14. Main configuration

The first part of the run time configuration file contains three types of item:

• Macro definitions: These lines start with an upper case letter. See section 6.4 for details of macro processing.

• Named list definitions: These lines start with one of the words “domainlist”, “hostlist”, “addresslist”, or “localpartlist”. Their use is described in section 10.5.

• Main configuration settings: Each setting occupies one line of the file (with possible continuations). If any setting is preceded by the word “hide”, the -bP command line option displays its value to admin users only. See section 6.6 for a description of the syntax of these option settings.

This chapter specifies all the main configuration options, along with their types and default values. For ease of finding a particular option, they appear in alphabetical order in section 14.23 below. However, because there are now so many options, they are first listed briefly in functional groups, as an aid to finding the name of the option you are looking for. Some options are listed in more than one group.

14.1 Miscellaneous

bi_command	to run for -bi command line option
keep_malformed	for broken files – should not happen
localhost_number	for unique message ids in clusters
message_body_visible	how much to show in $message_body
mua_wrapper	run in “MUA wrapper” mode
print_topbitchars	top-bit characters are printing
timezone	force time zone

14.2 Exim parameters

exim_group	override compiled-in value
exim_path	override compiled-in value
exim_user	override compiled-in value
primary_hostname	default from uname()
split_spool_directory	use multiple directories
spool_directory	override compiled-in value

14.3 Privilege controls

admin_groups	groups that are Exim admin users
deliver_drop_privilege	drop root for delivery processes
local_from_check	insert Sender: if necessary
local_from_prefix	for testing From: for local sender
local_from_suffix	for testing From: for local sender
local_sender_retain	keep Sender: from untrusted user
never_users	do not run deliveries as these
prod_requires_admin	forced delivery requires admin user
queue_list_requires_admin	queue listing requires admin user
trusted_groups	groups that are trusted
trusted_users	users that are trusted

14.4 Logging

hosts_connection_nolog	exemption from connect logging
log_file_path	override compiled-in value
log_selector	set/unset optional logging
log_timezone	add timezone to log lines
message_logs	create per-message logs
preserve_message_logs	after message completion
process_log_path	for SIGUSR1 and exiwhat
syslog_duplication	controls duplicate log lines on syslog
syslog_facility	set syslog “facility” field
syslog_processname	set syslog “ident” field
syslog_timestamp	timestamp syslog lines
write_rejectlog	control use of message log

14.5 Frozen messages

auto_thaw	sets time for retrying frozen messages
freeze_tell	send message when freezing
move_frozen_messages	to another directory
timeout_frozen_after	keep frozen messages only so long

14.6 Data lookups

ldap_default_servers	used if no server in query
ldap_version	set protocol version
lookup_open_max	lookup files held open
mysql_servers	as it says
oracle_servers	as it says
pgsql_servers	as it says

14.7 Message ids

message_id_header_domain	used to build Message-ID: header
message_id_header_text	ditto

14.8 Embedded Perl Startup

perl_at_start	always start the interpreter
perl_startup	code to obey when starting Perl

14.9 Daemon

daemon_smtp_ports	default ports
extra_local_interfaces	not necessarily listened on
local_interfaces	on which to listen, with optional ports
pid_file_path	override compiled-in value
queue_run_max	maximum simultaneous queue runners

14.10 Resource control

check_log_inodes	before accepting a message
check_log_space	before accepting a message
check_spool_inodes	before accepting a message
check_spool_space	before accepting a message
deliver_queue_load_max	no queue deliveries if load high
queue_only_load	queue incoming if load high
queue_run_max	maximum simultaneous queue runners
remote_max_parallel	parallel SMTP delivery per message
smtp_accept_max	simultaneous incoming connections
smtp_accept_max_nommail	non-mail commands
smtp_accept_max_nonmail_hosts	hosts to which the limit applies
smtp_accept_max_per_connection	messages per connection
smtp_accept_max_per_host	connections from one host
smtp_accept_queue	queue mail if more connections
smtp_accept_queue_per_connection	queue if more messages per connection
smtp_accept_reserve	only reserve hosts if more connections
smtp_check_spool_space	from SIZE on MAIL command
smtp_connect_backlog	passed to TCP/IP stack
smtp_load_reserve	SMTP from reserved hosts if load high
smtp_reserve_hosts	these are the reserve hosts

14.11 Policy controls

acl_not_smtp	set ACL for non-SMTP messages
acl_smtp_auth	set ACL for AUTH
acl_smtp_connect	set ACL for connection
acl_smtp_data	set ACL for DATA
acl_smtp_etrn	set ACL for ETRN
acl_smtp_expn	set ACL for EXPN
acl_smtp_helo	set ACL for EHLO or HELO
acl_smtp_mail	set ACL for MAIL
acl_smtp_mailauth	set ACL for AUTH on MAIL command
acl_smtp_mime	set ACL for MIME parts
acl_smtp_predata	set ACL for start of data
acl_smtp_quit	set ACL for QUIT
acl_smtp_rcpt	set ACL for RCPT
acl_smtp_starttls	set ACL for STARTTLS
acl_smtp_vrfy	set ACL for VRFY
av_scanner	specify virus scanner
header_maxsize	total size of message header
header_line_maxsize	individual header line limit
helo_accept_junk_hosts	allow syntactic junk from these hosts
helo_allow_chars	allow illegal chars in HELO names
helo_lookup_domains	lookup hostname for these HELO names
helo_try_verify_hosts	HELO soft-checked for these hosts
helo_verify_hosts	HELO hard-checked for these hosts
host_lookup	host name looked up for these hosts
host_lookup_order	order of DNS and local name lookups
host_reject_connection	reject connection from these hosts
hosts_treat_as_local	useful in some cluster configurations
local_scan_timeout	timeout for local_scan()
message_size_limit	for all messages
percent_hack_domains	recognize %-hack for these domains
spamd_address	set interface to SpamAssassin

14.12 Callout cache

callout_domain_negative_expire	timeout for negative domain cache item
callout_domain_positive_expire	timeout for positive domain cache item
callout_negative_expire	timeout for negative address cache item
callout_positive_expire	timeout for positive address cache item
callout_random_local_part	string to use for “random” testing

14.13 TLS

tls_advertise_hosts	advertise TLS to these hosts
tls_certificate	location of server certificate
tls_crl	certificate revocation list
tls_dhparam	DH parameters for server
tls_on_connect_ports	specify SSMTP (SMTPS) ports
tls_privatekey	location of server private key
tls_remember_esmtp	don't reset after starting TLS
tls_require_ciphers	specify acceptable cipers
tls_try_verify_hosts	try to verify client certificate
tls_verify_certificates	expected client certificates
tls_verify_hosts	insist on client certificate verify

14.14 Local user handling

finduser_retries	useful in NIS environments
gecos_name	used when creating Sender:
gecos_pattern	ditto
max_username_length	for systems that truncate
unknown_login	used when no login name found
unknown_username	ditto
uucp_from_pattern	for recognizing “From ” lines
uucp_from_sender	ditto

14.15 All incoming messages (SMTP and non-SMTP)

header_maxsize	total size of message header
header_line_maxsize	individual header line limit
message_size_limit	applies to all messages
percent_hack_domains	recognize %-hack for these domains
received_header_text	expanded to make Received:
received_headers_max	for mail loop detection
recipients_max	limit per message
recipients_max_reject	permanently reject excess

14.16 Non-SMTP incoming messages

receive_timeout

for non-SMTP messages

14.17 Incoming SMTP messages

See also the Policy controls section above.

host_lookup	host name looked up for these hosts
host_lookup_order	order of DNS and local name lookups
recipient_unqualified_hosts	may send unqualified recipients
rfc1413_hosts	make ident calls to these hosts
rfc1413_query_timeout	zero disables ident calls
sender_unqualified_hosts	may send unqualified senders
smtp_accept_keepalive	some TCP/IP magic
smtp_accept_max	simultaneous incoming connections
smtp_accept_max_nommail	non-mail commands
smtp_accept_max_nonmail_hosts	hosts to which the limit applies
smtp_accept_max_per_connection	messages per connection
smtp_accept_max_per_host	connections from one host
smtp_accept_queue	queue mail if more connections
smtp_accept_queue_per_connection	queue if more messages per connection
smtp_accept_reserve	only reserve hosts if more connections
smtp_active_hostname	host name to use in messages
smtp_banner	text for welcome banner
smtp_check_spool_space	from SIZE on MAIL command
smtp_connect_backlog	passed to TCP/IP stack
smtp_enforce_sync	of SMTP command/responses
smtp_etrn_command	what to run for ETRN
smtp_etrn_serialize	only one at once
smtp_load_reserve	only reserve hosts if this load
smtp_max_unknown_commands	before dropping connection
smtp_ratelimit_hosts	apply ratelimiting to these hosts
smtp_ratelimit_mail	ratelimit for MAIL commands
smtp_ratelimit_rcpt	ratelimit for RCPT commands
smtp_receive_timeout	per command or data line
smtp_reserve_hosts	these are the reserve hosts
smtp_return_error_details	give detail on rejections

14.18 SMTP extensions

accept_8bitmime	advertise 8BITMIME
auth_advertise_hosts	advertise AUTH to these hosts
ignore_fromline_hosts	allow “From ” from these hosts
ignore_fromline_local	allow “From ” from local SMTP
pipelining_advertise_hosts	advertise pipelining to these hosts
tls_advertise_hosts	advertise TLS to these hosts

14.19 Processing messages

allow_domain_literals	recognize domain literal syntax
allow_mx_to_ip	allow MX to point to IP address
allow_utf8_domains	in addresses
delivery_date_remove	from incoming messages
envelope_to_remote	from incoming messages
extract_addresses_remove_arguments	affects -t processing
headers_charset	default for translations
qualify_domain	default for senders
qualify_recipient	default for recipients
return_path_remove	from incoming messages
strip_excess_angle_brackets	in addresses
strip_trailing_dot	at end of addresses
untrusted_set_sender	untrusted can set envelope sender

14.20 System filter

system_filter	locate system filter
system_filter_directory_transport	transport for delivery to a directory
system_filter_file_transport	transport for delivery to a file
system_filter_group	group for filter running
system_filter_pipe_transport	transport for delivery to a pipe
system_filter_reply_transport	transport for autoreply delivery
system_filter_user	user for filter running

14.21 Routing and delivery

dns_again_means_nonexist	for broken domains
dns_check_names_pattern	pre-DNS syntax check
dns_ipv4_lookup	only v4 lookup for these domains
dns_retrans	parameter for resolver
dns_retry	parameter for resolver
hold_domains	hold delivery for these domains
local_interfaces	for routing checks
queue_domains	no immediate delivery for these
queue_only	no immediate delivery at all
queue_only_file	no immediate deliveryif file exists
queue_only_load	no immediate delivery if load is high
queue_only_override	allow command line to override
queue_run_in_order	order of arrival
queue_run_max	of simultaneous queue runners
queue_smtp_domains	no immediate SMTP delivery for these
remote_max_parallel	parallel SMTP delivery per message
remote_sort_domains	order of remote deliveries
retry_data_expire	timeout for retry data
retry_interval_max	safety net for retry rules

14.22 Bounce and warning messages

bounce_message_file	content of bounce
bounce_message_text	content of bounce
bounce_return_body	include body if returning message
bounce_return_message	include original message in bounce
bounce_return_size_limit	limit on returned message
bounce_sender_authentication	send authenticated sender with bounce
errors_copy	copy bounce messages
errors_reply_to	Reply-to: in bounces
delay_warning	time schedule
delay_warning_condition	condition for warning messages
ignore_bounce_errors_after	discard undeliverable bounces
warn_message_file	content of warning message

14.23 Alphabetical list of main options

accept_8bitmime

This option causes Exim to send 8BITMIME in its response to an SMTP EHLO command, and to accept the BODY= parameter on MAIL commands. However, though Exim is 8-bit clean, it is not a protocol converter, and it takes no steps to do anything special with messages received by this route. Consequently, this option is turned off by default.

acl_not_smtp

This option defines the ACL that is run when a non-SMTP message is on the point of being accepted. See chapter 39 for further details.

acl_smtp_auth

This option defines the ACL that is run when an SMTP AUTH command is received. See chapter 39 for further details.

acl_smtp_connect

This option defines the ACL that is run when an SMTP connection is received. See chapter 39 for further details.

acl_smtp_data

This option defines the ACL that is run after an SMTP DATA command has been processed and the message itself has been received, but before the final acknowledgement is sent. See chapter 39 for further details.

acl_smtp_etrn

This option defines the ACL that is run when an SMTP ETRN command is received. See chapter 39 for further details.

acl_smtp_expn

This option defines the ACL that is run when an SMTP EXPN command is received. See chapter 39 for further details.

acl_smtp_helo

This option defines the ACL that is run when an SMTP EHLO or HELO command is received. See chapter 39 for further details.

acl_smtp_mail

This option defines the ACL that is run when an SMTP MAIL command is received. See chapter 39 for further details.

acl_smtp_mailauth

This option defines the ACL that is run when there is an AUTH parameter on a MAIL command. See chapter 39 for details of ACLs, and chapter 33 for details of authentication.

This option defines the ACL that is run when an SMTP QUIT command is received. See chapter 39 for further details.

acl_smtp_rcpt

This option defines the ACL that is run when an SMTP RCPT command is received. See chapter 39 for further details.

acl_smtp_starttls

This option defines the ACL that is run when an SMTP STARTTLS command is received. See chapter 39 for further details.

acl_smtp_vrfy

This option defines the ACL that is run when an SMTP VRFY command is received. See chapter 39 for further details.

admin_groups

If the current group or any of the supplementary groups of the caller is in this colon-separated list, the caller has admin privileges. If all your system programmers are in a specific group, for example, you can give them all Exim admin privileges by putting that group in admin_groups. However, this does not permit them to read Exim's spool files (whose group owner is the Exim gid). To permit this, you have to add individuals to the Exim group.

allow_domain_literals

If this option is set, the RFC 2822 domain literal format is permitted in email addresses. The option is not set by default, because the domain literal format is not normally required these days, and few people know about it. It has, however, been exploited by mail abusers.

Unfortunately, it seems that some DNS black list maintainers are using this format to report black listing to postmasters. If you want to accept messages addressed to your hosts by IP address, you need to set allow_domain_literals true, and also to add @[] to the list of local domains (defined in the named domain list local_domains in the default configuration). This “magic string” matches the domain literal form of all the local host's IP addresses.

allow_mx_to_ip

It appears that more and more DNS zone administrators are breaking the rules and putting domain names that look like IP addresses on the right hand side of MX records. Exim follows the rules and rejects this, giving an error message that explains the mis-configuration. However, some other MTAs support this practice, so to avoid “Why can”t Exim do this?' complaints, allow_mx_to_ip exists, in order to enable this heinous activity. It is not recommended, except when you have no other choice.

allow_utf8_domains

Lots of discussion is going on about internationalized domain names. One camp is strongly in favour of just using UTF-8 characters, and it seems that at least two other MTAs permit this. This option allows Exim users to experiment if they wish.

If it is set true, Exim's domain parsing function allows valid UTF-8 multicharacters to appear in domain name components, in addition to letters, digits, and hyphens. However, just setting this option is not enough; if you want to look up these domain names in the DNS, you must also adjust the value of dns_check_names_pattern to match the extended form. A suitable setting is:

  dns_check_names_pattern = (?i)^(?>(?(1)\.|())[a-z0-9\xc0-\xff]\
    (?>[-a-z0-9\x80-\xff]*[a-z0-9\x80-\xbf])?)+$

Alternatively, you can just disable this feature by setting

  dns_check_names_pattern =

That is, set the option to an empty string so that no check is done.

auth_advertise_hosts

If any server authentication mechanisms are configured, Exim advertises them in response to an EHLO command only if the calling host matches this list. Otherwise, Exim does not advertise AUTH. Exim does not accept AUTH commands from clients to which it has not advertised the availability of AUTH. The advertising of individual authentication mechanisms can be controlled by the use of the server_advertise_condition generic authenticator option on the individual authenticators. See chapter 33 for further details.

Certain mail clients (for example, Netscape) require the user to provide a name and password for authentication if AUTH is advertised, even though it may not be needed (the host may accept messages from hosts on its local LAN without authentication, for example). The auth_advertise_hosts option can be used to make these clients more friendly by excluding them from the set of hosts to which Exim advertises AUTH.

If you want to advertise the availability of AUTH only when the connection is encrypted using TLS, you can make use of the fact that the value of this option is expanded, with a setting like this:

  auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

If $tls_cipher is empty, the session is not encrypted, and the result of the expansion is empty, thus matching no hosts. Otherwise, the result of the expansion is *, which matches all hosts.

auto_thaw

If this option is set to a time greater than zero, a queue runner will try a new delivery attempt on any frozen message if this much time has passed since it was frozen. This may result in the message being re-frozen if nothing has changed since the last attempt. It is a way of saying “keep on trying, even though there are big problems”. See also timeout_frozen_after and ignore_bounce_errors_after.

  sophie:/var/run/sophie

If the value of av_scanner starts with dollar character, it is expanded before use. See section 40.1 for further details.

bi_command

This option supplies the name of a command that is run when Exim is called with the -bi option (see chapter 5). The string value is just the command name, it is not a complete command line. If an argument is required, it must come from the -oA command line option.

bounce_message_file

This option defines a template file containing paragraphs of text to be used for constructing bounce messages. Details of the file's contents are given in chapter 45. See also warn_message_file.

bounce_message_text

When this option is set, its contents are included in the default bounce message immediately after “This message was created automatically by mail delivery software.” It is not used if bounce_message_file is set.

bounce_return_body

This option controls whether the body of an incoming message is included in a bounce message when bounce_return_message is true. If it is not set, only the message header is included.

bounce_return_message

If this option is set false, the original message is not included in bounce messages generated by Exim. See also bounce_return_size_limit.

bounce_return_size_limit

This option sets a limit in bytes on the size of messages that are returned to senders as part of bounce messages when bounce_return_message is true. The limit should be less than the value of the global message_size_limit and of any message_size_limit settings on transports, to allow for the bounce text that Exim generates. If this option is set to zero there is no limit.

When the body of any message that is to be included in a bounce message is greater than the limit, it is truncated, and a comment pointing this out is added at the top. The actual cutoff may be greater than the value given, owing to the use of buffering for transferring the message in chunks (typically 8K in size). The idea is to save bandwidth on those undeliverable 15-megabyte messages.

bounce_sender_authentication

This option provides an authenticated sender address that is sent with any bounce messages generated by Exim that are sent over an authenticated SMTP connection. A typical setting might be:

  bounce_sender_authentication = mailer-daemon@my.domain.example

which would cause bounce messages to be sent using the SMTP command:

  MAIL FROM:<> AUTH=mailer-daemon@my.domain.example

The value of bounce_sender_authentication must always be a complete email address.

callout_domain_negative_expire

This option specifies the expiry time for negative callout cache data for a domain. See section 39.31 for details of callout verification, and section 39.33 for details of the caching.

callout_domain_positive_expire

This option specifies the expiry time for positive callout cache data for a domain. See section 39.31 for details of callout verification, and section 39.33 for details of the caching.

callout_negative_expire

This option specifies the expiry time for negative callout cache data for an address. See section 39.31 for details of callout verification, and section 39.33 for details of the caching.

callout_positive_expire

This option specifies the expiry time for positive callout cache data for an address. See section 39.31 for details of callout verification, and section 39.33 for details of the caching.

callout_random_local_part

This option defines the “random” local part that can be used as part of callout verification. The default value is

  $primary_host_name-$tod_epoch-testing

See section 39.32 for details of how this value is used.

check_log_inodes

See check_spool_space below.

check_log_space

See check_spool_space below.

check_spool_inodes

See check_spool_space below.

check_spool_space

The four check_... options allow for checking of disk resources before a message is accepted. When any of these options are set, they apply to all incoming messages. If you want to apply different checks to different kinds of message, you can do so by testing the the variables $log_inodes, $log_space, $spool_inodes, and $spool_space in an ACL with appropriate additional conditions.

check_spool_space and check_spool_inodes check the spool partition if either value is greater than zero, for example:

  check_spool_space = 10M
  check_spool_inodes = 100

The spool partition is the one that contains the directory defined by SPOOL_DIRECTORY in Local/Makefile. It is used for holding messages in transit.

check_log_space and check_log_inodes check the partition in which log files are written if either is greater than zero. These should be set only if log_file_path and spool_directory refer to different partitions.

If there is less space or fewer inodes than requested, Exim refuses to accept incoming mail. In the case of SMTP input this is done by giving a 452 temporary error response to the MAIL command. If ESMTP is in use and there was a SIZE parameter on the MAIL command, its value is added to the check_spool_space value, and the check is performed even if check_spool_space is zero, unless no_smtp_check_spool_space is set.

The values for check_spool_space and check_log_space are held as a number of kilobytes. If a non-multiple of 1024 is specified, it is rounded up.

For non-SMTP input and for batched SMTP input, the test is done at start-up; on failure a message is written to stderr and Exim exits with a non-zero code, as it obviously cannot send an error message of any kind.

daemon_smtp_ports

This option specifies one or more default SMTP ports on which the Exim daemon listens. See chapter 13 for details of how it is used. For backward compatibility, daemon_smtp_port (singular) is a synonym.

delay_warning

When a message is delayed, Exim sends a warning message to the sender at intervals specified by this option. The data is a colon-separated list of times after which to send warning messages. If the value of the option is an empty string or a zero time, no warnings are sent. Up to 10 times may be given. If a message has been on the queue for longer than the last time, the last interval between the times is used to compute subsequent warning times. For example, with

  delay_warning = 4h:8h:24h

the first message is sent after 4 hours, the second after 8 hours, and the third one after 24 hours. After that, messages are sent every 16 hours, because that is the interval between the last two times on the list. If you set just one time, it specifies the repeat interval. For example, with:

  delay_warning = 6h

messages are repeated every six hours. To stop warnings after a given time, set a very large time at the end of the list. For example:

  delay_warning = 2h:12h:99d

delay_warning_condition

The string is expanded at the time a warning message might be sent. If all the deferred addresses have the same domain, it is set in $domain during the expansion. Otherwise $domain is empty. If the result of the expansion is a forced failure, an empty string, or a string matching any of “0”, “no” or “false” (the comparison being done caselessly) then the warning message is not sent. The default is

  delay_warning_condition = \
    ${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes}}

which suppresses the sending of warnings about messages that have “bulk”, “list” or “junk” in a Precedence: header.

deliver_drop_privilege

If this option is set true, Exim drops its root privilege at the start of a delivery process, and runs as the Exim user throughout. This severely restricts the kinds of local delivery that are possible, but is viable in certain types of configuration. There is a discussion about the use of root privilege in chapter 51.

deliver_queue_load_max

When this option is set, a queue run is abandoned if the system load average becomes greater than the value of the option. The option has no effect on ancient operating systems on which Exim cannot determine the load average. See also queue_only_load and smtp_load_reserve.

delivery_date_remove

Exim's transports have an option for adding a Delivery-date: header to a message when it is delivered – in exactly the same way as Return-path: is handled. Delivery-date: records the actual time of delivery. Such headers should not be present in incoming messages, and this option causes them to be removed at the time the message is received, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.

dns_again_means_nonexist

DNS lookups give a “try again” response for the DNS errors “non-authoritative host not found” and “SERVERFAIL”. This can cause Exim to keep trying to deliver a message, or to give repeated temporary errors to incoming mail. Sometimes the effect is caused by a badly set up name server and may persist for a long time. If a domain which exhibits this problem matches anything in dns_again_means_nonexist, it is treated as if it did not exist. This option should be used with care. You can make it apply to reverse lookups by a setting such as this:

  dns_again_means_nonexist = *.in-addr.arpa

This option applies to all DNS lookups that Exim does. The dnslookup router has some options of its own for controlling what happens when lookups for MX or SRV records give temporary errors. These more specific options are applied after the global option.

dns_check_names_pattern

When this option is set to a non-empty string, it causes Exim to check domain names for illegal characters before handing them to the DNS resolver, because some resolvers give temporary errors for malformed names. If a domain name contains any illegal characters, a “not found” result is forced, and the resolver is not called. The check is done by matching the domain name against a regular expression, which is the value of this option. The default pattern is

  dns_check_names_pattern = \
    (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9-]*[^\W_])?)+$

which permits only letters, digits, and hyphens in components, but they may not start or end with a hyphen. If you set allow_utf8_domains, you must modify this pattern, or set the option to an empty string.

dns_ipv4_lookup

When Exim is compiled with IPv6 support, it looks for IPv6 address records (AAAA and, if configured, A6) as well as IPv4 address records when trying to find IP addresses for hosts, unless the host's domain matches this list.

This is a fudge to help with name servers that give big delays or otherwise do not work for the new IPv6 record types. If Exim is handed an IPv6 address record as a result of an MX lookup, it always recognizes it, and may as a result make an outgoing IPv6 connection. All this option does is to make Exim look only for IPv4-style A records when it needs to find an IP address for a host name. In due course, when the world's name servers have all been upgraded, there should be no need for this option.

dns_retrans

The options dns_retrans and dns_retry can be used to set the retransmission and retry parameters for DNS lookups. Values of zero (the defaults) leave the system default settings unchanged. The first value is the time between retries, and the second is the number of retries. It isn't totally clear exactly how these settings affect the total time a DNS lookup may take. I haven't found any documentation about timeouts on DNS lookups; these parameter values are available in the external resolver interface structure, but nowhere does it seem to describe how they are used or what you might want to set in them.

dns_retry

See dns_retrans above.

drop_cr

This is an obsolete option that is now a no-op. It used to affect the way Exim handled CR and LF characters in incoming messages. What happens now is described in section 43.2.

envelope_to_remove

Exim's transports have an option for adding an Envelope-to: header to a message when it is delivered – in exactly the same way as Return-path: is handled. Envelope-to: records the original recipient address from the messages's envelope that caused the delivery to happen. Such headers should not be present in incoming messages, and this option causes them to be removed at the time the message is received, to avoid any problems that might occur when a delivered message is subsequently sent on to some other recipient.

errors_copy

Setting this option causes Exim to send bcc copies of bounce messages that it generates to other addresses. Note: this does not apply to bounce messages coming from elsewhere. The value of the option is a colon-separated list of items. Each item consists of a pattern, terminated by white space, followed by a comma-separated list of email addresses. If a pattern contains spaces, it must be enclosed in double quotes.

Each pattern is processed in the same way as a single item in an address list (see section 10.18). When a pattern matches the recipient of the bounce message, the message is copied to the addresses on the list. The items are scanned in order, and once a matching one is found, no further items are examined. For example:

  errors_copy = spqr@mydomain   postmaster@mydomain.example :\
                rqps@mydomain   hostmaster@mydomain.example,\
                                postmaster@mydomain.example

The address list is expanded before use. The expansion variables $local_part and $domain are set from the original recipient of the error message, and if there was any wildcard matching in the pattern, the expansion variables $0, $1, etc. are set in the normal way.

errors_reply_to

Exim's bounce and delivery warning messages contain the header line

  From: Mail Delivery System <Mailer-Daemon@<qualify-domain>>

where <qualify-domain> is the value of the qualify_domain option. Experience shows that people reply to bounce messages. If the errors_reply_to option is set, a Reply-To: header is added to bounce and warning messages. For example:

  errors_reply_to = postmaster@my.domain.example

The value of the option is not expanded. It must specify a valid RFC 2822 address.

exim_group

This option changes the gid under which Exim runs when it gives up root privilege. The default value is compiled into the binary. The value of this option is used only when exim_user is also set. Unless it consists entirely of digits, the string is looked up using getgrnam(), and failure causes a configuration error. See chapter 51 for a discussion of security issues.

exim_path

This option specifies the path name of the Exim binary, which is used when Exim needs to re-exec itself. The default is set up to point to the file exim in the directory configured at compile time by the BIN_DIRECTORY setting. It is necessary to change exim_path if, exceptionally, Exim is run from some other place. Warning: Do not use a macro to define the value of this option, because you will break those Exim utilities that scan the configuration file to find where the binary is. (They then use the -bP option to extract option settings such as the value of spool_directory.)

exim_user

This option changes the uid under which Exim runs when it gives up root privilege. The default value is compiled into the binary. Ownership of the run time configuration file and the use of the -C and -D command line options is checked against the values in the binary, not what is set here.

Unless it consists entirely of digits, the string is looked up using getpwnam(), and failure causes a configuration error. If exim_group is not also supplied, the gid is taken from the result of getpwnam() if it is used. See chapter 51 for a discussion of security issues.

extra_local_interfaces

This option defines network interfaces that are to be considered local when routing, but which are not used for listening by the daemon. See section 13.7 for details.

extract_addresses_remove_arguments

According to some Sendmail documentation (Sun, IRIX, HP-UX), if any addresses are present on the command line when the -t option is used to build an envelope from a message's To:, Cc: and Bcc: headers, the command line addresses are removed from the recipients list. This is also how Smail behaves. However, other Sendmail documentation (the O'Reilly book) states that command line addresses are added to those obtained from the header lines. When extract_addresses_remove_arguments is true (the default), Exim subtracts argument headers. If it is set false, Exim adds rather than removes argument addresses.

finduser_retries

On systems running NIS or other schemes in which user and group information is distributed from a remote system, there can be times when getpwnam() and related functions fail, even when given valid data, because things time out. Unfortunately these failures cannot be distinguished from genuine “not found” errors. If finduser_retries is set greater than zero, Exim will try that many extra times to find a user or a group, waiting for one second between retries.

You should not set this option greater than zero if your user information is in a traditional /etc/passwd file, because it will cause Exim needlessly to search the file multiple times for non-existent users, and also cause delay.

freeze_tell

On encountering certain errors, or when configured to do so in a system filter, or in an ACL, Exim freezes a message. This means that no further delivery attempts take place until an administrator (or the auto_thaw feature) thaws the message. If freeze_tell is set, Exim generates a warning message whenever it freezes something, unless the message it is freezing is a locally-generated bounce message. (Without this exception there is the possibility of looping.) The warning message is sent to the addresses supplied as the comma-separated value of this option. If several of the message's addresses cause freezing, only a single message is sent. If the freezing was automatic, the reason(s) for freezing can be found in the message log. If you configure freezing in a filter or ACL, you must arrange for any logging that you require.

gecos_name

Some operating systems, notably HP-UX, use the “gecos” field in the system password file to hold other information in addition to users' real names. Exim looks up this field for use when it is creating Sender: or From: headers. If either gecos_pattern or gecos_name are unset, the contents of the field are used unchanged, except that, if an ampersand is encountered, it is replaced by the user's login name with the first character forced to upper case, since this is a convention that is observed on many systems.

When these options are set, gecos_pattern is treated as a regular expression that is to be applied to the field (again with & replaced by the login name), and if it matches, gecos_name is expanded and used as the user's name. Numeric variables such as $1, $2, etc. can be used in the expansion to pick up sub-fields that were matched by the pattern. In HP-UX, where the user's name terminates at the first comma, the following can be used:

  gecos_pattern = ([^,]*)
  gecos_name = $1

gecos_pattern

See gecos_name above.

headers_charset

This option sets a default character set for translating from encoded MIME “words” in header lines, when referenced by an $h_xxx expansion item. The default is the value of HEADERS_CHARSET in Local/Makefile. The ultimate default is ISO-8859-1. For more details see the description of header insertions in section 11.5.

header_maxsize

This option controls the overall maximum size of a message's header section. The default is the value of HEADER_MAXSIZE in Local/Makefile; the default for that is 1M. Messages with larger header sections are rejected.

header_line_maxsize

This option limits the length of any individual header line in a message, after all the continuations have been joined together. Messages with individual header lines that are longer than the limit are rejected. The default value of zero means “no limit”.

helo_accept_junk_hosts

Exim checks the syntax of HELO and EHLO commands for incoming SMTP mail, and gives an error response for invalid data. Unfortunately, there are some SMTP clients that send syntactic junk. They can be accommodated by setting this option. Note that this is a syntax check only. See helo_verify_hosts if you want to do semantic checking. See also helo_allow_chars for a way of extending the permitted character set.

helo_allow_chars

This option can be set to a string of rogue characters that are permitted in all EHLO and HELO names in addition to the standard letters, digits, hyphens, and dots. If you really must allow underscores, you can set

  helo_allow_chars = _

Note that the value is one string, not a list.

helo_lookup_domains

If the domain given by a client in a HELO or EHLO command matches this list, a reverse lookup is done in order to establish the host's true name. The default forces a lookup if the client host gives the server's name or any of its IP addresses (in brackets), something that broken clients have been seen to do.

helo_try_verify_hosts

The RFCs mandate that a server must not reject a message because it doesn't like the HELO or EHLO command. By default, Exim just checks the syntax of these commands (see helo_accept_junk_hosts and helo_allow_chars above). However, some sites like to be stricter. If the calling host matches helo_try_verify_hosts, Exim checks that the host name given in the HELO or EHLO command either:

• is an IP literal matching the calling address of the host (the RFCs specifically allow this), or

• matches the host name that Exim obtains by doing a reverse lookup of the calling host address, or

• when looked up using gethostbyname() (or getipnodebyname() when available) yields the calling host address.

However, the EHLO or HELO command is not rejected if any of the checks fail. Processing continues, but the result of the check is remembered, and can be detected later in an ACL by the verify = helo condition. If you want verification failure to cause rejection of EHLO or HELO, use helo_verify_hosts instead.

helo_verify_hosts

For hosts that match this option, Exim checks the host name given in the HELO or EHLO in the same way as for helo_try_verify_hosts. If the check fails, the HELO or EHLO command is rejected with a 550 error, and entries are written to the main and reject logs. If a MAIL command is received before EHLO or HELO, it is rejected with a 503 error.

hold_domains

This option allows mail for particular domains to be held on the queue manually. The option is overridden if a message delivery is forced with the -M, -qf, -Rf or -Sf options, and also while testing or verifying addresses using -bt or -bv. Otherwise, if a domain matches an item in hold_domains, no routing or delivery for that address is done, and it is deferred every time the message is looked at.

This option is intended as a temporary operational measure for delaying the delivery of mail while some problem is being sorted out, or some new configuration tested. If you just want to delay the processing of some domains until a queue run occurs, you should use queue_domains or queue_smtp_domains, not hold_domains.

A setting of hold_domains does not override Exim's code for removing messages from the queue if they have been there longer than the longest retry time in any retry rule. If you want to hold messages for longer than the normal retry times, insert a dummy retry rule with a long retry time.

host_lookup

Exim does not look up the name of a calling host from its IP address unless it is required to compare against some host list, or the host matches helo_try_verify_hosts or helo_verify_hosts, or the host matches this option (which normally contains IP addresses rather than host names). The default configuration file contains

  host_lookup = *

which causes a lookup to happen for all hosts. If the expense of these lookups is felt to be too great, the setting can be changed or removed.

After a successful reverse lookup, Exim does a forward lookup on the name it has obtained, to verify that it yields the IP address that it started with. If this check fails, Exim behaves as if the name lookup failed.

After any kind of failure, the host name (in $sender_host_name) remains unset, and $host_lookup_failed is set to the string “1”. See also dns_again_means_nonexist, helo_lookup_domains, and verify = reverse_host_lookup in ACLs.

host_lookup_order

This option specifies the order of different lookup methods when Exim is trying to find a host name from an IP address. The default is to do a DNS lookup first, and then to try a local lookup (using gethostbyaddr() or equivalent) if that fails. You can change the order of these lookups, or omit one entirely, if you want.

Warning: the “byaddr” method does not always yield aliases when there are multiple PTR records in the DNS and the IP address is not listed in /etc/hosts. Different operating systems give different results in this case. That is why the default tries a DNS lookup first.

host_reject_connection

If this option is set, incoming SMTP calls from the hosts listed are rejected as soon as the connection is made. This option is obsolete, and retained only for backward compatibility, because nowadays the ACL specified by acl_smtp_connect can also reject incoming connections immediately.

The ability to give an immediate rejection (either by this option or using an ACL) is provided for use in unusual cases. Many hosts will just try again, sometimes without much delay. Normally, it is better to use an ACL to reject incoming messages at a later stage, such as after RCPT commands. See chapter 39.

  hosts_connection_nolog = :

If the smtp_connection log selector is not set, this option has no effect.

hosts_treat_as_local

If this option is set, any host names that match the domain list are treated as if they were the local host when Exim is scanning host lists obtained from MX records or other sources. Note that the value of this option is a domain list, not a host list, because it is always used to check host names, not IP addresses.

This option also applies when Exim is matching the special items @mx_any, @mx_primary, and @mx_secondary in a domain list (see section 10.8), and when checking the hosts option in the smtp transport for the local host (see the allow_localhost option in that transport). See also local_interfaces, extra_local_interfaces, and chapter 13, which contains a discussion about local network interfaces and recognising the local host.

ignore_bounce_errors_after

This option affects the processing of bounce messages that cannot be delivered, that is, those that suffer a permanent delivery failure. (Bounce messages that suffer temporary delivery failures are of course retried in the usual way.)

After a permanent delivery failure, bounce messages are frozen, because there is no sender to whom they can be returned. When a frozen bounce message has been on the queue for more than the given time, it is unfrozen at the next queue run, and a further delivery is attempted. If delivery fails again, the bounce message is discarded. This makes it possible to keep failed bounce messages around for a shorter time than the normal maximum retry time for frozen messages. For example,

  ignore_bounce_errors_after = 12h

retries failed bounce message deliveries after 12 hours, discarding any further failures. If the value of this option is set to a zero time period, bounce failures are discarded immediately. Setting a very long time (as in the default value) has the effect of disabling this option. For ways of automatically dealing with other kinds of frozen message, see auto_thaw and timeout_frozen_after.

ignore_fromline_hosts

Some broken SMTP clients insist on sending a UUCP-like “From” line before the headers of a message. By default this is treated as the start of the message's body, which means that any following headers are not recognized as such. Exim can be made to ignore it by setting ignore_fromline_hosts to match those hosts that insist on sending it. If the sender is actually a local process rather than a remote host, and is using -bs to inject the messages, ignore_fromline_local must be set to achieve this effect.

ignore_fromline_local

See ignore_fromline_hosts above.

keep_malformed

This option specifies the length of time to keep messages whose spool files have been corrupted in some way. This should, of course, never happen. At the next attempt to deliver such a message, it gets removed. The incident is logged.

ldap_default_servers

This option provides a list of LDAP servers which are tried in turn when an LDAP query does not contain a server. See section 9.12 for details of LDAP queries. This option is available only when Exim has been built with LDAP support.

ldap_version

This option can be used to force Exim to set a specific protocol version for LDAP. If it option is unset, it is shown by the -bP command line option as -1. When this is the case, the default is 3 if LDAP_VERSION3 is defined in the LDAP headers; otherwise it is 2. This option is available only when Exim has been built with LDAP support.

local_from_check

When a message is submitted locally (that is, not over a TCP/IP connection) by an untrusted user, Exim removes any existing Sender: header line, and checks that the From: header line matches the login of the calling user and the domain specified by qualify_domain.

Note: An unqualified address (no domain) in the From: header in a locally submitted message is automatically qualified by Exim, unless the -bnq command line option is used.

You can use local_from_prefix and local_from_suffix to permit affixes on the local part. If the From: header line does not match, Exim adds a Sender: header with an address constructed from the calling user's login and the default qualify domain.

If local_from_check is set false, the From: header check is disabled, and no Sender: header is ever added. If, in addition, you want to retain Sender: header lines supplied by untrusted users, you must also set local_sender_retain to be true.

These options affect only the header lines in the message. The envelope sender is still forced to be the login id at the qualify domain unless untrusted_set_sender permits the user to supply an envelope sender.

For messages received over TCP/IP, an ACL can specify “submission mode” to request similar header line checking. See section 43.15, which has more details about Sender: processing.

local_from_prefix

When Exim checks the From: header line of locally submitted messages for matching the login id (see local_from_check above), it can be configured to ignore certain prefixes and suffixes in the local part of the address. This is done by setting local_from_prefix and/or local_from_suffix to appropriate lists, in the same form as the local_part_prefix and local_part_suffix router options (see chapter 15). For example, if

  local_from_prefix = *-

is set, a From: line containing

  From: anything-user@your.domain.example

will not cause a Sender: header to be added if user@your.domain.example matches the actual sender address that is constructed from the login name and qualify domain.

local_from_suffix

See local_from_prefix above.

local_interfaces

This option controls which network interfaces are used by the daemon for listening; they are also used to identify the local host when routing. Chapter 13 contains a full description of this option and the related options daemon_smtp_ports, extra_local_interfaces, hosts_treat_as_local, and tls_on_connect_ports. The default value for local_interfaces is

  local_interfaces = 0.0.0.0

when Exim is built without IPv6 support; otherwise it is

  local_interfaces = <; ::0 ; 0.0.0.0

local_scan_timeout

This timeout applies to the local_scan() function (see chapter 41). Zero means “no timeout”. If the timeout is exceeded, the incoming message is rejected with a temporary error if it is an SMTP message. For a non-SMTP message, the message is dropped and Exim ends with a non-zero code. The incident is logged on the main and reject logs.

local_sender_retain

When a message is submitted locally (that is, not over a TCP/IP connection) by an untrusted user, Exim removes any existing Sender: header line. If you do not want this to happen, you must set local_sender_retain, and you must also set local_from_check to be false (Exim will complain if you do not). Section 43.15 has more details about Sender: processing.

localhost_number

Exim's message ids are normally unique only within the local host. If uniqueness among a set of hosts is required, each host must set a different value for the localhost_number option. The string is expanded immediately after reading the configuration file (so that a number can be computed from the host name, for example) and the result of the expansion must be a number in the range 0–16 (or 0–10 on operating systems with case-insensitive file systems). This is available in subsequent string expansions via the variable $localhost_number. When localhost_number is set, the final two characters of the message id, instead of just being a fractional part of the time, are computed from the time and the local host number as described in section 3.4.

log_file_path

This option sets the path which is used to determine the names of Exim's log files, or indicates that logging is to be to syslog, or both. It is expanded when Exim is entered, so it can, for example, contain a reference to the host name. If no specific path is set for the log files at compile or run time, they are written in a sub-directory called log in Exim's spool directory. Chapter 48 contains further details about Exim's logging, and section 48.1 describes how the contents of log_file_path are used. If this string is fixed at your installation (contains no expansion variables) it is recommended that you do not set this option in the configuration file, but instead supply the path using LOG_FILE_PATH in Local/Makefile so that it is available to Exim for logging errors detected early on – in particular, failure to read the configuration file.

log_selector

This option can be used to reduce or increase the number of things that Exim writes to its log files. Its argument is made up of names preceded by plus or minus characters. For example:

  log_selector = +arguments -retry_defer

A list of possible names and what they control is given in the chapter on logging, in section 48.15.

log_timezone

By default, the timestamps on log lines are in local time without the timezone. This means that if your timezone changes twice a year, the timestamps in log lines are ambiguous for an hour when the clocks go back. One way of avoiding this problem is to set the timezone to UTC. An alternative is to set log_timezone true. This turns on the addition of the timezone offset to timestamps in log lines. Turning on this option can add quite a lot to the size of log files because each line is extended by 6 characters. Note that the $tod_log variable contains the log timestamp without the zone, but there is another variable called $tod_zone that contains just the timezone offset.

lookup_open_max

This option limits the number of simultaneously open files for single-key lookups that use regular files (that is, lsearch, dbm, and cdb). Exim normally keeps these files open during routing, because often the same file is required several times. If the limit is reached, Exim closes the least recently used file. Note that if you are using the ndbm library, it actually opens two files for each logical DBM database, though it still counts as one for the purposes of lookup_open_max. If you are getting “too many open files” errors with NDBM, you need to reduce the value of lookup_open_max.

max_username_length

Some operating systems are broken in that they truncate long arguments to getpwnam() to eight characters, instead of returning “no such user”. If this option is set greater than zero, any attempt to call getpwnam() with an argument that is longer behaves as if getpwnam() failed.

message_body_visible

This option specifies how much of a message's body is to be included in the $message_body and $message_body_end expansion variables.

message_id_header_domain

If this option is set, the string is expanded and used as the right hand side (domain) of the Message-ID: header that Exim creates if a locally-originated incoming message does not have one. “Locally-originated” means “not received over TCP/IP.” Otherwise, the primary host name is used. Only letters, digits, dot and hyphen are accepted; any other characters are replaced by hyphens. If the expansion is forced to fail, or if the result is an empty string, the option is ignored.

message_id_header_text

If this variable is set, the string is expanded and used to augment the text of the Message-id: header that Exim creates if a locally-originated incoming message does not have one. The text of this header is required by RFC 2822 to take the form of an address. By default, Exim uses its internal message id as the local part, and the primary host name as the domain. If this option is set, it is expanded, and provided the expansion is not forced to fail, and does not yield an empty string, the result is inserted into the header immediately before the @, separated from the internal message id by a dot. Any characters that are illegal in an address are automatically converted into hyphens. This means that variables such as $tod_log can be used, because the spaces and colons will become hyphens.

message_logs

If this option is turned off, per-message log files are not created in the msglog spool sub-directory. This reduces the amount of disk I/O required by Exim, by reducing the number of files involved in handling a message from a minimum of four (header spool file, body spool file, delivery journal, and per-message log) to three. The other major I/O activity is Exim's main log, which is not affected by this option.

message_size_limit

This option limits the maximum size of message that Exim will process. The value is expanded for each incoming connection so, for example, it can be made to depend on the IP address of the remote host for messages arriving via TCP/IP. Note: This limit cannot be made to depend on a message's sender or any other properties of an individual message, because it has to be advertised in the server's response to EHLO. String expansion failure causes a temporary error. A value of zero means no limit, but its use is not recommended. See also bounce_return_size_limit.

Incoming SMTP messages are failed with a 552 error if the limit is exceeded; locally-generated messages either get a stderr message or a delivery failure message to the sender, depending on the -oe setting. Rejection of an oversized message is logged in both the main and the reject logs. See also the generic transport option message_size_limit, which limits the size of message that an individual transport can process.

move_frozen_messages

This option, which is available only if Exim has been built with the setting

  SUPPORT_MOVE_FROZEN_MESSAGES=yes

in Local/Makefile, causes frozen messages and their message logs to be moved from the input and msglog directories on the spool to Finput and Fmsglog, respectively. There is currently no support in Exim or the standard utilities for handling such moved messages, and they do not show up in lists generated by -bp or by the Exim monitor.

Setting this option true causes Exim to run in a very restrictive mode in which it passes messages synchronously to a smart host. Chapter 47 contains a full description of this facility.

mysql_servers

This option provides a list of MySQL servers and associated connection data, to be used in conjunction with mysql lookups (see section 9.18). The option is available only if Exim has been built with MySQL support.

never_users

Local message deliveries are normally run in processes that are setuid to the recipient, and remote deliveries are normally run under Exim's own uid and gid. It is usually desirable to prevent any deliveries from running as root, as a safety precaution.

When Exim is built, an option called FIXED_NEVER_USERS can be set to a list of users that must not be used for local deliveries. This list is fixed in the binary and cannot be overridden by the configuration file. By default, it contains just the single user name “root”. The never_users runtime option can be used to add more users to the fixed list.

If a message is to be delivered as one of the users on the fixed list or the never_users list, an error occurs, and delivery is deferred. A common example is

  never_users = root:daemon:bin

Including root is redundant if it is also on the fixed list, but it does no harm. This option overrides the pipe_as_creator option of the pipe transport driver.

oracle_servers

This option provides a list of Oracle servers and associated connection data, to be used in conjunction with oracle lookups (see section 9.18). The option is available only if Exim has been built with Oracle support.

percent_hack_domains

The “percent hack” is the convention whereby a local part containing a percent sign is re-interpreted as a new email address, with the percent replaced by @. This is sometimes called “source routing”, though that term is also applied to RFC 2822 addresses that begin with an @ character. If this option is set, Exim implements the percent facility for those domains listed, but no others. This happens before an incoming SMTP address is tested against an ACL.

Warning: The “percent hack” has often been abused by people who are trying to get round relaying restrictions. For this reason, it is best avoided if at all possible. Unfortunately, a number of less security-conscious MTAs implement it unconditionally. If you are running Exim on a gateway host, and routing mail through to internal MTAs without processing the local parts, it is a good idea to reject recipient addresses with percent characters in their local parts. Exim's default configuration does this.

perl_at_start

This option is available only when Exim is built with an embedded Perl interpreter. See chapter 12 for details of its use.

perl_startup

This option is available only when Exim is built with an embedded Perl interpreter. See chapter 12 for details of its use.

pgsql_servers

This option provides a list of PostgreSQL servers and associated connection data, to be used in conjunction with pgsql lookups (see section 9.18). The option is available only if Exim has been built with PostgreSQL support.

pid_file_path

This option sets the name of the file to which the Exim daemon writes its process id. The string is expanded, so it can contain, for example, references to the host name:

  pid_file_path = /var/log/$primary_hostname/exim.pid

If no path is set, the pid is written to the file exim-daemon.pid in Exim's spool directory. The value set by the option can be overridden by the -oP command line option. A pid file is not written if a “non-standard” daemon is run by means of the -oX option, unless a path is explicitly supplied by -oP.

pipelining_advertise_hosts

This option can be used to suppress the advertisement of the SMTP PIPELINING extension to specific hosts. When PIPELINING is not advertised and smtp_enforce_sync is true, an Exim server enforces strict synchronization for each SMTP command and response. When PIPELINING is advertised, Exim assumes that clients will use it; “out of order” commands that are “expected” do not count as protocol errors (see smtp_max_synprot_errors).

preserve_message_logs

If this option is set, message log files are not deleted when messages are completed. Instead, they are moved to a sub-directory of the spool directory called msglog.OLD, where they remain available for statistical or debugging purposes. This is a dangerous option to set on systems with any appreciable volume of mail. Use with care!

primary_hostname

This specifies the name of the current host. It is used in the default EHLO or HELO command for outgoing SMTP messages (changeable via the helo_data option in the smtp transport), and as the default for qualify_domain. If it is not set, Exim calls uname() to find it. If this fails, Exim panics and dies. If the name returned by uname() contains only one component, Exim passes it to gethostbyname() (or getipnodebyname() when available) in order to obtain the fully qualified version.

The value of $primary_hostname is also used by default in some SMTP response messages from an Exim server. This can be changed dynamically by setting smtp_active_hostname.

print_topbitchars

By default, Exim considers only those characters whose codes lie in the range 32–126 to be printing characters. In a number of circumstances (for example, when writing log entries) non-printing characters are converted into escape sequences, primarily to avoid messing up the layout. If print_topbitchars is set, code values of 128 and above are also considered to be printing characters.

process_log_path

This option sets the name of the file to which an Exim process writes its “process log” when sent a USR1 signal. This is used by the exiwhat utility script. If this option is unset, the file called exim-process.info in Exim's spool directory is used. The ability to specify the name explicitly can be useful in environments where two different Exims are running, using different spool directories.

prod_requires_admin

The -M, -R, and -q command-line options require the caller to be an admin user unless prod_requires_admin is set false. See also queue_list_requires_admin.

qualify_domain

This option specifies the domain name that is added to any envelope sender addresses that do not have a domain qualification. It also applies to recipient addresses if qualify_recipient is not set. Unqualified addresses are accepted by default only for locally-generated messages.

Qualification is also applied to addresses in header lines such as From: and To: for locally-generated messages, unless the -bnq command line option is used.

Messages from external sources must always contain fully qualified addresses, unless the sending host matches sender_unqualified_hosts or recipient_unqualified_hosts (as appropriate), in which case incoming addresses are qualified with qualify_domain or qualify_recipient as necessary. Internally, Exim always works with fully qualified envelope addresses. If qualify_domain is not set, it defaults to the primary_hostname value.

qualify_recipient

This option allows you to specify a different domain for qualifying recipient addresses to the one that is used for senders. See qualify_domain above.

queue_domains

This option lists domains for which immediate delivery is not required. A delivery process is started whenever a message is received, but only those domains that do not match are processed. All other deliveries wait until the next queue run. See also hold_domains and queue_smtp_domains.

queue_list_requires_admin

The -bp command-line option, which lists the messages that are on the queue, requires the caller to be an admin user unless queue_list_requires_admin is set false. See also prod_requires_admin.

queue_only

If queue_only is set, a delivery process is not automatically started whenever a message is received. Instead, the message waits on the queue for the next queue run. Even if queue_only is false, incoming messages may not get delivered immediately when certain conditions (such as heavy load) occur.

The -odq command line has the same effect as queue_only. The -odb and -odi command line options override queue_only unless queue_only_override is set false. See also queue_only_file, queue_only_load, and smtp_accept_queue.

queue_only_file

This option can be set to a colon-separated list of absolute path names, each one optionally preceded by “smtp”. When Exim is receiving a message, it tests for the existence of each listed path using a call to stat(). For each path that exists, the corresponding queuing option is set. For paths with no prefix, queue_only is set; for paths prefixed by “smtp”, queue_smtp_domains is set to match all domains. So, for example,

  queue_only_file = smtp/some/file

causes Exim to behave as if queue_smtp_domains were set to “*” whenever /some/file exists.

queue_only_load

If the system load average is higher than this value, incoming messages from all sources are queued, and no automatic deliveries are started. If this happens during local or remote SMTP input, all subsequent messages on the same connection are queued. Deliveries will subsequently be performed by queue runner processes. This option has no effect on ancient operating systems on which Exim cannot determine the load average. See also deliver_queue_load_max and smtp_load_reserve.

queue_only_override

When this option is true, the -odx- command line options override the setting of queue_only or queue_only_file in the configuration file. If queue_only_override is set false, the -odx- options cannot be used to override; they are accepted, but ignored.

queue_run_in_order

If this option is set, queue runs happen in order of message arrival instead of in an arbitrary order. For this to happen, a complete list of the entire queue must be set up before the deliveries start. When the queue is all held in a single directory (the default), a single list is created for both the ordered and the non-ordered cases. However, if split_spool_directory is set, a single list is not created when queue_run_in_order is false. In this case, the sub-directories are processed one at a time (in a random order), and this avoids setting up one huge list for the whole queue. Thus, setting queue_run_in_order with split_spool_directory may degrade performance when the queue is large, because of the extra work in setting up the single, large list. In most situations, queue_run_in_order should not be set.

queue_run_max

This controls the maximum number of queue runner processes that an Exim daemon can run simultaneously. This does not mean that it starts them all at once, but rather that if the maximum number are still running when the time comes to start another one, it refrains from starting another one. This can happen with very large queues and/or very sluggish deliveries. This option does not, however, interlock with other processes, so additional queue runners can be started by other means, or by killing and restarting the daemon.

queue_smtp_domains

When this option is set, a delivery process is started whenever a message is received, routing is performed, and local deliveries take place. However, if any SMTP deliveries are required for domains that match queue_smtp_domains, they are not immediately delivered, but instead the message waits on the queue for the next queue run. Since routing of the message has taken place, Exim knows to which remote hosts it must be delivered, and so when the queue run happens, multiple messages for the same host are delivered over a single SMTP connection. The -odqs command line option causes all SMTP deliveries to be queued in this way, and is equivalent to setting queue_smtp_domains to “*”. See also hold_domains and queue_domains.

receive_timeout

This option sets the timeout for accepting a non-SMTP message, that is, the maximum time that Exim waits when reading a message on the standard input. If the value is zero, it will wait for ever. This setting is overridden by the -or command line option. The timeout for incoming SMTP messages is controlled by smtp_receive_timeout.

received_header_text

This string defines the contents of the Received: message header that is added to each message, except for the timestamp, which is automatically added on at the end (preceded by a semicolon). The string is expanded each time it is used. If the expansion yields an empty string, no Received: header line is added to the message. Otherwise, the string should start with the text “Received:” and conform to the RFC 2822 specification for Received: header lines. The default setting is:

  received_header_text = Received: \
      ${if def:sender_rcvhost {from $sender_rcvhost\n\t}\
      {${if def:sender_ident {from $sender_ident }}\
      ${if def:sender_helo_name {(helo=$sender_helo_name)\n\t}}}}\
      by $primary_hostname \
      ${if def:received_protocol {with $received_protocol}} \
      ${if def:tls_cipher {($tls_cipher)\n\t}}\
      (Exim $version_number)\n\t\
      id $message_id\
      ${if def:received_for {\n\tfor $received_for}}

Note the use of quotes, to allow the sequences \n and \t to be used for newlines and tabs, respectively. The reference to the TLS cipher is omitted when Exim is built without TLS support. The use of conditional expansions ensures that this works for both locally generated messages and messages received from remote hosts, giving header lines such as the following:

  Received: from scrooge.carol.example ([192.168.12.25] ident=root)
          by marley.carol.example with esmtp (Exim 4.00)
          id 16IOWa-00019l-00
          for chas@dickens.example; Tue, 25 Dec 2001 14:43:44 +0000
  Received: by scrooge.carol.example with local (Exim 4.00)
          id 16IOWW-000083-00; Tue, 25 Dec 2001 14:43:41 +0000

Until the body of the message has been received, the timestamp is the time when the message started to be received. Once the body has arrived, and all policy checks have taken place, the timestamp is updated to the time at which the message was accepted.

received_headers_max

When a message is to be delivered, the number of Received: headers is counted, and if it is greater than this parameter, a mail loop is assumed to have occurred, the delivery is abandoned, and an error message is generated. This applies to both local and remote deliveries.

recipient_unqualified_hosts

This option lists those hosts from which Exim is prepared to accept unqualified recipient addresses in message envelopes. The addresses are made fully qualified by the addition of the qualify_recipient value. This option also affects message header lines. Exim does not reject unqualified recipient addresses in headers, but it qualifies them only if the message came from a host that matches recipient_unqualified_hosts, or if the message was submitted locally (not using TCP/IP), and the -bnq option was not set.

recipients_max

If this option is set greater than zero, it specifies the maximum number of original recipients for any message. Additional recipients that are generated by aliasing or forwarding do not count. SMTP messages get a 452 response for all recipients over the limit; earlier recipients are delivered as normal. Non-SMTP messages with too many recipients are failed, and no deliveries are done. Note that the RFCs specify that an SMTP server should accept at least 100 RCPT commands in a single message.

recipients_max_reject

If this option is set true, Exim rejects SMTP messages containing too many recipients by giving 552 errors to the surplus RCPT commands, and a 554 error to the eventual DATA command. Otherwise (the default) it gives a 452 error to the surplus RCPT commands and accepts the message on behalf of the initial set of recipients. The remote server should then re-send the message for the remaining recipients at a later time.

remote_max_parallel

This option controls parallel delivery of one message to a number of remote hosts. If the value is less than 2, parallel delivery is disabled, and Exim does all the remote deliveries for a message one by one. Otherwise, if a single message has to be delivered to more than one remote host, or if several copies have to be sent to the same remote host, up to remote_max_parallel deliveries are done simultaneously. If more than remote_max_parallel deliveries are required, the maximum number of processes are started, and as each one finishes, another is begun. The order of starting processes is the same as if sequential delivery were being done, and can be controlled by the remote_sort_domains option. If parallel delivery takes place while running with debugging turned on, the debugging output from each delivery process is tagged with its process id.

This option controls only the maximum number of parallel deliveries for one message in one Exim delivery process. Because Exim has no central queue manager, there is no way of controlling the total number of simultaneous deliveries if the configuration allows a delivery attempt as soon as a message is received. If you want to control the total number of deliveries on the system, you need to set the queue_only option. This ensures that all incoming messages are added to the queue without starting a delivery process. Then set up an Exim daemon to start queue runner processes at appropriate intervals (probably fairly often, for example, every minute), and limit the total number of queue runners by setting the queue_run_max parameter. Because each queue runner delivers only one message at a time, the maximum number of deliveries that can then take place at once is queue_run_max multiplied by remote_max_parallel.

If it is purely remote deliveries you want to control, use queue_smtp_domains instead of queue_only. This has the added benefit of doing the SMTP routing before queuing, so that several messages for the same host will eventually get delivered down the same connection.

remote_sort_domains

When there are a number of remote deliveries for a message, they are sorted by domain into the order given by this list. For example,

  remote_sort_domains = *.cam.ac.uk:*.uk

would attempt to deliver to all addresses in the cam.ac.uk domain first, then to those in the uk domain, then to any others.

retry_data_expire

This option sets a “use before” time on retry information in Exim's hints database. Any older retry data is ignored. This means that, for example, once a host has not been tried for 7 days, Exim behaves as if it has no knowledge of past failures.

retry_interval_max

Chapter 32 describes Exim's mechanisms for controlling the intervals between delivery attempts for messages that cannot be delivered straight away. This option sets an overall limit to the length of time between retries.

return_path_remove