| 1 | # $Cambridge: exim/src/src/configure.default,v 1.5 2005/10/11 13:50:48 ph10 Exp $ |
| 2 | |
| 3 | ###################################################################### |
| 4 | # Runtime configuration file for Exim # |
| 5 | ###################################################################### |
| 6 | |
| 7 | |
| 8 | # This is a default configuration file which will operate correctly in |
| 9 | # uncomplicated installations. Please see the manual for a complete list |
| 10 | # of all the runtime configuration options that can be included in a |
| 11 | # configuration file. There are many more than are mentioned here. The |
| 12 | # manual is in the file doc/spec.txt in the Exim distribution as a plain |
| 13 | # ASCII file. Other formats (PostScript, Texinfo, HTML, PDF) are available |
| 14 | # from the Exim ftp sites. The manual is also online at the Exim web sites. |
| 15 | |
| 16 | |
| 17 | # This file is divided into several parts, all but the first of which are |
| 18 | # headed by a line starting with the word "begin". Only those parts that |
| 19 | # are required need to be present. Blank lines, and lines starting with # |
| 20 | # are ignored. |
| 21 | |
| 22 | |
| 23 | ########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### |
| 24 | # # |
| 25 | # Whenever you change Exim's configuration file, you *must* remember to # |
| 26 | # HUP the Exim daemon, because it will not pick up the new configuration # |
| 27 | # until you do. However, any other Exim processes that are started, for # |
| 28 | # example, a process started by an MUA in order to send a message, will # |
| 29 | # see the new configuration as soon as it is in place. # |
| 30 | # # |
| 31 | # You do not need to HUP the daemon for changes in auxiliary files that # |
| 32 | # are referenced from this file. They are read every time they are used. # |
| 33 | # # |
| 34 | # It is usually a good idea to test a new configuration for syntactic # |
| 35 | # correctness before installing it (for example, by running the command # |
| 36 | # "exim -C /config/file.new -bV"). # |
| 37 | # # |
| 38 | ########### IMPORTANT ########## IMPORTANT ########### IMPORTANT ########### |
| 39 | |
| 40 | |
| 41 | |
| 42 | ###################################################################### |
| 43 | # MAIN CONFIGURATION SETTINGS # |
| 44 | ###################################################################### |
| 45 | |
| 46 | # Specify your host's canonical name here. This should normally be the fully |
| 47 | # qualified "official" name of your host. If this option is not set, the |
| 48 | # uname() function is called to obtain the name. In many cases this does |
| 49 | # the right thing and you need not set anything explicitly. |
| 50 | |
| 51 | # primary_hostname = |
| 52 | |
| 53 | |
| 54 | # The next three settings create two lists of domains and one list of hosts. |
| 55 | # These lists are referred to later in this configuration using the syntax |
| 56 | # +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They |
| 57 | # are all colon-separated lists: |
| 58 | |
| 59 | domainlist local_domains = @ |
| 60 | domainlist relay_to_domains = |
| 61 | hostlist relay_from_hosts = 127.0.0.1 |
| 62 | |
| 63 | # Most straightforward access control requirements can be obtained by |
| 64 | # appropriate settings of the above options. In more complicated situations, you |
| 65 | # may need to modify the Access Control List (ACL) which appears later in this |
| 66 | # file. |
| 67 | |
| 68 | # The first setting specifies your local domains, for example: |
| 69 | # |
| 70 | # domainlist local_domains = my.first.domain : my.second.domain |
| 71 | # |
| 72 | # You can use "@" to mean "the name of the local host", as in the default |
| 73 | # setting above. This is the name that is specified by primary_hostname, |
| 74 | # as specified above (or defaulted). If you do not want to do any local |
| 75 | # deliveries, remove the "@" from the setting above. If you want to accept mail |
| 76 | # addressed to your host's literal IP address, for example, mail addressed to |
| 77 | # "user@[192.168.23.44]", you can add "@[]" as an item in the local domains |
| 78 | # list. You also need to uncomment "allow_domain_literals" below. This is not |
| 79 | # recommended for today's Internet. |
| 80 | |
| 81 | # The second setting specifies domains for which your host is an incoming relay. |
| 82 | # If you are not doing any relaying, you should leave the list empty. However, |
| 83 | # if your host is an MX backup or gateway of some kind for some domains, you |
| 84 | # must set relay_to_domains to match those domains. For example: |
| 85 | # |
| 86 | # domainlist relay_to_domains = *.myco.com : my.friend.org |
| 87 | # |
| 88 | # This will allow any host to relay through your host to those domains. |
| 89 | # See the section of the manual entitled "Control of relaying" for more |
| 90 | # information. |
| 91 | |
| 92 | # The third setting specifies hosts that can use your host as an outgoing relay |
| 93 | # to any other host on the Internet. Such a setting commonly refers to a |
| 94 | # complete local network as well as the localhost. For example: |
| 95 | # |
| 96 | # hostlist relay_from_hosts = 127.0.0.1 : 192.168.0.0/16 |
| 97 | # |
| 98 | # The "/16" is a bit mask (CIDR notation), not a number of hosts. Note that you |
| 99 | # have to include 127.0.0.1 if you want to allow processes on your host to send |
| 100 | # SMTP mail by using the loopback address. A number of MUAs use this method of |
| 101 | # sending mail. |
| 102 | |
| 103 | # All three of these lists may contain many different kinds of item, including |
| 104 | # wildcarded names, regular expressions, and file lookups. See the reference |
| 105 | # manual for details. The lists above are used in the access control lists for |
| 106 | # checking incoming messages. The names of these ACLs are defined here: |
| 107 | |
| 108 | acl_smtp_rcpt = acl_check_rcpt |
| 109 | acl_smtp_data = acl_check_data |
| 110 | |
| 111 | # You should not change those settings until you understand how ACLs work. |
| 112 | |
| 113 | |
| 114 | # If you are running a version of Exim that was compiled with the content- |
| 115 | # scanning extension, you can cause incoming messages to be automatically |
| 116 | # scanned for viruses. You have to modify the configuration in two places to |
| 117 | # set this up. The first of them is here, where you define the interface to |
| 118 | # your scanner. This example is typical for ClamAV; see the manual for details |
| 119 | # of what to set for other virus scanners. The second modification is in the |
| 120 | # acl_check_data access control list (see below). |
| 121 | |
| 122 | # av_scanner = clamd:/tmp/clamd |
| 123 | |
| 124 | |
| 125 | # For spam scanning, there is a similar option that defines the interface to |
| 126 | # SpamAssassin. You do not need to set this if you are using the default, which |
| 127 | # is shown in this commented example. As for virus scanning, you must also |
| 128 | # modify the acl_check_data access control list to enable spam scanning. |
| 129 | |
| 130 | # spamd_address = 127.0.0.1 783 |
| 131 | |
| 132 | |
| 133 | # Specify the domain you want to be added to all unqualified addresses |
| 134 | # here. An unqualified address is one that does not contain an "@" character |
| 135 | # followed by a domain. For example, "caesar@rome.example" is a fully qualified |
| 136 | # address, but the string "caesar" (i.e. just a login name) is an unqualified |
| 137 | # email address. Unqualified addresses are accepted only from local callers by |
| 138 | # default. See the recipient_unqualified_hosts option if you want to permit |
| 139 | # unqualified addresses from remote sources. If this option is not set, the |
| 140 | # primary_hostname value is used for qualification. |
| 141 | |
| 142 | # qualify_domain = |
| 143 | |
| 144 | |
| 145 | # If you want unqualified recipient addresses to be qualified with a different |
| 146 | # domain to unqualified sender addresses, specify the recipient domain here. |
| 147 | # If this option is not set, the qualify_domain value is used. |
| 148 | |
| 149 | # qualify_recipient = |
| 150 | |
| 151 | |
| 152 | # The following line must be uncommented if you want Exim to recognize |
| 153 | # addresses of the form "user@[10.11.12.13]" that is, with a "domain literal" |
| 154 | # (an IP address) instead of a named domain. The RFCs still require this form, |
| 155 | # but it makes little sense to permit mail to be sent to specific hosts by |
| 156 | # their IP address in the modern Internet. This ancient format has been used |
| 157 | # by those seeking to abuse hosts by using them for unwanted relaying. If you |
| 158 | # really do want to support domain literals, uncomment the following line, and |
| 159 | # see also the "domain_literal" router below. |
| 160 | |
| 161 | # allow_domain_literals |
| 162 | |
| 163 | |
| 164 | # No deliveries will ever be run under the uids of these users (a colon- |
| 165 | # separated list). An attempt to do so causes a panic error to be logged, and |
| 166 | # the delivery to be deferred. This is a paranoic safety catch. There is an |
| 167 | # even stronger safety catch in the form of the FIXED_NEVER_USERS setting |
| 168 | # in the configuration for building Exim. The list of users that it specifies |
| 169 | # is built into the binary, and cannot be changed. The option below just adds |
| 170 | # additional users to the list. The default for FIXED_NEVER_USERS is "root", |
| 171 | # but just to be absolutely sure, the default here is also "root". |
| 172 | |
| 173 | # Note that the default setting means you cannot deliver mail addressed to root |
| 174 | # as if it were a normal user. This isn't usually a problem, as most sites have |
| 175 | # an alias for root that redirects such mail to a human administrator. |
| 176 | |
| 177 | never_users = root |
| 178 | |
| 179 | |
| 180 | # The setting below causes Exim to do a reverse DNS lookup on all incoming |
| 181 | # IP calls, in order to get the true host name. If you feel this is too |
| 182 | # expensive, you can specify the networks for which a lookup is done, or |
| 183 | # remove the setting entirely. |
| 184 | |
| 185 | host_lookup = * |
| 186 | |
| 187 | |
| 188 | # The settings below, which are actually the same as the defaults in the |
| 189 | # code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP |
| 190 | # calls. You can limit the hosts to which these calls are made, and/or change |
| 191 | # the timeout that is used. If you set the timeout to zero, all RFC 1413 calls |
| 192 | # are disabled. RFC 1413 calls are cheap and can provide useful information |
| 193 | # for tracing problem messages, but some hosts and firewalls have problems |
| 194 | # with them. This can result in a timeout instead of an immediate refused |
| 195 | # connection, leading to delays on starting up an SMTP session. |
| 196 | |
| 197 | rfc1413_hosts = * |
| 198 | rfc1413_query_timeout = 30s |
| 199 | |
| 200 | |
| 201 | # By default, Exim expects all envelope addresses to be fully qualified, that |
| 202 | # is, they must contain both a local part and a domain. If you want to accept |
| 203 | # unqualified addresses (just a local part) from certain hosts, you can specify |
| 204 | # these hosts by setting one or both of |
| 205 | # |
| 206 | # sender_unqualified_hosts = |
| 207 | # recipient_unqualified_hosts = |
| 208 | # |
| 209 | # to control sender and recipient addresses, respectively. When this is done, |
| 210 | # unqualified addresses are qualified using the settings of qualify_domain |
| 211 | # and/or qualify_recipient (see above). |
| 212 | |
| 213 | |
| 214 | # If you want Exim to support the "percent hack" for certain domains, |
| 215 | # uncomment the following line and provide a list of domains. The "percent |
| 216 | # hack" is the feature by which mail addressed to x%y@z (where z is one of |
| 217 | # the domains listed) is locally rerouted to x@y and sent on. If z is not one |
| 218 | # of the "percent hack" domains, x%y is treated as an ordinary local part. This |
| 219 | # hack is rarely needed nowadays; you should not enable it unless you are sure |
| 220 | # that you really need it. |
| 221 | # |
| 222 | # percent_hack_domains = |
| 223 | # |
| 224 | # As well as setting this option you will also need to remove the test |
| 225 | # for local parts containing % in the ACL definition below. |
| 226 | |
| 227 | |
| 228 | # When Exim can neither deliver a message nor return it to sender, it "freezes" |
| 229 | # the delivery error message (aka "bounce message"). There are also other |
| 230 | # circumstances in which messages get frozen. They will stay on the queue for |
| 231 | # ever unless one of the following options is set. |
| 232 | |
| 233 | # This option unfreezes frozen bounce messages after two days, tries |
| 234 | # once more to deliver them, and ignores any delivery failures. |
| 235 | |
| 236 | ignore_bounce_errors_after = 2d |
| 237 | |
| 238 | # This option cancels (removes) frozen messages that are older than a week. |
| 239 | |
| 240 | timeout_frozen_after = 7d |
| 241 | |
| 242 | |
| 243 | |
| 244 | ###################################################################### |
| 245 | # ACL CONFIGURATION # |
| 246 | # Specifies access control lists for incoming SMTP mail # |
| 247 | ###################################################################### |
| 248 | |
| 249 | begin acl |
| 250 | |
| 251 | # This access control list is used for every RCPT command in an incoming |
| 252 | # SMTP message. The tests are run in order until the address is either |
| 253 | # accepted or denied. |
| 254 | |
| 255 | acl_check_rcpt: |
| 256 | |
| 257 | # Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by |
| 258 | # testing for an empty sending host field. |
| 259 | |
| 260 | accept hosts = : |
| 261 | |
| 262 | ############################################################################# |
| 263 | # The following section of the ACL is concerned with local parts that contain |
| 264 | # @ or % or ! or / or | or dots in unusual places. |
| 265 | # |
| 266 | # The characters other than dots are rarely found in genuine local parts, but |
| 267 | # are often tried by people looking to circumvent relaying restrictions. |
| 268 | # Therefore, although they are valid in local parts, these rules lock them |
| 269 | # out, as a precaution. |
| 270 | # |
| 271 | # Empty components (two dots in a row) are not valid in RFC 2822, but Exim |
| 272 | # allows them because they have been encountered. (Consider local parts |
| 273 | # constructed as "firstinitial.secondinitial.familyname" when applied to |
| 274 | # someone like me, who has no second initial.) However, a local part starting |
| 275 | # with a dot or containing /../ can cause trouble if it is used as part of a |
| 276 | # file name (e.g. for a mailing list). This is also true for local parts that |
| 277 | # contain slashes. A pipe symbol can also be troublesome if the local part is |
| 278 | # incorporated unthinkingly into a shell command line. |
| 279 | # |
| 280 | # Two different rules are used. The first one is stricter, and is applied to |
| 281 | # messages that are addressed to one of the local domains handled by this |
| 282 | # host. It blocks local parts that begin with a dot or contain @ % ! / or |. |
| 283 | # If you have local accounts that include these characters, you will have to |
| 284 | # modify this rule. |
| 285 | |
| 286 | deny message = Restricted characters in address |
| 287 | domains = +local_domains |
| 288 | local_parts = ^[.] : ^.*[@%!/|] |
| 289 | |
| 290 | # The second rule applies to all other domains, and is less strict. This |
| 291 | # allows your own users to send outgoing messages to sites that use slashes |
| 292 | # and vertical bars in their local parts. It blocks local parts that begin |
| 293 | # with a dot, slash, or vertical bar, but allows these characters within the |
| 294 | # local part. However, the sequence /../ is barred. The use of @ % and ! is |
| 295 | # blocked, as before. The motivation here is to prevent your users (or |
| 296 | # your users' viruses) from mounting certain kinds of attack on remote sites. |
| 297 | |
| 298 | deny message = Restricted characters in address |
| 299 | domains = !+local_domains |
| 300 | local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./ |
| 301 | ############################################################################# |
| 302 | |
| 303 | # Accept mail to postmaster in any local domain, regardless of the source, |
| 304 | # and without verifying the sender. |
| 305 | |
| 306 | accept local_parts = postmaster |
| 307 | domains = +local_domains |
| 308 | |
| 309 | # Deny unless the sender address can be verified. |
| 310 | |
| 311 | require verify = sender |
| 312 | |
| 313 | # Accept if the message comes from one of the hosts for which we are an |
| 314 | # outgoing relay. It is assumed that such hosts are most likely to be MUAs, |
| 315 | # so we set control=submission to make Exim treat the message as a |
| 316 | # submission. It will fix up various errors in the message, for example, the |
| 317 | # lack of a Date: header line. If you are actually relaying out out from |
| 318 | # MTAs, you may want to disable this. If you are handling both relaying from |
| 319 | # MTAs and submissions from MUAs you should probably split them into two |
| 320 | # lists, and handle them differently. |
| 321 | |
| 322 | # Recipient verification is omitted here, because in many cases the clients |
| 323 | # are dumb MUAs that don't cope well with SMTP error responses. If you are |
| 324 | # actually relaying out from MTAs, you should probably add recipient |
| 325 | # verification here. |
| 326 | |
| 327 | # Note that, by putting this test before any DNS black list checks, you will |
| 328 | # always accept from these hosts, even if they end up on a black list. The |
| 329 | # assumption is that they are your friends, and if they get onto a black |
| 330 | # list, it is a mistake. |
| 331 | |
| 332 | accept hosts = +relay_from_hosts |
| 333 | control = submission |
| 334 | |
| 335 | # Accept if the message arrived over an authenticated connection, from |
| 336 | # any host. Again, these messages are usually from MUAs, so recipient |
| 337 | # verification is omitted, and submission mode is set. And again, we do this |
| 338 | # check before any black list tests. |
| 339 | |
| 340 | accept authenticated = * |
| 341 | control = submission |
| 342 | |
| 343 | ############################################################################# |
| 344 | # There are no default checks on DNS black lists because the domains that |
| 345 | # contain these lists are changing all the time. However, here are two |
| 346 | # examples of how you can get Exim to perform a DNS black list lookup at this |
| 347 | # point. The first one denies, whereas the second just warns. |
| 348 | # |
| 349 | # deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text |
| 350 | # dnslists = black.list.example |
| 351 | # |
| 352 | # warn message = X-Warning: $sender_host_address is in a black list at $dnslist_domain |
| 353 | # log_message = found in $dnslist_domain |
| 354 | # dnslists = black.list.example |
| 355 | ############################################################################# |
| 356 | |
| 357 | ############################################################################# |
| 358 | # This check is commented out because it is recognized that not every |
| 359 | # sysadmin will want to do it. If you enable it, the check performs |
| 360 | # Client SMTP Authorization (csa) checks on the sending host. These checks |
| 361 | # do DNS lookups for SRV records. The CSA proposal is currently (May 2005) |
| 362 | # an Internet draft. You can, of course, add additional conditions to this |
| 363 | # ACL statement to restrict the CSA checks to certain hosts only. |
| 364 | # |
| 365 | # require verify = csa |
| 366 | ############################################################################# |
| 367 | |
| 368 | # Accept if the address is in a local domain, but only if the recipient can |
| 369 | # be verified. Otherwise deny. The "endpass" line is the border between |
| 370 | # passing on to the next ACL statement (if tests above it fail) or denying |
| 371 | # access (if tests below it fail). |
| 372 | |
| 373 | accept domains = +local_domains |
| 374 | endpass |
| 375 | verify = recipient |
| 376 | |
| 377 | # Accept if the address is in a domain for which we are an incoming relay, |
| 378 | # but again, only if the recipient can be verified. |
| 379 | |
| 380 | accept domains = +relay_to_domains |
| 381 | endpass |
| 382 | verify = recipient |
| 383 | |
| 384 | # Reaching the end of the ACL causes a "deny", but we might as well give |
| 385 | # an explicit message. |
| 386 | |
| 387 | deny message = relay not permitted |
| 388 | |
| 389 | |
| 390 | # This ACL is used after the contents of a message have been received. This |
| 391 | # is the ACL in which you can test a message's headers or body, and in |
| 392 | # particular, this is where you can invoke external virus or spam scanners. |
| 393 | # Some suggested ways of configuring these tests are shown below, commented |
| 394 | # out. Without any tests, this ACL accepts all messages. If you want to use |
| 395 | # such tests, you must ensure that Exim is compiled with the content-scanning |
| 396 | # extension (WITH_CONTENT_SCAN=yes in Local/Makefile). |
| 397 | |
| 398 | acl_check_data: |
| 399 | |
| 400 | # Deny if the message contains a virus. Before enabling this check, you |
| 401 | # must install a virus scanner and set the av_scanner option above. |
| 402 | # |
| 403 | # deny malware = * |
| 404 | # message = This message contains a virus ($malware_name). |
| 405 | |
| 406 | # Add headers to a message if it is judged to be spam. Before enabling this, |
| 407 | # you must install SpamAssassin. You may also need to set the spamd_address |
| 408 | # option above. |
| 409 | # |
| 410 | # warn spam = nobody |
| 411 | # message = X-Spam_score: $spam_score\n\ |
| 412 | # X-Spam_score_int: $spam_score_int\n\ |
| 413 | # X-Spam_bar: $spam_bar\n\ |
| 414 | # X-Spam_report: $spam_report |
| 415 | |
| 416 | # Accept the message. |
| 417 | |
| 418 | accept |
| 419 | |
| 420 | |
| 421 | |
| 422 | ###################################################################### |
| 423 | # ROUTERS CONFIGURATION # |
| 424 | # Specifies how addresses are handled # |
| 425 | ###################################################################### |
| 426 | # THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! # |
| 427 | # An address is passed to each router in turn until it is accepted. # |
| 428 | ###################################################################### |
| 429 | |
| 430 | begin routers |
| 431 | |
| 432 | # This router routes to remote hosts over SMTP by explicit IP address, |
| 433 | # when an email address is given in "domain literal" form, for example, |
| 434 | # <user@[192.168.35.64]>. The RFCs require this facility. However, it is |
| 435 | # little-known these days, and has been exploited by evil people seeking |
| 436 | # to abuse SMTP relays. Consequently it is commented out in the default |
| 437 | # configuration. If you uncomment this router, you also need to uncomment |
| 438 | # allow_domain_literals above, so that Exim can recognize the syntax of |
| 439 | # domain literal addresses. |
| 440 | |
| 441 | # domain_literal: |
| 442 | # driver = ipliteral |
| 443 | # domains = ! +local_domains |
| 444 | # transport = remote_smtp |
| 445 | |
| 446 | |
| 447 | # This router routes addresses that are not in local domains by doing a DNS |
| 448 | # lookup on the domain name. Any domain that resolves to 0.0.0.0 or to a |
| 449 | # loopback interface address (127.0.0.0/8) is treated as if it had no DNS |
| 450 | # entry. Note that 0.0.0.0 is the same as 0.0.0.0/32, which is commonly treated |
| 451 | # as the local host inside the network stack. It is not 0.0.0.0/0, the default |
| 452 | # route. If the DNS lookup fails, no further routers are tried because of |
| 453 | # the no_more setting, and consequently the address is unrouteable. |
| 454 | |
| 455 | dnslookup: |
| 456 | driver = dnslookup |
| 457 | domains = ! +local_domains |
| 458 | transport = remote_smtp |
| 459 | ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 |
| 460 | no_more |
| 461 | |
| 462 | |
| 463 | # The remaining routers handle addresses in the local domain(s). |
| 464 | |
| 465 | |
| 466 | # This router handles aliasing using a linearly searched alias file with the |
| 467 | # name SYSTEM_ALIASES_FILE. When this configuration is installed automatically, |
| 468 | # the name gets inserted into this file from whatever is set in Exim's |
| 469 | # build-time configuration. The default path is the traditional /etc/aliases. |
| 470 | # If you install this configuration by hand, you need to specify the correct |
| 471 | # path in the "data" setting below. |
| 472 | # |
| 473 | ##### NB You must ensure that the alias file exists. It used to be the case |
| 474 | ##### NB that every Unix had that file, because it was the Sendmail default. |
| 475 | ##### NB These days, there are systems that don't have it. Your aliases |
| 476 | ##### NB file should at least contain an alias for "postmaster". |
| 477 | # |
| 478 | # If any of your aliases expand to pipes or files, you will need to set |
| 479 | # up a user and a group for these deliveries to run under. You can do |
| 480 | # this by uncommenting the "user" option below (changing the user name |
| 481 | # as appropriate) and adding a "group" option if necessary. Alternatively, you |
| 482 | # can specify "user" on the transports that are used. Note that the transports |
| 483 | # listed below are the same as are used for .forward files; you might want |
| 484 | # to set up different ones for pipe and file deliveries from aliases. |
| 485 | |
| 486 | system_aliases: |
| 487 | driver = redirect |
| 488 | allow_fail |
| 489 | allow_defer |
| 490 | data = ${lookup{$local_part}lsearch{SYSTEM_ALIASES_FILE}} |
| 491 | # user = exim |
| 492 | file_transport = address_file |
| 493 | pipe_transport = address_pipe |
| 494 | |
| 495 | |
| 496 | # This router handles forwarding using traditional .forward files in users' |
| 497 | # home directories. If you want it also to allow mail filtering when a forward |
| 498 | # file starts with the string "# Exim filter" or "# Sieve filter", uncomment |
| 499 | # the "allow_filter" option. |
| 500 | |
| 501 | # If you want this router to treat local parts with suffixes introduced by "-" |
| 502 | # or "+" characters as if the suffixes did not exist, uncomment the two local_ |
| 503 | # part_suffix options. Then, for example, xxxx-foo@your.domain will be treated |
| 504 | # in the same way as xxxx@your.domain by this router. You probably want to make |
| 505 | # the same change to the localuser router. |
| 506 | |
| 507 | # The no_verify setting means that this router is skipped when Exim is |
| 508 | # verifying addresses. Similarly, no_expn means that this router is skipped if |
| 509 | # Exim is processing an EXPN command. |
| 510 | |
| 511 | # The check_ancestor option means that if the forward file generates an |
| 512 | # address that is an ancestor of the current one, the current one gets |
| 513 | # passed on instead. This covers the case where A is aliased to B and B |
| 514 | # has a .forward file pointing to A. |
| 515 | |
| 516 | # The three transports specified at the end are those that are used when |
| 517 | # forwarding generates a direct delivery to a file, or to a pipe, or sets |
| 518 | # up an auto-reply, respectively. |
| 519 | |
| 520 | userforward: |
| 521 | driver = redirect |
| 522 | check_local_user |
| 523 | # local_part_suffix = +* : -* |
| 524 | # local_part_suffix_optional |
| 525 | file = $home/.forward |
| 526 | # allow_filter |
| 527 | no_verify |
| 528 | no_expn |
| 529 | check_ancestor |
| 530 | file_transport = address_file |
| 531 | pipe_transport = address_pipe |
| 532 | reply_transport = address_reply |
| 533 | |
| 534 | |
| 535 | # This router matches local user mailboxes. If the router fails, the error |
| 536 | # message is "Unknown user". |
| 537 | |
| 538 | # If you want this router to treat local parts with suffixes introduced by "-" |
| 539 | # or "+" characters as if the suffixes did not exist, uncomment the two local_ |
| 540 | # part_suffix options. Then, for example, xxxx-foo@your.domain will be treated |
| 541 | # in the same way as xxxx@your.domain by this router. |
| 542 | |
| 543 | localuser: |
| 544 | driver = accept |
| 545 | check_local_user |
| 546 | # local_part_suffix = +* : -* |
| 547 | # local_part_suffix_optional |
| 548 | transport = local_delivery |
| 549 | cannot_route_message = Unknown user |
| 550 | |
| 551 | |
| 552 | |
| 553 | ###################################################################### |
| 554 | # TRANSPORTS CONFIGURATION # |
| 555 | ###################################################################### |
| 556 | # ORDER DOES NOT MATTER # |
| 557 | # Only one appropriate transport is called for each delivery. # |
| 558 | ###################################################################### |
| 559 | |
| 560 | # A transport is used only when referenced from a router that successfully |
| 561 | # handles an address. |
| 562 | |
| 563 | begin transports |
| 564 | |
| 565 | |
| 566 | # This transport is used for delivering messages over SMTP connections. |
| 567 | |
| 568 | remote_smtp: |
| 569 | driver = smtp |
| 570 | |
| 571 | |
| 572 | # This transport is used for local delivery to user mailboxes in traditional |
| 573 | # BSD mailbox format. By default it will be run under the uid and gid of the |
| 574 | # local user, and requires the sticky bit to be set on the /var/mail directory. |
| 575 | # Some systems use the alternative approach of running mail deliveries under a |
| 576 | # particular group instead of using the sticky bit. The commented options below |
| 577 | # show how this can be done. |
| 578 | |
| 579 | local_delivery: |
| 580 | driver = appendfile |
| 581 | file = /var/mail/$local_part |
| 582 | delivery_date_add |
| 583 | envelope_to_add |
| 584 | return_path_add |
| 585 | # group = mail |
| 586 | # mode = 0660 |
| 587 | |
| 588 | |
| 589 | # This transport is used for handling pipe deliveries generated by alias or |
| 590 | # .forward files. If the pipe generates any standard output, it is returned |
| 591 | # to the sender of the message as a delivery error. Set return_fail_output |
| 592 | # instead of return_output if you want this to happen only when the pipe fails |
| 593 | # to complete normally. You can set different transports for aliases and |
| 594 | # forwards if you want to - see the references to address_pipe in the routers |
| 595 | # section above. |
| 596 | |
| 597 | address_pipe: |
| 598 | driver = pipe |
| 599 | return_output |
| 600 | |
| 601 | |
| 602 | # This transport is used for handling deliveries directly to files that are |
| 603 | # generated by aliasing or forwarding. |
| 604 | |
| 605 | address_file: |
| 606 | driver = appendfile |
| 607 | delivery_date_add |
| 608 | envelope_to_add |
| 609 | return_path_add |
| 610 | |
| 611 | |
| 612 | # This transport is used for handling autoreplies generated by the filtering |
| 613 | # option of the userforward router. |
| 614 | |
| 615 | address_reply: |
| 616 | driver = autoreply |
| 617 | |
| 618 | |
| 619 | |
| 620 | ###################################################################### |
| 621 | # RETRY CONFIGURATION # |
| 622 | ###################################################################### |
| 623 | |
| 624 | begin retry |
| 625 | |
| 626 | # This single retry rule applies to all domains and all errors. It specifies |
| 627 | # retries every 15 minutes for 2 hours, then increasing retry intervals, |
| 628 | # starting at 1 hour and increasing each time by a factor of 1.5, up to 16 |
| 629 | # hours, then retries every 6 hours until 4 days have passed since the first |
| 630 | # failed delivery. |
| 631 | |
| 632 | # Address or Domain Error Retries |
| 633 | # ----------------- ----- ------- |
| 634 | |
| 635 | * * F,2h,15m; G,16h,1h,1.5; F,4d,6h |
| 636 | |
| 637 | |
| 638 | |
| 639 | ###################################################################### |
| 640 | # REWRITE CONFIGURATION # |
| 641 | ###################################################################### |
| 642 | |
| 643 | # There are no rewriting specifications in this default configuration file. |
| 644 | |
| 645 | begin rewrite |
| 646 | |
| 647 | |
| 648 | |
| 649 | ###################################################################### |
| 650 | # AUTHENTICATION CONFIGURATION # |
| 651 | ###################################################################### |
| 652 | |
| 653 | # There are no authenticator specifications in this default configuration file. |
| 654 | |
| 655 | begin authenticators |
| 656 | |
| 657 | |
| 658 | |
| 659 | ###################################################################### |
| 660 | # CONFIGURATION FOR local_scan() # |
| 661 | ###################################################################### |
| 662 | |
| 663 | # If you have built Exim to include a local_scan() function that contains |
| 664 | # tables for private options, you can define those options here. Remember to |
| 665 | # uncomment the "begin" line. It is commented by default because it provokes |
| 666 | # an error with Exim binaries that are not built with LOCAL_SCAN_HAS_OPTIONS |
| 667 | # set in the Local/Makefile. |
| 668 | |
| 669 | # begin local_scan |
| 670 | |
| 671 | |
| 672 | # End of Exim configuration file |