevant list, Exim behaves as if the DNS had responded `no +such record'. In the case of an SRV lookup, this means that the router proceeds +to look for MX records; in the case of an MX lookup, it proceeds to look for A +or AAAA records, unless the domain matches \mx@_domains\, in which case routing +fails. +.nem + + +.section Private options for dnslookup +The private options for the \%dnslookup%\ router are as follows: + +.startconf dnslookup -.startconf .index options||\%dnslookup%\ router .conf check@_secondary@_mx boolean false .index MX record||checking for secondary @@ -14073,7 +14924,7 @@ the local host is described in section ~~SECTreclocipadd. .conf check@_srv string$**$ unset .index SRV record||enabling use of -The dnslookup router supports the use of SRV records (see RFC 2782) in +The \%dnslookup%\ router supports the use of SRV records (see RFC 2782) in addition to MX and address records. The support is disabled by default. To enable SRV support, set the \check@_srv\ option to the name of the service required. For example, @@ -14088,21 +14939,25 @@ option is ignored, and the router proceeds to look for MX records in the normal way. When the expansion succeeds, the router searches first for SRV records for -the given service (it assumes TCP protocol). A single SRV record with the -host name \"."\ indicates `no such service for this domain'; if this is -encountered, the router declines. If other kinds of SRV record are found, -they are used to construct a host list for delivery according to the rules -of RFC 2782. MX records are not sought in this case. - -However, when no SRV records are found, MX records (and address records) -are sought in the traditional way. In other words, SRV records take -precedence over MX records, just as MX records take precedence over address -records. Note that this behaviour is not sanctioned by RFC 2782, though a -previous draft RFC defined it. It is apparently believed that MX records -are sufficient for email and that SRV records should not be used for this -purpose. However, SRV records have an additional `weight' feature which -some people might find useful when trying to split an SMTP load between -hosts of different power. +the given service (it assumes TCP protocol). A single SRV record with a +host name that consists of just a single dot indicates `no such service for +this domain'; if this is encountered, the router declines. If other kinds of +SRV record are found, they are used to construct a host list for delivery +according to the rules of RFC 2782. MX records are not sought in this case. + +When no SRV records are found, MX records (and address records) are sought in +the traditional way. In other words, SRV records take precedence over MX +records, just as MX records take precedence over address records. Note that +this behaviour is not sanctioned by RFC 2782, though a previous draft RFC +defined it. It is apparently believed that MX records are sufficient for email +and that SRV records should not be used for this purpose. However, SRV records +have an additional `weight' feature which some people might find useful when +trying to split an SMTP load between hosts of different power. + +.em +See section ~~SECTprowitdnsloo above for a discussion of Exim's behaviour when +there is a DNS lookup error. +.nem .conf mx@_domains "domain list$**$" unset .index MX record||required to exist @@ -14119,6 +14974,14 @@ This specifies that messages addressed to a domain that matches the list but has no MX record should be bounced immediately instead of being routed using the address record. +.em +.conf mx@_fail@_domains "domain list$**$" unset +If the DNS lookup for MX records for one of the domains in this list causes a +DNS lookup error, Exim behaves as if no MX records were found. See section +~~SECTprowitdnsloo for more discussion. +.nem + + .conf qualify@_single boolean true .index DNS||resolver options .index DNS||qualifying single-component names @@ -14194,6 +15057,15 @@ Setting this option true can cause problems in domains that have a wildcard MX record, because any domain that does not have its own MX record matches the local wildcard. + +.em +.conf srv@_fail@_domains "domain list$**$" unset +If the DNS lookup for SRV records for one of the domains in this list causes a +DNS lookup error, Exim behaves as if no SRV records were found. See section +~~SECTprowitdnsloo for more discussion. +.nem + + .conf widen@_domains "string list" unset .index domain||partial, widening If a DNS lookup fails and this option is set, each of its strings in turn is @@ -14276,8 +15148,9 @@ Exim will not recognize the domain literal syntax in addresses. .index \%iplookup%\ router .index routers||\%iplookup%\ The \%iplookup%\ router was written to fulfil a specific requirement in -Cambridge University. For this reason, it is not included in the binary of Exim -by default. If you want to include it, you must set +Cambridge University (which in fact no longer exists). For this reason, it is +not included in the binary of Exim by default. If you want to include it, you +must set .display asis ROUTER_IPLOOKUP=yes .endd @@ -14307,7 +15180,7 @@ in many cases saves doing any remote delivery at all. Since \%iplookup%\ is just a rewriting router, a transport must not be specified for it. -.startconf +.startconf iplookup .index options||\%iplookup%\ router .conf hosts string unset @@ -14414,7 +15287,7 @@ following the list of private options. The private options for the \%manualroute%\ router are as follows: -.startconf +.startconf manualroute .index options||\%manualroute%\ router .conf host@_find@_failed string "freeze" @@ -14839,7 +15712,7 @@ it is possible to use the precondition options (\domains\, \local@_parts\, etc) to skip this router for most addresses, it could sensibly be used in special cases, even on a busy host. There are the following private options: -.startconf +.startconf queryprogram .index options||\%queryprogram%\ router .conf command string$**$ unset This option must be set. It specifies the command that is to be run. The @@ -14874,8 +15747,12 @@ timeout. The standard output of the command is connected to a pipe, which is read when the command terminates. It should consist of a single line of output, -containing up to five fields, separated by white space. The first field is one -of the following words (case-insensitive): +containing up to five fields, separated by white space. +.em +The maximum length of the line is 1023 characters. Longer lines are silently +truncated. +.nem +The first field is one of the following words (case-insensitive): .numberpars $. \*Accept*\: routing succeeded; the remaining fields specify what to do (see below). @@ -14929,8 +15806,8 @@ variable. For example, this return line .display asis accept hosts=x1.y.example:x2.y.example data="rule1" .endd -routes the address to the default transport, with a host list containing two -hosts. When the transport runs, the string `rule1' is in \$address@_data$\. +routes the address to the default transport, passing a list of two hosts. When +the transport runs, the string `rule1' is in \$address@_data$\. @@ -15255,12 +16132,20 @@ text associated with the failure. For example, an alias file might contain: X.Employee: :fail: Gone away, no forwarding address .endd In the case of an address that is being verified from an ACL or as the subject -of a \\VRFY\\ command, the text is included in the SMTP error response by -default. In an ACL, an explicitly provided message overrides the default, but -the default message is available in the variable \$acl@_verify@_message$\ and -can therefore be included in a custom message if this is desired. Exim sends a -451 SMTP code for a :::defer::, and 550 for :::fail::. In non-SMTP cases the -text is included in the error message that Exim generates. +of a +.index \\VRFY\\||error text, display of +\\VRFY\\ command, the text is included in the SMTP error response by +default. +.em +.index \\EXPN\\||error text, display of +The text is not included in the response to an \\EXPN\\ command. +.nem + +In an ACL, an explicitly provided message overrides the default, but the +default message is available in the variable \$acl@_verify@_message$\ and can +therefore be included in a custom message if this is desired. Exim sends a 451 +SMTP code for a :::defer::, and 550 for :::fail::. In non-SMTP cases the text +is included in the error message that Exim generates. @@ -15337,7 +16222,7 @@ deferred. See also \syntax@_errors@_to\. The private options for the \%redirect%\ router are as follows: -.startconf +.startconf redirect .index options||\%redirect%\ router .conf allow@_defer boolean false @@ -15356,12 +16241,17 @@ and the \fail\ command may be used in a filter file. Setting this option allows Exim to interpret redirection data that starts with `@#Exim filter' or `@#Sieve filter' as a set of filtering instructions. There are some features of Exim filter files that some administrators may wish to -lock out; see the \forbid@_filter@_xxx\ options below. The filter is run using -the uid and gid set by the generic \user\ and \group\ options. These take their -defaults from the password data if \check@_local@_user\ is set, so in the -normal case of users' personal filter files, the filter is run as the relevant -user. When \allow@_filter\ is set true, Exim insists that either -\check@_local@_user\ or \user\ is set. +lock out; see the \forbid@_filter@_xxx\ options below. +.em +It is also possible to lock out Exim filters or Sieve filters while allowing +the other type; see \forbid@_exim@_filter\ and \forbid@_sieve@_filter\. +.nem + +The filter is run using the uid and gid set by the generic \user\ and \group\ +options. These take their defaults from the password data if +\check@_local@_user\ is set, so in the normal case of users' personal filter +files, the filter is run as the relevant user. When \allow@_filter\ is set +true, Exim insists that either \check@_local@_user\ or \user\ is set. .conf allow@_freeze boolean false @@ -15468,6 +16358,13 @@ When it is running, the file name is in \$address@_file$\. If this option is true, the :::blackhole:: item may not appear in a redirection list. +.em +.conf forbid@_exim@_filter boolean false +If this option is set true, only Sieve filters are permitted when +\allow@_filter\ is true. +.nem + + .conf forbid@_file boolean false .index delivery||to file, forbidding .index Sieve filter||forbidding delivery to a file @@ -15508,9 +16405,11 @@ to make use of \readsocket\ items. .conf forbid@_filter@_reply boolean false If this option is true, this router may not generate an automatic reply -message. Automatic replies can be generated only from Exim filter files, not -from traditional forward files or Sieve filters. This option is forced to be -true if \one@_time\ is set. +message. Automatic replies can be generated only from Exim +.em +or Sieve filter files, not from traditional forward files. +.nem +This option is forced to be true if \one@_time\ is set. .conf forbid@_filter@_run boolean false If this option is true, string expansions in Exim filter files are not allowed @@ -15529,6 +16428,13 @@ If this option is true, this router may not generate a new address which specifies delivery to a pipe, either from an Exim filter or from a conventional forward file. This option is forced to be true if \one@_time\ is set. +.em +.conf forbid@_sieve@_filter boolean false +If this option is set true, only Exim filters are permitted when +\allow@_filter\ is true. +.nem + + .conf hide@_child@_in@_errmsg boolean false .index bounce message||redirection details, suppressing If this option is true, it prevents Exim from quoting a child address if it @@ -15618,13 +16524,6 @@ This specifies a list of permitted groups for the file specified by \file\. The list is in addition to the local user's primary group when \check@_local@_user\ is set. See \check@_group\ above. -.conf qualify@_domain string$**$ unset -If this option is set and an unqualified address (one without a domain) is -generated, it is qualified with the domain specified by expanding this string, -instead of the global setting in \qualify@_recipient\. If the expansion fails, -the router declines. If you want to revert to the default, you can have the -expansion generate \$qualify@_recipient$\. - .conf pipe@_transport string$**$ unset A \%redirect%\ router sets up a direct delivery to a pipe when a string starting with a vertical bar character is specified as a new `address'. The transport @@ -15633,6 +16532,13 @@ configured transport. This should normally be a \%pipe%\ transport. When the transport is run, the pipe command is in \$address@_pipe$\. +.conf qualify@_domain string$**$ unset +If this option is set and an unqualified address (one without a domain) is +generated, it is qualified with the domain specified by expanding this string, +instead of the global setting in \qualify@_recipient\. If the expansion fails, +the router declines. If you want to revert to the default, you can have the +expansion generate \$qualify@_recipient$\. + .conf qualify@_preserve@_domain boolean false .index domain||in redirection, preserving .index preserving domain in redirection @@ -15662,6 +16568,17 @@ If this option is set false, addresses generated by the router are not subject to address rewriting. Otherwise, they are treated like new addresses and are rewritten according to the global rewriting rules. + +.em +.conf sieve@_vacation@_directory string$**$ unset +.index Sieve filter||vacation directory +To enable the `vacation' extension for Sieve filters, you must set +\sieve@_vacation@_directory\ to the directory where vacation databases are held +(do not put anything else in that directory), and ensure that the +\reply@_transport\ option refers to an \%autoreply%\ transport. +.nem + + .conf skip@_syntax@_errors boolean false .index forward file||broken .index address redirection||broken files @@ -15689,8 +16606,11 @@ taken. The incident is logged, and the router declines to handle the address, so it is passed to the following routers. .index Sieve filter||syntax errors in -Currently, any syntax errors in a Sieve filter file cause the `keep' action to -occur. The values of \skip@_syntax@_errors\, \syntax@_errors@_to\, and +.em +Syntax errors in a Sieve filter file cause the `keep' action to +occur. This action is specified by RFC 3028. +.nem +The values of \skip@_syntax@_errors\, \syntax@_errors@_to\, and \syntax@_errors@_text\ are not used. \skip@_syntax@_errors\ can be used to specify that errors in users' forward @@ -15761,7 +16681,7 @@ mailboxes run under the uid and gid of the local user. Exim also sets a specific current directory while running the transport; for some transports a home directory setting is also relevant. The \%pipe%\ -transport is the only one which sets up environment variables; see section +transport is the only one that sets up environment variables; see section ~~SECTpipeenv for details. The values used for the uid, gid, and the directories may come from several @@ -15770,6 +16690,31 @@ settings with that address as a result of its \check@_local@_user\, \group\, or \user\ options. However, values may also be given in the transport's own configuration, and these override anything that comes from the router. + +.em +.section Concurrent deliveries +.index concurrent deliveries +.index simultaneous deliveries +If two different messages for the same local recpient arrive more or less +simultaneously, the two delivery processes are likely to run concurrently. When +the \%appendfile%\ transport is used to write to a file, Exim applies locking +rules to stop concurrent processes from writing to the same file at the same +time. + +However, when you use a \%pipe%\ transport, it is up to you to arrange any +locking that is needed. Here is a silly example: +.display asis +my_transport: + driver = pipe + command = /bin/sh -c 'cat >>/some/file' +.endd +This is supposed to write the message at the end of the file. However, if two +messages arrive at the same time, the file will be scrambled. You can use the +\exim@_lock\ utility program (see section ~~SECTmailboxmaint) to lock a file +using the same algorithm that Exim itself uses. +.nem + + .section Uids and gids .rset SECTenvuidgid "~~chapter.~~section" .index local transports||uid and gid @@ -15871,7 +16816,7 @@ domain, and \$original@_domain$\ is never set. .index transport||generic options for The following generic options apply to all transports: -.startconf +.startconf transports .conf body@_only boolean false .index transport||body only .index message||transporting body only @@ -15939,22 +16884,14 @@ value that the router supplies, and also overriding any value associated with .conf headers@_add string$**$ unset .index header lines||adding in transport .index transport||header lines, adding -This option specifies a string of text which is expanded and added to the -header portion of a message as it is transported. If the result of the -expansion is an empty string, or if the expansion is forced to fail, no action -is taken. Other expansion failures are treated as errors and cause the delivery -to be deferred. The expanded string should be in the form of one or more RFC -2822 header lines, separated by newlines (coded as `@\n'), for example: -.display asis -headers_add = X-added: this is a header added at $tod_log\n\ - X-added: this is another -.endd -Exim does not check the syntax of these added header lines. They are added at -the end of the existing header lines. If you include a blank line within the -string, you can subvert this facility into adding text at the start of the -message's body. This is not recommended. Additional header lines can also be -specified by routers. See chapter ~~CHAProutergeneric and section -~~SECTheadersaddrem. +.em +This option specifies a string of text that is expanded and added to the header +portion of a message as it is transported, as described in section +~~SECTheadersaddrem. Additional header lines can also be specified by routers. +If the result of the expansion is an empty string, or if the expansion is +forced to fail, no action is taken. Other expansion failures are treated as +errors and cause the delivery to be deferred. +.nem .conf headers@_only boolean false .index transport||header lines only @@ -15968,22 +16905,14 @@ checked, since this option does not automatically suppress them. .conf headers@_remove string$**$ unset .index header lines||removing .index transport||header lines, removing -This option is expanded; the result must consist of a colon-separated list of -header names, not including the terminating colon, for example: -.display asis -headers_remove = return-receipt-to:acknowledge-to -.endd -Any existing headers matching those names are not included in any message that -is transmitted by the transport. -If the result of the expansion is an empty string, or if the expansion is -forced to fail, no action is taken. Other expansion failures are treated as +.em +This option specifies a string that is expanded into a list of header names; +these headers are omitted from the message as it is transported, as described +in section ~~SECTheadersaddrem. Header removal can also be specified by +routers. If the result of the expansion is an empty string, or if the expansion +is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred. - -If there are multiple instances of a header, they are all removed. However, -added headers may have these names. Thus it is possible to replace a header by -specifying it in \headers@_remove\ and supplying the replacement in -\headers@_add\. Headers to be removed can also be specified by routers. See -chapter ~~CHAProutergeneric and section ~~SECTheadersaddrem. +.nem .conf headers@_rewrite string unset .index transport||header lines, rewriting @@ -16169,12 +17098,20 @@ message, including the header lines, is passed to it on its standard input (this in fact is done from a third process, to avoid deadlock). The command must be specified as an absolute path. +.em +The lines of the message that are written to the transport filter are +terminated by newline (`@\n'). +.nem The message is passed to the filter before any SMTP-specific processing, such as turning `@\n' into `@\r@\n' and escaping lines beginning with a dot, and also before any processing implied by the settings of \check@_string\ and \escape@_string\ in the \%appendfile%\ or \%pipe%\ transports. -The filter's standard output is read and written to the message's destination. +.em +The standard error for the filter process is set to the same destination as its +standard output; this is read and written to the message's ultimate +destination. +.nem The filter can perform any transformations it likes, but of course should take care not to break RFC 2822 syntax. A demonstration Perl script is provided in \(util/transport-filter.pl)\; this makes a few arbitrary modifications just to @@ -16191,14 +17128,14 @@ more, the server might reject the message. This can be worked round by setting the \size@_addition\ option on the \%smtp%\ transport, either to allow for additions to the message, or to disable the use of \\SIZE\\ altogether. -The value of the option is the command string for starting up the filter, which -is run directly from Exim, not under a shell. The string is parsed by Exim in -the same way as a command string for the \%pipe%\ transport: Exim breaks it up -into arguments and then expands each argument separately. The special argument -\$pipe@_addresses$\ is replaced by a number of arguments, one for each address -that applies to this delivery. (This isn't an ideal name for this feature here, -but as it was already implemented for the \%pipe%\ transport, it seemed sensible -not to change it.) +The value of the \transport@_filter\ option is the command string for starting +the filter, which is run directly from Exim, not under a shell. The string is +parsed by Exim in the same way as a command string for the \%pipe%\ transport: +Exim breaks it up into arguments and then expands each argument separately. The +special argument \$pipe@_addresses$\ is replaced by a number of arguments, one +for each address that applies to this delivery. (This isn't an ideal name for +this feature here, but as it was already implemented for the \%pipe%\ +transport, it seemed sensible not to change it.) .index \$host$\ .index \$host@_address$\ @@ -16211,6 +17148,12 @@ transport_filter = /some/directory/transport-filter.pl \ .endd The filter process is run under the same uid and gid as the normal delivery. For remote deliveries this is the Exim uid/gid by default. +.em +The command should normally yield a zero return code. A non-zero code is taken +to mean that the transport filter failed in some way. Delivery of the message +is deferred. It is not possible to cause a message to be bounced from a +transport filter. +.nem If a transport filter is set on an autoreply transport, the original message is passed through the filter as it is being copied into the newly generated @@ -16462,7 +17405,7 @@ the \file\ or \directory\ option is still used if it is set. .section Private options for appendfile .index options||\%appendfile%\ transport -.startconf +.startconf appendfile .conf allow@_fifo boolean false .index fifo (named pipe) @@ -16533,6 +17476,13 @@ message_suffix = "\1\1\1\1\n" When this option is true, Exim attempts to create any missing superior directories for the file that it is about to write. A created directory's mode is given by the \directory@_mode\ option. +.em +The group ownership of a newly created directory is highly dependent on the +operating system (and possibly the file system) that is being used. For +example, in Solaris, if the parent directory has the setgid bit set, its group +is propagated to the child; if not, the currently set group is used. However, +in FreeBSD, the parent's group is always used. +.nem .conf create@_file string "anywhere" This option constrains the location of files and directories that are created @@ -16685,6 +17635,25 @@ When a lock file is being used (see \use@_lockfile\), if a lock file already exists and is older than this value, it is assumed to have been left behind by accident, and Exim attempts to remove it. +.em +.conf mailbox@_filecount string$**$ unset +.index mailbox||specifying size of +.index size||of mailbox +If this option is set, it is expanded, and the result is taken as the current +number of files in the mailbox. It must be a decimal number, optionally +followed by K or M. This provides a way of obtaining this information from an +external source that maintains the data. + +.conf mailbox@_size string$**$ unset +.index mailbox||specifying size of +.index size||of mailbox +If this option is set, it is expanded, and the result is taken as the current +size the mailbox. It must be a decimal number, optionally followed by K or M. +This provides a way of obtaining this information from an external source that +maintains the data. This is likely to be helpful for maildir deliveries where +it is computationally expensive to compute the size of a mailbox. +.nem + .conf maildir@_format boolean false .index maildir format||specifying If this option is set with the \directory\ option, the delivery is into a new @@ -17219,6 +18188,15 @@ down from the user's top level mailbox directory. This causes it to start at the parent directory instead of the current directory when calculating the amount of space used. +.em +One problem with delivering into a multi-file mailbox is that it is +computationally expensive to compute the size of the mailbox for quota +checking. Various approaches have been taken to reduce the amount of work +needed. The next two sections describe two of them. A third alternative is to +use some external process for maintaining the size data, and use the expansion +of the \mailbox@_size\ option as a way of importing it into Exim. +.nem + .section Using tags to record message sizes If \maildir@_tag\ is set, the string is expanded for each delivery. @@ -17316,12 +18294,20 @@ expanding the contents of the \directory@_file\ option. .index transports||\%autoreply%\ .index \%autoreply%\ transport The \%autoreply%\ transport is not a true transport in that it does not cause -the message to be transmitted. Instead, it generates another mail message. It -is usually run as the result of mail filtering, a `vacation' message being the -standard example. However, it can also be run directly from a router like any -other transport. To reduce the possibility of message cascades, messages -created by the \%autoreply%\ transport always have empty envelope sender -addresses, like bounce messages. +the message to be transmitted. Instead, it generates a new mail message. +.em +If the router that passes the message to this transport does not have the +\unseen\ option set, the original message (for the current recipient) is not +delivered anywhere. However, when the \unseen\ option is set on the router that +passes the message to this transport, routing of the address continues, so +another router can set up a normal message delivery. +.nem + +The \%autoreply%\ transport is usually run as the result of mail filtering, a +`vacation' message being the standard example. However, it can also be run +directly from a router like any other transport. To reduce the possibility of +message cascades, messages created by the \%autoreply%\ transport always have +empty envelope sender addresses, like bounce messages. The parameters of the message to be sent can be specified in the configuration by options described below. However, these are used only when the address @@ -17369,7 +18355,7 @@ problems. They are just discarded. .section Private options for autoreply -.startconf +.startconf autoreply .index options||\%autoreply%\ transport .conf bcc string$**$ unset This specifies the addresses that are to receive `blind carbon copies' of the @@ -17408,6 +18394,13 @@ the message is specified by the transport. .conf mode "octal integer" 0600 If either the log file or the `once' file has to be created, this mode is used. +.em +.conf never@_mail "address list$**$" unset +If any run of the transport creates a message with a recipient that matches any +item in the list, that recipient is quietly discarded. If all recipients are +discarded, no message is created. +.nem + .conf once string$**$ unset This option names a file or DBM database in which a record of each ::To:: recipient is kept when the message is specified by the transport. @@ -17449,6 +18442,18 @@ configuration option. .conf subject string$**$ unset This specifies the contents of the ::Subject:: header when the message is specified by the transport. +.em +It is tempting to quote the original subject in automatic responses. For +example: +.display asis +subject = Re: $h_subject: +.endd +There is a danger in doing this, however. It may allow a third party to +subscribe your users to an opt-in mailing list, provided that the list accepts +bounce messages as subscription confirmations. Well-managed lists require a +non-bounce message to confirm a subscription, so the danger is relatively +small. +.nem .conf text string$**$ unset This specifies a single string to be used as the body of the message when the @@ -17491,7 +18496,7 @@ included in the Exim binary. The private options of the \%lmtp%\ transport are as follows: -.startconf +.startconf lmtp .index options||\%lmtp%\ transport .conf batch@_id string$**$ unset @@ -17547,14 +18552,27 @@ necessary, running as the user \*exim*\. .index transports||\%pipe%\ .index \%pipe%\ transport The \%pipe%\ transport is used to deliver messages via a pipe to a command -running in another process. This can happen in one of two ways: +running in another process. +.em +One example is the +use of \%pipe%\ as a pseudo-remote transport for passing messages to some other +delivery mechanism (such as UUCP). Another is the use by individual users to +automatically process their incoming messages. The \%pipe%\ transport can be +used in one of the following ways: +.nem .numberpars $. -A router routes an address to a transport in the normal way, and the transport +A router routes one address to a transport in the normal way, and the transport is configured as a \%pipe%\ transport. In this case, \$local@_part$\ contains -the address (as usual), and the command which is run is specified by the -\command\ option on the transport. An example of this is the use of \%pipe%\ as -a pseudo-remote transport for passing messages to some other delivery mechanism -(such as UUCP). +the local part of the address (as usual), and the command that is run is +specified by the \command\ option on the transport. +.nextp +.em +If the \batch@_max\ option is set greater than 1 (the default), the transport +can be called upon to handle more than one address in a single run. In this +case, \$local@_part$\ is not set (because it is not unique). However, the +pseudo-variable \$pipe@_addresses$\ (described in section ~~SECThowcommandrun +below) contains all the addresses that are being handled. +.nem .nextp A router redirects an address directly to a pipe command (for example, from an alias or forward file). In this case, \$local@_part$\ contains the local part @@ -17573,6 +18591,16 @@ transport or on the router that handles the address. Current and `home' directories are also controllable. See chapter ~~CHAPenvironment for details of the local delivery environment. + +.em +.section Concurrent delivery +If two messages arrive at almost the same time, and both are routed to a pipe +delivery, the two pipe transports may be run concurrently. You must ensure that +any pipe commands you set up are robust against this happening. If the commands +write to a file, the \exim@_lock\ utility might be of use. +.nem + + .section Returned status and data .index \%pipe%\ transport||returned data If the command exits with a non-zero return code, the delivery is deemed to @@ -17711,7 +18739,8 @@ user's home directory if \check@_local@_user\ is set. .section Private options for pipe .index options||\%pipe%\ transport -.startconf + +.startconf pipe .conf allow@_commands "string list$**$" unset .index \%pipe%\ transport||permitted commands @@ -17796,10 +18825,18 @@ If this option is set, and the command returns any output, and also ends with a return code that is neither zero nor one of the return codes listed in \temp@_errors\ (that is, the delivery failed), the first line of output is written to the main log. +.em +This option and \log@_output\ are mutually exclusive. Only one of them may be +set. +.nem .conf log@_output boolean false If this option is set and the command returns any output, the first line of output is written to the main log, whatever the return code. +.em +This option and \log@_fail@_output\ are mutually exclusive. Only one of them +may be set. +.nem .conf max@_output integer 20K This specifies the maximum amount of output that the command may produce on its @@ -17864,6 +18901,10 @@ return code other than zero or one of the codes listed in \temp@_errors\ (that is, the delivery failed), the output is returned in the bounce message. However, if the message has a null sender (that is, it is itself a bounce message), output from the command is discarded. +.em +This option and \return@_output\ are mutually exclusive. Only one of them may +be set. +.nem .conf return@_output boolean false If this option is true, and the command produced any output, the delivery is @@ -17872,6 +18913,10 @@ is returned in the bounce message. Otherwise, the output is just discarded. However, if the message has a null sender (that is, it is a bounce message), output from the command is always discarded, whatever the setting of this option. +.em +This option and \return@_fail@_output\ are mutually exclusive. Only one of them +may be set. +.nem .conf temp@_errors "string list" "see below" .index \%pipe%\ transport||temporary failure @@ -18068,7 +19113,7 @@ that are in force when the \helo@_data\, \hosts@_try@_auth\, \interface\, The private options of the \%smtp%\ transport are as follows: .index options||\%smtp%\ transport -.startconf +.startconf smtp .conf allow@_localhost boolean false .index local host||sending to .index fallback||hosts specified on transport @@ -18256,10 +19301,15 @@ matches this list. See chapter ~~CHAPTLS for details of TLS. .index limit||number of MX tried .index MX record||maximum tried This option limits the number of IP addresses that are tried for any one -delivery -in cases where there are temporary delivery errors. -Section ~~SECTvalhosmax describes in detail how the value of this option is -used. +delivery in cases where there are temporary delivery errors. Section +~~SECTvalhosmax describes in detail how the value of this option is used. + +.em +.conf hosts@_max@_try@_hardlimit integer 50 +This is an additional check on the maximum number of IP addresses that Exim +tries for any one delivery. Section ~~SECTvalhosmax describes its use and why +it exists. +.nem .conf hosts@_nopass@_tls "host list$**$" unset .index TLS||passing connection @@ -18474,13 +19524,15 @@ See chapter ~~CHAPTLS for details of TLS. .index TLS||requiring specific ciphers .index cipher||requiring specific The value of this option must be a list of permitted cipher suites, for use -when setting up an -outgoing encrypted connection. (There is a global option of the same name for -controlling incoming connections.) -The values of \$host$\ and \$host@_address$\ are set to the name and address of -the server during the expansion. See chapter ~~CHAPTLS for details of TLS; note -that this option is used in different ways by OpenSSL and GnuTLS (see section -~~SECTreqciphsslgnu). +when setting up an outgoing encrypted connection. (There is a global option of +the same name for controlling incoming connections.) The values of \$host$\ and +\$host@_address$\ are set to the name and address of the server during the +expansion. See chapter ~~CHAPTLS for details of TLS; note that this option is +used in different ways by OpenSSL and GnuTLS (see sections ~~SECTreqciphssl and +~~SECTreqciphgnu). +.em +For GnuTLS, the order of the ciphers is a preference order. +.nem .conf tls@_tempfail@_tryclear boolean true When the server host is not in \hosts@_require@_tls\, and there is a problem in @@ -18508,10 +19560,16 @@ expansion of this option. See chapter ~~CHAPTLS for details of TLS. .endconf -.section How the value of hosts@_max@_try is used +.section How the limits for the number of hosts to try are used .rset SECTvalhosmax "~~chapter.~~section" .index host||maximum number to try .index limit||hosts, maximum number tried +.em +There are two options that are concerned with the number of hosts that are +tried when an SMTP delivery takes place. They are \hosts@_max@_try\ and +\hosts@_max@_try@_hardlimit\. +.nem + The \hosts@_max@_try\ option limits the number of hosts that are tried for a single delivery. However, despite the term `host' in its name, the option actually applies to each IP address independently. In other words, a multihomed @@ -18532,13 +19590,14 @@ arrived do not count, and in addition, addresses that are past their retry limits are also not counted, even when they are tried. This means that when some IP addresses are past their retry limits, more than the value of \hosts@_max@_retry\ may be tried. The reason for this behaviour is to ensure -that all IP addresses are considered before timing out an email address. +that all IP addresses are considered before timing out an email address (but +see below for an exception). Secondly, when the \hosts@_max@_try\ limit is reached, Exim looks down the host list to see if there is a subsequent host with a different (higher valued) MX. -If there is, that host is used next, and the current IP address is used but not -counted. This behaviour helps in the case of a domain with a retry rule that -hardly ever delays any hosts, as is now explained: +If there is, that host is considered next, and the current IP address is used +but not counted. This behaviour helps in the case of a domain with a retry rule +that hardly ever delays any hosts, as is now explained: Consider the case of a long list of hosts with one MX value, and a few with a higher MX value. If \hosts@_max@_try\ is small (the default is 5) only a few @@ -18552,14 +19611,26 @@ large ISPs, on the grounds that their servers are rarely down for very long. Unfortunately, these are exactly the domains that tend to resolve to long lists of hosts. The short retry time means that the lowest MX hosts are tried every time. The attempts may be in a different order because of random sorting, but -without the special MX check mentioned about, the higher MX hosts would never -be tried at all because the lower MX hosts are never all past their retry -times. - -With the special check, Exim tries least one address from each MX value, even -if the \hosts@_max@_try\ limit has already been reached. - - +without the special MX check, the higher MX hosts would never be tried +.em +until all the lower MX hosts had timed out (which might be several days), +because there are always some lower MX hosts that have reached their retry +times. With the special check, Exim considers at least one IP address from each +MX value at every delivery attempt, even if the \hosts@_max@_try\ limit has +already been reached. + +The above logic means that \hosts@_max@_try\ is not a hard limit, and in +particular, Exim normally eventually tries all the IP addresses before timing +out an email address. When \hosts@_max@_try\ was implemented, this seemed a +reasonable thing to do. Recently, however, some lunatic DNS configurations have +been set up with hundreds of IP addresses for some domains. It can +take a very long time indeed for an address to time out in these cases. + +The \hosts@_max@_try@_hardlimit\ option was added to help with this problem. +Exim never tries more than this number of IP addresses; if it hits this limit +and they are all timed out, the email address is bounced, even though not all +possible IP addresses have been tried. +.nem @@ -18589,7 +19660,7 @@ One situation in which Exim does $it{not} automatically rewrite a domain is when it is the name of a CNAME record in the DNS. The older RFCs suggest that such a domain should be rewritten using the `canonical' name, and some MTAs do this. The new RFCs do not contain this suggestion. - + .section Explicitly configured address rewriting This chapter describes the rewriting rules that can be used in the main rewrite section of the configuration file, and also in the generic @@ -19027,11 +20098,15 @@ the local address is reached. .section Retry rules .index retry||rules -Each retry rule occupies one line and consists of three parts, separated by -white space: a pattern, an error name, and a list of retry parameters. The -pattern must be enclosed in double quotes if it contains white space. The rules -are searched in order until one is found whose pattern matches the failing host -or address. +.em +Each retry rule occupies one line and consists of three or four parts, +separated by white space: a pattern, an error name, an optional list of sender +addresses, and a list of retry parameters. The pattern and sender lists must be +enclosed in double quotes if they contain white space. The rules are searched in +order until one is found where the pattern, error name, and sender list (if +present) match the failing host or address, the error that occurred, and the +message's sender, respectively. +.nem The pattern is any single item that may appear in an address list (see section ~~SECTaddresslist). It is in fact processed as a one-item address list, which @@ -19052,9 +20127,9 @@ In practice, almost all rules start with a domain name pattern without a local part. .index regular expressions||in retry rules -\**Warning**\: If you use a regular expression in a routing rule, it must match -a complete address, not just a domain, because that is how regular expressions -work in address lists. +\**Warning**\: If you use a regular expression in a routing rule pattern, it +must match a complete address, not just a domain, because that is how regular +expressions work in address lists. .display ^@\Nxyz@\d+@\.abc@\.example@$@\N * G,1h,10m,2 \Wrong\ ^@\N[^@@]+@@xyz@\d+@\.abc@\.example@$@\N * G,1h,10m,2 \Right\ @@ -19115,67 +20190,140 @@ routing to \*a.b.c.example*\ suffers a temporary failure. .index retry||specific errors, specifying The second field in a retry rule is the name of a particular error, or an asterisk, which matches any error. The errors that can be tested for are: -.numberpars " " -\*auth@_failed*\: authentication failed when trying to send to a host in the -\hosts@_require@_auth\ list in an \%smtp%\ transport -.nextp -\*refused@_MX*\: connection refused from a host obtained from an MX record -.nextp -\*refused@_A*\: connection refused from a host not obtained from an MX record -.nextp -\*refused*\: any connection refusal -.nextp -\*timeout@_connect@_MX*\: connection timeout from a host obtained from an MX -record -.nextp -\*timeout@_connect@_A*\: connection timeout from a host not obtained from an MX -record -.nextp -\*timeout@_connect*\: any connection timeout -.nextp -\*timeout@_MX*\: any timeout from a host obtained from an MX -record -.nextp -\*timeout@_A*\: any timeout from a host not obtained from an MX -record -.nextp -\*timeout*\: any timeout -.nextp -\*quota*\: quota exceeded in local delivery by \%appendfile%\ -.nextp +.em + +.push +.indent 2em +.tempindent 0 +\auth@_failed\: Authentication failed when trying to send to a host in the +\hosts@_require@_auth\ list in an \%smtp%\ transport. + +.tempindent 0 +\rcpt@_4xx\: A 4\*xx*\ error was received for an outgoing \\RCPT\\ command. +Either the first or both of the x's can be given as specific digits, for +example: \"rcpt@_45x"\ or \"rcpt@_436"\. For example, to recognize 452 errors +given to \\RCPT\\ commands by a particular host, and have retries every ten +minutes and a one-hour timeout, you could set up a retry rule of this form: +.display asis +the.host.name rcpt_452 F,1h,10m +.endd +These errors apply to both outgoing SMTP (the \%smtp%\ transport) and outgoing +LMTP (either the \%lmtp%\ transport, or the \%smtp%\ transport in LMTP mode). +Note, however, that they apply only to responses to \\RCPT\\ commands. + +.tempindent 0 +\refused@_MX\: A connection to a host obtained from an MX record was refused. + +.tempindent 0 +\refused@_A\: A connection to a host not obtained from an MX record was +refused. + +.tempindent 0 +\refused\: A connection was refused. + +.tempindent 0 +\timeout@_connect@_MX\: A connection attempt to a host obtained from an MX +record timed out. + +.tempindent 0 +\timeout@_connect@_A\: A connection attempt to a host not obtained from an MX +record timed out. + +.tempindent 0 +\timeout@_connect\: A connection attempt timed out. + +.tempindent 0 +\timeout@_MX\: There was a timeout while connecting or during an SMTP session +with a host obtained from an MX record. + +.tempindent 0 +\timeout@_A\: There was a timeout while connecting or during an SMTP session +with a host not obtained from an MX record. + +.tempindent 0 +\timeout\: There was a timeout while connecting or during an SMTP session. + +.tempindent 0 +\quota\: A mailbox quota was exceeded in a local delivery by the +\%appendfile%\ transport. + .index quota||error testing in retry rule .index retry||quota error testing -\*quota@_*\<