[exim.git] / doc / doc-docbook / spec.xfpt
1 . /////////////////////////////////////////////////////////////////////////////
2 . This is the primary source of the Exim Manual. It is an xfpt document that is
3 . converted into DocBook XML for subsequent conversion into printing and online
4 . formats. The markup used herein is "standard" xfpt markup, with some extras.
5 . The markup is summarized in a file called Markup.txt.
6 .
7 . WARNING: When you use the .new macro, make sure it appears *before* any
8 . adjacent index items; otherwise you get an empty "paragraph" which causes
9 . unwanted vertical space.
10 . /////////////////////////////////////////////////////////////////////////////
12 .include stdflags
13 .include stdmacs
15 . /////////////////////////////////////////////////////////////////////////////
16 . This outputs the standard DocBook boilerplate.
17 . /////////////////////////////////////////////////////////////////////////////
19 .docbook
21 . /////////////////////////////////////////////////////////////////////////////
22 . These lines are processing instructions for the Simple DocBook Processor that
23 . Philip Hazel has developed as a less cumbersome way of making PostScript and
24 . PDFs than using xmlto and fop. They will be ignored by all other XML
25 . processors.
26 . /////////////////////////////////////////////////////////////////////////////
28 .literal xml
29 <?sdop
30 foot_right_recto="&chaptertitle; (&chapternumber;)"
31 foot_right_verso="&chaptertitle; (&chapternumber;)"
32 toc_chapter_blanks="yes,yes"
33 table_warn_overflow="overprint"
34 ?>
35 .literal off
37 . /////////////////////////////////////////////////////////////////////////////
38 . This generate the outermost <book> element that wraps then entire document.
39 . /////////////////////////////////////////////////////////////////////////////
41 .book
43 . /////////////////////////////////////////////////////////////////////////////
44 . These definitions set some parameters and save some typing. Remember that
45 . the <bookinfo> element must also be updated for each new edition.
46 . /////////////////////////////////////////////////////////////////////////////
48 .set previousversion "4.80"
49 .set version "4.80"
51 .set ACL "access control lists (ACLs)"
52 .set I "&nbsp;&nbsp;&nbsp;&nbsp;"
55 . /////////////////////////////////////////////////////////////////////////////
56 . Additional xfpt markup used by this document, over and above the default
57 . provided in the xfpt library.
58 . /////////////////////////////////////////////////////////////////////////////
60 . --- Override the &$ flag to automatically insert a $ with the variable name
62 .flag &$ $& "<varname>$" "</varname>"
64 . --- Short flags for daggers in option headings. They will always be inside
65 . --- an italic string, but we want the daggers to be roman.
67 .flag &!! "</emphasis>&dagger;<emphasis>"
68 .flag &!? "</emphasis>&Dagger;<emphasis>"
70 . --- A macro for an Exim option definition heading, generating a one-line
71 . --- table with four columns. For cases when the option name is given with
72 . --- a space, so that it can be split, a fifth argument is used for the
73 . --- index entry.
75 .macro option
76 .arg 5
77 .oindex "&%$5%&"
78 .endarg
79 .arg -5
80 .oindex "&%$1%&"
81 .endarg
82 .itable all 0 0 4 8* left 6* center 6* center 6* right
83 .row "&%$1%&" "Use: &'$2'&" "Type: &'$3'&" "Default: &'$4'&"
84 .endtable
85 .endmacro
87 . --- A macro for the common 2-column tables. The width of the first column
88 . --- is suitable for the many tables at the start of the main options chapter;
89 . --- the small number of other 2-column tables override it.
91 .macro table2 196pt 254pt
92 .itable none 0 0 2 $1 left $2 left
93 .endmacro
95 . --- A macro that generates .row, but puts &I; at the start of the first
96 . --- argument, thus indenting it. Assume a minimum of two arguments, and
97 . --- allow up to four arguments, which is as many as we'll ever need.
99 .macro irow
100 .arg 4
101 .row "&I;$1" "$2" "$3" "$4"
102 .endarg
103 .arg -4
104 .arg 3
105 .row "&I;$1" "$2" "$3"
106 .endarg
107 .arg -3
108 .row "&I;$1" "$2"
109 .endarg
110 .endarg
111 .endmacro
113 . --- Macros for option, variable, and concept index entries. For a "range"
114 . --- style of entry, use .scindex for the start and .ecindex for the end. The
115 . --- first argument of .scindex and the only argument of .ecindex must be the
116 . --- ID that ties them together.
118 .macro cindex
119 &<indexterm role="concept">&
120 &<primary>&$1&</primary>&
121 .arg 2
122 &<secondary>&$2&</secondary>&
123 .endarg
124 &</indexterm>&
125 .endmacro
127 .macro scindex
128 &<indexterm role="concept" id="$1" class="startofrange">&
129 &<primary>&$2&</primary>&
130 .arg 3
131 &<secondary>&$3&</secondary>&
132 .endarg
133 &</indexterm>&
134 .endmacro
136 .macro ecindex
137 &<indexterm role="concept" startref="$1" class="endofrange"/>&
138 .endmacro
140 .macro oindex
141 &<indexterm role="option">&
142 &<primary>&$1&</primary>&
143 .arg 2
144 &<secondary>&$2&</secondary>&
145 .endarg
146 &</indexterm>&
147 .endmacro
149 .macro vindex
150 &<indexterm role="variable">&
151 &<primary>&$1&</primary>&
152 .arg 2
153 &<secondary>&$2&</secondary>&
154 .endarg
155 &</indexterm>&
156 .endmacro
158 .macro index
159 .echo "** Don't use .index; use .cindex or .oindex or .vindex"
160 .endmacro
161 . ////////////////////////////////////////////////////////////////////////////
164 . ////////////////////////////////////////////////////////////////////////////
165 . The <bookinfo> element is removed from the XML before processing for Ascii
166 . output formats.
167 . ////////////////////////////////////////////////////////////////////////////
169 .literal xml
170 <bookinfo>
171 <title>Specification of the Exim Mail Transfer Agent</title>
172 <titleabbrev>The Exim MTA</titleabbrev>
173 <date>17 May 2012</date>
174 <author><firstname>Exim</firstname><surname>Maintainers</surname></author>
175 <authorinitials>EM</authorinitials>
176 <revhistory><revision>
177 <revnumber>4.80</revnumber>
178 <date>17 May 2012</date>
179 <authorinitials>EM</authorinitials>
180 </revision></revhistory>
181 <copyright><year>2012</year><holder>University of Cambridge</holder></copyright>
182 </bookinfo>
183 .literal off
186 . /////////////////////////////////////////////////////////////////////////////
187 . This chunk of literal XML implements index entries of the form "x, see y" and
188 . "x, see also y". However, the DocBook DTD doesn't allow <indexterm> entries
189 . at the top level, so we have to put the .chapter directive first.
190 . /////////////////////////////////////////////////////////////////////////////
192 .chapter "Introduction" "CHID1"
193 .literal xml
195 <indexterm role="variable">
196 <primary>$1, $2, etc.</primary>
197 <see><emphasis>numerical variables</emphasis></see>
198 </indexterm>
199 <indexterm role="concept">
200 <primary>address</primary>
201 <secondary>rewriting</secondary>
202 <see><emphasis>rewriting</emphasis></see>
203 </indexterm>
204 <indexterm role="concept">
205 <primary>Bounce Address Tag Validation</primary>
206 <see><emphasis>BATV</emphasis></see>
207 </indexterm>
208 <indexterm role="concept">
209 <primary>Client SMTP Authorization</primary>
210 <see><emphasis>CSA</emphasis></see>
211 </indexterm>
212 <indexterm role="concept">
213 <primary>CR character</primary>
214 <see><emphasis>carriage return</emphasis></see>
215 </indexterm>
216 <indexterm role="concept">
217 <primary>CRL</primary>
218 <see><emphasis>certificate revocation list</emphasis></see>
219 </indexterm>
220 <indexterm role="concept">
221 <primary>delivery</primary>
222 <secondary>failure report</secondary>
223 <see><emphasis>bounce message</emphasis></see>
224 </indexterm>
225 <indexterm role="concept">
226 <primary>dialup</primary>
227 <see><emphasis>intermittently connected hosts</emphasis></see>
228 </indexterm>
229 <indexterm role="concept">
230 <primary>exiscan</primary>
231 <see><emphasis>content scanning</emphasis></see>
232 </indexterm>
233 <indexterm role="concept">
234 <primary>failover</primary>
235 <see><emphasis>fallback</emphasis></see>
236 </indexterm>
237 <indexterm role="concept">
238 <primary>fallover</primary>
239 <see><emphasis>fallback</emphasis></see>
240 </indexterm>
241 <indexterm role="concept">
242 <primary>filter</primary>
243 <secondary>Sieve</secondary>
244 <see><emphasis>Sieve filter</emphasis></see>
245 </indexterm>
246 <indexterm role="concept">
247 <primary>ident</primary>
248 <see><emphasis>RFC 1413</emphasis></see>
249 </indexterm>
250 <indexterm role="concept">
251 <primary>LF character</primary>
252 <see><emphasis>linefeed</emphasis></see>
253 </indexterm>
254 <indexterm role="concept">
255 <primary>maximum</primary>
256 <seealso><emphasis>limit</emphasis></seealso>
257 </indexterm>
258 <indexterm role="concept">
259 <primary>monitor</primary>
260 <see><emphasis>Exim monitor</emphasis></see>
261 </indexterm>
262 <indexterm role="concept">
263 <primary>no_<emphasis>xxx</emphasis></primary>
264 <see>entry for xxx</see>
265 </indexterm>
266 <indexterm role="concept">
267 <primary>NUL</primary>
268 <see><emphasis>binary zero</emphasis></see>
269 </indexterm>
270 <indexterm role="concept">
271 <primary>passwd file</primary>
272 <see><emphasis>/etc/passwd</emphasis></see>
273 </indexterm>
274 <indexterm role="concept">
275 <primary>process id</primary>
276 <see><emphasis>pid</emphasis></see>
277 </indexterm>
278 <indexterm role="concept">
279 <primary>RBL</primary>
280 <see><emphasis>DNS list</emphasis></see>
281 </indexterm>
282 <indexterm role="concept">
283 <primary>redirection</primary>
284 <see><emphasis>address redirection</emphasis></see>
285 </indexterm>
286 <indexterm role="concept">
287 <primary>return path</primary>
288 <seealso><emphasis>envelope sender</emphasis></seealso>
289 </indexterm>
290 <indexterm role="concept">
291 <primary>scanning</primary>
292 <see><emphasis>content scanning</emphasis></see>
293 </indexterm>
294 <indexterm role="concept">
295 <primary>SSL</primary>
296 <see><emphasis>TLS</emphasis></see>
297 </indexterm>
298 <indexterm role="concept">
299 <primary>string</primary>
300 <secondary>expansion</secondary>
301 <see><emphasis>expansion</emphasis></see>
302 </indexterm>
303 <indexterm role="concept">
304 <primary>top bit</primary>
305 <see><emphasis>8-bit characters</emphasis></see>
306 </indexterm>
307 <indexterm role="concept">
308 <primary>variables</primary>
309 <see><emphasis>expansion, variables</emphasis></see>
310 </indexterm>
311 <indexterm role="concept">
312 <primary>zero, binary</primary>
313 <see><emphasis>binary zero</emphasis></see>
314 </indexterm>
316 .literal off
319 . /////////////////////////////////////////////////////////////////////////////
320 . This is the real start of the first chapter. See the comment above as to why
321 . we can't have the .chapter line here.
322 . chapter "Introduction"
323 . /////////////////////////////////////////////////////////////////////////////
325 Exim is a mail transfer agent (MTA) for hosts that are running Unix or
326 Unix-like operating systems. It was designed on the assumption that it would be
327 run on hosts that are permanently connected to the Internet. However, it can be
328 used on intermittently connected hosts with suitable configuration adjustments.
330 Configuration files currently exist for the following operating systems: AIX,
331 BSD/OS (aka BSDI), Darwin (Mac OS X), DGUX, Dragonfly, FreeBSD, GNU/Hurd,
332 GNU/Linux, HI-OSF (Hitachi), HI-UX, HP-UX, IRIX, MIPS RISCOS, NetBSD, OpenBSD,
333 OpenUNIX, QNX, SCO, SCO SVR4.2 (aka UNIX-SV), Solaris (aka SunOS5), SunOS4,
334 Tru64-Unix (formerly Digital UNIX, formerly DEC-OSF1), Ultrix, and Unixware.
335 Some of these operating systems are no longer current and cannot easily be
336 tested, so the configuration files may no longer work in practice.
338 There are also configuration files for compiling Exim in the Cygwin environment
339 that can be installed on systems running Windows. However, this document does
340 not contain any information about running Exim in the Cygwin environment.
342 The terms and conditions for the use and distribution of Exim are contained in
343 the file &_NOTICE_&. Exim is distributed under the terms of the GNU General
344 Public Licence, a copy of which may be found in the file &_LICENCE_&.
346 The use, supply or promotion of Exim for the purpose of sending bulk,
347 unsolicited electronic mail is incompatible with the basic aims of the program,
348 which revolve around the free provision of a service that enhances the quality
349 of personal communications. The author of Exim regards indiscriminate
350 mass-mailing as an antisocial, irresponsible abuse of the Internet.
352 Exim owes a great deal to Smail 3 and its author, Ron Karr. Without the
353 experience of running and working on the Smail 3 code, I could never have
354 contemplated starting to write a new MTA. Many of the ideas and user interfaces
355 were originally taken from Smail 3, though the actual code of Exim is entirely
356 new, and has developed far beyond the initial concept.
358 Many people, both in Cambridge and around the world, have contributed to the
359 development and the testing of Exim, and to porting it to various operating
360 systems. I am grateful to them all. The distribution now contains a file called
361 &_ACKNOWLEDGMENTS_&, in which I have started recording the names of
362 contributors.
365 .section "Exim documentation" "SECID1"
366 . Keep this example change bar when updating the documentation!
368 .new
369 .cindex "documentation"
370 This edition of the Exim specification applies to version &version; of Exim.
371 Substantive changes from the &previousversion; edition are marked in some
372 renditions of the document; this paragraph is so marked if the rendition is
373 capable of showing a change indicator.
374 .wen
376 This document is very much a reference manual; it is not a tutorial. The reader
377 is expected to have some familiarity with the SMTP mail transfer protocol and
378 with general Unix system administration. Although there are some discussions
379 and examples in places, the information is mostly organized in a way that makes
380 it easy to look up, rather than in a natural order for sequential reading.
381 Furthermore, the manual aims to cover every aspect of Exim in detail, including
382 a number of rarely-used, special-purpose features that are unlikely to be of
383 very wide interest.
385 .cindex "books about Exim"
386 An &"easier"& discussion of Exim which provides more in-depth explanatory,
387 introductory, and tutorial material can be found in a book entitled &'The Exim
388 SMTP Mail Server'& (second edition, 2007), published by UIT Cambridge
389 (&url(http://www.uit.co.uk/exim-book/)).
391 This book also contains a chapter that gives a general introduction to SMTP and
392 Internet mail. Inevitably, however, the book is unlikely to be fully up-to-date
393 with the latest release of Exim. (Note that the earlier book about Exim,
394 published by O'Reilly, covers Exim 3, and many things have changed in Exim 4.)
396 .cindex "Debian" "information sources"
397 If you are using a Debian distribution of Exim, you will find information about
398 Debian-specific features in the file
399 &_/usr/share/doc/exim4-base/README.Debian_&.
400 The command &(man update-exim.conf)& is another source of Debian-specific
401 information.
403 .cindex "&_doc/NewStuff_&"
404 .cindex "&_doc/ChangeLog_&"
405 .cindex "change log"
406 As the program develops, there may be features in newer versions that have not
407 yet made it into this document, which is updated only when the most significant
408 digit of the fractional part of the version number changes. Specifications of
409 new features that are not yet in this manual are placed in the file
410 &_doc/NewStuff_& in the Exim distribution.
412 Some features may be classified as &"experimental"&. These may change
413 incompatibly while they are developing, or even be withdrawn. For this reason,
414 they are not documented in this manual. Information about experimental features
415 can be found in the file &_doc/experimental.txt_&.
417 All changes to the program (whether new features, bug fixes, or other kinds of
418 change) are noted briefly in the file called &_doc/ChangeLog_&.
420 .cindex "&_doc/spec.txt_&"
421 This specification itself is available as an ASCII file in &_doc/spec.txt_& so
422 that it can easily be searched with a text editor. Other files in the &_doc_&
423 directory are:
425 .table2 100pt
426 .row &_OptionLists.txt_& "list of all options in alphabetical order"
427 .row &_dbm.discuss.txt_& "discussion about DBM libraries"
428 .row &_exim.8_& "a man page of Exim's command line options"
429 .row &_experimental.txt_& "documentation of experimental features"
430 .row &_filter.txt_& "specification of the filter language"
431 .row &_Exim3.upgrade_& "upgrade notes from release 2 to release 3"
432 .row &_Exim4.upgrade_& "upgrade notes from release 3 to release 4"
433 .endtable
435 The main specification and the specification of the filtering language are also
436 available in other formats (HTML, PostScript, PDF, and Texinfo). Section
437 &<<SECTavail>>& below tells you how to get hold of these.
441 .section "FTP and web sites" "SECID2"
442 .cindex "web site"
443 .cindex "FTP site"
444 The primary site for Exim source distributions is currently the University of
445 Cambridge's FTP site, whose contents are described in &'Where to find the Exim
446 distribution'& below. In addition, there is a web site and an FTP site at
447 &%exim.org%&. These are now also hosted at the University of Cambridge. The
448 &%exim.org%& site was previously hosted for a number of years by Energis
449 Squared, formerly Planet Online Ltd, whose support I gratefully acknowledge.
451 .cindex "wiki"
452 .cindex "FAQ"
453 As well as Exim distribution tar files, the Exim web site contains a number of
454 differently formatted versions of the documentation. A recent addition to the
455 online information is the Exim wiki (&url(http://wiki.exim.org)),
456 which contains what used to be a separate FAQ, as well as various other
457 examples, tips, and know-how that have been contributed by Exim users.
459 .cindex Bugzilla
460 An Exim Bugzilla exists at &url(http://bugs.exim.org). You can use
461 this to report bugs, and also to add items to the wish list. Please search
462 first to check that you are not duplicating a previous entry.
466 .section "Mailing lists" "SECID3"
467 .cindex "mailing lists" "for Exim users"
468 The following Exim mailing lists exist:
470 .table2 140pt
471 .row &'exim-announce@exim.org'& "Moderated, low volume announcements list"
472 .row &'exim-users@exim.org'& "General discussion list"
473 .row &'exim-dev@exim.org'& "Discussion of bugs, enhancements, etc."
474 .row &'exim-cvs@exim.org'& "Automated commit messages from the VCS"
475 .endtable
477 You can subscribe to these lists, change your existing subscriptions, and view
478 or search the archives via the mailing lists link on the Exim home page.
479 .cindex "Debian" "mailing list for"
480 If you are using a Debian distribution of Exim, you may wish to subscribe to
481 the Debian-specific mailing list &'pkg-exim4-users@lists.alioth.debian.org'&
482 via this web page:
483 .display
484 &url(http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users)
485 .endd
486 Please ask Debian-specific questions on this list and not on the general Exim
487 lists.
489 .section "Exim training" "SECID4"
490 .cindex "training courses"
491 Training courses in Cambridge (UK) used to be run annually by the author of
492 Exim, before he retired. At the time of writing, there are no plans to run
493 further Exim courses in Cambridge. However, if that changes, relevant
494 information will be posted at &url(http://www-tus.csx.cam.ac.uk/courses/exim/).
496 .section "Bug reports" "SECID5"
497 .cindex "bug reports"
498 .cindex "reporting bugs"
499 Reports of obvious bugs can be emailed to &'bugs@exim.org'& or reported
500 via the Bugzilla (&url(http://bugs.exim.org)). However, if you are unsure
501 whether some behaviour is a bug or not, the best thing to do is to post a
502 message to the &'exim-dev'& mailing list and have it discussed.
506 .section "Where to find the Exim distribution" "SECTavail"
507 .cindex "FTP site"
508 .cindex "distribution" "ftp site"
509 The master ftp site for the Exim distribution is
510 .display
511 &*ftp://ftp.csx.cam.ac.uk/pub/software/email/exim*&
512 .endd
513 This is mirrored by
514 .display
515 &*ftp://ftp.exim.org/pub/exim*&
516 .endd
517 The file references that follow are relative to the &_exim_& directories at
518 these sites. There are now quite a number of independent mirror sites around
519 the world. Those that I know about are listed in the file called &_Mirrors_&.
521 Within the &_exim_& directory there are subdirectories called &_exim3_& (for
522 previous Exim 3 distributions), &_exim4_& (for the latest Exim 4
523 distributions), and &_Testing_& for testing versions. In the &_exim4_&
524 subdirectory, the current release can always be found in files called
525 .display
526 &_exim-n.nn.tar.gz_&
527 &_exim-n.nn.tar.bz2_&
528 .endd
529 where &'n.nn'& is the highest such version number in the directory. The two
530 files contain identical data; the only difference is the type of compression.
531 The &_.bz2_& file is usually a lot smaller than the &_.gz_& file.
533 .cindex "distribution" "signing details"
534 .cindex "distribution" "public key"
535 .cindex "public key for signed distribution"
536 .new
537 The distributions will be PGP signed by an individual key of the Release
538 Coordinator. This key will have a uid containing an email address in the
539 &'exim.org'& domain and will have signatures from other people, including
540 other Exim maintainers. We expect that the key will be in the "strong set" of
541 PGP keys. There should be a trust path to that key from Nigel Metheringham's
542 PGP key, a version of which can be found in the release directory in the file
543 &_nigel-pubkey.asc_&. All keys used will be available in public keyserver pools,
544 such as &'pool.sks-keyservers.net'&.
546 At time of last update, releases were being made by Phil Pennock and signed with
547 key &'0x403043153903637F'&, although that key is expected to be replaced in 2013.
548 A trust path from Nigel's key to Phil's can be observed at
549 &url(https://www.security.spodhuis.org/exim-trustpath).
550 .wen
552 The signatures for the tar bundles are in:
553 .display
554 &_exim-n.nn.tar.gz.asc_&
555 &_exim-n.nn.tar.bz2.asc_&
556 .endd
557 For each released version, the log of changes is made separately available in a
558 separate file in the directory &_ChangeLogs_& so that it is possible to
559 find out what has changed without having to download the entire distribution.
561 .cindex "documentation" "available formats"
562 The main distribution contains ASCII versions of this specification and other
563 documentation; other formats of the documents are available in separate files
564 inside the &_exim4_& directory of the FTP site:
565 .display
566 &_exim-html-n.nn.tar.gz_&
567 &_exim-pdf-n.nn.tar.gz_&
568 &_exim-postscript-n.nn.tar.gz_&
569 &_exim-texinfo-n.nn.tar.gz_&
570 .endd
571 These tar files contain only the &_doc_& directory, not the complete
572 distribution, and are also available in &_.bz2_& as well as &_.gz_& forms.
575 .section "Limitations" "SECID6"
576 .ilist
577 .cindex "limitations of Exim"
578 .cindex "bang paths" "not handled by Exim"
579 Exim is designed for use as an Internet MTA, and therefore handles addresses in
580 RFC 2822 domain format only. It cannot handle UUCP &"bang paths"&, though
581 simple two-component bang paths can be converted by a straightforward rewriting
582 configuration. This restriction does not prevent Exim from being interfaced to
583 UUCP as a transport mechanism, provided that domain addresses are used.
584 .next
585 .cindex "domainless addresses"
586 .cindex "address" "without domain"
587 Exim insists that every address it handles has a domain attached. For incoming
588 local messages, domainless addresses are automatically qualified with a
589 configured domain value. Configuration options specify from which remote
590 systems unqualified addresses are acceptable. These are then qualified on
591 arrival.
592 .next
593 .cindex "transport" "external"
594 .cindex "external transports"
595 The only external transport mechanisms that are currently implemented are SMTP
596 and LMTP over a TCP/IP network (including support for IPv6). However, a pipe
597 transport is available, and there are facilities for writing messages to files
598 and pipes, optionally in &'batched SMTP'& format; these facilities can be used
599 to send messages to other transport mechanisms such as UUCP, provided they can
600 handle domain-style addresses. Batched SMTP input is also catered for.
601 .next
602 Exim is not designed for storing mail for dial-in hosts. When the volumes of
603 such mail are large, it is better to get the messages &"delivered"& into files
604 (that is, off Exim's queue) and subsequently passed on to the dial-in hosts by
605 other means.
606 .next
607 Although Exim does have basic facilities for scanning incoming messages, these
608 are not comprehensive enough to do full virus or spam scanning. Such operations
609 are best carried out using additional specialized software packages. If you
610 compile Exim with the content-scanning extension, straightforward interfaces to
611 a number of common scanners are provided.
612 .endlist
615 .section "Run time configuration" "SECID7"
616 Exim's run time configuration is held in a single text file that is divided
617 into a number of sections. The entries in this file consist of keywords and
618 values, in the style of Smail 3 configuration files. A default configuration
619 file which is suitable for simple online installations is provided in the
620 distribution, and is described in chapter &<<CHAPdefconfil>>& below.
623 .section "Calling interface" "SECID8"
624 .cindex "Sendmail compatibility" "command line interface"
625 Like many MTAs, Exim has adopted the Sendmail command line interface so that it
626 can be a straight replacement for &_/usr/lib/sendmail_& or
627 &_/usr/sbin/sendmail_& when sending mail, but you do not need to know anything
628 about Sendmail in order to run Exim. For actions other than sending messages,
629 Sendmail-compatible options also exist, but those that produce output (for
630 example, &%-bp%&, which lists the messages on the queue) do so in Exim's own
631 format. There are also some additional options that are compatible with Smail
632 3, and some further options that are new to Exim. Chapter &<<CHAPcommandline>>&
633 documents all Exim's command line options. This information is automatically
634 made into the man page that forms part of the Exim distribution.
636 Control of messages on the queue can be done via certain privileged command
637 line options. There is also an optional monitor program called &'eximon'&,
638 which displays current information in an X window, and which contains a menu
639 interface to Exim's command line administration options.
643 .section "Terminology" "SECID9"
644 .cindex "terminology definitions"
645 .cindex "body of message" "definition of"
646 The &'body'& of a message is the actual data that the sender wants to transmit.
647 It is the last part of a message, and is separated from the &'header'& (see
648 below) by a blank line.
650 .cindex "bounce message" "definition of"
651 When a message cannot be delivered, it is normally returned to the sender in a
652 delivery failure message or a &"non-delivery report"& (NDR). The term
653 &'bounce'& is commonly used for this action, and the error reports are often
654 called &'bounce messages'&. This is a convenient shorthand for &"delivery
655 failure error report"&. Such messages have an empty sender address in the
656 message's &'envelope'& (see below) to ensure that they cannot themselves give
657 rise to further bounce messages.
659 The term &'default'& appears frequently in this manual. It is used to qualify a
660 value which is used in the absence of any setting in the configuration. It may
661 also qualify an action which is taken unless a configuration setting specifies
662 otherwise.
664 The term &'defer'& is used when the delivery of a message to a specific
665 destination cannot immediately take place for some reason (a remote host may be
666 down, or a user's local mailbox may be full). Such deliveries are &'deferred'&
667 until a later time.
669 The word &'domain'& is sometimes used to mean all but the first component of a
670 host's name. It is &'not'& used in that sense here, where it normally refers to
671 the part of an email address following the @ sign.
673 .cindex "envelope, definition of"
674 .cindex "sender" "definition of"
675 A message in transit has an associated &'envelope'&, as well as a header and a
676 body. The envelope contains a sender address (to which bounce messages should
677 be delivered), and any number of recipient addresses. References to the
678 sender or the recipients of a message usually mean the addresses in the
679 envelope. An MTA uses these addresses for delivery, and for returning bounce
680 messages, not the addresses that appear in the header lines.
682 .cindex "message" "header, definition of"
683 .cindex "header section" "definition of"
684 The &'header'& of a message is the first part of a message's text, consisting
685 of a number of lines, each of which has a name such as &'From:'&, &'To:'&,
686 &'Subject:'&, etc. Long header lines can be split over several text lines by
687 indenting the continuations. The header is separated from the body by a blank
688 line.
690 .cindex "local part" "definition of"
691 .cindex "domain" "definition of"
692 The term &'local part'&, which is taken from RFC 2822, is used to refer to that
693 part of an email address that precedes the @ sign. The part that follows the
694 @ sign is called the &'domain'& or &'mail domain'&.
696 .cindex "local delivery" "definition of"
697 .cindex "remote delivery, definition of"
698 The terms &'local delivery'& and &'remote delivery'& are used to distinguish
699 delivery to a file or a pipe on the local host from delivery by SMTP over
700 TCP/IP to another host. As far as Exim is concerned, all hosts other than the
701 host it is running on are &'remote'&.
703 .cindex "return path" "definition of"
704 &'Return path'& is another name that is used for the sender address in a
705 message's envelope.
707 .cindex "queue" "definition of"
708 The term &'queue'& is used to refer to the set of messages awaiting delivery,
709 because this term is in widespread use in the context of MTAs. However, in
710 Exim's case the reality is more like a pool than a queue, because there is
711 normally no ordering of waiting messages.
713 .cindex "queue runner" "definition of"
714 The term &'queue runner'& is used to describe a process that scans the queue
715 and attempts to deliver those messages whose retry times have come. This term
716 is used by other MTAs, and also relates to the command &%runq%&, but in Exim
717 the waiting messages are normally processed in an unpredictable order.
719 .cindex "spool directory" "definition of"
720 The term &'spool directory'& is used for a directory in which Exim keeps the
721 messages on its queue &-- that is, those that it is in the process of
722 delivering. This should not be confused with the directory in which local
723 mailboxes are stored, which is called a &"spool directory"& by some people. In
724 the Exim documentation, &"spool"& is always used in the first sense.
731 . ////////////////////////////////////////////////////////////////////////////
732 . ////////////////////////////////////////////////////////////////////////////
734 .chapter "Incorporated code" "CHID2"
735 .cindex "incorporated code"
736 .cindex "regular expressions" "library"
737 .cindex "PCRE"
738 A number of pieces of external code are included in the Exim distribution.
740 .ilist
741 Regular expressions are supported in the main Exim program and in the
742 Exim monitor using the freely-distributable PCRE library, copyright
743 &copy; University of Cambridge. The source to PCRE is no longer shipped with
744 Exim, so you will need to use the version of PCRE shipped with your system,
745 or obtain and install the full version of the library from
746 &url(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre).
747 .next
748 .cindex "cdb" "acknowledgment"
749 Support for the cdb (Constant DataBase) lookup method is provided by code
750 contributed by Nigel Metheringham of (at the time he contributed it) Planet
751 Online Ltd. The implementation is completely contained within the code of Exim.
752 It does not link against an external cdb library. The code contains the
753 following statements:
755 .blockquote
756 Copyright &copy; 1998 Nigel Metheringham, Planet Online Ltd
758 This program is free software; you can redistribute it and/or modify it under
759 the terms of the GNU General Public License as published by the Free Software
760 Foundation; either version 2 of the License, or (at your option) any later
761 version.
762 This code implements Dan Bernstein's Constant DataBase (cdb) spec. Information,
763 the spec and sample code for cdb can be obtained from
764 &url(http://www.pobox.com/~djb/cdb.html). This implementation borrows
765 some code from Dan Bernstein's implementation (which has no license
766 restrictions applied to it).
767 .endblockquote
768 .next
769 .cindex "SPA authentication"
770 .cindex "Samba project"
771 .cindex "Microsoft Secure Password Authentication"
772 Client support for Microsoft's &'Secure Password Authentication'& is provided
773 by code contributed by Marc Prud'hommeaux. Server support was contributed by
774 Tom Kistner. This includes code taken from the Samba project, which is released
775 under the Gnu GPL.
776 .next
777 .cindex "Cyrus"
778 .cindex "&'pwcheck'& daemon"
779 .cindex "&'pwauthd'& daemon"
780 Support for calling the Cyrus &'pwcheck'& and &'saslauthd'& daemons is provided
781 by code taken from the Cyrus-SASL library and adapted by Alexander S.
782 Sabourenkov. The permission notice appears below, in accordance with the
783 conditions expressed therein.
785 .blockquote
786 Copyright &copy; 2001 Carnegie Mellon University. All rights reserved.
788 Redistribution and use in source and binary forms, with or without
789 modification, are permitted provided that the following conditions
790 are met:
792 .olist
793 Redistributions of source code must retain the above copyright
794 notice, this list of conditions and the following disclaimer.
795 .next
796 Redistributions in binary form must reproduce the above copyright
797 notice, this list of conditions and the following disclaimer in
798 the documentation and/or other materials provided with the
799 distribution.
800 .next
801 The name &"Carnegie Mellon University"& must not be used to
802 endorse or promote products derived from this software without
803 prior written permission. For permission or any other legal
804 details, please contact
805 .display
806 Office of Technology Transfer
807 Carnegie Mellon University
808 5000 Forbes Avenue
809 Pittsburgh, PA 15213-3890
810 (412) 268-4387, fax: (412) 268-7395
811 tech-transfer@andrew.cmu.edu
812 .endd
813 .next
814 Redistributions of any form whatsoever must retain the following
815 acknowledgment:
817 &"This product includes software developed by Computing Services
818 at Carnegie Mellon University (&url(http://www.cmu.edu/computing/)."&
827 .endlist
828 .endblockquote
830 .next
831 .cindex "Exim monitor" "acknowledgment"
832 .cindex "X-windows"
833 .cindex "Athena"
834 The Exim Monitor program, which is an X-Window application, includes
835 modified versions of the Athena StripChart and TextPop widgets.
836 This code is copyright by DEC and MIT, and their permission notice appears
837 below, in accordance with the conditions expressed therein.
839 .blockquote
840 Copyright 1987, 1988 by Digital Equipment Corporation, Maynard, Massachusetts,
841 and the Massachusetts Institute of Technology, Cambridge, Massachusetts.
843 All Rights Reserved
845 Permission to use, copy, modify, and distribute this software and its
846 documentation for any purpose and without fee is hereby granted,
847 provided that the above copyright notice appear in all copies and that
848 both that copyright notice and this permission notice appear in
849 supporting documentation, and that the names of Digital or MIT not be
850 used in advertising or publicity pertaining to distribution of the
851 software without specific, written prior permission.
860 .endblockquote
862 .next
863 Many people have contributed code fragments, some large, some small, that were
864 not covered by any specific licence requirements. It is assumed that the
865 contributors are happy to see their code incorporated into Exim under the GPL.
866 .endlist
872 . ////////////////////////////////////////////////////////////////////////////
873 . ////////////////////////////////////////////////////////////////////////////
875 .chapter "How Exim receives and delivers mail" "CHID11" &&&
876 "Receiving and delivering mail"
879 .section "Overall philosophy" "SECID10"
880 .cindex "design philosophy"
881 Exim is designed to work efficiently on systems that are permanently connected
882 to the Internet and are handling a general mix of mail. In such circumstances,
883 most messages can be delivered immediately. Consequently, Exim does not
884 maintain independent queues of messages for specific domains or hosts, though
885 it does try to send several messages in a single SMTP connection after a host
886 has been down, and it also maintains per-host retry information.
889 .section "Policy control" "SECID11"
890 .cindex "policy control" "overview"
891 Policy controls are now an important feature of MTAs that are connected to the
892 Internet. Perhaps their most important job is to stop MTAs being abused as
893 &"open relays"& by misguided individuals who send out vast amounts of
894 unsolicited junk, and want to disguise its source. Exim provides flexible
895 facilities for specifying policy controls on incoming mail:
897 .ilist
898 .cindex "&ACL;" "introduction"
899 Exim 4 (unlike previous versions of Exim) implements policy controls on
900 incoming mail by means of &'Access Control Lists'& (ACLs). Each list is a
901 series of statements that may either grant or deny access. ACLs can be used at
902 several places in the SMTP dialogue while receiving a message from a remote
903 host. However, the most common places are after each RCPT command, and at the
904 very end of the message. The sysadmin can specify conditions for accepting or
905 rejecting individual recipients or the entire message, respectively, at these
906 two points (see chapter &<<CHAPACL>>&). Denial of access results in an SMTP
907 error code.
908 .next
909 An ACL is also available for locally generated, non-SMTP messages. In this
910 case, the only available actions are to accept or deny the entire message.
911 .next
912 When Exim is compiled with the content-scanning extension, facilities are
913 provided in the ACL mechanism for passing the message to external virus and/or
914 spam scanning software. The result of such a scan is passed back to the ACL,
915 which can then use it to decide what to do with the message.
916 .next
917 When a message has been received, either from a remote host or from the local
918 host, but before the final acknowledgment has been sent, a locally supplied C
919 function called &[local_scan()]& can be run to inspect the message and decide
920 whether to accept it or not (see chapter &<<CHAPlocalscan>>&). If the message
921 is accepted, the list of recipients can be modified by the function.
922 .next
923 Using the &[local_scan()]& mechanism is another way of calling external scanner
924 software. The &%SA-Exim%& add-on package works this way. It does not require
925 Exim to be compiled with the content-scanning extension.
926 .next
927 After a message has been accepted, a further checking mechanism is available in
928 the form of the &'system filter'& (see chapter &<<CHAPsystemfilter>>&). This
929 runs at the start of every delivery process.
930 .endlist
934 .section "User filters" "SECID12"
935 .cindex "filter" "introduction"
936 .cindex "Sieve filter"
937 In a conventional Exim configuration, users are able to run private filters by
938 setting up appropriate &_.forward_& files in their home directories. See
939 chapter &<<CHAPredirect>>& (about the &(redirect)& router) for the
940 configuration needed to support this, and the separate document entitled
941 &'Exim's interfaces to mail filtering'& for user details. Two different kinds
942 of filtering are available:
944 .ilist
945 Sieve filters are written in the standard filtering language that is defined
946 by RFC 3028.
947 .next
948 Exim filters are written in a syntax that is unique to Exim, but which is more
949 powerful than Sieve, which it pre-dates.
950 .endlist
952 User filters are run as part of the routing process, described below.
956 .section "Message identification" "SECTmessiden"
957 .cindex "message ids" "details of format"
958 .cindex "format" "of message id"
959 .cindex "id of message"
960 .cindex "base62"
961 .cindex "base36"
962 .cindex "Darwin"
963 .cindex "Cygwin"
964 Every message handled by Exim is given a &'message id'& which is sixteen
965 characters long. It is divided into three parts, separated by hyphens, for
966 example &`16VDhn-0001bo-D3`&. Each part is a sequence of letters and digits,
967 normally encoding numbers in base 62. However, in the Darwin operating
968 system (Mac OS X) and when Exim is compiled to run under Cygwin, base 36
969 (avoiding the use of lower case letters) is used instead, because the message
970 id is used to construct file names, and the names of files in those systems are
971 not always case-sensitive.
973 .cindex "pid (process id)" "re-use of"
974 The detail of the contents of the message id have changed as Exim has evolved.
975 Earlier versions relied on the operating system not re-using a process id (pid)
976 within one second. On modern operating systems, this assumption can no longer
977 be made, so the algorithm had to be changed. To retain backward compatibility,
978 the format of the message id was retained, which is why the following rules are
979 somewhat eccentric:
981 .ilist
982 The first six characters of the message id are the time at which the message
983 started to be received, to a granularity of one second. That is, this field
984 contains the number of seconds since the start of the epoch (the normal Unix
985 way of representing the date and time of day).
986 .next
987 After the first hyphen, the next six characters are the id of the process that
988 received the message.
989 .next
990 There are two different possibilities for the final two characters:
991 .olist
992 .oindex "&%localhost_number%&"
993 If &%localhost_number%& is not set, this value is the fractional part of the
994 time of reception, normally in units of 1/2000 of a second, but for systems
995 that must use base 36 instead of base 62 (because of case-insensitive file
996 systems), the units are 1/1000 of a second.
997 .next
998 If &%localhost_number%& is set, it is multiplied by 200 (100) and added to
999 the fractional part of the time, which in this case is in units of 1/200
1000 (1/100) of a second.
1001 .endlist
1002 .endlist
1004 After a message has been received, Exim waits for the clock to tick at the
1005 appropriate resolution before proceeding, so that if another message is
1006 received by the same process, or by another process with the same (re-used)
1007 pid, it is guaranteed that the time will be different. In most cases, the clock
1008 will already have ticked while the message was being received.
1011 .section "Receiving mail" "SECID13"
1012 .cindex "receiving mail"
1013 .cindex "message" "reception"
1014 The only way Exim can receive mail from another host is using SMTP over
1015 TCP/IP, in which case the sender and recipient addresses are transferred using
1016 SMTP commands. However, from a locally running process (such as a user's MUA),
1017 there are several possibilities:
1019 .ilist
1020 If the process runs Exim with the &%-bm%& option, the message is read
1021 non-interactively (usually via a pipe), with the recipients taken from the
1022 command line, or from the body of the message if &%-t%& is also used.
1023 .next
1024 If the process runs Exim with the &%-bS%& option, the message is also read
1025 non-interactively, but in this case the recipients are listed at the start of
1026 the message in a series of SMTP RCPT commands, terminated by a DATA
1027 command. This is so-called &"batch SMTP"& format,
1028 but it isn't really SMTP. The SMTP commands are just another way of passing
1029 envelope addresses in a non-interactive submission.
1030 .next
1031 If the process runs Exim with the &%-bs%& option, the message is read
1032 interactively, using the SMTP protocol. A two-way pipe is normally used for
1033 passing data between the local process and the Exim process.
1034 This is &"real"& SMTP and is handled in the same way as SMTP over TCP/IP. For
1035 example, the ACLs for SMTP commands are used for this form of submission.
1036 .next
1037 A local process may also make a TCP/IP call to the host's loopback address
1038 ( or any other of its IP addresses. When receiving messages, Exim
1039 does not treat the loopback address specially. It treats all such connections
1040 in the same way as connections from other hosts.
1041 .endlist
1044 .cindex "message sender, constructed by Exim"
1045 .cindex "sender" "constructed by Exim"
1046 In the three cases that do not involve TCP/IP, the sender address is
1047 constructed from the login name of the user that called Exim and a default
1048 qualification domain (which can be set by the &%qualify_domain%& configuration
1049 option). For local or batch SMTP, a sender address that is passed using the
1050 SMTP MAIL command is ignored. However, the system administrator may allow
1051 certain users (&"trusted users"&) to specify a different sender address
1052 unconditionally, or all users to specify certain forms of different sender
1053 address. The &%-f%& option or the SMTP MAIL command is used to specify these
1054 different addresses. See section &<<SECTtrustedadmin>>& for details of trusted
1055 users, and the &%untrusted_set_sender%& option for a way of allowing untrusted
1056 users to change sender addresses.
1058 Messages received by either of the non-interactive mechanisms are subject to
1059 checking by the non-SMTP ACL, if one is defined. Messages received using SMTP
1060 (either over TCP/IP, or interacting with a local process) can be checked by a
1061 number of ACLs that operate at different times during the SMTP session. Either
1062 individual recipients, or the entire message, can be rejected if local policy
1063 requirements are not met. The &[local_scan()]& function (see chapter
1064 &<<CHAPlocalscan>>&) is run for all incoming messages.
1066 Exim can be configured not to start a delivery process when a message is
1067 received; this can be unconditional, or depend on the number of incoming SMTP
1068 connections or the system load. In these situations, new messages wait on the
1069 queue until a queue runner process picks them up. However, in standard
1070 configurations under normal conditions, delivery is started as soon as a
1071 message is received.
1077 .section "Handling an incoming message" "SECID14"
1078 .cindex "spool directory" "files that hold a message"
1079 .cindex "file" "how a message is held"
1080 When Exim accepts a message, it writes two files in its spool directory. The
1081 first contains the envelope information, the current status of the message, and
1082 the header lines, and the second contains the body of the message. The names of
1083 the two spool files consist of the message id, followed by &`-H`& for the
1084 file containing the envelope and header, and &`-D`& for the data file.
1086 .cindex "spool directory" "&_input_& sub-directory"
1087 By default all these message files are held in a single directory called
1088 &_input_& inside the general Exim spool directory. Some operating systems do
1089 not perform very well if the number of files in a directory gets large; to
1090 improve performance in such cases, the &%split_spool_directory%& option can be
1091 used. This causes Exim to split up the input files into 62 sub-directories
1092 whose names are single letters or digits. When this is done, the queue is
1093 processed one sub-directory at a time instead of all at once, which can improve
1094 overall performance even when there are not enough files in each directory to
1095 affect file system performance.
1097 The envelope information consists of the address of the message's sender and
1098 the addresses of the recipients. This information is entirely separate from
1099 any addresses contained in the header lines. The status of the message includes
1100 a list of recipients who have already received the message. The format of the
1101 first spool file is described in chapter &<<CHAPspool>>&.
1103 .cindex "rewriting" "addresses"
1104 Address rewriting that is specified in the rewrite section of the configuration
1105 (see chapter &<<CHAPrewrite>>&) is done once and for all on incoming addresses,
1106 both in the header lines and the envelope, at the time the message is accepted.
1107 If during the course of delivery additional addresses are generated (for
1108 example, via aliasing), these new addresses are rewritten as soon as they are
1109 generated. At the time a message is actually delivered (transported) further
1110 rewriting can take place; because this is a transport option, it can be
1111 different for different forms of delivery. It is also possible to specify the
1112 addition or removal of certain header lines at the time the message is
1113 delivered (see chapters &<<CHAProutergeneric>>& and
1114 &<<CHAPtransportgeneric>>&).
1118 .section "Life of a message" "SECID15"
1119 .cindex "message" "life of"
1120 .cindex "message" "frozen"
1121 A message remains in the spool directory until it is completely delivered to
1122 its recipients or to an error address, or until it is deleted by an
1123 administrator or by the user who originally created it. In cases when delivery
1124 cannot proceed &-- for example, when a message can neither be delivered to its
1125 recipients nor returned to its sender, the message is marked &"frozen"& on the
1126 spool, and no more deliveries are attempted.
1128 .cindex "frozen messages" "thawing"
1129 .cindex "message" "thawing frozen"
1130 An administrator can &"thaw"& such messages when the problem has been
1131 corrected, and can also freeze individual messages by hand if necessary. In
1132 addition, an administrator can force a delivery error, causing a bounce message
1133 to be sent.
1135 .oindex "&%timeout_frozen_after%&"
1136 .oindex "&%ignore_bounce_errors_after%&"
1137 There are options called &%ignore_bounce_errors_after%& and
1138 &%timeout_frozen_after%&, which discard frozen messages after a certain time.
1139 The first applies only to frozen bounces, the second to any frozen messages.
1141 .cindex "message" "log file for"
1142 .cindex "log" "file for each message"
1143 While Exim is working on a message, it writes information about each delivery
1144 attempt to its main log file. This includes successful, unsuccessful, and
1145 delayed deliveries for each recipient (see chapter &<<CHAPlog>>&). The log
1146 lines are also written to a separate &'message log'& file for each message.
1147 These logs are solely for the benefit of the administrator, and are normally
1148 deleted along with the spool files when processing of a message is complete.
1149 The use of individual message logs can be disabled by setting
1150 &%no_message_logs%&; this might give an improvement in performance on very busy
1151 systems.
1153 .cindex "journal file"
1154 .cindex "file" "journal"
1155 All the information Exim itself needs to set up a delivery is kept in the first
1156 spool file, along with the header lines. When a successful delivery occurs, the
1157 address is immediately written at the end of a journal file, whose name is the
1158 message id followed by &`-J`&. At the end of a delivery run, if there are some
1159 addresses left to be tried again later, the first spool file (the &`-H`& file)
1160 is updated to indicate which these are, and the journal file is then deleted.
1161 Updating the spool file is done by writing a new file and renaming it, to
1162 minimize the possibility of data loss.
1164 Should the system or the program crash after a successful delivery but before
1165 the spool file has been updated, the journal is left lying around. The next
1166 time Exim attempts to deliver the message, it reads the journal file and
1167 updates the spool file before proceeding. This minimizes the chances of double
1168 deliveries caused by crashes.
1172 .section "Processing an address for delivery" "SECTprocaddress"
1173 .cindex "drivers" "definition of"
1174 .cindex "router" "definition of"
1175 .cindex "transport" "definition of"
1176 The main delivery processing elements of Exim are called &'routers'& and
1177 &'transports'&, and collectively these are known as &'drivers'&. Code for a
1178 number of them is provided in the source distribution, and compile-time options
1179 specify which ones are included in the binary. Run time options specify which
1180 ones are actually used for delivering messages.
1182 .cindex "drivers" "instance definition"
1183 Each driver that is specified in the run time configuration is an &'instance'&
1184 of that particular driver type. Multiple instances are allowed; for example,
1185 you can set up several different &(smtp)& transports, each with different
1186 option values that might specify different ports or different timeouts. Each
1187 instance has its own identifying name. In what follows we will normally use the
1188 instance name when discussing one particular instance (that is, one specific
1189 configuration of the driver), and the generic driver name when discussing
1190 the driver's features in general.
1192 A &'router'& is a driver that operates on an address, either determining how
1193 its delivery should happen, by assigning it to a specific transport, or
1194 converting the address into one or more new addresses (for example, via an
1195 alias file). A router may also explicitly choose to fail an address, causing it
1196 to be bounced.
1198 A &'transport'& is a driver that transmits a copy of the message from Exim's
1199 spool to some destination. There are two kinds of transport: for a &'local'&
1200 transport, the destination is a file or a pipe on the local host, whereas for a
1201 &'remote'& transport the destination is some other host. A message is passed
1202 to a specific transport as a result of successful routing. If a message has
1203 several recipients, it may be passed to a number of different transports.
1205 .cindex "preconditions" "definition of"
1206 An address is processed by passing it to each configured router instance in
1207 turn, subject to certain preconditions, until a router accepts the address or
1208 specifies that it should be bounced. We will describe this process in more
1209 detail shortly. First, as a simple example, we consider how each recipient
1210 address in a message is processed in a small configuration of three routers.
1212 To make this a more concrete example, it is described in terms of some actual
1213 routers, but remember, this is only an example. You can configure Exim's
1214 routers in many different ways, and there may be any number of routers in a
1215 configuration.
1217 The first router that is specified in a configuration is often one that handles
1218 addresses in domains that are not recognized specially by the local host. These
1219 are typically addresses for arbitrary domains on the Internet. A precondition
1220 is set up which looks for the special domains known to the host (for example,
1221 its own domain name), and the router is run for addresses that do &'not'&
1222 match. Typically, this is a router that looks up domains in the DNS in order to
1223 find the hosts to which this address routes. If it succeeds, the address is
1224 assigned to a suitable SMTP transport; if it does not succeed, the router is
1225 configured to fail the address.
1227 The second router is reached only when the domain is recognized as one that
1228 &"belongs"& to the local host. This router does redirection &-- also known as
1229 aliasing and forwarding. When it generates one or more new addresses from the
1230 original, each of them is routed independently from the start. Otherwise, the
1231 router may cause an address to fail, or it may simply decline to handle the
1232 address, in which case the address is passed to the next router.
1234 The final router in many configurations is one that checks to see if the
1235 address belongs to a local mailbox. The precondition may involve a check to
1236 see if the local part is the name of a login account, or it may look up the
1237 local part in a file or a database. If its preconditions are not met, or if
1238 the router declines, we have reached the end of the routers. When this happens,
1239 the address is bounced.
1243 .section "Processing an address for verification" "SECID16"
1244 .cindex "router" "for verification"
1245 .cindex "verifying address" "overview"
1246 As well as being used to decide how to deliver to an address, Exim's routers
1247 are also used for &'address verification'&. Verification can be requested as
1248 one of the checks to be performed in an ACL for incoming messages, on both
1249 sender and recipient addresses, and it can be tested using the &%-bv%& and
1250 &%-bvs%& command line options.
1252 When an address is being verified, the routers are run in &"verify mode"&. This
1253 does not affect the way the routers work, but it is a state that can be
1254 detected. By this means, a router can be skipped or made to behave differently
1255 when verifying. A common example is a configuration in which the first router
1256 sends all messages to a message-scanning program, unless they have been
1257 previously scanned. Thus, the first router accepts all addresses without any
1258 checking, making it useless for verifying. Normally, the &%no_verify%& option
1259 would be set for such a router, causing it to be skipped in verify mode.
1264 .section "Running an individual router" "SECTrunindrou"
1265 .cindex "router" "running details"
1266 .cindex "preconditions" "checking"
1267 .cindex "router" "result of running"
1268 As explained in the example above, a number of preconditions are checked before
1269 running a router. If any are not met, the router is skipped, and the address is
1270 passed to the next router. When all the preconditions on a router &'are'& met,
1271 the router is run. What happens next depends on the outcome, which is one of
1272 the following:
1274 .ilist
1275 &'accept'&: The router accepts the address, and either assigns it to a
1276 transport, or generates one or more &"child"& addresses. Processing the
1277 original address ceases,
1278 .oindex "&%unseen%&"
1279 unless the &%unseen%& option is set on the router. This option
1280 can be used to set up multiple deliveries with different routing (for example,
1281 for keeping archive copies of messages). When &%unseen%& is set, the address is
1282 passed to the next router. Normally, however, an &'accept'& return marks the
1283 end of routing.
1285 Any child addresses generated by the router are processed independently,
1286 starting with the first router by default. It is possible to change this by
1287 setting the &%redirect_router%& option to specify which router to start at for
1288 child addresses. Unlike &%pass_router%& (see below) the router specified by
1289 &%redirect_router%& may be anywhere in the router configuration.
1290 .next
1291 &'pass'&: The router recognizes the address, but cannot handle it itself. It
1292 requests that the address be passed to another router. By default the address
1293 is passed to the next router, but this can be changed by setting the
1294 &%pass_router%& option. However, (unlike &%redirect_router%&) the named router
1295 must be below the current router (to avoid loops).
1296 .next
1297 &'decline'&: The router declines to accept the address because it does not
1298 recognize it at all. By default, the address is passed to the next router, but
1299 this can be prevented by setting the &%no_more%& option. When &%no_more%& is
1300 set, all the remaining routers are skipped. In effect, &%no_more%& converts
1301 &'decline'& into &'fail'&.
1302 .next
1303 &'fail'&: The router determines that the address should fail, and queues it for
1304 the generation of a bounce message. There is no further processing of the
1305 original address unless &%unseen%& is set on the router.
1306 .next
1307 &'defer'&: The router cannot handle the address at the present time. (A
1308 database may be offline, or a DNS lookup may have timed out.) No further
1309 processing of the address happens in this delivery attempt. It is tried again
1310 next time the message is considered for delivery.
1311 .next
1312 &'error'&: There is some error in the router (for example, a syntax error in
1313 its configuration). The action is as for defer.
1314 .endlist
1316 If an address reaches the end of the routers without having been accepted by
1317 any of them, it is bounced as unrouteable. The default error message in this
1318 situation is &"unrouteable address"&, but you can set your own message by
1319 making use of the &%cannot_route_message%& option. This can be set for any
1320 router; the value from the last router that &"saw"& the address is used.
1322 Sometimes while routing you want to fail a delivery when some conditions are
1323 met but others are not, instead of passing the address on for further routing.
1324 You can do this by having a second router that explicitly fails the delivery
1325 when the relevant conditions are met. The &(redirect)& router has a &"fail"&
1326 facility for this purpose.
1329 .section "Duplicate addresses" "SECID17"
1330 .cindex "case of local parts"
1331 .cindex "address duplicate, discarding"
1332 .cindex "duplicate addresses"
1333 Once routing is complete, Exim scans the addresses that are assigned to local
1334 and remote transports, and discards any duplicates that it finds. During this
1335 check, local parts are treated as case-sensitive. This happens only when
1336 actually delivering a message; when testing routers with &%-bt%&, all the
1337 routed addresses are shown.
1341 .section "Router preconditions" "SECTrouprecon"
1342 .cindex "router" "preconditions, order of processing"
1343 .cindex "preconditions" "order of processing"
1344 The preconditions that are tested for each router are listed below, in the
1345 order in which they are tested. The individual configuration options are
1346 described in more detail in chapter &<<CHAProutergeneric>>&.
1348 .ilist
1349 The &%local_part_prefix%& and &%local_part_suffix%& options can specify that
1350 the local parts handled by the router may or must have certain prefixes and/or
1351 suffixes. If a mandatory affix (prefix or suffix) is not present, the router is
1352 skipped. These conditions are tested first. When an affix is present, it is
1353 removed from the local part before further processing, including the evaluation
1354 of any other conditions.
1355 .next
1356 Routers can be designated for use only when not verifying an address, that is,
1357 only when routing it for delivery (or testing its delivery routing). If the
1358 &%verify%& option is set false, the router is skipped when Exim is verifying an
1359 address.
1360 Setting the &%verify%& option actually sets two options, &%verify_sender%& and
1361 &%verify_recipient%&, which independently control the use of the router for
1362 sender and recipient verification. You can set these options directly if
1363 you want a router to be used for only one type of verification.
1364 Note that cutthrough delivery is classed as a recipient verification
1365 for this purpose.
1366 .next
1367 If the &%address_test%& option is set false, the router is skipped when Exim is
1368 run with the &%-bt%& option to test an address routing. This can be helpful
1369 when the first router sends all new messages to a scanner of some sort; it
1370 makes it possible to use &%-bt%& to test subsequent delivery routing without
1371 having to simulate the effect of the scanner.
1372 .next
1373 Routers can be designated for use only when verifying an address, as
1374 opposed to routing it for delivery. The &%verify_only%& option controls this.
1375 Again, cutthrough delibery counts as a verification.
1376 .next
1377 Individual routers can be explicitly skipped when running the routers to
1378 check an address given in the SMTP EXPN command (see the &%expn%& option).
1379 .next
1380 If the &%domains%& option is set, the domain of the address must be in the set
1381 of domains that it defines.
1382 .next
1383 .vindex "&$local_part_prefix$&"
1384 .vindex "&$local_part$&"
1385 .vindex "&$local_part_suffix$&"
1386 If the &%local_parts%& option is set, the local part of the address must be in
1387 the set of local parts that it defines. If &%local_part_prefix%& or
1388 &%local_part_suffix%& is in use, the prefix or suffix is removed from the local
1389 part before this check. If you want to do precondition tests on local parts
1390 that include affixes, you can do so by using a &%condition%& option (see below)
1391 that uses the variables &$local_part$&, &$local_part_prefix$&, and
1392 &$local_part_suffix$& as necessary.
1393 .next
1394 .vindex "&$local_user_uid$&"
1395 .vindex "&$local_user_gid$&"
1396 .vindex "&$home$&"
1397 If the &%check_local_user%& option is set, the local part must be the name of
1398 an account on the local host. If this check succeeds, the uid and gid of the
1399 local user are placed in &$local_user_uid$& and &$local_user_gid$& and the
1400 user's home directory is placed in &$home$&; these values can be used in the
1401 remaining preconditions.
1402 .next
1403 If the &%router_home_directory%& option is set, it is expanded at this point,
1404 because it overrides the value of &$home$&. If this expansion were left till
1405 later, the value of &$home$& as set by &%check_local_user%& would be used in
1406 subsequent tests. Having two different values of &$home$& in the same router
1407 could lead to confusion.
1408 .next
1409 If the &%senders%& option is set, the envelope sender address must be in the
1410 set of addresses that it defines.
1411 .next
1412 If the &%require_files%& option is set, the existence or non-existence of
1413 specified files is tested.
1414 .next
1415 .cindex "customizing" "precondition"
1416 If the &%condition%& option is set, it is evaluated and tested. This option
1417 uses an expanded string to allow you to set up your own custom preconditions.
1418 Expanded strings are described in chapter &<<CHAPexpand>>&.
1419 .endlist
1422 Note that &%require_files%& comes near the end of the list, so you cannot use
1423 it to check for the existence of a file in which to lookup up a domain, local
1424 part, or sender. However, as these options are all expanded, you can use the
1425 &%exists%& expansion condition to make such tests within each condition. The
1426 &%require_files%& option is intended for checking files that the router may be
1427 going to use internally, or which are needed by a specific transport (for
1428 example, &_.procmailrc_&).
1432 .section "Delivery in detail" "SECID18"
1433 .cindex "delivery" "in detail"
1434 When a message is to be delivered, the sequence of events is as follows:
1436 .ilist
1437 If a system-wide filter file is specified, the message is passed to it. The
1438 filter may add recipients to the message, replace the recipients, discard the
1439 message, cause a new message to be generated, or cause the message delivery to
1440 fail. The format of the system filter file is the same as for Exim user filter
1441 files, described in the separate document entitled &'Exim's interfaces to mail
1442 filtering'&.
1443 .cindex "Sieve filter" "not available for system filter"
1444 (&*Note*&: Sieve cannot be used for system filter files.)
1446 Some additional features are available in system filters &-- see chapter
1447 &<<CHAPsystemfilter>>& for details. Note that a message is passed to the system
1448 filter only once per delivery attempt, however many recipients it has. However,
1449 if there are several delivery attempts because one or more addresses could not
1450 be immediately delivered, the system filter is run each time. The filter
1451 condition &%first_delivery%& can be used to detect the first run of the system
1452 filter.
1453 .next
1454 Each recipient address is offered to each configured router in turn, subject to
1455 its preconditions, until one is able to handle it. If no router can handle the
1456 address, that is, if they all decline, the address is failed. Because routers
1457 can be targeted at particular domains, several locally handled domains can be
1458 processed entirely independently of each other.
1459 .next
1460 .cindex "routing" "loops in"
1461 .cindex "loop" "while routing"
1462 A router that accepts an address may assign it to a local or a remote
1463 transport. However, the transport is not run at this time. Instead, the address
1464 is placed on a list for the particular transport, which will be run later.
1465 Alternatively, the router may generate one or more new addresses (typically
1466 from alias, forward, or filter files). New addresses are fed back into this
1467 process from the top, but in order to avoid loops, a router ignores any address
1468 which has an identically-named ancestor that was processed by itself.
1469 .next
1470 When all the routing has been done, addresses that have been successfully
1471 handled are passed to their assigned transports. When local transports are
1472 doing real local deliveries, they handle only one address at a time, but if a
1473 local transport is being used as a pseudo-remote transport (for example, to
1474 collect batched SMTP messages for transmission by some other means) multiple
1475 addresses can be handled. Remote transports can always handle more than one
1476 address at a time, but can be configured not to do so, or to restrict multiple
1477 addresses to the same domain.
1478 .next
1479 Each local delivery to a file or a pipe runs in a separate process under a
1480 non-privileged uid, and these deliveries are run one at a time. Remote
1481 deliveries also run in separate processes, normally under a uid that is private
1482 to Exim (&"the Exim user"&), but in this case, several remote deliveries can be
1483 run in parallel. The maximum number of simultaneous remote deliveries for any
1484 one message is set by the &%remote_max_parallel%& option.
1485 The order in which deliveries are done is not defined, except that all local
1486 deliveries happen before any remote deliveries.
1487 .next
1488 .cindex "queue runner"
1489 When it encounters a local delivery during a queue run, Exim checks its retry
1490 database to see if there has been a previous temporary delivery failure for the
1491 address before running the local transport. If there was a previous failure,
1492 Exim does not attempt a new delivery until the retry time for the address is
1493 reached. However, this happens only for delivery attempts that are part of a
1494 queue run. Local deliveries are always attempted when delivery immediately
1495 follows message reception, even if retry times are set for them. This makes for
1496 better behaviour if one particular message is causing problems (for example,
1497 causing quota overflow, or provoking an error in a filter file).
1498 .next
1499 .cindex "delivery" "retry in remote transports"
1500 Remote transports do their own retry handling, since an address may be
1501 deliverable to one of a number of hosts, each of which may have a different
1502 retry time. If there have been previous temporary failures and no host has
1503 reached its retry time, no delivery is attempted, whether in a queue run or
1504 not. See chapter &<<CHAPretry>>& for details of retry strategies.
1505 .next
1506 If there were any permanent errors, a bounce message is returned to an
1507 appropriate address (the sender in the common case), with details of the error
1508 for each failing address. Exim can be configured to send copies of bounce
1509 messages to other addresses.
1510 .next
1511 .cindex "delivery" "deferral"
1512 If one or more addresses suffered a temporary failure, the message is left on
1513 the queue, to be tried again later. Delivery of these addresses is said to be
1514 &'deferred'&.
1515 .next
1516 When all the recipient addresses have either been delivered or bounced,
1517 handling of the message is complete. The spool files and message log are
1518 deleted, though the message log can optionally be preserved if required.
1519 .endlist
1524 .section "Retry mechanism" "SECID19"
1525 .cindex "delivery" "retry mechanism"
1526 .cindex "retry" "description of mechanism"
1527 .cindex "queue runner"
1528 Exim's mechanism for retrying messages that fail to get delivered at the first
1529 attempt is the queue runner process. You must either run an Exim daemon that
1530 uses the &%-q%& option with a time interval to start queue runners at regular
1531 intervals, or use some other means (such as &'cron'&) to start them. If you do
1532 not arrange for queue runners to be run, messages that fail temporarily at the
1533 first attempt will remain on your queue for ever. A queue runner process works
1534 its way through the queue, one message at a time, trying each delivery that has
1535 passed its retry time.
1536 You can run several queue runners at once.
1538 Exim uses a set of configured rules to determine when next to retry the failing
1539 address (see chapter &<<CHAPretry>>&). These rules also specify when Exim
1540 should give up trying to deliver to the address, at which point it generates a
1541 bounce message. If no retry rules are set for a particular host, address, and
1542 error combination, no retries are attempted, and temporary errors are treated
1543 as permanent.
1547 .section "Temporary delivery failure" "SECID20"
1548 .cindex "delivery" "temporary failure"
1549 There are many reasons why a message may not be immediately deliverable to a
1550 particular address. Failure to connect to a remote machine (because it, or the
1551 connection to it, is down) is one of the most common. Temporary failures may be
1552 detected during routing as well as during the transport stage of delivery.
1553 Local deliveries may be delayed if NFS files are unavailable, or if a mailbox
1554 is on a file system where the user is over quota. Exim can be configured to
1555 impose its own quotas on local mailboxes; where system quotas are set they will
1556 also apply.
1558 If a host is unreachable for a period of time, a number of messages may be
1559 waiting for it by the time it recovers, and sending them in a single SMTP
1560 connection is clearly beneficial. Whenever a delivery to a remote host is
1561 deferred,
1562 .cindex "hints database"
1563 Exim makes a note in its hints database, and whenever a successful
1564 SMTP delivery has happened, it looks to see if any other messages are waiting
1565 for the same host. If any are found, they are sent over the same SMTP
1566 connection, subject to a configuration limit as to the maximum number in any
1567 one connection.
1571 .section "Permanent delivery failure" "SECID21"
1572 .cindex "delivery" "permanent failure"
1573 .cindex "bounce message" "when generated"
1574 When a message cannot be delivered to some or all of its intended recipients, a
1575 bounce message is generated. Temporary delivery failures turn into permanent
1576 errors when their timeout expires. All the addresses that fail in a given
1577 delivery attempt are listed in a single message. If the original message has
1578 many recipients, it is possible for some addresses to fail in one delivery
1579 attempt and others to fail subsequently, giving rise to more than one bounce
1580 message. The wording of bounce messages can be customized by the administrator.
1581 See chapter &<<CHAPemsgcust>>& for details.
1583 .cindex "&'X-Failed-Recipients:'& header line"
1584 Bounce messages contain an &'X-Failed-Recipients:'& header line that lists the
1585 failed addresses, for the benefit of programs that try to analyse such messages
1586 automatically.
1588 .cindex "bounce message" "recipient of"
1589 A bounce message is normally sent to the sender of the original message, as
1590 obtained from the message's envelope. For incoming SMTP messages, this is the
1591 address given in the MAIL command. However, when an address is expanded via a
1592 forward or alias file, an alternative address can be specified for delivery
1593 failures of the generated addresses. For a mailing list expansion (see section
1594 &<<SECTmailinglists>>&) it is common to direct bounce messages to the manager
1595 of the list.
1599 .section "Failures to deliver bounce messages" "SECID22"
1600 .cindex "bounce message" "failure to deliver"
1601 If a bounce message (either locally generated or received from a remote host)
1602 itself suffers a permanent delivery failure, the message is left on the queue,
1603 but it is frozen, awaiting the attention of an administrator. There are options
1604 that can be used to make Exim discard such failed messages, or to keep them
1605 for only a short time (see &%timeout_frozen_after%& and
1606 &%ignore_bounce_errors_after%&).
1612 . ////////////////////////////////////////////////////////////////////////////
1613 . ////////////////////////////////////////////////////////////////////////////
1615 .chapter "Building and installing Exim" "CHID3"
1616 .scindex IIDbuex "building Exim"
1618 .section "Unpacking" "SECID23"
1619 Exim is distributed as a gzipped or bzipped tar file which, when unpacked,
1620 creates a directory with the name of the current release (for example,
1621 &_exim-&version;_&) into which the following files are placed:
1623 .table2 140pt
1624 .irow &_ACKNOWLEDGMENTS_& "contains some acknowledgments"
1625 .irow &_CHANGES_& "contains a reference to where changes are &&&
1626 documented"
1627 .irow &_LICENCE_& "the GNU General Public Licence"
1628 .irow &_Makefile_& "top-level make file"
1629 .irow &_NOTICE_& "conditions for the use of Exim"
1630 .irow &_README_& "list of files, directories and simple build &&&
1631 instructions"
1632 .endtable
1634 Other files whose names begin with &_README_& may also be present. The
1635 following subdirectories are created:
1637 .table2 140pt
1638 .irow &_Local_& "an empty directory for local configuration files"
1639 .irow &_OS_& "OS-specific files"
1640 .irow &_doc_& "documentation files"
1641 .irow &_exim_monitor_& "source files for the Exim monitor"
1642 .irow &_scripts_& "scripts used in the build process"
1643 .irow &_src_& "remaining source files"
1644 .irow &_util_& "independent utilities"
1645 .endtable
1647 The main utility programs are contained in the &_src_& directory, and are built
1648 with the Exim binary. The &_util_& directory contains a few optional scripts
1649 that may be useful to some sites.
1652 .section "Multiple machine architectures and operating systems" "SECID24"
1653 .cindex "building Exim" "multiple OS/architectures"
1654 The building process for Exim is arranged to make it easy to build binaries for
1655 a number of different architectures and operating systems from the same set of
1656 source files. Compilation does not take place in the &_src_& directory.
1657 Instead, a &'build directory'& is created for each architecture and operating
1658 system.
1659 .cindex "symbolic link" "to build directory"
1660 Symbolic links to the sources are installed in this directory, which is where
1661 the actual building takes place. In most cases, Exim can discover the machine
1662 architecture and operating system for itself, but the defaults can be
1663 overridden if necessary.
1666 .section "PCRE library" "SECTpcre"
1667 .cindex "PCRE library"
1668 Exim no longer has an embedded PCRE library as the vast majority of
1669 modern systems include PCRE as a system library, although you may need
1670 to install the PCRE or PCRE development package for your operating
1671 system. If your system has a normal PCRE installation the Exim build
1672 process will need no further configuration. If the library or the
1673 headers are in an unusual location you will need to either set the PCRE_LIBS
1674 and INCLUDE directives appropriately,
1675 or set PCRE_CONFIG=yes to use the installed &(pcre-config)& command.
1676 If your operating system has no
1677 PCRE support then you will need to obtain and build the current PCRE
1678 from &url(ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/).
1679 More information on PCRE is available at &url(http://www.pcre.org/).
1681 .section "DBM libraries" "SECTdb"
1682 .cindex "DBM libraries" "discussion of"
1683 .cindex "hints database" "DBM files used for"
1684 Even if you do not use any DBM files in your configuration, Exim still needs a
1685 DBM library in order to operate, because it uses indexed files for its hints
1686 databases. Unfortunately, there are a number of DBM libraries in existence, and
1687 different operating systems often have different ones installed.
1689 .cindex "Solaris" "DBM library for"
1690 .cindex "IRIX, DBM library for"
1691 .cindex "BSD, DBM library for"
1692 .cindex "Linux, DBM library for"
1693 If you are using Solaris, IRIX, one of the modern BSD systems, or a modern
1694 Linux distribution, the DBM configuration should happen automatically, and you
1695 may be able to ignore this section. Otherwise, you may have to learn more than
1696 you would like about DBM libraries from what follows.
1698 .cindex "&'ndbm'& DBM library"
1699 Licensed versions of Unix normally contain a library of DBM functions operating
1700 via the &'ndbm'& interface, and this is what Exim expects by default. Free
1701 versions of Unix seem to vary in what they contain as standard. In particular,
1702 some early versions of Linux have no default DBM library, and different
1703 distributors have chosen to bundle different libraries with their packaged
1704 versions. However, the more recent releases seem to have standardized on the
1705 Berkeley DB library.
1707 Different DBM libraries have different conventions for naming the files they
1708 use. When a program opens a file called &_dbmfile_&, there are several
1709 possibilities:
1711 .olist
1712 A traditional &'ndbm'& implementation, such as that supplied as part of
1713 Solaris, operates on two files called &_dbmfile.dir_& and &_dbmfile.pag_&.
1714 .next
1715 .cindex "&'gdbm'& DBM library"
1716 The GNU library, &'gdbm'&, operates on a single file. If used via its &'ndbm'&
1717 compatibility interface it makes two different hard links to it with names
1718 &_dbmfile.dir_& and &_dbmfile.pag_&, but if used via its native interface, the
1719 file name is used unmodified.
1720 .next
1721 .cindex "Berkeley DB library"
1722 The Berkeley DB package, if called via its &'ndbm'& compatibility interface,
1723 operates on a single file called &_dbmfile.db_&, but otherwise looks to the
1724 programmer exactly the same as the traditional &'ndbm'& implementation.
1725 .next
1726 If the Berkeley package is used in its native mode, it operates on a single
1727 file called &_dbmfile_&; the programmer's interface is somewhat different to
1728 the traditional &'ndbm'& interface.
1729 .next
1730 To complicate things further, there are several very different versions of the
1731 Berkeley DB package. Version 1.85 was stable for a very long time, releases
1732 2.&'x'& and 3.&'x'& were current for a while, but the latest versions are now
1733 numbered 4.&'x'&. Maintenance of some of the earlier releases has ceased. All
1734 versions of Berkeley DB can be obtained from
1735 &url(http://www.sleepycat.com/).
1736 .next
1737 .cindex "&'tdb'& DBM library"
1738 Yet another DBM library, called &'tdb'&, is available from
1739 &url(http://download.sourceforge.net/tdb). It has its own interface, and also
1740 operates on a single file.
1741 .endlist
1743 .cindex "USE_DB"
1744 .cindex "DBM libraries" "configuration for building"
1745 Exim and its utilities can be compiled to use any of these interfaces. In order
1746 to use any version of the Berkeley DB package in native mode, you must set
1747 USE_DB in an appropriate configuration file (typically
1748 &_Local/Makefile_&). For example:
1749 .code
1750 USE_DB=yes
1751 .endd
1752 Similarly, for gdbm you set USE_GDBM, and for tdb you set USE_TDB. An
1753 error is diagnosed if you set more than one of these.
1755 At the lowest level, the build-time configuration sets none of these options,
1756 thereby assuming an interface of type (1). However, some operating system
1757 configuration files (for example, those for the BSD operating systems and
1758 Linux) assume type (4) by setting USE_DB as their default, and the
1759 configuration files for Cygwin set USE_GDBM. Anything you set in
1760 &_Local/Makefile_&, however, overrides these system defaults.
1762 As well as setting USE_DB, USE_GDBM, or USE_TDB, it may also be
1763 necessary to set DBMLIB, to cause inclusion of the appropriate library, as
1764 in one of these lines:
1765 .code
1766 DBMLIB = -ldb
1767 DBMLIB = -ltdb
1768 .endd
1769 Settings like that will work if the DBM library is installed in the standard
1770 place. Sometimes it is not, and the library's header file may also not be in
1771 the default path. You may need to set INCLUDE to specify where the header
1772 file is, and to specify the path to the library more fully in DBMLIB, as in
1773 this example:
1774 .code
1775 INCLUDE=-I/usr/local/include/db-4.1
1776 DBMLIB=/usr/local/lib/db-4.1/libdb.a
1777 .endd
1778 There is further detailed discussion about the various DBM libraries in the
1779 file &_doc/dbm.discuss.txt_& in the Exim distribution.
1783 .section "Pre-building configuration" "SECID25"
1784 .cindex "building Exim" "pre-building configuration"
1785 .cindex "configuration for building Exim"
1786 .cindex "&_Local/Makefile_&"
1787 .cindex "&_src/EDITME_&"
1788 Before building Exim, a local configuration file that specifies options
1789 independent of any operating system has to be created with the name
1790 &_Local/Makefile_&. A template for this file is supplied as the file
1791 &_src/EDITME_&, and it contains full descriptions of all the option settings
1792 therein. These descriptions are therefore not repeated here. If you are
1793 building Exim for the first time, the simplest thing to do is to copy
1794 &_src/EDITME_& to &_Local/Makefile_&, then read it and edit it appropriately.
1796 There are three settings that you must supply, because Exim will not build
1797 without them. They are the location of the run time configuration file
1798 (CONFIGURE_FILE), the directory in which Exim binaries will be installed
1799 (BIN_DIRECTORY), and the identity of the Exim user (EXIM_USER and
1800 maybe EXIM_GROUP as well). The value of CONFIGURE_FILE can in fact be
1801 a colon-separated list of file names; Exim uses the first of them that exists.
1803 There are a few other parameters that can be specified either at build time or
1804 at run time, to enable the same binary to be used on a number of different
1805 machines. However, if the locations of Exim's spool directory and log file
1806 directory (if not within the spool directory) are fixed, it is recommended that
1807 you specify them in &_Local/Makefile_& instead of at run time, so that errors
1808 detected early in Exim's execution (such as a malformed configuration file) can
1809 be logged.
1811 .cindex "content scanning" "specifying at build time"
1812 Exim's interfaces for calling virus and spam scanning software directly from
1813 access control lists are not compiled by default. If you want to include these
1814 facilities, you need to set
1815 .code
1817 .endd
1818 in your &_Local/Makefile_&. For details of the facilities themselves, see
1819 chapter &<<CHAPexiscan>>&.
1822 .cindex "&_Local/eximon.conf_&"
1823 .cindex "&_exim_monitor/EDITME_&"
1824 If you are going to build the Exim monitor, a similar configuration process is
1825 required. The file &_exim_monitor/EDITME_& must be edited appropriately for
1826 your installation and saved under the name &_Local/eximon.conf_&. If you are
1827 happy with the default settings described in &_exim_monitor/EDITME_&,
1828 &_Local/eximon.conf_& can be empty, but it must exist.
1830 This is all the configuration that is needed in straightforward cases for known
1831 operating systems. However, the building process is set up so that it is easy
1832 to override options that are set by default or by operating-system-specific
1833 configuration files, for example to change the name of the C compiler, which
1834 defaults to &%gcc%&. See section &<<SECToverride>>& below for details of how to
1835 do this.
1839 .section "Support for iconv()" "SECID26"
1840 .cindex "&[iconv()]& support"
1841 .cindex "RFC 2047"
1842 The contents of header lines in messages may be encoded according to the rules
1843 described RFC 2047. This makes it possible to transmit characters that are not
1844 in the ASCII character set, and to label them as being in a particular
1845 character set. When Exim is inspecting header lines by means of the &%$h_%&
1846 mechanism, it decodes them, and translates them into a specified character set
1847 (default ISO-8859-1). The translation is possible only if the operating system
1848 supports the &[iconv()]& function.
1850 However, some of the operating systems that supply &[iconv()]& do not support
1851 very many conversions. The GNU &%libiconv%& library (available from
1852 &url(http://www.gnu.org/software/libiconv/)) can be installed on such
1853 systems to remedy this deficiency, as well as on systems that do not supply
1854 &[iconv()]& at all. After installing &%libiconv%&, you should add
1855 .code
1856 HAVE_ICONV=yes
1857 .endd
1858 to your &_Local/Makefile_& and rebuild Exim.
1862 .section "Including TLS/SSL encryption support" "SECTinctlsssl"
1863 .cindex "TLS" "including support for TLS"
1864 .cindex "encryption" "including support for"
1865 .cindex "SUPPORT_TLS"
1866 .cindex "OpenSSL" "building Exim with"
1867 .cindex "GnuTLS" "building Exim with"
1868 Exim can be built to support encrypted SMTP connections, using the STARTTLS
1869 command as per RFC 2487. It can also support legacy clients that expect to
1870 start a TLS session immediately on connection to a non-standard port (see the
1871 &%tls_on_connect_ports%& runtime option and the &%-tls-on-connect%& command
1872 line option).
1874 If you want to build Exim with TLS support, you must first install either the
1875 OpenSSL or GnuTLS library. There is no cryptographic code in Exim itself for
1876 implementing SSL.
1878 If OpenSSL is installed, you should set
1879 .code
1880 SUPPORT_TLS=yes
1881 TLS_LIBS=-lssl -lcrypto
1882 .endd
1883 in &_Local/Makefile_&. You may also need to specify the locations of the
1884 OpenSSL library and include files. For example:
1885 .code
1886 SUPPORT_TLS=yes
1887 TLS_LIBS=-L/usr/local/openssl/lib -lssl -lcrypto
1888 TLS_INCLUDE=-I/usr/local/openssl/include/
1889 .endd
1890 .cindex "pkg-config" "OpenSSL"
1891 If you have &'pkg-config'& available, then instead you can just use:
1892 .code
1893 SUPPORT_TLS=yes
1894 USE_OPENSSL_PC=openssl
1895 .endd
1896 .cindex "USE_GNUTLS"
1897 If GnuTLS is installed, you should set
1898 .code
1899 SUPPORT_TLS=yes
1900 USE_GNUTLS=yes
1901 TLS_LIBS=-lgnutls -ltasn1 -lgcrypt
1902 .endd
1903 in &_Local/Makefile_&, and again you may need to specify the locations of the
1904 library and include files. For example:
1905 .code
1906 SUPPORT_TLS=yes
1907 USE_GNUTLS=yes
1908 TLS_LIBS=-L/usr/gnu/lib -lgnutls -ltasn1 -lgcrypt
1909 TLS_INCLUDE=-I/usr/gnu/include
1910 .endd
1911 .cindex "pkg-config" "GnuTLS"
1912 If you have &'pkg-config'& available, then instead you can just use:
1913 .code
1914 SUPPORT_TLS=yes
1915 USE_GNUTLS=yes
1916 USE_GNUTLS_PC=gnutls
1917 .endd
1919 You do not need to set TLS_INCLUDE if the relevant directory is already
1920 specified in INCLUDE. Details of how to configure Exim to make use of TLS are
1921 given in chapter &<<CHAPTLS>>&.
1926 .section "Use of tcpwrappers" "SECID27"
1928 .cindex "tcpwrappers, building Exim to support"
1929 .cindex "USE_TCP_WRAPPERS"
1931 .cindex "tcp_wrappers_daemon_name"
1932 Exim can be linked with the &'tcpwrappers'& library in order to check incoming
1933 SMTP calls using the &'tcpwrappers'& control files. This may be a convenient
1934 alternative to Exim's own checking facilities for installations that are
1935 already making use of &'tcpwrappers'& for other purposes. To do this, you
1936 should set USE_TCP_WRAPPERS in &_Local/Makefile_&, arrange for the file
1937 &_tcpd.h_& to be available at compile time, and also ensure that the library
1938 &_libwrap.a_& is available at link time, typically by including &%-lwrap%& in
1939 EXTRALIBS_EXIM. For example, if &'tcpwrappers'& is installed in &_/usr/local_&,
1940 you might have
1941 .code
1943 CFLAGS=-O -I/usr/local/include
1944 EXTRALIBS_EXIM=-L/usr/local/lib -lwrap
1945 .endd
1946 in &_Local/Makefile_&. The daemon name to use in the &'tcpwrappers'& control
1947 files is &"exim"&. For example, the line
1948 .code
1949 exim : LOCAL 192.168.1. .friendly.domain.example
1950 .endd
1951 in your &_/etc/hosts.allow_& file allows connections from the local host, from
1952 the subnet, and from all hosts in &'friendly.domain.example'&.
1953 All other connections are denied. The daemon name used by &'tcpwrappers'&
1954 can be changed at build time by setting TCP_WRAPPERS_DAEMON_NAME in
1955 &_Local/Makefile_&, or by setting tcp_wrappers_daemon_name in the
1956 configure file. Consult the &'tcpwrappers'& documentation for
1957 further details.
1960 .section "Including support for IPv6" "SECID28"
1961 .cindex "IPv6" "including support for"
1962 Exim contains code for use on systems that have IPv6 support. Setting
1963 &`HAVE_IPV6=YES`& in &_Local/Makefile_& causes the IPv6 code to be included;
1964 it may also be necessary to set IPV6_INCLUDE and IPV6_LIBS on systems
1965 where the IPv6 support is not fully integrated into the normal include and
1966 library files.
1968 Two different types of DNS record for handling IPv6 addresses have been
1969 defined. AAAA records (analogous to A records for IPv4) are in use, and are
1970 currently seen as the mainstream. Another record type called A6 was proposed
1971 as better than AAAA because it had more flexibility. However, it was felt to be
1972 over-complex, and its status was reduced to &"experimental"&. It is not known
1973 if anyone is actually using A6 records. Exim has support for A6 records, but
1974 this is included only if you set &`SUPPORT_A6=YES`& in &_Local/Makefile_&. The
1975 support has not been tested for some time.
1979 .section "Dynamically loaded lookup module support" "SECTdynamicmodules"
1980 .cindex "lookup modules"
1981 .cindex "dynamic modules"
1982 .cindex ".so building"
1983 On some platforms, Exim supports not compiling all lookup types directly into
1984 the main binary, instead putting some into external modules which can be loaded
1985 on demand.
1986 This permits packagers to build Exim with support for lookups with extensive
1987 library dependencies without requiring all users to install all of those
1988 dependencies.
1989 Most, but not all, lookup types can be built this way.
1991 Set &`LOOKUP_MODULE_DIR`& to the directory into which the modules will be
1992 installed; Exim will only load modules from that directory, as a security
1993 measure. You will need to set &`CFLAGS_DYNAMIC`& if not already defined
1994 for your OS; see &_OS/Makefile-Linux_& for an example.
1995 Some other requirements for adjusting &`EXTRALIBS`& may also be necessary,
1996 see &_src/EDITME_& for details.
1998 Then, for each module to be loaded dynamically, define the relevant
1999 &`LOOKUP_`&<&'lookup_type'&> flags to have the value "2" instead of "yes".
2000 For example, this will build in lsearch but load sqlite and mysql support
2001 on demand:
2002 .code
2006 .endd
2009 .section "The building process" "SECID29"
2010 .cindex "build directory"
2011 Once &_Local/Makefile_& (and &_Local/eximon.conf_&, if required) have been
2012 created, run &'make'& at the top level. It determines the architecture and
2013 operating system types, and creates a build directory if one does not exist.
2014 For example, on a Sun system running Solaris 8, the directory
2015 &_build-SunOS5-5.8-sparc_& is created.
2016 .cindex "symbolic link" "to source files"
2017 Symbolic links to relevant source files are installed in the build directory.
2019 &*Warning*&: The &%-j%& (parallel) flag must not be used with &'make'&; the
2020 building process fails if it is set.
2022 If this is the first time &'make'& has been run, it calls a script that builds
2023 a make file inside the build directory, using the configuration files from the
2024 &_Local_& directory. The new make file is then passed to another instance of
2025 &'make'&. This does the real work, building a number of utility scripts, and
2026 then compiling and linking the binaries for the Exim monitor (if configured), a
2027 number of utility programs, and finally Exim itself. The command &`make
2028 makefile`& can be used to force a rebuild of the make file in the build
2029 directory, should this ever be necessary.
2031 If you have problems building Exim, check for any comments there may be in the
2032 &_README_& file concerning your operating system, and also take a look at the
2033 FAQ, where some common problems are covered.
2037 .section 'Output from &"make"&' "SECID283"
2038 The output produced by the &'make'& process for compile lines is often very
2039 unreadable, because these lines can be very long. For this reason, the normal
2040 output is suppressed by default, and instead output similar to that which
2041 appears when compiling the 2.6 Linux kernel is generated: just a short line for
2042 each module that is being compiled or linked. However, it is still possible to
2043 get the full output, by calling &'make'& like this:
2044 .code
2045 FULLECHO='' make -e
2046 .endd
2047 The value of FULLECHO defaults to &"@"&, the flag character that suppresses
2048 command reflection in &'make'&. When you ask for the full output, it is
2049 given in addition to the short output.
2053 .section "Overriding build-time options for Exim" "SECToverride"
2054 .cindex "build-time options, overriding"
2055 The main make file that is created at the beginning of the building process
2056 consists of the concatenation of a number of files which set configuration
2057 values, followed by a fixed set of &'make'& instructions. If a value is set
2058 more than once, the last setting overrides any previous ones. This provides a
2059 convenient way of overriding defaults. The files that are concatenated are, in
2060 order:
2061 .display
2062 &_OS/Makefile-Default_&
2063 &_OS/Makefile-_&<&'ostype'&>
2064 &_Local/Makefile_&
2065 &_Local/Makefile-_&<&'ostype'&>
2066 &_Local/Makefile-_&<&'archtype'&>
2067 &_Local/Makefile-_&<&'ostype'&>-<&'archtype'&>
2068 &_OS/Makefile-Base_&
2069 .endd
2070 .cindex "&_Local/Makefile_&"
2071 .cindex "building Exim" "operating system type"
2072 .cindex "building Exim" "architecture type"
2073 where <&'ostype'&> is the operating system type and <&'archtype'&> is the
2074 architecture type. &_Local/Makefile_& is required to exist, and the building
2075 process fails if it is absent. The other three &_Local_& files are optional,
2076 and are often not needed.
2078 The values used for <&'ostype'&> and <&'archtype'&> are obtained from scripts
2079 called &_scripts/os-type_& and &_scripts/arch-type_& respectively. If either of
2080 the environment variables EXIM_OSTYPE or EXIM_ARCHTYPE is set, their
2081 values are used, thereby providing a means of forcing particular settings.
2082 Otherwise, the scripts try to get values from the &%uname%& command. If this
2083 fails, the shell variables OSTYPE and ARCHTYPE are inspected. A number
2084 of &'ad hoc'& transformations are then applied, to produce the standard names
2085 that Exim expects. You can run these scripts directly from the shell in order
2086 to find out what values are being used on your system.
2089 &_OS/Makefile-Default_& contains comments about the variables that are set
2090 therein. Some (but not all) are mentioned below. If there is something that
2091 needs changing, review the contents of this file and the contents of the make
2092 file for your operating system (&_OS/Makefile-<ostype>_&) to see what the
2093 default values are.
2096 .cindex "building Exim" "overriding default settings"
2097 If you need to change any of the values that are set in &_OS/Makefile-Default_&
2098 or in &_OS/Makefile-<ostype>_&, or to add any new definitions, you do not
2099 need to change the original files. Instead, you should make the changes by
2100 putting the new values in an appropriate &_Local_& file. For example,
2101 .cindex "Tru64-Unix build-time settings"
2102 when building Exim in many releases of the Tru64-Unix (formerly Digital UNIX,
2103 formerly DEC-OSF1) operating system, it is necessary to specify that the C
2104 compiler is called &'cc'& rather than &'gcc'&. Also, the compiler must be
2105 called with the option &%-std1%&, to make it recognize some of the features of
2106 Standard C that Exim uses. (Most other compilers recognize Standard C by
2107 default.) To do this, you should create a file called &_Local/Makefile-OSF1_&
2108 containing the lines
2109 .code
2110 CC=cc
2111 CFLAGS=-std1
2112 .endd
2113 If you are compiling for just one operating system, it may be easier to put
2114 these lines directly into &_Local/Makefile_&.
2116 Keeping all your local configuration settings separate from the distributed
2117 files makes it easy to transfer them to new versions of Exim simply by copying
2118 the contents of the &_Local_& directory.
2121 .cindex "NIS lookup type" "including support for"
2122 .cindex "NIS+ lookup type" "including support for"
2123 .cindex "LDAP" "including support for"
2124 .cindex "lookup" "inclusion in binary"
2125 Exim contains support for doing LDAP, NIS, NIS+, and other kinds of file
2126 lookup, but not all systems have these components installed, so the default is
2127 not to include the relevant code in the binary. All the different kinds of file
2128 and database lookup that Exim supports are implemented as separate code modules
2129 which are included only if the relevant compile-time options are set. In the
2130 case of LDAP, NIS, and NIS+, the settings for &_Local/Makefile_& are:
2131 .code
2132 LOOKUP_LDAP=yes
2133 LOOKUP_NIS=yes
2135 .endd
2136 and similar settings apply to the other lookup types. They are all listed in
2137 &_src/EDITME_&. In many cases the relevant include files and interface
2138 libraries need to be installed before compiling Exim.
2139 .cindex "cdb" "including support for"
2140 However, there are some optional lookup types (such as cdb) for which
2141 the code is entirely contained within Exim, and no external include
2142 files or libraries are required. When a lookup type is not included in the
2143 binary, attempts to configure Exim to use it cause run time configuration
2144 errors.
2146 .cindex "pkg-config" "lookups"
2147 .cindex "pkg-config" "authenticators"
2148 Many systems now use a tool called &'pkg-config'& to encapsulate information
2149 about how to compile against a library; Exim has some initial support for
2150 being able to use pkg-config for lookups and authenticators. For any given
2151 makefile variable which starts &`LOOKUP_`& or &`AUTH_`&, you can add a new
2152 variable with the &`_PC`& suffix in the name and assign as the value the
2153 name of the package to be queried. The results of querying via the
2154 &'pkg-config'& command will be added to the appropriate Makefile variables
2155 with &`+=`& directives, so your version of &'make'& will need to support that
2156 syntax. For instance:
2157 .code
2159 LOOKUP_SQLITE_PC=sqlite3
2160 AUTH_GSASL=yes
2161 AUTH_GSASL_PC=libgsasl
2163 AUTH_HEIMDAL_GSSAPI_PC=heimdal-gssapi
2164 .endd
2166 .cindex "Perl" "including support for"
2167 Exim can be linked with an embedded Perl interpreter, allowing Perl
2168 subroutines to be called during string expansion. To enable this facility,
2169 .code
2170 EXIM_PERL=perl.o
2171 .endd
2172 must be defined in &_Local/Makefile_&. Details of this facility are given in
2173 chapter &<<CHAPperl>>&.
2175 .cindex "X11 libraries, location of"
2176 The location of the X11 libraries is something that varies a lot between
2177 operating systems, and there may be different versions of X11 to cope
2178 with. Exim itself makes no use of X11, but if you are compiling the Exim
2179 monitor, the X11 libraries must be available.
2180 The following three variables are set in &_OS/Makefile-Default_&:
2181 .code
2182 X11=/usr/X11R6
2183 XINCLUDE=-I$(X11)/include
2184 XLFLAGS=-L$(X11)/lib
2185 .endd
2186 These are overridden in some of the operating-system configuration files. For
2187 example, in &_OS/Makefile-SunOS5_& there is
2188 .code
2189 X11=/usr/openwin
2190 XINCLUDE=-I$(X11)/include
2191 XLFLAGS=-L$(X11)/lib -R$(X11)/lib
2192 .endd
2193 If you need to override the default setting for your operating system, place a
2194 definition of all three of these variables into your
2195 &_Local/Makefile-<ostype>_& file.
2197 .cindex "EXTRALIBS"
2198 If you need to add any extra libraries to the link steps, these can be put in a
2199 variable called EXTRALIBS, which appears in all the link commands, but by
2200 default is not defined. In contrast, EXTRALIBS_EXIM is used only on the
2201 command for linking the main Exim binary, and not for any associated utilities.
2203 .cindex "DBM libraries" "configuration for building"
2204 There is also DBMLIB, which appears in the link commands for binaries that
2205 use DBM functions (see also section &<<SECTdb>>&). Finally, there is
2206 EXTRALIBS_EXIMON, which appears only in the link step for the Exim monitor
2207 binary, and which can be used, for example, to include additional X11
2208 libraries.
2210 .cindex "configuration file" "editing"
2211 The make file copes with rebuilding Exim correctly if any of the configuration
2212 files are edited. However, if an optional configuration file is deleted, it is
2213 necessary to touch the associated non-optional file (that is,
2214 &_Local/Makefile_& or &_Local/eximon.conf_&) before rebuilding.
2217 .section "OS-specific header files" "SECID30"
2218 .cindex "&_os.h_&"
2219 .cindex "building Exim" "OS-specific C header files"
2220 The &_OS_& directory contains a number of files with names of the form
2221 &_os.h-<ostype>_&. These are system-specific C header files that should not
2222 normally need to be changed. There is a list of macro settings that are
2223 recognized in the file &_OS/os.configuring_&, which should be consulted if you
2224 are porting Exim to a new operating system.
2228 .section "Overriding build-time options for the monitor" "SECID31"
2229 .cindex "building Eximon"
2230 A similar process is used for overriding things when building the Exim monitor,
2231 where the files that are involved are
2232 .display
2233 &_OS/eximon.conf-Default_&
2234 &_OS/eximon.conf-_&<&'ostype'&>
2235 &_Local/eximon.conf_&
2236 &_Local/eximon.conf-_&<&'ostype'&>
2237 &_Local/eximon.conf-_&<&'archtype'&>
2238 &_Local/eximon.conf-_&<&'ostype'&>-<&'archtype'&>
2239 .endd
2240 .cindex "&_Local/eximon.conf_&"
2241 As with Exim itself, the final three files need not exist, and in this case the
2242 &_OS/eximon.conf-<ostype>_& file is also optional. The default values in
2243 &_OS/eximon.conf-Default_& can be overridden dynamically by setting environment
2244 variables of the same name, preceded by EXIMON_. For example, setting
2245 EXIMON_LOG_DEPTH in the environment overrides the value of
2246 LOG_DEPTH at run time.
2247 .ecindex IIDbuex
2250 .section "Installing Exim binaries and scripts" "SECID32"
2251 .cindex "installing Exim"
2252 .cindex "BIN_DIRECTORY"
2253 The command &`make install`& runs the &(exim_install)& script with no
2254 arguments. The script copies binaries and utility scripts into the directory
2255 whose name is specified by the BIN_DIRECTORY setting in &_Local/Makefile_&.
2256 .cindex "setuid" "installing Exim with"
2257 The install script copies files only if they are newer than the files they are
2258 going to replace. The Exim binary is required to be owned by root and have the
2259 &'setuid'& bit set, for normal configurations. Therefore, you must run &`make
2260 install`& as root so that it can set up the Exim binary in this way. However, in
2261 some special situations (for example, if a host is doing no local deliveries)
2262 it may be possible to run Exim without making the binary setuid root (see
2263 chapter &<<CHAPsecurity>>& for details).
2265 .cindex "CONFIGURE_FILE"
2266 Exim's run time configuration file is named by the CONFIGURE_FILE setting
2267 in &_Local/Makefile_&. If this names a single file, and the file does not
2268 exist, the default configuration file &_src/configure.default_& is copied there
2269 by the installation script. If a run time configuration file already exists, it
2270 is left alone. If CONFIGURE_FILE is a colon-separated list, naming several
2271 alternative files, no default is installed.
2273 .cindex "system aliases file"
2274 .cindex "&_/etc/aliases_&"
2275 One change is made to the default configuration file when it is installed: the
2276 default configuration contains a router that references a system aliases file.
2277 The path to this file is set to the value specified by
2278 SYSTEM_ALIASES_FILE in &_Local/Makefile_& (&_/etc/aliases_& by default).
2279 If the system aliases file does not exist, the installation script creates it,
2280 and outputs a comment to the user.
2282 The created file contains no aliases, but it does contain comments about the
2283 aliases a site should normally have. Mail aliases have traditionally been
2284 kept in &_/etc/aliases_&. However, some operating systems are now using
2285 &_/etc/mail/aliases_&. You should check if yours is one of these, and change
2286 Exim's configuration if necessary.
2288 The default configuration uses the local host's name as the only local domain,
2289 and is set up to do local deliveries into the shared directory &_/var/mail_&,
2290 running as the local user. System aliases and &_.forward_& files in users' home
2291 directories are supported, but no NIS or NIS+ support is configured. Domains
2292 other than the name of the local host are routed using the DNS, with delivery
2293 over SMTP.
2295 It is possible to install Exim for special purposes (such as building a binary
2296 distribution) in a private part of the file system. You can do this by a
2297 command such as
2298 .code
2299 make DESTDIR=/some/directory/ install
2300 .endd
2301 This has the effect of pre-pending the specified directory to all the file
2302 paths, except the name of the system aliases file that appears in the default
2303 configuration. (If a default alias file is created, its name &'is'& modified.)
2304 For backwards compatibility, ROOT is used if DESTDIR is not set,
2305 but this usage is deprecated.
2307 .cindex "installing Exim" "what is not installed"
2308 Running &'make install'& does not copy the Exim 4 conversion script
2309 &'convert4r4'&. You will probably run this only once if you are
2310 upgrading from Exim 3. None of the documentation files in the &_doc_&
2311 directory are copied, except for the info files when you have set
2312 INFO_DIRECTORY, as described in section &<<SECTinsinfdoc>>& below.
2314 For the utility programs, old versions are renamed by adding the suffix &_.O_&
2315 to their names. The Exim binary itself, however, is handled differently. It is
2316 installed under a name that includes the version number and the compile number,
2317 for example &_exim-&version;-1_&. The script then arranges for a symbolic link
2318 called &_exim_& to point to the binary. If you are updating a previous version
2319 of Exim, the script takes care to ensure that the name &_exim_& is never absent
2320 from the directory (as seen by other processes).
2322 .cindex "installing Exim" "testing the script"
2323 If you want to see what the &'make install'& will do before running it for
2324 real, you can pass the &%-n%& option to the installation script by this
2325 command:
2326 .code
2327 make INSTALL_ARG=-n install
2328 .endd
2329 The contents of the variable INSTALL_ARG are passed to the installation
2330 script. You do not need to be root to run this test. Alternatively, you can run
2331 the installation script directly, but this must be from within the build
2332 directory. For example, from the top-level Exim directory you could use this
2333 command:
2334 .code
2335 (cd build-SunOS5-5.5.1-sparc; ../scripts/exim_install -n)
2336 .endd
2337 .cindex "installing Exim" "install script options"
2338 There are two other options that can be supplied to the installation script.
2340 .ilist
2341 &%-no_chown%& bypasses the call to change the owner of the installed binary
2342 to root, and the call to make it a setuid binary.
2343 .next
2344 &%-no_symlink%& bypasses the setting up of the symbolic link &_exim_& to the
2345 installed binary.
2346 .endlist
2348 INSTALL_ARG can be used to pass these options to the script. For example:
2349 .code
2350 make INSTALL_ARG=-no_symlink install
2351 .endd
2352 The installation script can also be given arguments specifying which files are
2353 to be copied. For example, to install just the Exim binary, and nothing else,
2354 without creating the symbolic link, you could use:
2355 .code
2356 make INSTALL_ARG='-no_symlink exim' install
2357 .endd
2361 .section "Installing info documentation" "SECTinsinfdoc"
2362 .cindex "installing Exim" "&'info'& documentation"
2363 Not all systems use the GNU &'info'& system for documentation, and for this
2364 reason, the Texinfo source of Exim's documentation is not included in the main
2365 distribution. Instead it is available separately from the ftp site (see section
2366 &<<SECTavail>>&).
2368 If you have defined INFO_DIRECTORY in &_Local/Makefile_& and the Texinfo
2369 source of the documentation is found in the source tree, running &`make
2370 install`& automatically builds the info files and installs them.
2374 .section "Setting up the spool directory" "SECID33"
2375 .cindex "spool directory" "creating"
2376 When it starts up, Exim tries to create its spool directory if it does not
2377 exist. The Exim uid and gid are used for the owner and group of the spool
2378 directory. Sub-directories are automatically created in the spool directory as
2379 necessary.
2384 .section "Testing" "SECID34"
2385 .cindex "testing" "installation"
2386 Having installed Exim, you can check that the run time configuration file is
2387 syntactically valid by running the following command, which assumes that the
2388 Exim binary directory is within your PATH environment variable:
2389 .code
2390 exim -bV
2391 .endd
2392 If there are any errors in the configuration file, Exim outputs error messages.
2393 Otherwise it outputs the version number and build date,
2394 the DBM library that is being used, and information about which drivers and
2395 other optional code modules are included in the binary.
2396 Some simple routing tests can be done by using the address testing option. For
2397 example,
2398 .display
2399 &`exim -bt`& <&'local username'&>
2400 .endd
2401 should verify that it recognizes a local mailbox, and
2402 .display
2403 &`exim -bt`& <&'remote address'&>
2404 .endd
2405 a remote one. Then try getting it to deliver mail, both locally and remotely.
2406 This can be done by passing messages directly to Exim, without going through a
2407 user agent. For example:
2408 .code
2409 exim -v postmaster@your.domain.example
2410 From: user@your.domain.example
2411 To: postmaster@your.domain.example
2412 Subject: Testing Exim
2414 This is a test message.
2415 ^D
2416 .endd
2417 The &%-v%& option causes Exim to output some verification of what it is doing.
2418 In this case you should see copies of three log lines, one for the message's
2419 arrival, one for its delivery, and one containing &"Completed"&.
2421 .cindex "delivery" "problems with"
2422 If you encounter problems, look at Exim's log files (&'mainlog'& and
2423 &'paniclog'&) to see if there is any relevant information there. Another source
2424 of information is running Exim with debugging turned on, by specifying the
2425 &%-d%& option. If a message is stuck on Exim's spool, you can force a delivery
2426 with debugging turned on by a command of the form
2427 .display
2428 &`exim -d -M`& <&'exim-message-id'&>
2429 .endd
2430 You must be root or an &"admin user"& in order to do this. The &%-d%& option
2431 produces rather a lot of output, but you can cut this down to specific areas.
2432 For example, if you use &%-d-all+route%& only the debugging information
2433 relevant to routing is included. (See the &%-d%& option in chapter
2434 &<<CHAPcommandline>>& for more details.)
2436 .cindex '&"sticky"& bit'
2437 .cindex "lock files"
2438 One specific problem that has shown up on some sites is the inability to do
2439 local deliveries into a shared mailbox directory, because it does not have the
2440 &"sticky bit"& set on it. By default, Exim tries to create a lock file before
2441 writing to a mailbox file, and if it cannot create the lock file, the delivery
2442 is deferred. You can get round this either by setting the &"sticky bit"& on the
2443 directory, or by setting a specific group for local deliveries and allowing
2444 that group to create files in the directory (see the comments above the
2445 &(local_delivery)& transport in the default configuration file). Another
2446 approach is to configure Exim not to use lock files, but just to rely on
2447 &[fcntl()]& locking instead. However, you should do this only if all user
2448 agents also use &[fcntl()]& locking. For further discussion of locking issues,
2449 see chapter &<<CHAPappendfile>>&.
2451 One thing that cannot be tested on a system that is already running an MTA is
2452 the receipt of incoming SMTP mail on the standard SMTP port. However, the
2453 &%-oX%& option can be used to run an Exim daemon that listens on some other
2454 port, or &'inetd'& can be used to do this. The &%-bh%& option and the
2455 &'exim_checkaccess'& utility can be used to check out policy controls on
2456 incoming SMTP mail.
2458 Testing a new version on a system that is already running Exim can most easily
2459 be done by building a binary with a different CONFIGURE_FILE setting. From
2460 within the run time configuration, all other file and directory names
2461 that Exim uses can be altered, in order to keep it entirely clear of the
2462 production version.
2465 .section "Replacing another MTA with Exim" "SECID35"
2466 .cindex "replacing another MTA"
2467 Building and installing Exim for the first time does not of itself put it in
2468 general use. The name by which the system's MTA is called by mail user agents
2469 is either &_/usr/sbin/sendmail_&, or &_/usr/lib/sendmail_& (depending on the
2470 operating system), and it is necessary to make this name point to the &'exim'&
2471 binary in order to get the user agents to pass messages to Exim. This is
2472 normally done by renaming any existing file and making &_/usr/sbin/sendmail_&
2473 or &_/usr/lib/sendmail_&
2474 .cindex "symbolic link" "to &'exim'& binary"
2475 a symbolic link to the &'exim'& binary. It is a good idea to remove any setuid
2476 privilege and executable status from the old MTA. It is then necessary to stop
2477 and restart the mailer daemon, if one is running.
2479 .cindex "FreeBSD, MTA indirection"
2480 .cindex "&_/etc/mail/mailer.conf_&"
2481 Some operating systems have introduced alternative ways of switching MTAs. For
2482 example, if you are running FreeBSD, you need to edit the file
2483 &_/etc/mail/mailer.conf_& instead of setting up a symbolic link as just
2484 described. A typical example of the contents of this file for running Exim is
2485 as follows:
2486 .code
2487 sendmail /usr/exim/bin/exim
2488 send-mail /usr/exim/bin/exim
2489 mailq /usr/exim/bin/exim -bp
2490 newaliases /usr/bin/true
2491 .endd
2492 Once you have set up the symbolic link, or edited &_/etc/mail/mailer.conf_&,
2493 your Exim installation is &"live"&. Check it by sending a message from your
2494 favourite user agent.
2496 You should consider what to tell your users about the change of MTA. Exim may
2497 have different capabilities to what was previously running, and there are
2498 various operational differences such as the text of messages produced by
2499 command line options and in bounce messages. If you allow your users to make
2500 use of Exim's filtering capabilities, you should make the document entitled
2501 &'Exim's interface to mail filtering'& available to them.
2505 .section "Upgrading Exim" "SECID36"
2506 .cindex "upgrading Exim"
2507 If you are already running Exim on your host, building and installing a new
2508 version automatically makes it available to MUAs, or any other programs that
2509 call the MTA directly. However, if you are running an Exim daemon, you do need
2510 to send it a HUP signal, to make it re-execute itself, and thereby pick up the
2511 new binary. You do not need to stop processing mail in order to install a new
2512 version of Exim. The install script does not modify an existing runtime
2513 configuration file.
2518 .section "Stopping the Exim daemon on Solaris" "SECID37"
2519 .cindex "Solaris" "stopping Exim on"
2520 The standard command for stopping the mailer daemon on Solaris is
2521 .code
2522 /etc/init.d/sendmail stop
2523 .endd
2524 If &_/usr/lib/sendmail_& has been turned into a symbolic link, this script
2525 fails to stop Exim because it uses the command &'ps -e'& and greps the output
2526 for the text &"sendmail"&; this is not present because the actual program name
2527 (that is, &"exim"&) is given by the &'ps'& command with these options. A
2528 solution is to replace the line that finds the process id with something like
2529 .code
2530 pid=`cat /var/spool/exim/exim-daemon.pid`
2531 .endd
2532 to obtain the daemon's pid directly from the file that Exim saves it in.
2534 Note, however, that stopping the daemon does not &"stop Exim"&. Messages can
2535 still be received from local processes, and if automatic delivery is configured
2536 (the normal case), deliveries will still occur.
2541 . ////////////////////////////////////////////////////////////////////////////
2542 . ////////////////////////////////////////////////////////////////////////////
2544 .chapter "The Exim command line" "CHAPcommandline"
2545 .scindex IIDclo1 "command line" "options"
2546 .scindex IIDclo2 "options" "command line"
2547 Exim's command line takes the standard Unix form of a sequence of options,
2548 each starting with a hyphen character, followed by a number of arguments. The
2549 options are compatible with the main options of Sendmail, and there are also
2550 some additional options, some of which are compatible with Smail 3. Certain
2551 combinations of options do not make sense, and provoke an error if used.
2552 The form of the arguments depends on which options are set.
2555 .section "Setting options by program name" "SECID38"
2556 .cindex "&'mailq'&"
2557 If Exim is called under the name &'mailq'&, it behaves as if the option &%-bp%&
2558 were present before any other options.
2559 The &%-bp%& option requests a listing of the contents of the mail queue on the
2560 standard output.
2561 This feature is for compatibility with some systems that contain a command of
2562 that name in one of the standard libraries, symbolically linked to
2563 &_/usr/sbin/sendmail_& or &_/usr/lib/sendmail_&.
2565 .cindex "&'rsmtp'&"
2566 If Exim is called under the name &'rsmtp'& it behaves as if the option &%-bS%&
2567 were present before any other options, for compatibility with Smail. The
2568 &%-bS%& option is used for reading in a number of messages in batched SMTP
2569 format.
2571 .cindex "&'rmail'&"
2572 If Exim is called under the name &'rmail'& it behaves as if the &%-i%& and
2573 &%-oee%& options were present before any other options, for compatibility with
2574 Smail. The name &'rmail'& is used as an interface by some UUCP systems.
2576 .cindex "&'runq'&"
2577 .cindex "queue runner"
2578 If Exim is called under the name &'runq'& it behaves as if the option &%-q%&
2579 were present before any other options, for compatibility with Smail. The &%-q%&
2580 option causes a single queue runner process to be started.
2582 .cindex "&'newaliases'&"
2583 .cindex "alias file" "building"
2584 .cindex "Sendmail compatibility" "calling Exim as &'newaliases'&"
2585 If Exim is called under the name &'newaliases'& it behaves as if the option
2586 &%-bi%& were present before any other options, for compatibility with Sendmail.
2587 This option is used for rebuilding Sendmail's alias file. Exim does not have
2588 the concept of a single alias file, but can be configured to run a given
2589 command if called with the &%-bi%& option.
2592 .section "Trusted and admin users" "SECTtrustedadmin"
2593 Some Exim options are available only to &'trusted users'& and others are
2594 available only to &'admin users'&. In the description below, the phrases &"Exim
2595 user"& and &"Exim group"& mean the user and group defined by EXIM_USER and
2596 EXIM_GROUP in &_Local/Makefile_& or set by the &%exim_user%& and
2597 &%exim_group%& options. These do not necessarily have to use the name &"exim"&.
2599 .ilist
2600 .cindex "trusted users" "definition of"
2601 .cindex "user" "trusted definition of"
2602 The trusted users are root, the Exim user, any user listed in the
2603 &%trusted_users%& configuration option, and any user whose current group or any
2604 supplementary group is one of those listed in the &%trusted_groups%&
2605 configuration option. Note that the Exim group is not automatically trusted.
2607 .cindex '&"From"& line'
2608 .cindex "envelope sender"
2609 Trusted users are always permitted to use the &%-f%& option or a leading
2610 &"From&~"& line to specify the envelope sender of a message that is passed to
2611 Exim through the local interface (see the &%-bm%& and &%-f%& options below).
2612 See the &%untrusted_set_sender%& option for a way of permitting non-trusted
2613 users to set envelope senders.
2615 .cindex "&'From:'& header line"
2616 .cindex "&'Sender:'& header line"
2617 For a trusted user, there is never any check on the contents of the &'From:'&
2618 header line, and a &'Sender:'& line is never added. Furthermore, any existing
2619 &'Sender:'& line in incoming local (non-TCP/IP) messages is not removed.
2621 Trusted users may also specify a host name, host address, interface address,
2622 protocol name, ident value, and authentication data when submitting a message
2623 locally. Thus, they are able to insert messages into Exim's queue locally that
2624 have the characteristics of messages received from a remote host. Untrusted
2625 users may in some circumstances use &%-f%&, but can never set the other values
2626 that are available to trusted users.
2627 .next
2628 .cindex "user" "admin definition of"
2629 .cindex "admin user" "definition of"
2630 The admin users are root, the Exim user, and any user that is a member of the
2631 Exim group or of any group listed in the &%admin_groups%& configuration option.
2632 The current group does not have to be one of these groups.
2634 Admin users are permitted to list the queue, and to carry out certain
2635 operations on messages, for example, to force delivery failures. It is also
2636 necessary to be an admin user in order to see the full information provided by
2637 the Exim monitor, and full debugging output.
2639 By default, the use of the &%-M%&, &%-q%&, &%-R%&, and &%-S%& options to cause
2640 Exim to attempt delivery of messages on its queue is restricted to admin users.
2641 However, this restriction can be relaxed by setting the &%prod_requires_admin%&
2642 option false (that is, specifying &%no_prod_requires_admin%&).
2644 Similarly, the use of the &%-bp%& option to list all the messages in the queue
2645 is restricted to admin users unless &%queue_list_requires_admin%& is set
2646 false.
2647 .endlist
2650 &*Warning*&: If you configure your system so that admin users are able to
2651 edit Exim's configuration file, you are giving those users an easy way of
2652 getting root. There is further discussion of this issue at the start of chapter
2653 &<<CHAPconf>>&.
2658 .section "Command line options" "SECID39"
2659 Exim's command line options are described in alphabetical order below. If none
2660 of the options that specifies a specific action (such as starting the daemon or
2661 a queue runner, or testing an address, or receiving a message in a specific
2662 format, or listing the queue) are present, and there is at least one argument
2663 on the command line, &%-bm%& (accept a local message on the standard input,
2664 with the arguments specifying the recipients) is assumed. Otherwise, Exim
2665 outputs a brief message about itself and exits.
2667 . ////////////////////////////////////////////////////////////////////////////
2668 . Insert a stylized XML comment here, to identify the start of the command line
2669 . options. This is for the benefit of the Perl script that automatically
2670 . creates a man page for the options.
2671 . ////////////////////////////////////////////////////////////////////////////
2673 .literal xml
2674 <!-- === Start of command line options === -->
2675 .literal off
2678 .vlist
2679 .vitem &%--%&
2680 .oindex "--"
2681 .cindex "options" "command line; terminating"
2682 This is a pseudo-option whose only purpose is to terminate the options and
2683 therefore to cause subsequent command line items to be treated as arguments
2684 rather than options, even if they begin with hyphens.
2686 .vitem &%--help%&
2687 .oindex "&%--help%&"
2688 This option causes Exim to output a few sentences stating what it is.
2689 The same output is generated if the Exim binary is called with no options and
2690 no arguments.
2692 .vitem &%--version%&
2693 .oindex "&%--version%&"
2694 This option is an alias for &%-bV%& and causes version information to be
2695 displayed.
2697 .new
2698 .vitem &%-Ac%& &&&
2699 &%-Am%&
2700 .oindex "&%-Ac%&"
2701 .oindex "&%-Am%&"
2702 These options are used by Sendmail for selecting configuration files and are
2703 ignored by Exim.
2704 .wen
2706 .vitem &%-B%&<&'type'&>
2707 .oindex "&%-B%&"
2708 .cindex "8-bit characters"
2709 .cindex "Sendmail compatibility" "8-bit characters"
2710 This is a Sendmail option for selecting 7 or 8 bit processing. Exim is 8-bit
2711 clean; it ignores this option.
2713 .vitem &%-bd%&
2714 .oindex "&%-bd%&"
2715 .cindex "daemon"
2716 .cindex "SMTP" "listener"
2717 .cindex "queue runner"
2718 This option runs Exim as a daemon, awaiting incoming SMTP connections. Usually
2719 the &%-bd%& option is combined with the &%-q%&<&'time'&> option, to specify
2720 that the daemon should also initiate periodic queue runs.
2722 The &%-bd%& option can be used only by an admin user. If either of the &%-d%&
2723 (debugging) or &%-v%& (verifying) options are set, the daemon does not
2724 disconnect from the controlling terminal. When running this way, it can be
2725 stopped by pressing ctrl-C.
2727 By default, Exim listens for incoming connections to the standard SMTP port on
2728 all the host's running interfaces. However, it is possible to listen on other
2729 ports, on multiple ports, and only on specific interfaces. Chapter
2730 &<<CHAPinterfaces>>& contains a description of the options that control this.
2732 When a listening daemon
2733 .cindex "daemon" "process id (pid)"
2734 .cindex "pid (process id)" "of daemon"
2735 is started without the use of &%-oX%& (that is, without overriding the normal
2736 configuration), it writes its process id to a file called &_exim-daemon.pid_&
2737 in Exim's spool directory. This location can be overridden by setting
2738 PID_FILE_PATH in &_Local/Makefile_&. The file is written while Exim is still
2739 running as root.
2741 When &%-oX%& is used on the command line to start a listening daemon, the
2742 process id is not written to the normal pid file path. However, &%-oP%& can be
2743 used to specify a path on the command line if a pid file is required.
2745 The SIGHUP signal
2746 .cindex "SIGHUP"
2747 .cindex "daemon" "restarting"
2748 can be used to cause the daemon to re-execute itself. This should be done
2749 whenever Exim's configuration file, or any file that is incorporated into it by
2750 means of the &%.include%& facility, is changed, and also whenever a new version
2751 of Exim is installed. It is not necessary to do this when other files that are
2752 referenced from the configuration (for example, alias files) are changed,
2753 because these are reread each time they are used.
2755 .vitem &%-bdf%&
2756 .oindex "&%-bdf%&"
2757 This option has the same effect as &%-bd%& except that it never disconnects
2758 from the controlling terminal, even when no debugging is specified.
2760 .vitem &%-be%&
2761 .oindex "&%-be%&"
2762 .cindex "testing" "string expansion"
2763 .cindex "expansion" "testing"
2764 Run Exim in expansion testing mode. Exim discards its root privilege, to
2765 prevent ordinary users from using this mode to read otherwise inaccessible
2766 files. If no arguments are given, Exim runs interactively, prompting for lines
2767 of data. Otherwise, it processes each argument in turn.
2769 If Exim was built with USE_READLINE=yes in &_Local/Makefile_&, it tries
2770 to load the &%libreadline%& library dynamically whenever the &%-be%& option is
2771 used without command line arguments. If successful, it uses the &[readline()]&
2772 function, which provides extensive line-editing facilities, for reading the
2773 test data. A line history is supported.
2775 Long expansion expressions can be split over several lines by using backslash
2776 continuations. As in Exim's run time configuration, white space at the start of
2777 continuation lines is ignored. Each argument or data line is passed through the
2778 string expansion mechanism, and the result is output. Variable values from the
2779 configuration file (for example, &$qualify_domain$&) are available, but no
2780 message-specific values (such as &$sender_domain$&) are set, because no message
2781 is being processed (but see &%-bem%& and &%-Mset%&).
2783 &*Note*&: If you use this mechanism to test lookups, and you change the data
2784 files or databases you are using, you must exit and restart Exim before trying
2785 the same lookup again. Otherwise, because each Exim process caches the results
2786 of lookups, you will just get the same result as before.
2788 .vitem &%-bem%&&~<&'filename'&>
2789 .oindex "&%-bem%&"
2790 .cindex "testing" "string expansion"
2791 .cindex "expansion" "testing"
2792 This option operates like &%-be%& except that it must be followed by the name
2793 of a file. For example:
2794 .code
2795 exim -bem /tmp/testmessage
2796 .endd
2797 The file is read as a message (as if receiving a locally-submitted non-SMTP
2798 message) before any of the test expansions are done. Thus, message-specific
2799 variables such as &$message_size$& and &$header_from:$& are available. However,
2800 no &'Received:'& header is added to the message. If the &%-t%& option is set,
2801 recipients are read from the headers in the normal way, and are shown in the
2802 &$recipients$& variable. Note that recipients cannot be given on the command
2803 line, because further arguments are taken as strings to expand (just like
2804 &%-be%&).
2806 .vitem &%-bF%&&~<&'filename'&>
2807 .oindex "&%-bF%&"
2808 .cindex "system filter" "testing"
2809 .cindex "testing" "system filter"
2810 This option is the same as &%-bf%& except that it assumes that the filter being
2811 tested is a system filter. The additional commands that are available only in
2812 system filters are recognized.
2814 .vitem &%-bf%&&~<&'filename'&>
2815 .oindex "&%-bf%&"
2816 .cindex "filter" "testing"
2817 .cindex "testing" "filter file"
2818 .cindex "forward file" "testing"
2819 .cindex "testing" "forward file"
2820 .cindex "Sieve filter" "testing"
2821 This option runs Exim in user filter testing mode; the file is the filter file
2822 to be tested, and a test message must be supplied on the standard input. If
2823 there are no message-dependent tests in the filter, an empty file can be
2824 supplied.
2826 If you want to test a system filter file, use &%-bF%& instead of &%-bf%&. You
2827 can use both &%-bF%& and &%-bf%& on the same command, in order to test a system
2828 filter and a user filter in the same run. For example:
2829 .code
2830 exim -bF /system/filter -bf /user/filter </test/message
2831 .endd
2832 This is helpful when the system filter adds header lines or sets filter
2833 variables that are used by the user filter.
2835 If the test filter file does not begin with one of the special lines
2836 .code
2837 # Exim filter
2838 # Sieve filter
2839 .endd
2840 it is taken to be a normal &_.forward_& file, and is tested for validity under
2841 that interpretation. See sections &<<SECTitenonfilred>>& to
2842 &<<SECTspecitredli>>& for a description of the possible contents of non-filter
2843 redirection lists.
2845 The result of an Exim command that uses &%-bf%&, provided no errors are
2846 detected, is a list of the actions that Exim would try to take if presented
2847 with the message for real. More details of filter testing are given in the
2848 separate document entitled &'Exim's interfaces to mail filtering'&.
2850 When testing a filter file,
2851 .cindex "&""From""& line"
2852 .cindex "envelope sender"
2853 .oindex "&%-f%&" "for filter testing"
2854 the envelope sender can be set by the &%-f%& option,
2855 or by a &"From&~"& line at the start of the test message. Various parameters
2856 that would normally be taken from the envelope recipient address of the message
2857 can be set by means of additional command line options (see the next four
2858 options).
2860 .vitem &%-bfd%&&~<&'domain'&>
2861 .oindex "&%-bfd%&"
2862 .vindex "&$qualify_domain$&"
2863 This sets the domain of the recipient address when a filter file is being
2864 tested by means of the &%-bf%& option. The default is the value of
2865 &$qualify_domain$&.
2867 .vitem &%-bfl%&&~<&'local&~part'&>
2868 .oindex "&%-bfl%&"
2869 This sets the local part of the recipient address when a filter file is being
2870 tested by means of the &%-bf%& option. The default is the username of the
2871 process that calls Exim. A local part should be specified with any prefix or
2872 suffix stripped, because that is how it appears to the filter when a message is
2873 actually being delivered.
2875 .vitem &%-bfp%&&~<&'prefix'&>
2876 .oindex "&%-bfp%&"
2877 This sets the prefix of the local part of the recipient address when a filter
2878 file is being tested by means of the &%-bf%& option. The default is an empty
2879 prefix.
2881 .vitem &%-bfs%&&~<&'suffix'&>
2882 .oindex "&%-bfs%&"
2883 This sets the suffix of the local part of the recipient address when a filter
2884 file is being tested by means of the &%-bf%& option. The default is an empty
2885 suffix.
2887 .vitem &%-bh%&&~<&'IP&~address'&>
2888 .oindex "&%-bh%&"
2889 .cindex "testing" "incoming SMTP"
2890 .cindex "SMTP" "testing incoming"
2891 .cindex "testing" "relay control"
2892 .cindex "relaying" "testing configuration"
2893 .cindex "policy control" "testing"
2894 .cindex "debugging" "&%-bh%& option"
2895 This option runs a fake SMTP session as if from the given IP address, using the
2896 standard input and output. The IP address may include a port number at the end,
2897 after a full stop. For example:
2898 .code
2899 exim -bh
2900 exim -bh fe80::a00:20ff:fe86:a061.5678
2901 .endd
2902 When an IPv6 address is given, it is converted into canonical form. In the case
2903 of the second example above, the value of &$sender_host_address$& after
2904 conversion to the canonical form is
2905 &`fe80:0000:0000:0a00:20ff:fe86:a061.5678`&.
2907 Comments as to what is going on are written to the standard error file. These
2908 include lines beginning with &"LOG"& for anything that would have been logged.
2909 This facility is provided for testing configuration options for incoming
2910 messages, to make sure they implement the required policy. For example, you can
2911 test your relay controls using &%-bh%&.
2913 &*Warning 1*&:
2914 .cindex "RFC 1413"
2915 You can test features of the configuration that rely on ident (RFC 1413)
2916 information by using the &%-oMt%& option. However, Exim cannot actually perform
2917 an ident callout when testing using &%-bh%& because there is no incoming SMTP
2918 connection.
2920 &*Warning 2*&: Address verification callouts (see section &<<SECTcallver>>&)
2921 are also skipped when testing using &%-bh%&. If you want these callouts to
2922 occur, use &%-bhc%& instead.
2924 Messages supplied during the testing session are discarded, and nothing is
2925 written to any of the real log files. There may be pauses when DNS (and other)
2926 lookups are taking place, and of course these may time out. The &%-oMi%& option
2927 can be used to specify a specific IP interface and port if this is important,
2928 and &%-oMaa%& and &%-oMai%& can be used to set parameters as if the SMTP
2929 session were authenticated.
2931 The &'exim_checkaccess'& utility is a &"packaged"& version of &%-bh%& whose
2932 output just states whether a given recipient address from a given host is
2933 acceptable or not. See section &<<SECTcheckaccess>>&.
2935 Features such as authentication and encryption, where the client input is not
2936 plain text, cannot easily be tested with &%-bh%&. Instead, you should use a
2937 specialized SMTP test program such as
2938 &url(http://jetmore.org/john/code/#swaks,swaks).
2940 .vitem &%-bhc%&&~<&'IP&~address'&>
2941 .oindex "&%-bhc%&"
2942 This option operates in the same way as &%-bh%&, except that address
2943 verification callouts are performed if required. This includes consulting and
2944 updating the callout cache database.
2946 .vitem &%-bi%&
2947 .oindex "&%-bi%&"
2948 .cindex "alias file" "building"
2949 .cindex "building alias file"
2950 .cindex "Sendmail compatibility" "&%-bi%& option"
2951 Sendmail interprets the &%-bi%& option as a request to rebuild its alias file.
2952 Exim does not have the concept of a single alias file, and so it cannot mimic
2953 this behaviour. However, calls to &_/usr/lib/sendmail_& with the &%-bi%& option
2954 tend to appear in various scripts such as NIS make files, so the option must be
2955 recognized.
2957 If &%-bi%& is encountered, the command specified by the &%bi_command%&
2958 configuration option is run, under the uid and gid of the caller of Exim. If
2959 the &%-oA%& option is used, its value is passed to the command as an argument.
2960 The command set by &%bi_command%& may not contain arguments. The command can
2961 use the &'exim_dbmbuild'& utility, or some other means, to rebuild alias files
2962 if this is required. If the &%bi_command%& option is not set, calling Exim with
2963 &%-bi%& is a no-op.
2965 .new
2966 . // Keep :help first, then the rest in alphabetical order
2967 .vitem &%-bI:help%&
2968 .oindex "&%-bI:help%&"
2969 .cindex "querying exim information"
2970 We shall provide various options starting &`-bI:`& for querying Exim for
2971 information. The output of many of these will be intended for machine
2972 consumption. This one is not. The &%-bI:help%& option asks Exim for a
2973 synopsis of supported options beginning &`-bI:`&. Use of any of these
2974 options shall cause Exim to exit after producing the requested output.
2976 .vitem &%-bI:dscp%&
2977 .oindex "&%-bI:dscp%&"
2978 .cindex "DSCP" "values"
2979 This option causes Exim to emit an alphabetically sorted list of all
2980 recognised DSCP names.
2982 .vitem &%-bI:sieve%&
2983 .oindex "&%-bI:sieve%&"
2984 .cindex "Sieve filter" "capabilities"
2985 This option causes Exim to emit an alphabetically sorted list of all supported
2986 Sieve protocol extensions on stdout, one per line. This is anticipated to be
2987 useful for ManageSieve (RFC 5804) implementations, in providing that protocol's
2988 &`SIEVE`& capability response line. As the precise list may depend upon
2989 compile-time build options, which this option will adapt to, this is the only
2990 way to guarantee a correct response.
2991 .wen
2993 .vitem &%-bm%&
2994 .oindex "&%-bm%&"
2995 .cindex "local message reception"
2996 This option runs an Exim receiving process that accepts an incoming,
2997 locally-generated message on the standard input. The recipients are given as the
2998 command arguments (except when &%-t%& is also present &-- see below). Each
2999 argument can be a comma-separated list of RFC 2822 addresses. This is the
3000 default option for selecting the overall action of an Exim call; it is assumed
3001 if no other conflicting option is present.
3003 If any addresses in the message are unqualified (have no domain), they are
3004 qualified by the values of the &%qualify_domain%& or &%qualify_recipient%&
3005 options, as appropriate. The &%-bnq%& option (see below) provides a way of
3006 suppressing this for special cases.
3008 Policy checks on the contents of local messages can be enforced by means of
3009 the non-SMTP ACL. See chapter &<<CHAPACL>>& for details.
3011 .cindex "return code" "for &%-bm%&"
3012 The return code is zero if the message is successfully accepted. Otherwise, the
3013 action is controlled by the &%-oe%&&'x'& option setting &-- see below.
3015 The format
3016 .cindex "message" "format"
3017 .cindex "format" "message"
3018 .cindex "&""From""& line"
3019 .cindex "UUCP" "&""From""& line"
3020 .cindex "Sendmail compatibility" "&""From""& line"
3021 of the message must be as defined in RFC 2822, except that, for
3022 compatibility with Sendmail and Smail, a line in one of the forms
3023 .code
3024 From sender Fri Jan 5 12:55 GMT 1997
3025 From sender Fri, 5 Jan 97 12:55:01
3026 .endd
3027 (with the weekday optional, and possibly with additional text after the date)
3028 is permitted to appear at the start of the message. There appears to be no
3029 authoritative specification of the format of this line. Exim recognizes it by
3030 matching against the regular expression defined by the &%uucp_from_pattern%&
3031 option, which can be changed if necessary.
3033 .oindex "&%-f%&" "overriding &""From""& line"
3034 The specified sender is treated as if it were given as the argument to the
3035 &%-f%& option, but if a &%-f%& option is also present, its argument is used in
3036 preference to the address taken from the message. The caller of Exim must be a
3037 trusted user for the sender of a message to be set in this way.
3039 .vitem &%-bmalware%&&~<&'filename'&>
3040 .oindex "&%-bmalware%&"
3041 .cindex "testing", "malware"
3042 .cindex "malware scan test"
3043 This debugging option causes Exim to scan the given file,
3044 using the malware scanning framework. The option of &%av_scanner%& influences
3045 this option, so if &%av_scanner%&'s value is dependent upon an expansion then
3046 the expansion should have defaults which apply to this invocation. ACLs are
3047 not invoked, so if &%av_scanner%& references an ACL variable then that variable
3048 will never be populated and &%-bmalware%& will fail.
3050 Exim will have changed working directory before resolving the filename, so
3051 using fully qualified pathnames is advisable. Exim will be running as the Exim
3052 user when it tries to open the file, rather than as the invoking user.
3053 This option requires admin privileges.
3055 The &%-bmalware%& option will not be extended to be more generally useful,
3056 there are better tools for file-scanning. This option exists to help
3057 administrators verify their Exim and AV scanner configuration.
3059 .vitem &%-bnq%&
3060 .oindex "&%-bnq%&"
3061 .cindex "address qualification, suppressing"
3062 By default, Exim automatically qualifies unqualified addresses (those
3063 without domains) that appear in messages that are submitted locally (that
3064 is, not over TCP/IP). This qualification applies both to addresses in
3065 envelopes, and addresses in header lines. Sender addresses are qualified using
3066 &%qualify_domain%&, and recipient addresses using &%qualify_recipient%& (which
3067 defaults to the value of &%qualify_domain%&).
3069 Sometimes, qualification is not wanted. For example, if &%-bS%& (batch SMTP) is
3070 being used to re-submit messages that originally came from remote hosts after
3071 content scanning, you probably do not want to qualify unqualified addresses in
3072 header lines. (Such lines will be present only if you have not enabled a header
3073 syntax check in the appropriate ACL.)
3075 The &%-bnq%& option suppresses all qualification of unqualified addresses in
3076 messages that originate on the local host. When this is used, unqualified
3077 addresses in the envelope provoke errors (causing message rejection) and
3078 unqualified addresses in header lines are left alone.
3081 .vitem &%-bP%&
3082 .oindex "&%-bP%&"
3083 .cindex "configuration options" "extracting"
3084 .cindex "options" "configuration &-- extracting"
3085 If this option is given with no arguments, it causes the values of all Exim's
3086 main configuration options to be written to the standard output. The values
3087 of one or more specific options can be requested by giving their names as
3088 arguments, for example:
3089 .code
3090 exim -bP qualify_domain hold_domains
3091 .endd
3092 .cindex "hiding configuration option values"
3093 .cindex "configuration options" "hiding value of"
3094 .cindex "options" "hiding value of"
3095 However, any option setting that is preceded by the word &"hide"& in the
3096 configuration file is not shown in full, except to an admin user. For other
3097 users, the output is as in this example:
3098 .code
3099 mysql_servers = <value not displayable>
3100 .endd
3101 If &%configure_file%& is given as an argument, the name of the run time
3102 configuration file is output.
3103 If a list of configuration files was supplied, the value that is output here
3104 is the name of the file that was actually used.
3106 .new
3107 .cindex "options" "hiding name of"
3108 If the &%-n%& flag is given, then for most modes of &%-bP%& operation the
3109 name will not be output.
3110 .wen
3112 .cindex "daemon" "process id (pid)"
3113 .cindex "pid (process id)" "of daemon"
3114 If &%log_file_path%& or &%pid_file_path%& are given, the names of the
3115 directories where log files and daemon pid files are written are output,
3116 respectively. If these values are unset, log files are written in a
3117 sub-directory of the spool directory called &%log%&, and the pid file is
3118 written directly into the spool directory.
3120 If &%-bP%& is followed by a name preceded by &`+`&, for example,
3121 .code
3122 exim -bP +local_domains
3123 .endd
3124 it searches for a matching named list of any type (domain, host, address, or
3125 local part) and outputs what it finds.
3127 .cindex "options" "router &-- extracting"
3128 .cindex "options" "transport &-- extracting"
3129 .cindex "options" "authenticator &-- extracting"
3130 If one of the words &%router%&, &%transport%&, or &%authenticator%& is given,
3131 followed by the name of an appropriate driver instance, the option settings for
3132 that driver are output. For example:
3133 .code
3134 exim -bP transport local_delivery
3135 .endd
3136 The generic driver options are output first, followed by the driver's private
3137 options. A list of the names of drivers of a particular type can be obtained by
3138 using one of the words &%router_list%&, &%transport_list%&, or
3139 &%authenticator_list%&, and a complete list of all drivers with their option
3140 settings can be obtained by using &%routers%&, &%transports%&, or
3141 &%authenticators%&.
3143 .cindex "options" "macro &-- extracting"
3144 If invoked by an admin user, then &%macro%&, &%macro_list%& and &%macros%&
3145 are available, similarly to the drivers. Because macros are sometimes used
3146 for storing passwords, this option is restricted.
3147 The output format is one item per line.
3149 .vitem &%-bp%&
3150 .oindex "&%-bp%&"
3151 .cindex "queue" "listing messages on"
3152 .cindex "listing" "messages on the queue"
3153 This option requests a listing of the contents of the mail queue on the
3154 standard output. If the &%-bp%& option is followed by a list of message ids,
3155 just those messages are listed. By default, this option can be used only by an
3156 admin user. However, the &%queue_list_requires_admin%& option can be set false
3157 to allow any user to see the queue.
3159 Each message on the queue is displayed as in the following example:
3160 .code
3161 25m 2.9K 0t5C6f-0000c8-00 <alice@wonderland.fict.example>
3162 red.king@looking-glass.fict.example
3163 <other addresses>
3164 .endd
3165 .cindex "message" "size in queue listing"
3166 .cindex "size" "of message"
3167 The first line contains the length of time the message has been on the queue
3168 (in this case 25 minutes), the size of the message (2.9K), the unique local
3169 identifier for the message, and the message sender, as contained in the
3170 envelope. For bounce messages, the sender address is empty, and appears as
3171 &"<>"&. If the message was submitted locally by an untrusted user who overrode
3172 the default sender address, the user's login name is shown in parentheses
3173 before the sender address.
3175 .cindex "frozen messages" "in queue listing"
3176 If the message is frozen (attempts to deliver it are suspended) then the text
3177 &"*** frozen ***"& is displayed at the end of this line.
3179 The recipients of the message (taken from the envelope, not the headers) are
3180 displayed on subsequent lines. Those addresses to which the message has already
3181 been delivered are marked with the letter D. If an original address gets
3182 expanded into several addresses via an alias or forward file, the original is
3183 displayed with a D only when deliveries for all of its child addresses are
3184 complete.
3187 .vitem &%-bpa%&
3188 .oindex "&%-bpa%&"
3189 This option operates like &%-bp%&, but in addition it shows delivered addresses
3190 that were generated from the original top level address(es) in each message by
3191 alias or forwarding operations. These addresses are flagged with &"+D"& instead
3192 of just &"D"&.
3195 .vitem &%-bpc%&
3196 .oindex "&%-bpc%&"
3197 .cindex "queue" "count of messages on"
3198 This option counts the number of messages on the queue, and writes the total
3199 to the standard output. It is restricted to admin users, unless
3200 &%queue_list_requires_admin%& is set false.
3203 .vitem &%-bpr%&
3204 .oindex "&%-bpr%&"
3205 This option operates like &%-bp%&, but the output is not sorted into
3206 chronological order of message arrival. This can speed it up when there are
3207 lots of messages on the queue, and is particularly useful if the output is
3208 going to be post-processed in a way that doesn't need the sorting.
3210 .vitem &%-bpra%&
3211 .oindex "&%-bpra%&"
3212 This option is a combination of &%-bpr%& and &%-bpa%&.
3214 .vitem &%-bpru%&
3215 .oindex "&%-bpru%&"
3216 This option is a combination of &%-bpr%& and &%-bpu%&.
3219 .vitem &%-bpu%&
3220 .oindex "&%-bpu%&"
3221 This option operates like &%-bp%& but shows only undelivered top-level
3222 addresses for each message displayed. Addresses generated by aliasing or
3223 forwarding are not shown, unless the message was deferred after processing by a
3224 router with the &%one_time%& option set.
3227 .vitem &%-brt%&
3228 .oindex "&%-brt%&"
3229 .cindex "testing" "retry configuration"
3230 .cindex "retry" "configuration testing"
3231 This option is for testing retry rules, and it must be followed by up to three
3232 arguments. It causes Exim to look for a retry rule that matches the values
3233 and to write it to the standard output. For example:
3234 .code
3235 exim -brt bach.comp.mus.example
3236 Retry rule: *.comp.mus.example F,2h,15m; F,4d,30m;
3237 .endd
3238 See chapter &<<CHAPretry>>& for a description of Exim's retry rules. The first
3239 argument, which is required, can be a complete address in the form
3240 &'local_part@domain'&, or it can be just a domain name. If the second argument
3241 contains a dot, it is interpreted as an optional second domain name; if no
3242 retry rule is found for the first argument, the second is tried. This ties in
3243 with Exim's behaviour when looking for retry rules for remote hosts &-- if no
3244 rule is found that matches the host, one that matches the mail domain is
3245 sought. Finally, an argument that is the name of a specific delivery error, as
3246 used in setting up retry rules, can be given. For example:
3247 .code
3248 exim -brt haydn.comp.mus.example quota_3d
3249 Retry rule: *@haydn.comp.mus.example quota_3d F,1h,15m
3250 .endd
3252 .vitem &%-brw%&
3253 .oindex "&%-brw%&"
3254 .cindex "testing" "rewriting"
3255 .cindex "rewriting" "testing"
3256 This option is for testing address rewriting rules, and it must be followed by
3257 a single argument, consisting of either a local part without a domain, or a
3258 complete address with a fully qualified domain. Exim outputs how this address
3259 would be rewritten for each possible place it might appear. See chapter
3260 &<<CHAPrewrite>>& for further details.
3262 .vitem &%-bS%&
3263 .oindex "&%-bS%&"
3264 .cindex "SMTP" "batched incoming"
3265 .cindex "batched SMTP input"
3266 This option is used for batched SMTP input, which is an alternative interface
3267 for non-interactive local message submission. A number of messages can be
3268 submitted in a single run. However, despite its name, this is not really SMTP
3269 input. Exim reads each message's envelope from SMTP commands on the standard
3270 input, but generates no responses. If the caller is trusted, or
3271 &%untrusted_set_sender%& is set, the senders in the SMTP MAIL commands are
3272 believed; otherwise the sender is always the caller of Exim.
3274 The message itself is read from the standard input, in SMTP format (leading
3275 dots doubled), terminated by a line containing just a single dot. An error is
3276 provoked if the terminating dot is missing. A further message may then follow.
3278 As for other local message submissions, the contents of incoming batch SMTP
3279 messages can be checked using the non-SMTP ACL (see chapter &<<CHAPACL>>&).
3280 Unqualified addresses are automatically qualified using &%qualify_domain%& and
3281 &%qualify_recipient%&, as appropriate, unless the &%-bnq%& option is used.
3283 Some other SMTP commands are recognized in the input. HELO and EHLO act
3284 as RSET; VRFY, EXPN, ETRN, and HELP act as NOOP;
3285 QUIT quits, ignoring the rest of the standard input.
3287 .cindex "return code" "for &%-bS%&"
3288 If any error is encountered, reports are written to the standard output and
3289 error streams, and Exim gives up immediately. The return code is 0 if no error
3290 was detected; it is 1 if one or more messages were accepted before the error
3291 was detected; otherwise it is 2.
3293 More details of input using batched SMTP are given in section
3294 &<<SECTincomingbatchedSMTP>>&.
3296 .vitem &%-bs%&
3297 .oindex "&%-bs%&"
3298 .cindex "SMTP" "local input"
3299 .cindex "local SMTP input"
3300 This option causes Exim to accept one or more messages by reading SMTP commands
3301 on the standard input, and producing SMTP replies on the standard output. SMTP
3302 policy controls, as defined in ACLs (see chapter &<<CHAPACL>>&) are applied.
3303 Some user agents use this interface as a way of passing locally-generated
3304 messages to the MTA.
3306 In
3307 .cindex "sender" "source of"
3308 this usage, if the caller of Exim is trusted, or &%untrusted_set_sender%& is
3309 set, the senders of messages are taken from the SMTP MAIL commands.
3310 Otherwise the content of these commands is ignored and the sender is set up as
3311 the calling user. Unqualified addresses are automatically qualified using
3312 &%qualify_domain%& and &%qualify_recipient%&, as appropriate, unless the
3313 &%-bnq%& option is used.
3315 .cindex "inetd"
3316 The
3317 &%-bs%& option is also used to run Exim from &'inetd'&, as an alternative to
3318 using a listening daemon. Exim can distinguish the two cases by checking
3319 whether the standard input is a TCP/IP socket. When Exim is called from
3320 &'inetd'&, the source of the mail is assumed to be remote, and the comments
3321 above concerning senders and qualification do not apply. In this situation,
3322 Exim behaves in exactly the same way as it does when receiving a message via
3323 the listening daemon.
3325 .vitem &%-bt%&
3326 .oindex "&%-bt%&"
3327 .cindex "testing" "addresses"
3328 .cindex "address" "testing"
3329 This option runs Exim in address testing mode, in which each argument is taken
3330 as a recipient address to be tested for deliverability. The results are
3331 written to the standard output. If a test fails, and the caller is not an admin
3332 user, no details of the failure are output, because these might contain
3333 sensitive information such as usernames and passwords for database lookups.
3335 If no arguments are given, Exim runs in an interactive manner, prompting with a
3336 right angle bracket for addresses to be tested.
3338 Unlike the &%-be%& test option, you cannot arrange for Exim to use the
3339 &[readline()]& function, because it is running as &'root'& and there are
3340 security issues.
3342 Each address is handled as if it were the recipient address of a message
3343 (compare the &%-bv%& option). It is passed to the routers and the result is
3344 written to the standard output. However, any router that has
3345 &%no_address_test%& set is bypassed. This can make &%-bt%& easier to use for
3346 genuine routing tests if your first router passes everything to a scanner
3347 program.
3349 .cindex "return code" "for &%-bt%&"
3350 The return code is 2 if any address failed outright; it is 1 if no address
3351 failed outright but at least one could not be resolved for some reason. Return
3352 code 0 is given only when all addresses succeed.
3354 .cindex "duplicate addresses"
3355 &*Note*&: When actually delivering a message, Exim removes duplicate recipient
3356 addresses after routing is complete, so that only one delivery takes place.
3357 This does not happen when testing with &%-bt%&; the full results of routing are
3358 always shown.
3360 &*Warning*&: &%-bt%& can only do relatively simple testing. If any of the
3361 routers in the configuration makes any tests on the sender address of a
3362 message,
3363 .oindex "&%-f%&" "for address testing"
3364 you can use the &%-f%& option to set an appropriate sender when running
3365 &%-bt%& tests. Without it, the sender is assumed to be the calling user at the
3366 default qualifying domain. However, if you have set up (for example) routers
3367 whose behaviour depends on the contents of an incoming message, you cannot test
3368 those conditions using &%-bt%&. The &%-N%& option provides a possible way of
3369 doing such tests.
3371 .vitem &%-bV%&
3372 .oindex "&%-bV%&"
3373 .cindex "version number of Exim"
3374 This option causes Exim to write the current version number, compilation
3375 number, and compilation date of the &'exim'& binary to the standard output.
3376 It also lists the DBM library that is being used, the optional modules (such as
3377 specific lookup types), the drivers that are included in the binary, and the
3378 name of the run time configuration file that is in use.
3380 As part of its operation, &%-bV%& causes Exim to read and syntax check its
3381 configuration file. However, this is a static check only. It cannot check
3382 values that are to be expanded. For example, although a misspelt ACL verb is
3383 detected, an error in the verb's arguments is not. You cannot rely on &%-bV%&
3384 alone to discover (for example) all the typos in the configuration; some
3385 realistic testing is needed. The &%-bh%& and &%-N%& options provide more
3386 dynamic testing facilities.
3388 .vitem &%-bv%&
3389 .oindex "&%-bv%&"
3390 .cindex "verifying address" "using &%-bv%&"
3391 .cindex "address" "verification"
3392 This option runs Exim in address verification mode, in which each argument is
3393 taken as a recipient address to be verified by the routers. (This does
3394 not involve any verification callouts). During normal operation, verification
3395 happens mostly as a consequence processing a &%verify%& condition in an ACL
3396 (see chapter &<<CHAPACL>>&). If you want to test an entire ACL, possibly
3397 including callouts, see the &%-bh%& and &%-bhc%& options.
3399 If verification fails, and the caller is not an admin user, no details of the
3400 failure are output, because these might contain sensitive information such as
3401 usernames and passwords for database lookups.
3403 If no arguments are given, Exim runs in an interactive manner, prompting with a
3404 right angle bracket for addresses to be verified.
3406 Unlike the &%-be%& test option, you cannot arrange for Exim to use the
3407 &[readline()]& function, because it is running as &'exim'& and there are
3408 security issues.
3410 Verification differs from address testing (the &%-bt%& option) in that routers
3411 that have &%no_verify%& set are skipped, and if the address is accepted by a
3412 router that has &%fail_verify%& set, verification fails. The address is
3413 verified as a recipient if &%-bv%& is used; to test verification for a sender
3414 address, &%-bvs%& should be used.
3416 If the &%-v%& option is not set, the output consists of a single line for each
3417 address, stating whether it was verified or not, and giving a reason in the
3418 latter case. Without &%-v%&, generating more than one address by redirection
3419 causes verification to end successfully, without considering the generated
3420 addresses. However, if just one address is generated, processing continues,
3421 and the generated address must verify successfully for the overall verification
3422 to succeed.
3424 When &%-v%& is set, more details are given of how the address has been handled,
3425 and in the case of address redirection, all the generated addresses are also
3426 considered. Verification may succeed for some and fail for others.
3428 The
3429 .cindex "return code" "for &%-bv%&"
3430 return code is 2 if any address failed outright; it is 1 if no address
3431 failed outright but at least one could not be resolved for some reason. Return
3432 code 0 is given only when all addresses succeed.
3434 If any of the routers in the configuration makes any tests on the sender
3435 address of a message, you should use the &%-f%& option to set an appropriate
3436 sender when running &%-bv%& tests. Without it, the sender is assumed to be the
3437 calling user at the default qualifying domain.
3439 .vitem &%-bvs%&
3440 .oindex "&%-bvs%&"
3441 This option acts like &%-bv%&, but verifies the address as a sender rather
3442 than a recipient address. This affects any rewriting and qualification that
3443 might happen.
3445 .vitem &%-bw%&
3446 .oindex "&%-bw%&"
3447 .cindex "daemon"
3448 .cindex "inetd"
3449 .cindex "inetd" "wait mode"
3450 This option runs Exim as a daemon, awaiting incoming SMTP connections,
3451 similarly to the &%-bd%& option. All port specifications on the command-line
3452 and in the configuration file are ignored. Queue-running may not be specified.
3454 In this mode, Exim expects to be passed a socket as fd 0 (stdin) which is
3455 listening for connections. This permits the system to start up and have
3456 inetd (or equivalent) listen on the SMTP ports, starting an Exim daemon for
3457 each port only when the first connection is received.
3459 If the option is given as &%-bw%&<&'time'&> then the time is a timeout, after
3460 which the daemon will exit, which should cause inetd to listen once more.
3462 .vitem &%-C%&&~<&'filelist'&>
3463 .oindex "&%-C%&"
3464 .cindex "configuration file" "alternate"
3465 .cindex "CONFIGURE_FILE"
3466 .cindex "alternate configuration file"
3467 This option causes Exim to find the run time configuration file from the given
3468 list instead of from the list specified by the CONFIGURE_FILE
3469 compile-time setting. Usually, the list will consist of just a single file
3470 name, but it can be a colon-separated list of names. In this case, the first
3471 file that exists is used. Failure to open an existing file stops Exim from
3472 proceeding any further along the list, and an error is generated.
3474 When this option is used by a caller other than root, and the list is different
3475 from the compiled-in list, Exim gives up its root privilege immediately, and
3476 runs with the real and effective uid and gid set to those of the caller.
3477 However, if a TRUSTED_CONFIG_LIST file is defined in &_Local/Makefile_&, that
3478 file contains a list of full pathnames, one per line, for configuration files
3479 which are trusted. Root privilege is retained for any configuration file so
3480 listed, as long as the caller is the Exim user (or the user specified in the
3481 CONFIGURE_OWNER option, if any), and as long as the configuration file is
3482 not writeable by inappropriate users or groups.
3484 Leaving TRUSTED_CONFIG_LIST unset precludes the possibility of testing a
3485 configuration using &%-C%& right through message reception and delivery,
3486 even if the caller is root. The reception works, but by that time, Exim is
3487 running as the Exim user, so when it re-executes to regain privilege for the
3488 delivery, the use of &%-C%& causes privilege to be lost. However, root can
3489 test reception and delivery using two separate commands (one to put a message
3490 on the queue, using &%-odq%&, and another to do the delivery, using &%-M%&).
3492 If ALT_CONFIG_PREFIX is defined &_in Local/Makefile_&, it specifies a
3493 prefix string with which any file named in a &%-C%& command line option
3494 must start. In addition, the file name must not contain the sequence &`/../`&.
3495 However, if the value of the &%-C%& option is identical to the value of
3496 CONFIGURE_FILE in &_Local/Makefile_&, Exim ignores &%-C%& and proceeds as
3497 usual. There is no default setting for ALT_CONFIG_PREFIX; when it is
3498 unset, any file name can be used with &%-C%&.
3500 ALT_CONFIG_PREFIX can be used to confine alternative configuration files
3501 to a directory to which only root has access. This prevents someone who has
3502 broken into the Exim account from running a privileged Exim with an arbitrary
3503 configuration file.
3505 The &%-C%& facility is useful for ensuring that configuration files are
3506 syntactically correct, but cannot be used for test deliveries, unless the
3507 caller is privileged, or unless it is an exotic configuration that does not
3508 require privilege. No check is made on the owner or group of the files
3509 specified by this option.
3512 .vitem &%-D%&<&'macro'&>=<&'value'&>
3513 .oindex "&%-D%&"
3514 .cindex "macro" "setting on command line"
3515 This option can be used to override macro definitions in the configuration file
3516 (see section &<<SECTmacrodefs>>&). However, like &%-C%&, if it is used by an
3517 unprivileged caller, it causes Exim to give up its root privilege.
3518 If DISABLE_D_OPTION is defined in &_Local/Makefile_&, the use of &%-D%& is
3519 completely disabled, and its use causes an immediate error exit.
3521 If WHITELIST_D_MACROS is defined in &_Local/Makefile_& then it should be a
3522 colon-separated list of macros which are considered safe and, if &%-D%& only
3523 supplies macros from this list, and the values are acceptable, then Exim will
3524 not give up root privilege if the caller is root, the Exim run-time user, or
3525 the CONFIGURE_OWNER, if set. This is a transition mechanism and is expected
3526 to be removed in the future. Acceptable values for the macros satisfy the
3527 regexp: &`^[A-Za-z0-9_/.-]*$`&
3529 The entire option (including equals sign if present) must all be within one
3530 command line item. &%-D%& can be used to set the value of a macro to the empty
3531 string, in which case the equals sign is optional. These two commands are
3532 synonymous:
3533 .code
3534 exim -DABC ...
3535 exim -DABC= ...
3536 .endd
3537 To include spaces in a macro definition item, quotes must be used. If you use
3538 quotes, spaces are permitted around the macro name and the equals sign. For
3539 example:
3540 .code
3541 exim '-D ABC = something' ...
3542 .endd
3543 &%-D%& may be repeated up to 10 times on a command line.
3546 .vitem &%-d%&<&'debug&~options'&>
3547 .oindex "&%-d%&"
3548 .cindex "debugging" "list of selectors"
3549 .cindex "debugging" "&%-d%& option"
3550 This option causes debugging information to be written to the standard
3551 error stream. It is restricted to admin users because debugging output may show
3552 database queries that contain password information. Also, the details of users'
3553 filter files should be protected. If a non-admin user uses &%-d%&, Exim
3554 writes an error message to the standard error stream and exits with a non-zero
3555 return code.
3557 When &%-d%& is used, &%-v%& is assumed. If &%-d%& is given on its own, a lot of
3558 standard debugging data is output. This can be reduced, or increased to include
3559 some more rarely needed information, by directly following &%-d%& with a string
3560 made up of names preceded by plus or minus characters. These add or remove sets
3561 of debugging data, respectively. For example, &%-d+filter%& adds filter
3562 debugging, whereas &%-d-all+filter%& selects only filter debugging. Note that
3563 no spaces are allowed in the debug setting. The available debugging categories
3564 are:
3565 .display
3566 &`acl `& ACL interpretation
3567 &`auth `& authenticators
3568 &`deliver `& general delivery logic
3569 &`dns `& DNS lookups (see also resolver)
3570 &`dnsbl `& DNS black list (aka RBL) code
3571 &`exec `& arguments for &[execv()]& calls
3572 &`expand `& detailed debugging for string expansions
3573 &`filter `& filter handling
3574 &`hints_lookup `& hints data lookups
3575 &`host_lookup `& all types of name-to-IP address handling
3576 &`ident `& ident lookup
3577 &`interface `& lists of local interfaces
3578 &`lists `& matching things in lists
3579 &`load `& system load checks
3580 &`local_scan `& can be used by &[local_scan()]& (see chapter &&&
3581 &<<CHAPlocalscan>>&)
3582 &`lookup `& general lookup code and all lookups
3583 &`memory `& memory handling
3584 &`pid `& add pid to debug output lines
3585 &`process_info `& setting info for the process log
3586 &`queue_run `& queue runs
3587 &`receive `& general message reception logic
3588 &`resolver `& turn on the DNS resolver's debugging output
3589 &`retry `& retry handling
3590 &`rewrite `& address rewriting
3591 &`route `& address routing
3592 &`timestamp `& add timestamp to debug output lines
3593 &`tls `& TLS logic
3594 &`transport `& transports
3595 &`uid `& changes of uid/gid and looking up uid/gid
3596 &`verify `& address verification logic
3597 &`all `& almost all of the above (see below), and also &%-v%&
3598 .endd
3599 The &`all`& option excludes &`memory`& when used as &`+all`&, but includes it
3600 for &`-all`&. The reason for this is that &`+all`& is something that people
3601 tend to use when generating debug output for Exim maintainers. If &`+memory`&
3602 is included, an awful lot of output that is very rarely of interest is
3603 generated, so it now has to be explicitly requested. However, &`-all`& does
3604 turn everything off.
3606 .cindex "resolver, debugging output"
3607 .cindex "DNS resolver, debugging output"
3608 The &`resolver`& option produces output only if the DNS resolver was compiled
3609 with DEBUG enabled. This is not the case in some operating systems. Also,
3610 unfortunately, debugging output from the DNS resolver is written to stdout
3611 rather than stderr.
3613 The default (&%-d%& with no argument) omits &`expand`&, &`filter`&,
3614 &`interface`&, &`load`&, &`memory`&, &`pid`&, &`resolver`&, and &`timestamp`&.
3615 However, the &`pid`& selector is forced when debugging is turned on for a
3616 daemon, which then passes it on to any re-executed Exims. Exim also
3617 automatically adds the pid to debug lines when several remote deliveries are
3618 run in parallel.
3620 The &`timestamp`& selector causes the current time to be inserted at the start
3621 of all debug output lines. This can be useful when trying to track down delays
3622 in processing.
3624 If the &%debug_print%& option is set in any driver, it produces output whenever
3625 any debugging is selected, or if &%-v%& is used.
3627 .vitem &%-dd%&<&'debug&~options'&>
3628 .oindex "&%-dd%&"
3629 This option behaves exactly like &%-d%& except when used on a command that
3630 starts a daemon process. In that case, debugging is turned off for the
3631 subprocesses that the daemon creates. Thus, it is useful for monitoring the
3632 behaviour of the daemon without creating as much output as full debugging does.
3634 .vitem &%-dropcr%&
3635 .oindex "&%-dropcr%&"
3636 This is an obsolete option that is now a no-op. It used to affect the way Exim
3637 handled CR and LF characters in incoming messages. What happens now is
3638 described in section &<<SECTlineendings>>&.
3640 .vitem &%-E%&
3641 .oindex "&%-E%&"
3642 .cindex "bounce message" "generating"
3643 This option specifies that an incoming message is a locally-generated delivery
3644 failure report. It is used internally by Exim when handling delivery failures
3645 and is not intended for external use. Its only effect is to stop Exim
3646 generating certain messages to the postmaster, as otherwise message cascades
3647 could occur in some situations. As part of the same option, a message id may
3648 follow the characters &%-E%&. If it does, the log entry for the receipt of the
3649 new message contains the id, following &"R="&, as a cross-reference.
3651 .vitem &%-e%&&'x'&
3652 .oindex "&%-e%&&'x'&"
3653 There are a number of Sendmail options starting with &%-oe%& which seem to be
3654 called by various programs without the leading &%o%& in the option. For
3655 example, the &%vacation%& program uses &%-eq%&. Exim treats all options of the
3656 form &%-e%&&'x'& as synonymous with the corresponding &%-oe%&&'x'& options.
3658 .vitem &%-F%&&~<&'string'&>
3659 .oindex "&%-F%&"
3660 .cindex "sender" "name"
3661 .cindex "name" "of sender"
3662 This option sets the sender's full name for use when a locally-generated
3663 message is being accepted. In the absence of this option, the user's &'gecos'&
3664 entry from the password data is used. As users are generally permitted to alter
3665 their &'gecos'& entries, no security considerations are involved. White space
3666 between &%-F%& and the <&'string'&> is optional.
3668 .vitem &%-f%&&~<&'address'&>
3669 .oindex "&%-f%&"
3670 .cindex "sender" "address"
3671 .cindex "address" "sender"
3672 .cindex "trusted users"
3673 .cindex "envelope sender"
3674 .cindex "user" "trusted"
3675 This option sets the address of the envelope sender of a locally-generated
3676 message (also known as the return path). The option can normally be used only
3677 by a trusted user, but &%untrusted_set_sender%& can be set to allow untrusted
3678 users to use it.
3680 Processes running as root or the Exim user are always trusted. Other
3681 trusted users are defined by the &%trusted_users%& or &%trusted_groups%&
3682 options. In the absence of &%-f%&, or if the caller is not trusted, the sender
3683 of a local message is set to the caller's login name at the default qualify
3684 domain.
3686 There is one exception to the restriction on the use of &%-f%&: an empty sender
3687 can be specified by any user, trusted or not, to create a message that can
3688 never provoke a bounce. An empty sender can be specified either as an empty
3689 string, or as a pair of angle brackets with nothing between them, as in these
3690 examples of shell commands:
3691 .code
3692 exim -f '<>' user@domain
3693 exim -f "" user@domain
3694 .endd
3695 In addition, the use of &%-f%& is not restricted when testing a filter file
3696 with &%-bf%& or when testing or verifying addresses using the &%-bt%& or
3697 &%-bv%& options.
3699 Allowing untrusted users to change the sender address does not of itself make
3700 it possible to send anonymous mail. Exim still checks that the &'From:'& header
3701 refers to the local user, and if it does not, it adds a &'Sender:'& header,
3702 though this can be overridden by setting &%no_local_from_check%&.
3704 White
3705 .cindex "&""From""& line"
3706 space between &%-f%& and the <&'address'&> is optional (that is, they can be
3707 given as two arguments or one combined argument). The sender of a
3708 locally-generated message can also be set (when permitted) by an initial
3709 &"From&~"& line in the message &-- see the description of &%-bm%& above &-- but
3710 if &%-f%& is also present, it overrides &"From&~"&.
3712 .vitem &%-G%&
3713 .oindex "&%-G%&"
3714 .cindex "submission fixups, suppressing (command-line)"
3715 .new
3716 This option is equivalent to an ACL applying:
3717 .code
3718 control = suppress_local_fixups
3719 .endd
3720 for every message received. Note that Sendmail will complain about such
3721 bad formatting, where Exim silently just does not fix it up. This may change
3722 in future.
3724 As this affects audit information, the caller must be a trusted user to use
3725 this option.
3726 .wen
3728 .vitem &%-h%&&~<&'number'&>
3729 .oindex "&%-h%&"
3730 .cindex "Sendmail compatibility" "&%-h%& option ignored"
3731 This option is accepted for compatibility with Sendmail, but has no effect. (In
3732 Sendmail it overrides the &"hop count"& obtained by counting &'Received:'&
3733 headers.)
3735 .vitem &%-i%&
3736 .oindex "&%-i%&"
3737 .cindex "Solaris" "&'mail'& command"
3738 .cindex "dot" "in incoming non-SMTP message"
3739 This option, which has the same effect as &%-oi%&, specifies that a dot on a
3740 line by itself should not terminate an incoming, non-SMTP message. I can find
3741 no documentation for this option in Solaris 2.4 Sendmail, but the &'mailx'&
3742 command in Solaris 2.4 uses it. See also &%-ti%&.
3744 .new
3745 .vitem &%-L%&&~<&'tag'&>
3746 .oindex "&%-L%&"
3747 .cindex "syslog" "process name; set with flag"
3748 This option is equivalent to setting &%syslog_processname%& in the config
3749 file and setting &%log_file_path%& to &`syslog`&.
3750 Its use is restricted to administrators. The configuration file has to be
3751 read and parsed, to determine access rights, before this is set and takes
3752 effect, so early configuration file errors will not honour this flag.
3754 The tag should not be longer than 32 characters.
3755 .wen
3757 .vitem &%-M%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
3758 .oindex "&%-M%&"
3759 .cindex "forcing delivery"
3760 .cindex "delivery" "forcing attempt"
3761 .cindex "frozen messages" "forcing delivery"
3762 This option requests Exim to run a delivery attempt on each message in turn. If
3763 any of the messages are frozen, they are automatically thawed before the
3764 delivery attempt. The settings of &%queue_domains%&, &%queue_smtp_domains%&,
3765 and &%hold_domains%& are ignored.
3767 Retry
3768 .cindex "hints database" "overriding retry hints"
3769 hints for any of the addresses are overridden &-- Exim tries to deliver even if
3770 the normal retry time has not yet been reached. This option requires the caller
3771 to be an admin user. However, there is an option called &%prod_requires_admin%&
3772 which can be set false to relax this restriction (and also the same requirement
3773 for the &%-q%&, &%-R%&, and &%-S%& options).
3775 The deliveries happen synchronously, that is, the original Exim process does
3776 not terminate until all the delivery attempts have finished. No output is
3777 produced unless there is a serious error. If you want to see what is happening,
3778 use the &%-v%& option as well, or inspect Exim's main log.
3780 .vitem &%-Mar%&&~<&'message&~id'&>&~<&'address'&>&~<&'address'&>&~...
3781 .oindex "&%-Mar%&"
3782 .cindex "message" "adding recipients"
3783 .cindex "recipient" "adding"
3784 This option requests Exim to add the addresses to the list of recipients of the
3785 message (&"ar"& for &"add recipients"&). The first argument must be a message
3786 id, and the remaining ones must be email addresses. However, if the message is
3787 active (in the middle of a delivery attempt), it is not altered. This option
3788 can be used only by an admin user.
3790 .vitem "&%-MC%&&~<&'transport'&>&~<&'hostname'&>&~<&'sequence&~number'&>&&&
3791 &~<&'message&~id'&>"
3792 .oindex "&%-MC%&"
3793 .cindex "SMTP" "passed connection"
3794 .cindex "SMTP" "multiple deliveries"
3795 .cindex "multiple SMTP deliveries"
3796 This option is not intended for use by external callers. It is used internally
3797 by Exim to invoke another instance of itself to deliver a waiting message using
3798 an existing SMTP connection, which is passed as the standard input. Details are
3799 given in chapter &<<CHAPSMTP>>&. This must be the final option, and the caller
3800 must be root or the Exim user in order to use it.
3802 .vitem &%-MCA%&
3803 .oindex "&%-MCA%&"
3804 This option is not intended for use by external callers. It is used internally
3805 by Exim in conjunction with the &%-MC%& option. It signifies that the
3806 connection to the remote host has been authenticated.
3808 .vitem &%-MCP%&
3809 .oindex "&%-MCP%&"
3810 This option is not intended for use by external callers. It is used internally
3811 by Exim in conjunction with the &%-MC%& option. It signifies that the server to
3812 which Exim is connected supports pipelining.
3814 .vitem &%-MCQ%&&~<&'process&~id'&>&~<&'pipe&~fd'&>
3815 .oindex "&%-MCQ%&"
3816 This option is not intended for use by external callers. It is used internally
3817 by Exim in conjunction with the &%-MC%& option when the original delivery was
3818 started by a queue runner. It passes on the process id of the queue runner,
3819 together with the file descriptor number of an open pipe. Closure of the pipe
3820 signals the final completion of the sequence of processes that are passing
3821 messages through the same SMTP connection.
3823 .vitem &%-MCS%&
3824 .oindex "&%-MCS%&"
3825 This option is not intended for use by external callers. It is used internally
3826 by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
3827 SMTP SIZE option should be used on messages delivered down the existing
3828 connection.
3830 .vitem &%-MCT%&
3831 .oindex "&%-MCT%&"
3832 This option is not intended for use by external callers. It is used internally
3833 by Exim in conjunction with the &%-MC%& option, and passes on the fact that the
3834 host to which Exim is connected supports TLS encryption.
3836 .vitem &%-Mc%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
3837 .oindex "&%-Mc%&"
3838 .cindex "hints database" "not overridden by &%-Mc%&"
3839 .cindex "delivery" "manually started &-- not forced"
3840 This option requests Exim to run a delivery attempt on each message in turn,
3841 but unlike the &%-M%& option, it does check for retry hints, and respects any
3842 that are found. This option is not very useful to external callers. It is
3843 provided mainly for internal use by Exim when it needs to re-invoke itself in
3844 order to regain root privilege for a delivery (see chapter &<<CHAPsecurity>>&).
3845 However, &%-Mc%& can be useful when testing, in order to run a delivery that
3846 respects retry times and other options such as &%hold_domains%& that are
3847 overridden when &%-M%& is used. Such a delivery does not count as a queue run.
3848 If you want to run a specific delivery as if in a queue run, you should use
3849 &%-q%& with a message id argument. A distinction between queue run deliveries
3850 and other deliveries is made in one or two places.
3852 .vitem &%-Mes%&&~<&'message&~id'&>&~<&'address'&>
3853 .oindex "&%-Mes%&"
3854 .cindex "message" "changing sender"
3855 .cindex "sender" "changing"
3856 This option requests Exim to change the sender address in the message to the
3857 given address, which must be a fully qualified address or &"<>"& (&"es"& for
3858 &"edit sender"&). There must be exactly two arguments. The first argument must
3859 be a message id, and the second one an email address. However, if the message
3860 is active (in the middle of a delivery attempt), its status is not altered.
3861 This option can be used only by an admin user.
3863 .vitem &%-Mf%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
3864 .oindex "&%-Mf%&"
3865 .cindex "freezing messages"
3866 .cindex "message" "manually freezing"
3867 This option requests Exim to mark each listed message as &"frozen"&. This
3868 prevents any delivery attempts taking place until the message is &"thawed"&,
3869 either manually or as a result of the &%auto_thaw%& configuration option.
3870 However, if any of the messages are active (in the middle of a delivery
3871 attempt), their status is not altered. This option can be used only by an admin
3872 user.
3874 .vitem &%-Mg%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
3875 .oindex "&%-Mg%&"
3876 .cindex "giving up on messages"
3877 .cindex "message" "abandoning delivery attempts"
3878 .cindex "delivery" "abandoning further attempts"
3879 This option requests Exim to give up trying to deliver the listed messages,
3880 including any that are frozen. However, if any of the messages are active,
3881 their status is not altered. For non-bounce messages, a delivery error message
3882 is sent to the sender, containing the text &"cancelled by administrator"&.
3883 Bounce messages are just discarded. This option can be used only by an admin
3884 user.
3886 .vitem &%-Mmad%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
3887 .oindex "&%-Mmad%&"
3888 .cindex "delivery" "cancelling all"
3889 This option requests Exim to mark all the recipient addresses in the messages
3890 as already delivered (&"mad"& for &"mark all delivered"&). However, if any
3891 message is active (in the middle of a delivery attempt), its status is not
3892 altered. This option can be used only by an admin user.
3894 .vitem &%-Mmd%&&~<&'message&~id'&>&~<&'address'&>&~<&'address'&>&~...
3895 .oindex "&%-Mmd%&"
3896 .cindex "delivery" "cancelling by address"
3897 .cindex "recipient" "removing"
3898 .cindex "removing recipients"
3899 This option requests Exim to mark the given addresses as already delivered
3900 (&"md"& for &"mark delivered"&). The first argument must be a message id, and
3901 the remaining ones must be email addresses. These are matched to recipient
3902 addresses in the message in a case-sensitive manner. If the message is active
3903 (in the middle of a delivery attempt), its status is not altered. This option
3904 can be used only by an admin user.
3906 .vitem &%-Mrm%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
3907 .oindex "&%-Mrm%&"
3908 .cindex "removing messages"
3909 .cindex "abandoning mail"
3910 .cindex "message" "manually discarding"
3911 This option requests Exim to remove the given messages from the queue. No
3912 bounce messages are sent; each message is simply forgotten. However, if any of
3913 the messages are active, their status is not altered. This option can be used
3914 only by an admin user or by the user who originally caused the message to be
3915 placed on the queue.
3917 .vitem &%-Mset%&&~<&'message&~id'&>
3918 .oindex "&%-Mset%&
3919 .cindex "testing" "string expansion"
3920 .cindex "expansion" "testing"
3921 This option is useful only in conjunction with &%-be%& (that is, when testing
3922 string expansions). Exim loads the given message from its spool before doing
3923 the test expansions, thus setting message-specific variables such as
3924 &$message_size$& and the header variables. The &$recipients$& variable is made
3925 available. This feature is provided to make it easier to test expansions that
3926 make use of these variables. However, this option can be used only by an admin
3927 user. See also &%-bem%&.
3929 .vitem &%-Mt%&&~<&'message&~id'&>&~<&'message&~id'&>&~...
3930 .oindex "&%-Mt%&"
3931 .cindex "thawing messages"
3932 .cindex "unfreezing messages"
3933 .cindex "frozen messages" "thawing"
3934 .cindex "message" "thawing frozen"
3935 This option requests Exim to &"thaw"& any of the listed messages that are
3936 &"frozen"&, so that delivery attempts can resume. However, if any of the
3937 messages are active, their status is not altered. This option can be used only
3938 by an admin user.
3940 .vitem &%-Mvb%&&~<&'message&~id'&>
3941 .oindex "&%-Mvb%&"
3942 .cindex "listing" "message body"
3943 .cindex "message" "listing body of"
3944 This option causes the contents of the message body (-D) spool file to be
3945 written to the standard output. This option can be used only by an admin user.
3947 .vitem &%-Mvc%&&~<&'message&~id'&>
3948 .oindex "&%-Mvc%&"
3949 .cindex "message" "listing in RFC 2822 format"
3950 .cindex "listing" "message in RFC 2822 format"
3951 This option causes a copy of the complete message (header lines plus body) to
3952 be written to the standard output in RFC 2822 format. This option can be used
3953 only by an admin user.
3955 .vitem &%-Mvh%&&~<&'message&~id'&>
3956 .oindex "&%-Mvh%&"
3957 .cindex "listing" "message headers"
3958 .cindex "header lines" "listing"
3959 .cindex "message" "listing header lines"
3960 This option causes the contents of the message headers (-H) spool file to be
3961 written to the standard output. This option can be used only by an admin user.
3963 .vitem &%-Mvl%&&~<&'message&~id'&>
3964 .oindex "&%-Mvl%&"
3965 .cindex "listing" "message log"
3966 .cindex "message" "listing message log"
3967 This option causes the contents of the message log spool file to be written to
3968 the standard output. This option can be used only by an admin user.
3970 .vitem &%-m%&
3971 .oindex "&%-m%&"
3972 This is apparently a synonym for &%-om%& that is accepted by Sendmail, so Exim
3973 treats it that way too.
3975 .vitem &%-N%&
3976 .oindex "&%-N%&"
3977 .cindex "debugging" "&%-N%& option"
3978 .cindex "debugging" "suppressing delivery"
3979 This is a debugging option that inhibits delivery of a message at the transport
3980 level. It implies &%-v%&. Exim goes through many of the motions of delivery &--
3981 it just doesn't actually transport the message, but instead behaves as if it
3982 had successfully done so. However, it does not make any updates to the retry
3983 database, and the log entries for deliveries are flagged with &"*>"& rather
3984 than &"=>"&.
3986 Because &%-N%& discards any message to which it applies, only root or the Exim
3987 user are allowed to use it with &%-bd%&, &%-q%&, &%-R%& or &%-M%&. In other
3988 words, an ordinary user can use it only when supplying an incoming message to
3989 which it will apply. Although transportation never fails when &%-N%& is set, an
3990 address may be deferred because of a configuration problem on a transport, or a
3991 routing problem. Once &%-N%& has been used for a delivery attempt, it sticks to
3992 the message, and applies to any subsequent delivery attempts that may happen
3993 for that message.
3995 .vitem &%-n%&
3996 .oindex "&%-n%&"
3997 This option is interpreted by Sendmail to mean &"no aliasing"&.
3998 For normal modes of operation, it is ignored by Exim.
3999 When combined with &%-bP%& it suppresses the name of an option from being output.
4001 .vitem &%-O%&&~<&'data'&>
4002 .oindex "&%-O%&"
4003 This option is interpreted by Sendmail to mean &`set option`&. It is ignored by
4004 Exim.
4006 .vitem &%-oA%&&~<&'file&~name'&>
4007 .oindex "&%-oA%&"
4008 .cindex "Sendmail compatibility" "&%-oA%& option"
4009 This option is used by Sendmail in conjunction with &%-bi%& to specify an
4010 alternative alias file name. Exim handles &%-bi%& differently; see the
4011 description above.
4013 .vitem &%-oB%&&~<&'n'&>
4014 .oindex "&%-oB%&"
4015 .cindex "SMTP" "passed connection"
4016 .cindex "SMTP" "multiple deliveries"
4017 .cindex "multiple SMTP deliveries"
4018 This is a debugging option which limits the maximum number of messages that can
4019 be delivered down one SMTP connection, overriding the value set in any &(smtp)&
4020 transport. If <&'n'&> is omitted, the limit is set to 1.
4022 .vitem &%-odb%&
4023 .oindex "&%-odb%&"
4024 .cindex "background delivery"
4025 .cindex "delivery" "in the background"
4026 This option applies to all modes in which Exim accepts incoming messages,
4027 including the listening daemon. It requests &"background"& delivery of such
4028 messages, which means that the accepting process automatically starts a
4029 delivery process for each message received, but does not wait for the delivery
4030 processes to finish.
4032 When all the messages have been received, the reception process exits,
4033 leaving the delivery processes to finish in their own time. The standard output
4034 and error streams are closed at the start of each delivery process.
4035 This is the default action if none of the &%-od%& options are present.
4037 If one of the queueing options in the configuration file
4038 (&%queue_only%& or &%queue_only_file%&, for example) is in effect, &%-odb%&
4039 overrides it if &%queue_only_override%& is set true, which is the default
4040 setting. If &%queue_only_override%& is set false, &%-odb%& has no effect.
4042 .vitem &%-odf%&
4043 .oindex "&%-odf%&"
4044 .cindex "foreground delivery"
4045 .cindex "delivery" "in the foreground"
4046 This option requests &"foreground"& (synchronous) delivery when Exim has
4047 accepted a locally-generated message. (For the daemon it is exactly the same as
4048 &%-odb%&.) A delivery process is automatically started to deliver the message,
4049 and Exim waits for it to complete before proceeding.
4051 The original Exim reception process does not finish until the delivery
4052 process for the final message has ended. The standard error stream is left open
4053 during deliveries.
4055 However, like &%-odb%&, this option has no effect if &%queue_only_override%& is
4056 false and one of the queueing options in the configuration file is in effect.
4058 If there is a temporary delivery error during foreground delivery, the
4059 message is left on the queue for later delivery, and the original reception
4060 process exits. See chapter &<<CHAPnonqueueing>>& for a way of setting up a
4061 restricted configuration that never queues messages.
4064 .vitem &%-odi%&
4065 .oindex "&%-odi%&"
4066 This option is synonymous with &%-odf%&. It is provided for compatibility with
4067 Sendmail.
4069 .vitem &%-odq%&
4070 .oindex "&%-odq%&"
4071 .cindex "non-immediate delivery"
4072 .cindex "delivery" "suppressing immediate"
4073 .cindex "queueing incoming messages"
4074 This option applies to all modes in which Exim accepts incoming messages,
4075 including the listening daemon. It specifies that the accepting process should
4076 not automatically start a delivery process for each message received. Messages
4077 are placed on the queue, and remain there until a subsequent queue runner
4078 process encounters them. There are several configuration options (such as
4079 &%queue_only%&) that can be used to queue incoming messages under certain
4080 conditions. This option overrides all of them and also &%-odqs%&. It always
4081 forces queueing.
4083 .vitem &%-odqs%&
4084 .oindex "&%-odqs%&"
4085 .cindex "SMTP" "delaying delivery"
4086 This option is a hybrid between &%-odb%&/&%-odi%& and &%-odq%&.
4087 However, like &%-odb%& and &%-odi%&, this option has no effect if
4088 &%queue_only_override%& is false and one of the queueing options in the
4089 configuration file is in effect.
4091 When &%-odqs%& does operate, a delivery process is started for each incoming
4092 message, in the background by default, but in the foreground if &%-odi%& is
4093 also present. The recipient addresses are routed, and local deliveries are done
4094 in the normal way. However, if any SMTP deliveries are required, they are not
4095 done at this time, so the message remains on the queue until a subsequent queue
4096 runner process encounters it. Because routing was done, Exim knows which
4097 messages are waiting for which hosts, and so a number of messages for the same
4098 host can be sent in a single SMTP connection. The &%queue_smtp_domains%&
4099 configuration option has the same effect for specific domains. See also the
4100 &%-qq%& option.
4102 .vitem &%-oee%&
4103 .oindex "&%-oee%&"
4104 .cindex "error" "reporting"
4105 If an error is detected while a non-SMTP message is being received (for
4106 example, a malformed address), the error is reported to the sender in a mail
4107 message.
4109 .cindex "return code" "for &%-oee%&"
4110 Provided
4111 this error message is successfully sent, the Exim receiving process
4112 exits with a return code of zero. If not, the return code is 2 if the problem
4113 is that the original message has no recipients, or 1 for any other error.
4114 This is the default &%-oe%&&'x'& option if Exim is called as &'rmail'&.
4116 .vitem &%-oem%&
4117 .oindex "&%-oem%&"
4118 .cindex "error" "reporting"
4119 .cindex "return code" "for &%-oem%&"
4120 This is the same as &%-oee%&, except that Exim always exits with a non-zero
4121 return code, whether or not the error message was successfully sent.
4122 This is the default &%-oe%&&'x'& option, unless Exim is called as &'rmail'&.
4124 .vitem &%-oep%&
4125 .oindex "&%-oep%&"
4126 .cindex "error" "reporting"
4127 If an error is detected while a non-SMTP message is being received, the
4128 error is reported by writing a message to the standard error file (stderr).
4129 .cindex "return code" "for &%-oep%&"
4130 The return code is 1 for all errors.
4132 .vitem &%-oeq%&
4133 .oindex "&%-oeq%&"
4134 .cindex "error" "reporting"
4135 This option is supported for compatibility with Sendmail, but has the same
4136 effect as &%-oep%&.
4138 .vitem &%-oew%&
4139 .oindex "&%-oew%&"
4140 .cindex "error" "reporting"
4141 This option is supported for compatibility with Sendmail, but has the same
4142 effect as &%-oem%&.
4144 .vitem &%-oi%&
4145 .oindex "&%-oi%&"
4146 .cindex "dot" "in incoming non-SMTP message"
4147 This option, which has the same effect as &%-i%&, specifies that a dot on a
4148 line by itself should not terminate an incoming, non-SMTP message. Otherwise, a
4149 single dot does terminate, though Exim does no special processing for other
4150 lines that start with a dot. This option is set by default if Exim is called as
4151 &'rmail'&. See also &%-ti%&.
4153 .vitem &%-oitrue%&
4154 .oindex "&%-oitrue%&"
4155 This option is treated as synonymous with &%-oi%&.
4157 .vitem &%-oMa%&&~<&'host&~address'&>
4158 .oindex "&%-oMa%&"
4159 .cindex "sender" "host address, specifying for local message"
4160 A number of options starting with &%-oM%& can be used to set values associated
4161 with remote hosts on locally-submitted messages (that is, messages not received
4162 over TCP/IP). These options can be used by any caller in conjunction with the
4163 &%-bh%&, &%-be%&, &%-bf%&, &%-bF%&, &%-bt%&, or &%-bv%& testing options. In
4164 other circumstances, they are ignored unless the caller is trusted.
4166 The &%-oMa%& option sets the sender host address. This may include a port
4167 number at the end, after a full stop (period). For example:
4168 .code
4169 exim -bs -oMa
4170 .endd
4171 An alternative syntax is to enclose the IP address in square brackets,
4172 followed by a colon and the port number:
4173 .code
4174 exim -bs -oMa []:1234
4175 .endd
4176 The IP address is placed in the &$sender_host_address$& variable, and the
4177 port, if present, in &$sender_host_port$&. If both &%-oMa%& and &%-bh%&
4178 are present on the command line, the sender host IP address is taken from
4179 whichever one is last.
4181 .vitem &%-oMaa%&&~<&'name'&>
4182 .oindex "&%-oMaa%&"
4183 .cindex "authentication" "name, specifying for local message"
4184 See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMaa%&
4185 option sets the value of &$sender_host_authenticated$& (the authenticator
4186 name). See chapter &<<CHAPSMTPAUTH>>& for a discussion of SMTP authentication.
4187 This option can be used with &%-bh%& and &%-bs%& to set up an
4188 authenticated SMTP session without actually using the SMTP AUTH command.
4190 .vitem &%-oMai%&&~<&'string'&>
4191 .oindex "&%-oMai%&"
4192 .cindex "authentication" "id, specifying for local message"
4193 See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMai%&
4194 option sets the value of &$authenticated_id$& (the id that was authenticated).
4195 This overrides the default value (the caller's login id, except with &%-bh%&,
4196 where there is no default) for messages from local sources. See chapter
4197 &<<CHAPSMTPAUTH>>& for a discussion of authenticated ids.
4199 .vitem &%-oMas%&&~<&'address'&>
4200 .oindex "&%-oMas%&"
4201 .cindex "authentication" "sender, specifying for local message"
4202 See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMas%&
4203 option sets the authenticated sender value in &$authenticated_sender$&. It
4204 overrides the sender address that is created from the caller's login id for
4205 messages from local sources, except when &%-bh%& is used, when there is no
4206 default. For both &%-bh%& and &%-bs%&, an authenticated sender that is
4207 specified on a MAIL command overrides this value. See chapter
4208 &<<CHAPSMTPAUTH>>& for a discussion of authenticated senders.
4210 .vitem &%-oMi%&&~<&'interface&~address'&>
4211 .oindex "&%-oMi%&"
4212 .cindex "interface" "address, specifying for local message"
4213 See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMi%&
4214 option sets the IP interface address value. A port number may be included,
4215 using the same syntax as for &%-oMa%&. The interface address is placed in
4216 &$received_ip_address$& and the port number, if present, in &$received_port$&.
4218 .vitem &%-oMr%&&~<&'protocol&~name'&>
4219 .oindex "&%-oMr%&"
4220 .cindex "protocol, specifying for local message"
4221 .vindex "&$received_protocol$&"
4222 See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMr%&
4223 option sets the received protocol value that is stored in
4224 &$received_protocol$&. However, it does not apply (and is ignored) when &%-bh%&
4225 or &%-bs%& is used. For &%-bh%&, the protocol is forced to one of the standard
4226 SMTP protocol names (see the description of &$received_protocol$& in section
4227 &<<SECTexpvar>>&). For &%-bs%&, the protocol is always &"local-"& followed by
4228 one of those same names. For &%-bS%& (batched SMTP) however, the protocol can
4229 be set by &%-oMr%&.
4231 .vitem &%-oMs%&&~<&'host&~name'&>
4232 .oindex "&%-oMs%&"
4233 .cindex "sender" "host name, specifying for local message"
4234 See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMs%&
4235 option sets the sender host name in &$sender_host_name$&. When this option is
4236 present, Exim does not attempt to look up a host name from an IP address; it
4237 uses the name it is given.
4239 .vitem &%-oMt%&&~<&'ident&~string'&>
4240 .oindex "&%-oMt%&"
4241 .cindex "sender" "ident string, specifying for local message"
4242 See &%-oMa%& above for general remarks about the &%-oM%& options. The &%-oMt%&
4243 option sets the sender ident value in &$sender_ident$&. The default setting for
4244 local callers is the login id of the calling process, except when &%-bh%& is
4245 used, when there is no default.
4247 .vitem &%-om%&
4248 .oindex "&%-om%&"
4249 .cindex "Sendmail compatibility" "&%-om%& option ignored"
4250 In Sendmail, this option means &"me too"&, indicating that the sender of a
4251 message should receive a copy of the message if the sender appears in an alias
4252 expansion. Exim always does this, so the option does nothing.
4254 .vitem &%-oo%&
4255 .oindex "&%-oo%&"
4256 .cindex "Sendmail compatibility" "&%-oo%& option ignored"
4257 This option is ignored. In Sendmail it specifies &"old style headers"&,
4258 whatever that means.
4260 .vitem &%-oP%&&~<&'path'&>
4261 .oindex "&%-oP%&"
4262 .cindex "pid (process id)" "of daemon"
4263 .cindex "daemon" "process id (pid)"
4264 This option is useful only in conjunction with &%-bd%& or &%-q%& with a time
4265 value. The option specifies the file to which the process id of the daemon is
4266 written. When &%-oX%& is used with &%-bd%&, or when &%-q%& with a time is used
4267 without &%-bd%&, this is the only way of causing Exim to write a pid file,
4268 because in those cases, the normal pid file is not used.
4270 .vitem &%-or%&&~<&'time'&>
4271 .oindex "&%-or%&"
4272 .cindex "timeout" "for non-SMTP input"
4273 This option sets a timeout value for incoming non-SMTP messages. If it is not
4274 set, Exim will wait forever for the standard input. The value can also be set
4275 by the &%receive_timeout%& option. The format used for specifying times is
4276 described in section &<<SECTtimeformat>>&.
4278 .vitem &%-os%&&~<&'time'&>
4279 .oindex "&%-os%&"
4280 .cindex "timeout" "for SMTP input"
4281 .cindex "SMTP" "input timeout"
4282 This option sets a timeout value for incoming SMTP messages. The timeout
4283 applies to each SMTP command and block of data. The value can also be set by
4284 the &%smtp_receive_timeout%& option; it defaults to 5 minutes. The format used
4285 for specifying times is described in section &<<SECTtimeformat>>&.
4287 .vitem &%-ov%&
4288 .oindex "&%-ov%&"
4289 This option has exactly the same effect as &%-v%&.
4291 .vitem &%-oX%&&~<&'number&~or&~string'&>
4292 .oindex "&%-oX%&"
4293 .cindex "TCP/IP" "setting listening ports"
4294 .cindex "TCP/IP" "setting listening interfaces"
4295 .cindex "port" "receiving TCP/IP"
4296 This option is relevant only when the &%-bd%& (start listening daemon) option
4297 is also given. It controls which ports and interfaces the daemon uses. Details
4298 of the syntax, and how it interacts with configuration file options, are given
4299 in chapter &<<CHAPinterfaces>>&. When &%-oX%& is used to start a daemon, no pid
4300 file is written unless &%-oP%& is also present to specify a pid file name.
4302 .vitem &%-pd%&
4303 .oindex "&%-pd%&"
4304 .cindex "Perl" "starting the interpreter"
4305 This option applies when an embedded Perl interpreter is linked with Exim (see
4306 chapter &<<CHAPperl>>&). It overrides the setting of the &%perl_at_start%&
4307 option, forcing the starting of the interpreter to be delayed until it is
4308 needed.
4310 .vitem &%-ps%&
4311 .oindex "&%-ps%&"
4312 .cindex "Perl" "starting the interpreter"
4313 This option applies when an embedded Perl interpreter is linked with Exim (see
4314 chapter &<<CHAPperl>>&). It overrides the setting of the &%perl_at_start%&
4315 option, forcing the starting of the interpreter to occur as soon as Exim is
4316 started.
4318 .vitem &%-p%&<&'rval'&>:<&'sval'&>
4319 .oindex "&%-p%&"
4320 For compatibility with Sendmail, this option is equivalent to
4321 .display
4322 &`-oMr`& <&'rval'&> &`-oMs`& <&'sval'&>
4323 .endd
4324 It sets the incoming protocol and host name (for trusted callers). The
4325 host name and its colon can be omitted when only the protocol is to be set.
4326 Note the Exim already has two private options, &%-pd%& and &%-ps%&, that refer
4327 to embedded Perl. It is therefore impossible to set a protocol value of &`p`&
4328 or &`s`& using this option (but that does not seem a real limitation).
4330 .vitem &%-q%&
4331 .oindex "&%-q%&"
4332 .cindex "queue runner" "starting manually"
4333 This option is normally restricted to admin users. However, there is a
4334 configuration option called &%prod_requires_admin%& which can be set false to
4335 relax this restriction (and also the same requirement for the &%-M%&, &%-R%&,
4336 and &%-S%& options).
4338 .cindex "queue runner" "description of operation"
4339 The &%-q%& option starts one queue runner process. This scans the queue of
4340 waiting messages, and runs a delivery process for each one in turn. It waits
4341 for each delivery process to finish before starting the next one. A delivery
4342 process may not actually do any deliveries if the retry times for the addresses
4343 have not been reached. Use &%-qf%& (see below) if you want to override this.
4345 If
4346 .cindex "SMTP" "passed connection"
4347 .cindex "SMTP" "multiple deliveries"
4348 .cindex "multiple SMTP deliveries"
4349 the delivery process spawns other processes to deliver other messages down
4350 passed SMTP connections, the queue runner waits for these to finish before
4351 proceeding.
4353 When all the queued messages have been considered, the original queue runner
4354 process terminates. In other words, a single pass is made over the waiting
4355 mail, one message at a time. Use &%-q%& with a time (see below) if you want
4356 this to be repeated periodically.
4358 Exim processes the waiting messages in an unpredictable order. It isn't very
4359 random, but it is likely to be different each time, which is all that matters.
4360 If one particular message screws up a remote MTA, other messages to the same
4361 MTA have a chance of getting through if they get tried first.
4363 It is possible to cause the messages to be processed in lexical message id
4364 order, which is essentially the order in which they arrived, by setting the
4365 &%queue_run_in_order%& option, but this is not recommended for normal use.
4367 .vitem &%-q%&<&'qflags'&>
4368 The &%-q%& option may be followed by one or more flag letters that change its
4369 behaviour. They are all optional, but if more than one is present, they must
4370 appear in the correct order. Each flag is described in a separate item below.
4372 .vitem &%-qq...%&
4373 .oindex "&%-qq%&"
4374 .cindex "queue" "double scanning"
4375 .cindex "queue" "routing"
4376 .cindex "routing" "whole queue before delivery"
4377 An option starting with &%-qq%& requests a two-stage queue run. In the first
4378 stage, the queue is scanned as if the &%queue_smtp_domains%& option matched
4379 every domain. Addresses are routed, local deliveries happen, but no remote
4380 transports are run.
4382 .cindex "hints database" "remembering routing"
4383 The hints database that remembers which messages are waiting for specific hosts
4384 is updated, as if delivery to those hosts had been deferred. After this is
4385 complete, a second, normal queue scan happens, with routing and delivery taking
4386 place as normal. Messages that are routed to the same host should mostly be
4387 delivered down a single SMTP
4388 .cindex "SMTP" "passed connection"
4389 .cindex "SMTP" "multiple deliveries"
4390 .cindex "multiple SMTP deliveries"
4391 connection because of the hints that were set up during the first queue scan.
4392 This option may be useful for hosts that are connected to the Internet
4393 intermittently.
4395 .vitem &%-q[q]i...%&
4396 .oindex "&%-qi%&"
4397 .cindex "queue" "initial delivery"
4398 If the &'i'& flag is present, the queue runner runs delivery processes only for
4399 those messages that haven't previously been tried. (&'i'& stands for &"initial
4400 delivery"&.) This can be helpful if you are putting messages on the queue using
4401 &%-odq%& and want a queue runner just to process the new messages.
4403 .vitem &%-q[q][i]f...%&
4404 .oindex "&%-qf%&"
4405 .cindex "queue" "forcing delivery"
4406 .cindex "delivery" "forcing in queue run"
4407 If one &'f'& flag is present, a delivery attempt is forced for each non-frozen
4408 message, whereas without &'f'& only those non-frozen addresses that have passed
4409 their retry times are tried.
4411 .vitem &%-q[q][i]ff...%&
4412 .oindex "&%-qff%&"
4413 .cindex "frozen messages" "forcing delivery"
4414 If &'ff'& is present, a delivery attempt is forced for every message, whether
4415 frozen or not.
4417 .vitem &%-q[q][i][f[f]]l%&
4418 .oindex "&%-ql%&"
4419 .cindex "queue" "local deliveries only"
4420 The &'l'& (the letter &"ell"&) flag specifies that only local deliveries are to
4421 be done. If a message requires any remote deliveries, it remains on the queue
4422 for later delivery.
4424 .vitem &%-q%&<&'qflags'&>&~<&'start&~id'&>&~<&'end&~id'&>
4425 .cindex "queue" "delivering specific messages"
4426 When scanning the queue, Exim can be made to skip over messages whose ids are
4427 lexically less than a given value by following the &%-q%& option with a
4428 starting message id. For example:
4429 .code
4430 exim -q 0t5C6f-0000c8-00
4431 .endd
4432 Messages that arrived earlier than &`0t5C6f-0000c8-00`& are not inspected. If a
4433 second message id is given, messages whose ids are lexically greater than it
4434 are also skipped. If the same id is given twice, for example,
4435 .code
4436 exim -q 0t5C6f-0000c8-00 0t5C6f-0000c8-00
4437 .endd
4438 just one delivery process is started, for that message. This differs from
4439 &%-M%& in that retry data is respected, and it also differs from &%-Mc%& in
4440 that it counts as a delivery from a queue run. Note that the selection
4441 mechanism does not affect the order in which the messages are scanned. There
4442 are also other ways of selecting specific sets of messages for delivery in a
4443 queue run &-- see &%-R%& and &%-S%&.
4445 .vitem &%-q%&<&'qflags'&><&'time'&>
4446 .cindex "queue runner" "starting periodically"
4447 .cindex "periodic queue running"
4448 When a time value is present, the &%-q%& option causes Exim to run as a daemon,
4449 starting a queue runner process at intervals specified by the given time value
4450 (whose format is described in section &<<SECTtimeformat>>&). This form of the
4451 &%-q%& option is commonly combined with the &%-bd%& option, in which case a
4452 single daemon process handles both functions. A common way of starting up a
4453 combined daemon at system boot time is to use a command such as
4454 .code
4455 /usr/exim/bin/exim -bd -q30m
4456 .endd
4457 Such a daemon listens for incoming SMTP calls, and also starts a queue runner
4458 process every 30 minutes.
4460 When a daemon is started by &%-q%& with a time value, but without &%-bd%&, no
4461 pid file is written unless one is explicitly requested by the &%-oP%& option.
4463 .vitem &%-qR%&<&'rsflags'&>&~<&'string'&>
4464 .oindex "&%-qR%&"
4465 This option is synonymous with &%-R%&. It is provided for Sendmail
4466 compatibility.
4468 .vitem &%-qS%&<&'rsflags'&>&~<&'string'&>
4469 .oindex "&%-qS%&"
4470 This option is synonymous with &%-S%&.
4472 .vitem &%-R%&<&'rsflags'&>&~<&'string'&>
4473 .oindex "&%-R%&"
4474 .cindex "queue runner" "for specific recipients"
4475 .cindex "delivery" "to given domain"
4476 .cindex "domain" "delivery to"
4477 The <&'rsflags'&> may be empty, in which case the white space before the string
4478 is optional, unless the string is &'f'&, &'ff'&, &'r'&, &'rf'&, or &'rff'&,
4479 which are the possible values for <&'rsflags'&>. White space is required if
4480 <&'rsflags'&> is not empty.
4482 This option is similar to &%-q%& with no time value, that is, it causes Exim to
4483 perform a single queue run, except that, when scanning the messages on the
4484 queue, Exim processes only those that have at least one undelivered recipient
4485 address containing the given string, which is checked in a case-independent
4486 way. If the <&'rsflags'&> start with &'r'&, <&'string'&> is interpreted as a
4487 regular expression; otherwise it is a literal string.
4489 If you want to do periodic queue runs for messages with specific recipients,
4490 you can combine &%-R%& with &%-q%& and a time value. For example:
4491 .code
4492 exim -q25m -R @special.domain.example
4493 .endd
4494 This example does a queue run for messages with recipients in the given domain
4495 every 25 minutes. Any additional flags that are specified with &%-q%& are
4496 applied to each queue run.
4498 Once a message is selected for delivery by this mechanism, all its addresses
4499 are processed. For the first selected message, Exim overrides any retry
4500 information and forces a delivery attempt for each undelivered address. This
4501 means that if delivery of any address in the first message is successful, any
4502 existing retry information is deleted, and so delivery attempts for that
4503 address in subsequently selected messages (which are processed without forcing)
4504 will run. However, if delivery of any address does not succeed, the retry
4505 information is updated, and in subsequently selected messages, the failing
4506 address will be skipped.
4508 .cindex "frozen messages" "forcing delivery"
4509 If the <&'rsflags'&> contain &'f'& or &'ff'&, the delivery forcing applies to
4510 all selected messages, not just the first; frozen messages are included when
4511 &'ff'& is present.
4513 The &%-R%& option makes it straightforward to initiate delivery of all messages
4514 to a given domain after a host has been down for some time. When the SMTP
4515 command ETRN is accepted by its ACL (see chapter &<<CHAPACL>>&), its default
4516 effect is to run Exim with the &%-R%& option, but it can be configured to run
4517 an arbitrary command instead.
4519 .vitem &%-r%&
4520 .oindex "&%-r%&"
4521 This is a documented (for Sendmail) obsolete alternative name for &%-f%&.
4523 .vitem &%-S%&<&'rsflags'&>&~<&'string'&>
4524 .oindex "&%-S%&"
4525 .cindex "delivery" "from given sender"
4526 .cindex "queue runner" "for specific senders"
4527 This option acts like &%-R%& except that it checks the string against each
4528 message's sender instead of against the recipients. If &%-R%& is also set, both
4529 conditions must be met for a message to be selected. If either of the options
4530 has &'f'& or &'ff'& in its flags, the associated action is taken.
4532 .vitem &%-Tqt%&&~<&'times'&>
4533 .oindex "&%-Tqt%&"
4534 This is an option that is exclusively for use by the Exim testing suite. It is not
4535 recognized when Exim is run normally. It allows for the setting up of explicit
4536 &"queue times"& so that various warning/retry features can be tested.
4538 .vitem &%-t%&
4539 .oindex "&%-t%&"
4540 .cindex "recipient" "extracting from header lines"
4541 .cindex "&'Bcc:'& header line"
4542 .cindex "&'Cc:'& header line"
4543 .cindex "&'To:'& header line"
4544 When Exim is receiving a locally-generated, non-SMTP message on its standard
4545 input, the &%-t%& option causes the recipients of the message to be obtained
4546 from the &'To:'&, &'Cc:'&, and &'Bcc:'& header lines in the message instead of
4547 from the command arguments. The addresses are extracted before any rewriting
4548 takes place and the &'Bcc:'& header line, if present, is then removed.
4550 .cindex "Sendmail compatibility" "&%-t%& option"
4551 If the command has any arguments, they specify addresses to which the message
4552 is &'not'& to be delivered. That is, the argument addresses are removed from
4553 the recipients list obtained from the headers. This is compatible with Smail 3
4554 and in accordance with the documented behaviour of several versions of
4555 Sendmail, as described in man pages on a number of operating systems (e.g.
4556 Solaris 8, IRIX 6.5, HP-UX 11). However, some versions of Sendmail &'add'&
4557 argument addresses to those obtained from the headers, and the O'Reilly
4558 Sendmail book documents it that way. Exim can be made to add argument addresses
4559 instead of subtracting them by setting the option
4560 &%extract_addresses_remove_arguments%& false.
4562 .cindex "&%Resent-%& header lines" "with &%-t%&"
4563 If there are any &%Resent-%& header lines in the message, Exim extracts
4564 recipients from all &'Resent-To:'&, &'Resent-Cc:'&, and &'Resent-Bcc:'& header
4565 lines instead of from &'To:'&, &'Cc:'&, and &'Bcc:'&. This is for compatibility
4566 with Sendmail and other MTAs. (Prior to release 4.20, Exim gave an error if
4567 &%-t%& was used in conjunction with &%Resent-%& header lines.)
4569 RFC 2822 talks about different sets of &%Resent-%& header lines (for when a
4570 message is resent several times). The RFC also specifies that they should be
4571 added at the front of the message, and separated by &'Received:'& lines. It is
4572 not at all clear how &%-t%& should operate in the present of multiple sets,
4573 nor indeed exactly what constitutes a &"set"&.
4574 In practice, it seems that MUAs do not follow the RFC. The &%Resent-%& lines
4575 are often added at the end of the header, and if a message is resent more than
4576 once, it is common for the original set of &%Resent-%& headers to be renamed as
4577 &%X-Resent-%& when a new set is added. This removes any possible ambiguity.
4579 .vitem &%-ti%&
4580 .oindex "&%-ti%&"
4581 This option is exactly equivalent to &%-t%& &%-i%&. It is provided for
4582 compatibility with Sendmail.
4584 .vitem &%-tls-on-connect%&
4585 .oindex "&%-tls-on-connect%&"
4586 .cindex "TLS" "use without STARTTLS"
4587 .cindex "TLS" "automatic start"
4588 This option is available when Exim is compiled with TLS support. It forces all
4589 incoming SMTP connections to behave as if the incoming port is listed in the
4590 &%tls_on_connect_ports%& option. See section &<<SECTsupobssmt>>& and chapter
4591 &<<CHAPTLS>>& for further details.
4594 .vitem &%-U%&
4595 .oindex "&%-U%&"
4596 .cindex "Sendmail compatibility" "&%-U%& option ignored"
4597 Sendmail uses this option for &"initial message submission"&, and its
4598 documentation states that in future releases, it may complain about
4599 syntactically invalid messages rather than fixing them when this flag is not
4600 set. Exim ignores this option.
4602 .vitem &%-v%&
4603 .oindex "&%-v%&"
4604 This option causes Exim to write information to the standard error stream,
4605 describing what it is doing. In particular, it shows the log lines for
4606 receiving and delivering a message, and if an SMTP connection is made, the SMTP
4607 dialogue is shown. Some of the log lines shown may not actually be written to
4608 the log if the setting of &%log_selector%& discards them. Any relevant
4609 selectors are shown with each log line. If none are shown, the logging is
4610 unconditional.
4612 .vitem &%-x%&
4613 .oindex "&%-x%&"
4614 AIX uses &%-x%& for a private purpose (&"mail from a local mail program has
4615 National Language Support extended characters in the body of the mail item"&).
4616 It sets &%-x%& when calling the MTA from its &%mail%& command. Exim ignores
4617 this option.
4619 .new
4620 .vitem &%-X%&&~<&'logfile'&>
4621 .oindex "&%-X%&"
4622 This option is interpreted by Sendmail to cause debug information to be sent
4623 to the named file. It is ignored by Exim.
4624 .wen
4625 .endlist
4627 .ecindex IIDclo1
4628 .ecindex IIDclo2
4631 . ////////////////////////////////////////////////////////////////////////////
4632 . Insert a stylized DocBook comment here, to identify the end of the command
4633 . line options. This is for the benefit of the Perl script that automatically
4634 . creates a man page for the options.
4635 . ////////////////////////////////////////////////////////////////////////////
4637 .literal xml
4638 <!-- === End of command line options === -->
4639 .literal off
4645 . ////////////////////////////////////////////////////////////////////////////
4646 . ////////////////////////////////////////////////////////////////////////////
4649 .chapter "The Exim run time configuration file" "CHAPconf" &&&
4650 "The runtime configuration file"
4652 .cindex "run time configuration"
4653 .cindex "configuration file" "general description"
4654 .cindex "CONFIGURE_FILE"
4655 .cindex "configuration file" "errors in"
4656 .cindex "error" "in configuration file"
4657 .cindex "return code" "for bad configuration"
4658 Exim uses a single run time configuration file that is read whenever an Exim
4659 binary is executed. Note that in normal operation, this happens frequently,
4660 because Exim is designed to operate in a distributed manner, without central
4661 control.
4663 If a syntax error is detected while reading the configuration file, Exim
4664 writes a message on the standard error, and exits with a non-zero return code.
4665 The message is also written to the panic log. &*Note*&: Only simple syntax
4666 errors can be detected at this time. The values of any expanded options are
4667 not checked until the expansion happens, even when the expansion does not
4668 actually alter the string.
4670 The name of the configuration file is compiled into the binary for security
4671 reasons, and is specified by the CONFIGURE_FILE compilation option. In
4672 most configurations, this specifies a single file. However, it is permitted to
4673 give a colon-separated list of file names, in which case Exim uses the first
4674 existing file in the list.
4676 .cindex "EXIM_USER"
4677 .cindex "EXIM_GROUP"
4678 .cindex "CONFIGURE_OWNER"
4679 .cindex "CONFIGURE_GROUP"
4680 .cindex "configuration file" "ownership"
4681 .cindex "ownership" "configuration file"
4682 The run time configuration file must be owned by root or by the user that is
4683 specified at compile time by the CONFIGURE_OWNER option (if set). The
4684 configuration file must not be world-writeable, or group-writeable unless its
4685 group is the root group or the one specified at compile time by the
4686 CONFIGURE_GROUP option.
4688 &*Warning*&: In a conventional configuration, where the Exim binary is setuid
4689 to root, anybody who is able to edit the run time configuration file has an
4690 easy way to run commands as root. If you specify a user or group in the
4691 CONFIGURE_OWNER or CONFIGURE_GROUP options, then that user and/or any users
4692 who are members of that group will trivially be able to obtain root privileges.
4694 Up to Exim version 4.72, the run time configuration file was also permitted to
4695 be writeable by the Exim user and/or group. That has been changed in Exim 4.73
4696 since it offered a simple privilege escalation for any attacker who managed to
4697 compromise the Exim user account.
4699 A default configuration file, which will work correctly in simple situations,
4700 is provided in the file &_src/configure.default_&. If CONFIGURE_FILE
4701 defines just one file name, the installation process copies the default
4702 configuration to a new file of that name if it did not previously exist. If
4703 CONFIGURE_FILE is a list, no default is automatically installed. Chapter
4704 &<<CHAPdefconfil>>& is a &"walk-through"& discussion of the default
4705 configuration.
4709 .section "Using a different configuration file" "SECID40"
4710 .cindex "configuration file" "alternate"
4711 A one-off alternate configuration can be specified by the &%-C%& command line
4712 option, which may specify a single file or a list of files. However, when
4713 &%-C%& is used, Exim gives up its root privilege, unless called by root (or
4714 unless the argument for &%-C%& is identical to the built-in value from
4715 CONFIGURE_FILE), or is listed in the TRUSTED_CONFIG_LIST file and the caller
4716 is the Exim user or the user specified in the CONFIGURE_OWNER setting. &%-C%&
4717 is useful mainly for checking the syntax of configuration files before
4718 installing them. No owner or group checks are done on a configuration file
4719 specified by &%-C%&, if root privilege has been dropped.
4721 Even the Exim user is not trusted to specify an arbitrary configuration file
4722 with the &%-C%& option to be used with root privileges, unless that file is
4723 listed in the TRUSTED_CONFIG_LIST file. This locks out the possibility of
4724 testing a configuration using &%-C%& right through message reception and
4725 delivery, even if the caller is root. The reception works, but by that time,
4726 Exim is running as the Exim user, so when it re-execs to regain privilege for
4727 the delivery, the use of &%-C%& causes privilege to be lost. However, root
4728 can test reception and delivery using two separate commands (one to put a
4729 message on the queue, using &%-odq%&, and another to do the delivery, using
4730 &%-M%&).
4732 If ALT_CONFIG_PREFIX is defined &_in Local/Makefile_&, it specifies a
4733 prefix string with which any file named in a &%-C%& command line option must
4734 start. In addition, the file name must not contain the sequence &"&`/../`&"&.
4735 There is no default setting for ALT_CONFIG_PREFIX; when it is unset, any file
4736 name can be used with &%-C%&.
4738 One-off changes to a configuration can be specified by the &%-D%& command line
4739 option, which defines and overrides values for macros used inside the
4740 configuration file. However, like &%-C%&, the use of this option by a
4741 non-privileged user causes Exim to discard its root privilege.
4742 If DISABLE_D_OPTION is defined in &_Local/Makefile_&, the use of &%-D%& is
4743 completely disabled, and its use causes an immediate error exit.
4745 The WHITELIST_D_MACROS option in &_Local/Makefile_& permits the binary builder
4746 to declare certain macro names trusted, such that root privilege will not
4747 necessarily be discarded.
4748 WHITELIST_D_MACROS defines a colon-separated list of macros which are
4749 considered safe and, if &%-D%& only supplies macros from this list, and the
4750 values are acceptable, then Exim will not give up root privilege if the caller
4751 is root, the Exim run-time user, or the CONFIGURE_OWNER, if set. This is a
4752 transition mechanism and is expected to be removed in the future. Acceptable
4753 values for the macros satisfy the regexp: &`^[A-Za-z0-9_/.-]*$`&
4755 Some sites may wish to use the same Exim binary on different machines that
4756 share a file system, but to use different configuration files on each machine.
4757 If CONFIGURE_FILE_USE_NODE is defined in &_Local/Makefile_&, Exim first
4758 looks for a file whose name is the configuration file name followed by a dot
4759 and the machine's node name, as obtained from the &[uname()]& function. If this
4760 file does not exist, the standard name is tried. This processing occurs for
4761 each file name in the list given by CONFIGURE_FILE or &%-C%&.
4763 In some esoteric situations different versions of Exim may be run under
4764 different effective uids and the CONFIGURE_FILE_USE_EUID is defined to
4765 help with this. See the comments in &_src/EDITME_& for details.
4769 .section "Configuration file format" "SECTconffilfor"
4770 .cindex "configuration file" "format of"
4771 .cindex "format" "configuration file"
4772 Exim's configuration file is divided into a number of different parts. General
4773 option settings must always appear at the start of the file. The other parts
4774 are all optional, and may appear in any order. Each part other than the first
4775 is introduced by the word &"begin"& followed by the name of the part. The
4776 optional parts are:
4778 .ilist
4779 &'ACL'&: Access control lists for controlling incoming SMTP mail (see chapter
4780 &<<CHAPACL>>&).
4781 .next
4782 .cindex "AUTH" "configuration"
4783 &'authenticators'&: Configuration settings for the authenticator drivers. These
4784 are concerned with the SMTP AUTH command (see chapter &<<CHAPSMTPAUTH>>&).
4785 .next
4786 &'routers'&: Configuration settings for the router drivers. Routers process
4787 addresses and determine how the message is to be delivered (see chapters
4788 &<<CHAProutergeneric>>&&--&<<CHAPredirect>>&).
4789 .next
4790 &'transports'&: Configuration settings for the transport drivers. Transports
4791 define mechanisms for copying messages to destinations (see chapters
4792 &<<CHAPtransportgeneric>>&&--&<<CHAPsmtptrans>>&).
4793 .next
4794 &'retry'&: Retry rules, for use when a message cannot be delivered immediately.
4795 If there is no retry section, or if it is empty (that is, no retry rules are
4796 defined), Exim will not retry deliveries. In this situation, temporary errors
4797 are treated the same as permanent errors. Retry rules are discussed in chapter
4798 &<<CHAPretry>>&.
4799 .next
4800 &'rewrite'&: Global address rewriting rules, for use when a message arrives and
4801 when new addresses are generated during delivery. Rewriting is discussed in
4802 chapter &<<CHAPrewrite>>&.
4803 .next
4804 &'local_scan'&: Private options for the &[local_scan()]& function. If you
4805 want to use this feature, you must set