Exim Internet Mailer

Specification of the Exim Mail Transfer Agent

Copyright © 2020 University of Cambridge
Revision 4.94-RC999 - 12 Nov 2020

• 1. Introduction
  • 1. Exim documentation
  • 2. FTP site and websites
  • 3. Mailing lists
  • 4. Bug reports
  • 5. Where to find the Exim distribution
  • 6. Limitations
  • 7. Runtime configuration
  • 8. Calling interface
  • 9. Terminology
• 2. Incorporated code
• 3. How Exim receives and delivers mail
  • 1. Overall philosophy
  • 2. Policy control
  • 3. User filters
  • 4. Message identification
  • 5. Receiving mail
  • 6. Handling an incoming message
  • 7. Life of a message
  • 8. Processing an address for delivery
  • 9. Processing an address for verification
  • 10. Running an individual router
  • 11. Duplicate addresses
  • 12. Router preconditions
  • 13. Delivery in detail
  • 14. Retry mechanism
  • 15. Temporary delivery failure
  • 16. Permanent delivery failure
  • 17. Failures to deliver bounce messages
• 4. Building and installing Exim
  • 1. Unpacking
  • 2. Multiple machine architectures and operating systems
  • 3. PCRE library
  • 4. DBM libraries
  • 5. Pre-building configuration
  • 6. Support for iconv()
  • 7. Including TLS/SSL encryption support
  • 8. Use of tcpwrappers
  • 9. Including support for IPv6
  • 10. Dynamically loaded lookup module support
  • 11. The building process
  • 12. Output from “make”
  • 13. Overriding build-time options for Exim
  • 14. OS-specific header files
  • 15. Overriding build-time options for the monitor
  • 16. Installing Exim binaries and scripts
  • 17. Installing info documentation
  • 18. Setting up the spool directory
  • 19. Testing
  • 20. Replacing another MTA with Exim
  • 21. Upgrading Exim
  • 22. Stopping the Exim daemon on Solaris
• 5. The Exim command line
  • 1. Setting options by program name
  • 2. Trusted and admin users
  • 3. Command line options
• 6. The Exim runtime configuration file
  • 1. Using a different configuration file
  • 2. Configuration file format
  • 3. File inclusions in the configuration file
  • 4. Macros in the configuration file
  • 5. Macro substitution
  • 6. Redefining macros
  • 7. Overriding macro values
  • 8. Example of macro usage
  • 9. Builtin macros
  • 10. Conditional skips in the configuration file
  • 11. Common option syntax
  • 12. Boolean options
  • 13. Integer values
  • 14. Octal integer values
  • 15. Fixed point numbers
  • 16. Time intervals
  • 17. String values
  • 18. Expanded strings
  • 19. User and group names
  • 20. List construction
  • 21. Changing list separators
  • 22. Empty items in lists
  • 23. Format of driver configurations
• 7. The default configuration file
  • 1. Macros
  • 2. Main configuration settings
  • 3. ACL configuration
  • 4. Router configuration
  • 5. Transport configuration
  • 6. Default retry rule
  • 7. Rewriting configuration
  • 8. Authenticators configuration
• 8. Regular expressions
• 9. File and database lookups
  • 1. Examples of different lookup syntax
  • 2. Lookup types
  • 3. Single-key lookup types
  • 4. Query-style lookup types
  • 5. Temporary errors in lookups
  • 6. Default values in single-key lookups
  • 7. Partial matching in single-key lookups
  • 8. Lookup caching
  • 9. Quoting lookup data
  • 10. More about dnsdb
  • 11. Dnsdb lookup modifiers
  • 12. Pseudo dnsdb record types
  • 13. Multiple dnsdb lookups
  • 14. More about LDAP
  • 15. Format of LDAP queries
  • 16. LDAP quoting
  • 17. LDAP connections
  • 18. LDAP authentication and control information
  • 19. Format of data returned by LDAP
  • 20. More about NIS+
  • 21. SQL lookups
  • 22. More about MySQL, PostgreSQL, Oracle, InterBase, and Redis
  • 23. Specifying the server in the query
  • 24. Special MySQL features
  • 25. Special PostgreSQL features
  • 26. More about SQLite
  • 27. More about Redis
• 10. Domain, host, address, and local part lists
  • 1. Expansion of lists
  • 2. Negated items in lists
  • 3. File names in lists
  • 4. An lsearch file is not an out-of-line list
  • 5. Results of list checking
  • 6. Named lists
  • 7. Named lists compared with macros
  • 8. Named list caching
  • 9. Domain lists
  • 10. Host lists
  • 11. Special host list patterns
  • 12. Host list patterns that match by IP address
  • 13. Host list patterns for single-key lookups by host address
  • 14. Host list patterns that match by host name
  • 15. Behaviour when an IP address or name cannot be found
  • 16. Mixing wildcarded host names and addresses in host lists
  • 17. Temporary DNS errors when looking up host information
  • 18. Host list patterns for single-key lookups by host name
  • 19. Host list patterns for query-style lookups
  • 20. Address lists
  • 21. Case of letters in address lists
  • 22. Local part lists
• 11. String expansions
  • 1. Literal text in expanded strings
  • 2. Character escape sequences in expanded strings
  • 3. Testing string expansions
  • 4. Forced expansion failure
  • 5. Expansion items
  • 6. Expansion operators
  • 7. Expansion conditions
  • 8. Combining expansion conditions
  • 9. Expansion variables
• 12. Embedded Perl
  • 1. Setting up so Perl can be used
  • 2. Calling Perl subroutines
  • 3. Calling Exim functions from Perl
  • 4. Use of standard output and error by Perl
• 13. Starting the daemon and the use of network interfaces
  • 1. Starting a listening daemon
  • 2. Special IP listening addresses
  • 3. Overriding local_interfaces and daemon_smtp_ports
  • 4. Support for the submissions (aka SSMTP or SMTPS) protocol
  • 5. IPv6 address scopes
  • 6. Disabling IPv6
  • 7. Examples of starting a listening daemon
  • 8. Recognizing the local host
  • 9. Delivering to a remote host
• 14. Main configuration
  • 1. Miscellaneous
  • 2. Exim parameters
  • 3. Privilege controls
  • 4. Logging
  • 5. Frozen messages
  • 6. Data lookups
  • 7. Message ids
  • 8. Embedded Perl Startup
  • 9. Daemon
  • 10. Resource control
  • 11. Policy controls
  • 12. Callout cache
  • 13. TLS
  • 14. Local user handling
  • 15. All incoming messages (SMTP and non-SMTP)
  • 16. Non-SMTP incoming messages
  • 17. Incoming SMTP messages
  • 18. SMTP extensions
  • 19. Processing messages
  • 20. System filter
  • 21. Routing and delivery
  • 22. Bounce and warning messages
  • 23. Alphabetical list of main options
• 15. Generic options for routers
• 16. The accept router
• 17. The dnslookup router
  • 1. Problems with DNS lookups
  • 2. Declining addresses by dnslookup
  • 3. Private options for dnslookup
  • 4. Effect of qualify_single and search_parents
• 18. The ipliteral router
• 19. The iplookup router
• 20. The manualroute router
  • 1. Private options for manualroute
  • 2. Routing rules in route_list
  • 3. Routing rules in route_data
  • 4. Format of the list of hosts
  • 5. Format of one host item
  • 6. How the list of hosts is used
  • 7. How the options are used
  • 8. Manualroute examples
• 21. The queryprogram router
• 22. The redirect router
  • 1. Redirection data
  • 2. Forward files and address verification
  • 3. Interpreting redirection data
  • 4. Items in a non-filter redirection list
  • 5. Redirecting to a local mailbox
  • 6. Special items in redirection lists
  • 7. Duplicate addresses
  • 8. Repeated redirection expansion
  • 9. Errors in redirection lists
  • 10. Private options for the redirect router
• 23. Environment for running local transports
  • 1. Concurrent deliveries
  • 2. Uids and gids
  • 3. Current and home directories
  • 4. Expansion variables derived from the address
• 24. Generic options for transports
• 25. Address batching in local transports
• 26. The appendfile transport
  • 1. The file and directory options
  • 2. Private options for appendfile
  • 3. Operational details for appending
  • 4. Operational details for delivery to a new file
  • 5. Maildir delivery
  • 6. Using tags to record message sizes
  • 7. Using a maildirsize file
  • 8. Mailstore delivery
  • 9. Non-special new file delivery
• 27. The autoreply transport
  • 1. Private options for autoreply
• 28. The lmtp transport
• 29. The pipe transport
  • 1. Concurrent delivery
  • 2. Returned status and data
  • 3. How the command is run
  • 4. Environment variables
  • 5. Private options for pipe
  • 6. Using an external local delivery agent
• 30. The smtp transport
  • 1. Multiple messages on a single connection
  • 2. Use of the $host and $host_address variables
  • 3. Use of $tls_cipher and $tls_peerdn
  • 4. Private options for smtp
  • 5. How the limits for the number of hosts to try are used
• 31. Address rewriting
  • 1. Explicitly configured address rewriting
  • 2. When does rewriting happen?
  • 3. Testing the rewriting rules that apply on input
  • 4. Rewriting rules
  • 5. Rewriting patterns
  • 6. Rewriting replacements
  • 7. Rewriting flags
  • 8. Flags specifying which headers and envelope addresses to rewrite
  • 9. The SMTP-time rewriting flag
  • 10. Flags controlling the rewriting process
  • 11. Rewriting examples
• 32. Retry configuration
  • 1. Changing retry rules
  • 2. Format of retry rules
  • 3. Choosing which retry rule to use for address errors
  • 4. Choosing which retry rule to use for host and message errors
  • 5. Retry rules for specific errors
  • 6. Retry rules for specified senders
  • 7. Retry parameters
  • 8. Retry rule examples
  • 9. Timeout of retry data
  • 10. Long-term failures
  • 11. Deliveries that work intermittently
• 33. SMTP authentication
  • 1. Generic options for authenticators
  • 2. The AUTH parameter on MAIL commands
  • 3. Authentication on an Exim server
  • 4. Testing server authentication
  • 5. Authentication by an Exim client
• 34. The plaintext authenticator
  • 1. Avoiding cleartext use
  • 2. Plaintext server options
  • 3. Using plaintext in a server
  • 4. The PLAIN authentication mechanism
  • 5. The LOGIN authentication mechanism
  • 6. Support for different kinds of authentication
  • 7. Using plaintext in a client
• 35. The cram_md5 authenticator
  • 1. Using cram_md5 as a server
  • 2. Using cram_md5 as a client
• 36. The cyrus_sasl authenticator
  • 1. Using cyrus_sasl as a server
• 37. The dovecot authenticator
• 38. The gsasl authenticator
  • 1. gsasl auth variables
• 39. The heimdal_gssapi authenticator
  • 1. heimdal_gssapi auth variables
• 40. The spa authenticator
  • 1. Using spa as a server
  • 2. Using spa as a client
• 41. The external authenticator
  • 1. External options
  • 2. Using external in a server
  • 3. Using external in a client
• 42. The tls authenticator
• 43. Encrypted SMTP connections using TLS/SSL
  • 1. Support for the “submissions” (aka “ssmtp” and “smtps”) protocol
  • 2. OpenSSL vs GnuTLS
  • 3. GnuTLS parameter computation
  • 4. Requiring specific ciphers in OpenSSL
  • 5. Requiring specific ciphers or other parameters in GnuTLS
  • 6. Configuring an Exim server to use TLS
  • 7. Requesting and verifying client certificates
  • 8. Revoked certificates
  • 9. Caching of static server configuration items
  • 10. Configuring an Exim client to use TLS
  • 11. Caching of static client configuration items
  • 12. Use of TLS Server Name Indication
  • 13. Multiple messages on the same encrypted TCP/IP connection
  • 14. Certificates and all that
  • 15. Certificate chains
  • 16. Self-signed certificates
  • 17. TLS Resumption
  • 18. DANE
• 44. Access control lists
  • 1. Testing ACLs
  • 2. Specifying when ACLs are used
  • 3. The non-SMTP ACLs
  • 4. The SMTP connect ACL
  • 5. The EHLO/HELO ACL
  • 6. The DATA ACLs
  • 7. The SMTP DKIM ACL
  • 8. The SMTP MIME ACL
  • 9. The SMTP PRDR ACL
  • 10. The QUIT ACL
  • 11. The not-QUIT ACL
  • 12. Finding an ACL to use
  • 13. ACL return codes
  • 14. Unset ACL options
  • 15. Data for message ACLs
  • 16. Data for non-message ACLs
  • 17. Format of an ACL
  • 18. ACL verbs
  • 19. ACL variables
  • 20. Condition and modifier processing
  • 21. ACL modifiers
  • 22. Use of the control modifier
  • 23. Summary of message fixup control
  • 24. Adding header lines in ACLs
  • 25. Removing header lines in ACLs
  • 26. ACL conditions
  • 27. Using DNS lists
  • 28. Specifying the IP address for a DNS list lookup
  • 29. DNS lists keyed on domain names
  • 30. Multiple explicit keys for a DNS list
  • 31. Data returned by DNS lists
  • 32. Variables set from DNS lists
  • 33. Additional matching conditions for DNS lists
  • 34. Negated DNS matching conditions
  • 35. Handling multiple DNS records from a DNS list
  • 36. Detailed information from merged DNS lists
  • 37. DNS lists and IPv6
  • 38. Rate limiting incoming messages
  • 39. Ratelimit options for what is being measured
  • 40. Ratelimit update modes
  • 41. Ratelimit options for handling fast clients
  • 42. Limiting the rate of different events
  • 43. Using rate limiting
  • 44. Address verification
  • 45. Callout verification
  • 46. Additional parameters for callouts
  • 47. Callout caching
  • 48. Quota caching
  • 49. Sender address verification reporting
  • 50. Redirection while verifying
  • 51. Client SMTP authorization (CSA)
  • 52. Bounce address tag validation
  • 53. Using an ACL to control relaying
  • 54. Checking a relay configuration
• 45. Content scanning at ACL time
  • 1. Scanning for viruses
  • 2. Scanning with SpamAssassin and Rspamd
  • 3. Calling SpamAssassin from an Exim ACL
  • 4. Scanning MIME parts
  • 5. Scanning with regular expressions
• 46. Adding a local scan function to Exim
  • 1. Building Exim to use a local scan function
  • 2. API for local_scan()
  • 3. Configuration options for local_scan()
  • 4. Available Exim variables
  • 5. Structure of header lines
  • 6. Structure of recipient items
  • 7. Available Exim functions
  • 8. More about Exim’s memory handling
• 47. System-wide message filtering
  • 1. Specifying a system filter
  • 2. Testing a system filter
  • 3. Contents of a system filter
  • 4. Additional variable for system filters
  • 5. Defer, freeze, and fail commands for system filters
  • 6. Adding and removing headers in a system filter
  • 7. Setting an errors address in a system filter
  • 8. Per-address filtering
• 48. Message processing
  • 1. Submission mode for non-local messages
  • 2. Line endings
  • 3. Unqualified addresses
  • 4. The UUCP From line
  • 5. Resent- header lines
  • 6. The Auto-Submitted: header line
  • 7. The Bcc: header line
  • 8. The Date: header line
  • 9. The Delivery-date: header line
  • 10. The Envelope-to: header line
  • 11. The From: header line
  • 12. The Message-ID: header line
  • 13. The Received: header line
  • 14. The References: header line
  • 15. The Return-path: header line
  • 16. The Sender: header line
  • 17. Adding and removing header lines in routers and transports
  • 18. Constructed addresses
  • 19. Case of local parts
  • 20. Dots in local parts
  • 21. Rewriting addresses
• 49. SMTP processing
  • 1. Outgoing SMTP and LMTP over TCP/IP
  • 2. Errors in outgoing SMTP
  • 3. Incoming SMTP messages over TCP/IP
  • 4. Unrecognized SMTP commands
  • 5. Syntax and protocol errors in SMTP commands
  • 6. Use of non-mail SMTP commands
  • 7. The VRFY and EXPN commands
  • 8. The ETRN command
  • 9. Incoming local SMTP
  • 10. Outgoing batched SMTP
  • 11. Incoming batched SMTP
• 50. Customizing bounce and warning messages
  • 1. Customizing bounce messages
  • 2. Customizing warning messages
• 51. Some common configuration settings
  • 1. Sending mail to a smart host
  • 2. Using Exim to handle mailing lists
  • 3. Syntax errors in mailing lists
  • 4. Re-expansion of mailing lists
  • 5. Closed mailing lists
  • 6. Variable Envelope Return Paths (VERP)
  • 7. Virtual domains
  • 8. Multiple user mailboxes
  • 9. Simplified vacation processing
  • 10. Taking copies of mail
  • 11. Intermittently connected hosts
  • 12. Exim on the upstream server host
  • 13. Exim on the intermittently connected client host
• 52. Using Exim as a non-queueing client
• 53. Log files
  • 1. Where the logs are written
  • 2. Logging to local files that are periodically “cycled”
  • 3. Datestamped log files
  • 4. Logging to syslog
  • 5. Log line flags
  • 6. Logging message reception
  • 7. Logging deliveries
  • 8. Discarded deliveries
  • 9. Deferred deliveries
  • 10. Delivery failures
  • 11. Fake deliveries
  • 12. Completion
  • 13. Summary of Fields in Log Lines
  • 14. Other log entries
  • 15. Reducing or increasing what is logged
  • 16. Message log
• 54. Exim utilities
  • 1. Finding out what Exim processes are doing (exiwhat)
  • 2. Selective queue listing (exiqgrep)
  • 3. Summarizing the queue (exiqsumm)
  • 4. Extracting specific information from the log (exigrep)
  • 5. Selecting messages by various criteria (exipick)
  • 6. Cycling log files (exicyclog)
  • 7. Mail statistics (eximstats)
  • 8. Checking access policy (exim_checkaccess)
  • 9. Making DBM files (exim_dbmbuild)
  • 10. Finding individual retry times (exinext)
  • 11. Hints database maintenance
  • 12. exim_dumpdb
  • 13. exim_tidydb
  • 14. exim_fixdb
  • 15. Mailbox maintenance (exim_lock)
• 55. The Exim monitor
  • 1. Running the monitor
  • 2. The stripcharts
  • 3. Main action buttons
  • 4. The log display
  • 5. The queue display
  • 6. The queue menu
• 56. Security considerations
  • 1. Building a more “hardened” Exim
  • 2. Root privilege
  • 3. Running Exim without privilege
  • 4. Delivering to local files
  • 5. Running local commands
  • 6. Trust in configuration data
  • 7. IPv4 source routing
  • 8. The VRFY, EXPN, and ETRN commands in SMTP
  • 9. Privileged users
  • 10. Spool files
  • 11. Use of argv[0]
  • 12. Use of %f formatting
  • 13. Embedded Exim path
  • 14. Dynamic module directory
  • 15. Use of sprintf()
  • 16. Use of debug_printf() and log_write()
  • 17. Use of strcat() and strcpy()
• 57. Format of spool files
  • 1. Format of the -H file
  • 2. Format of the -D file
• 58. DKIM, SPF, SRS and DMARC
  • 1. DKIM (DomainKeys Identified Mail)
  • 2. Signing outgoing messages
  • 3. Verifying DKIM signatures in incoming mail
  • 4. SPF (Sender Policy Framework)
  • 5. SRS (Sender Rewriting Scheme)
  • 6. DMARC
• 59. Proxies
  • 1. Inbound proxies
  • 2. Outbound proxies
  • 3. Logging
• 60. Internationalisation
  • 1. MTA operations
  • 2. MDA operations
• 61. Events
• 62. Adding new drivers or lookup types
• 63. Concept Index
  • 1. Symbols
  • 2. A
  • 3. B
  • 4. C
  • 5. D
  • 6. E
  • 7. F
  • 8. G
  • 9. H
  • 10. I
  • 11. J
  • 12. K
  • 13. L
  • 14. M
  • 15. N
  • 16. O
  • 17. P
  • 18. Q
  • 19. R
  • 20. S
  • 21. T
  • 22. U
  • 23. V
  • 24. W
  • 25. X
  • 26. Z
• 64. Option Index
  • 1. Symbols
  • 2. A
  • 3. B
  • 4. C
  • 5. D
  • 6. E
  • 7. F
  • 8. G
  • 9. H
  • 10. I
  • 11. K
  • 12. L
  • 13. M
  • 14. N
  • 15. O
  • 16. P
  • 17. Q
  • 18. R
  • 19. S
  • 20. T
  • 21. U
  • 22. V
  • 23. W
• 65. Variable Index
  • 1. Symbols
  • 2. S