Exim Internet Mailer

<-previousnext->

Chapter 22 - The redirect router

The redirect router handles several kinds of address redirection. Its most common uses are for resolving local part aliases from a central alias file (usually called /etc/aliases) and for handling users’ personal .forward files, but it has many other potential uses. The incoming address can be redirected in several different ways:

  • It can be replaced by one or more new addresses which are themselves routed independently.

  • It can be routed to be delivered to a given file or directory.

  • It can be routed to be delivered to a specified pipe command.

  • It can cause an automatic reply to be generated.

  • It can be forced to fail, optionally with a custom error message.

  • It can be temporarily deferred, optionally with a custom message.

  • It can be discarded.

The generic transport option must not be set for redirect routers. However, there are some private options which define transports for delivery to files and pipes, and for generating autoreplies. See the file_transport, pipe_transport and reply_transport descriptions below.

If success DSNs have been requested redirection triggers one and the DSN options are not passed any further.

1. Redirection data

The router operates by interpreting a text string which it obtains either by expanding the contents of the data option, or by reading the entire contents of a file whose name is given in the file option. These two options are mutually exclusive. The first is commonly used for handling system aliases, in a configuration like this:

system_aliases:
  driver = redirect
  data = ${lookup{$local_part}lsearch{/etc/aliases}}

If the lookup fails, the expanded string in this example is empty. When the expansion of data results in an empty string, the router declines. A forced expansion failure also causes the router to decline; other expansion failures cause delivery to be deferred.

A configuration using file is commonly used for handling users’ .forward files, like this:

userforward:
  driver = redirect
  check_local_user
  file = $home/.forward
  no_verify

If the file does not exist, or causes no action to be taken (for example, it is empty or consists only of comments), the router declines. Warning: This is not the case when the file contains syntactically valid items that happen to yield empty addresses, for example, items containing only RFC 2822 address comments.

Tainted data may not be used for a filename.

Warning: It is unwise to use $local_part or $domain directly for redirection, as they are provided by a potential attacker. In the examples above, $local_part is used for looking up data held locally on the system, and not used directly (the second example derives $home via the passsword file or database, using $local_part).

2. Forward files and address verification

It is usual to set no_verify on redirect routers which handle users’ .forward files, as in the example above. There are two reasons for this:

  • When Exim is receiving an incoming SMTP message from a remote host, it is running under the Exim uid, not as root. Exim is unable to change uid to read the file as the user, and it may not be able to read it as the Exim user. So in practice the router may not be able to operate.

  • However, even when the router can operate, the existence of a .forward file is unimportant when verifying an address. What should be checked is whether the local part is a valid user name or not. Cutting out the redirection processing saves some resources.

3. Interpreting redirection data

The contents of the data string, whether obtained from data or file, can be interpreted in two different ways:

  • If the allow_filter option is set true, and the data begins with the text “#Exim filter” or “#Sieve filter”, it is interpreted as a list of filtering instructions in the form of an Exim or Sieve filter file, respectively. Details of the syntax and semantics of filter files are described in a separate document entitled Exim’s interfaces to mail filtering; this document is intended for use by end users.

  • Otherwise, the data must be a comma-separated list of redirection items, as described in the next section.

When a message is redirected to a file (a “mail folder”), the filename given in a non-filter redirection list must always be an absolute path. A filter may generate a relative path – how this is handled depends on the transport’s configuration. See section 26.1 for a discussion of this issue for the appendfile transport.

4. Items in a non-filter redirection list

When the redirection data is not an Exim or Sieve filter, for example, if it comes from a conventional alias or forward file, it consists of a list of addresses, filenames, pipe commands, or certain special items (see section 22.6 below). The special items can be individually enabled or disabled by means of options whose names begin with allow_ or forbid_, depending on their default values. The items in the list are separated by commas or newlines. If a comma is required in an item, the entire item must be enclosed in double quotes.

Lines starting with a # character are comments, and are ignored, and # may also appear following a comma, in which case everything between the # and the next newline character is ignored.

If an item is entirely enclosed in double quotes, these are removed. Otherwise double quotes are retained because some forms of mail address require their use (but never to enclose the entire address). In the following description, “item” refers to what remains after any surrounding double quotes have been removed.

Warning: If you use an Exim expansion to construct a redirection address, and the expansion contains a reference to $local_part, you should make use of the quote_local_part expansion operator, in case the local part contains special characters. For example, to redirect all mail for the domain obsolete.example, retaining the existing local part, you could use this setting:

data = ${quote_local_part:$local_part}@newdomain.example

5. Redirecting to a local mailbox

A redirection item may safely be the same as the address currently under consideration. This does not cause a routing loop, because a router is automatically skipped if any ancestor of the address that is being processed is the same as the current address and was processed by the current router. Such an address is therefore passed to the following routers, so it is handled as if there were no redirection. When making this loop-avoidance test, the complete local part, including any prefix or suffix, is used.

Specifying the same local part without a domain is a common usage in personal filter files when the user wants to have messages delivered to the local mailbox and also forwarded elsewhere. For example, the user whose login is cleo might have a .forward file containing this:

cleo, cleopatra@egypt.example

For compatibility with other MTAs, such unqualified local parts may be preceded by “\”, but this is not a requirement for loop prevention. However, it does make a difference if more than one domain is being handled synonymously.

If an item begins with “\” and the rest of the item parses as a valid RFC 2822 address that does not include a domain, the item is qualified using the domain of the incoming address. In the absence of a leading “\”, unqualified addresses are qualified using the value in qualify_recipient, but you can force the incoming domain to be used by setting qualify_preserve_domain.

Care must be taken if there are alias names for local users. Consider an MTA handling a single local domain where the system alias file contains:

Sam.Reman: spqr

Now suppose that Sam (whose login id is spqr) wants to save copies of messages in the local mailbox, and also forward copies elsewhere. He creates this forward file:

Sam.Reman, spqr@reme.elsewhere.example

With these settings, an incoming message addressed to Sam.Reman fails. The redirect router for system aliases does not process Sam.Reman the second time round, because it has previously routed it, and the following routers presumably cannot handle the alias. The forward file should really contain

spqr, spqr@reme.elsewhere.example

but because this is such a common error, the check_ancestor option (see below) exists to provide a way to get round it. This is normally set on a redirect router that is handling users’ .forward files.

6. Special items in redirection lists

In addition to addresses, the following types of item may appear in redirection lists (that is, in non-filter redirection data):

  • An item is treated as a pipe command if it begins with “|” and does not parse as a valid RFC 2822 address that includes a domain. A transport for running the command must be specified by the pipe_transport option. Normally, either the router or the transport specifies a user and a group under which to run the delivery. The default is to use the Exim user and group.

    Single or double quotes can be used for enclosing the individual arguments of the pipe command; no interpretation of escapes is done for single quotes. If the command contains a comma character, it is necessary to put the whole item in double quotes, for example:

    "|/some/command ready,steady,go"
    

    since items in redirection lists are terminated by commas. Do not, however, quote just the command. An item such as

    |"/some/command ready,steady,go"
    

    is interpreted as a pipe with a rather strange command name, and no arguments.

    Note that the above example assumes that the text comes from a lookup source of some sort, so that the quotes are part of the data. If composing a redirect router with a data option directly specifying this command, the quotes will be used by the configuration parser to define the extent of one string, but will not be passed down into the redirect router itself. There are two main approaches to get around this: escape quotes to be part of the data itself, or avoid using this mechanism and instead create a custom transport with the command option set and reference that transport from an accept router.

  • An item is interpreted as a path name if it begins with “/” and does not parse as a valid RFC 2822 address that includes a domain. For example,

    /home/world/minbari
    

    is treated as a filename, but

    /s=molari/o=babylon/@x400gate.way
    

    is treated as an address. For a filename, a transport must be specified using the file_transport option. However, if the generated path name ends with a forward slash character, it is interpreted as a directory name rather than a filename, and directory_transport is used instead.

    Normally, either the router or the transport specifies a user and a group under which to run the delivery. The default is to use the Exim user and group.

    However, if a redirection item is the path /dev/null, delivery to it is bypassed at a high level, and the log entry shows “**bypassed**” instead of a transport name. In this case the user and group are not used.

  • If an item is of the form

    :include:<path name>
    

    a list of further items is taken from the given file and included at that point. Note: Such a file can not be a filter file; it is just an out-of-line addition to the list. The items in the included list are separated by commas or newlines and are not subject to expansion. If this is the first item in an alias list in an lsearch file, a colon must be used to terminate the alias name. This example is incorrect:

    list1    :include:/opt/lists/list1
    

    It must be given as

    list1:   :include:/opt/lists/list1
    

    Tainted data may not be used for a filename.

  • Sometimes you want to throw away mail to a particular local part. Making the data option expand to an empty string does not work, because that causes the router to decline. Instead, the alias item

    :blackhole:
    

    can be used. It does what its name implies. No delivery is done, and no error message is generated. This has the same effect as specifying /dev/null as a destination, but it can be independently disabled.

    Warning: If :blackhole: appears anywhere in a redirection list, no delivery is done for the original local part, even if other redirection items are present. If you are generating a multi-item list (for example, by reading a database) and need the ability to provide a no-op item, you must use /dev/null.

  • An attempt to deliver a particular address can be deferred or forced to fail by redirection items of the form

    :defer:
    :fail:
    

    respectively. When a redirection list contains such an item, it applies to the entire redirection; any other items in the list are ignored. Any text following :fail: or :defer: is placed in the error text associated with the failure. For example, an alias file might contain:

    X.Employee:  :fail: Gone away, no forwarding address
    

    In the case of an address that is being verified from an ACL or as the subject of a VRFY command, the text is included in the SMTP error response by default. The text is not included in the response to an EXPN command. In non-SMTP cases the text is included in the error message that Exim generates.

    By default for verify, Exim sends a 451 SMTP code for a :defer:, and 550 for :fail:. However, if the message starts with three digits followed by a space, optionally followed by an extended code of the form n.n.n, also followed by a space, and the very first digit is the same as the default error code, the code from the message is used instead. If the very first digit is incorrect, a panic error is logged, and the default code is used. You can suppress the use of the supplied code in a redirect router by setting the forbid_smtp_code option true. In this case, any SMTP code is quietly ignored.

    In an ACL, an explicitly provided message overrides the default, but the default message is available in the variable $acl_verify_message and can therefore be included in a custom message if this is desired.

    Normally the error text is the rest of the redirection list – a comma does not terminate it – but a newline does act as a terminator. Newlines are not normally present in alias expansions. In lsearch lookups they are removed as part of the continuation process, but they may exist in other kinds of lookup and in :include: files.

    During routing for message delivery (as opposed to verification), a redirection containing :fail: causes an immediate failure of the incoming address, whereas :defer: causes the message to remain in the queue so that a subsequent delivery attempt can happen at a later time. If an address is deferred for too long, it will ultimately fail, because the normal retry rules still apply.

  • Sometimes it is useful to use a single-key search type with a default (see chapter 9) to look up aliases. However, there may be a need for exceptions to the default. These can be handled by aliasing them to :unknown:. This differs from :fail: in that it causes the redirect router to decline, whereas :fail: forces routing to fail. A lookup which results in an empty redirection list has the same effect.

7. Duplicate addresses

Exim removes duplicate addresses from the list to which it is delivering, so as to deliver just one copy to each address. This does not apply to deliveries routed to pipes by different immediate parent addresses, but an indirect aliasing scheme of the type

pipe:       |/some/command $local_part
localpart1: pipe
localpart2: pipe

does not work with a message that is addressed to both local parts, because when the second is aliased to the intermediate local part “pipe” it gets discarded as being the same as a previously handled address. However, a scheme such as

localpart1: |/some/command $local_part
localpart2: |/some/command $local_part

does result in two different pipe deliveries, because the immediate parents of the pipes are distinct.

8. Repeated redirection expansion

When a message cannot be delivered to all of its recipients immediately, leading to two or more delivery attempts, redirection expansion is carried out afresh each time for those addresses whose children were not all previously delivered. If redirection is being used as a mailing list, this can lead to new members of the list receiving copies of old messages. The one_time option can be used to avoid this.

9. Errors in redirection lists

If skip_syntax_errors is set, a malformed address that causes a parsing error is skipped, and an entry is written to the main log. This may be useful for mailing lists that are automatically managed. Otherwise, if an error is detected while generating the list of new addresses, the original address is deferred. See also syntax_errors_to.

10. Private options for the redirect router

The private options for the redirect router are as follows:

allow_defer Use: redirect Type: boolean Default: false

Setting this option allows the use of :defer: in non-filter redirection data, or the defer command in an Exim filter file.

allow_fail Use: redirect Type: boolean Default: false

If this option is true, the :fail: item can be used in a redirection list, and the fail command may be used in an Exim filter file.

allow_filter Use: redirect Type: boolean Default: false

Setting this option allows Exim to interpret redirection data that starts with “#Exim filter” or “#Sieve filter” as a set of filtering instructions. There are some features of Exim filter files that some administrators may wish to lock out; see the forbid_filter_xxx options below.

It is also possible to lock out Exim filters or Sieve filters while allowing the other type; see forbid_exim_filter and forbid_sieve_filter.

The filter is run using the uid and gid set by the generic user and group options. These take their defaults from the password data if check_local_user is set, so in the normal case of users’ personal filter files, the filter is run as the relevant user. When allow_filter is set true, Exim insists that either check_local_user or user is set.

allow_freeze Use: redirect Type: boolean Default: false

Setting this option allows the use of the freeze command in an Exim filter. This command is more normally encountered in system filters, and is disabled by default for redirection filters because it isn’t something you usually want to let ordinary users do.

check_ancestor Use: redirect Type: boolean Default: false

This option is concerned with handling generated addresses that are the same as some address in the list of redirection ancestors of the current address. Although it is turned off by default in the code, it is set in the default configuration file for handling users’ .forward files. It is recommended for this use of the redirect router.

When check_ancestor is set, if a generated address (including the domain) is the same as any ancestor of the current address, it is replaced by a copy of the current address. This helps in the case where local part A is aliased to B, and B has a .forward file pointing back to A. For example, within a single domain, the local part “Joe.Bloggs” is aliased to “jb” and  jb/.forward contains:

\Joe.Bloggs, <other item(s)>

Without the check_ancestor setting, either local part (“jb” or “joe.bloggs”) gets processed once by each router and so ends up as it was originally. If “jb” is the real mailbox name, mail to “jb” gets delivered (having been turned into “joe.bloggs” by the .forward file and back to “jb” by the alias), but mail to “joe.bloggs” fails. Setting check_ancestor on the redirect router that handles the .forward file prevents it from turning “jb” back into “joe.bloggs” when that was the original address. See also the repeat_use option below.

check_group Use: redirect Type: boolean Default: see below

When the file option is used, the group owner of the file is checked only when this option is set. The permitted groups are those listed in the owngroups option, together with the user’s default group if check_local_user is set. If the file has the wrong group, routing is deferred. The default setting for this option is true if check_local_user is set and the modemask option permits the group write bit, or if the owngroups option is set. Otherwise it is false, and no group check occurs.

check_owner Use: redirect Type: boolean Default: see below

When the file option is used, the owner of the file is checked only when this option is set. If check_local_user is set, the local user is permitted; otherwise the owner must be one of those listed in the owners option. The default value for this option is true if check_local_user or owners is set. Otherwise the default is false, and no owner check occurs.

data Use: redirect Type: string Default: unset

This option is mutually exclusive with file. One or other of them must be set, but not both. The contents of data are expanded, and then used as the list of forwarding items, or as a set of filtering instructions. If the expansion is forced to fail, or the result is an empty string or a string that has no effect (consists entirely of comments), the router declines.

When filtering instructions are used, the string must begin with “#Exim filter”, and all comments in the string, including this initial one, must be terminated with newline characters. For example:

data = #Exim filter\n\
       if $h_to: contains Exim then save $home/mail/exim endif

If you are reading the data from a database where newlines cannot be included, you can use the ${sg} expansion item to turn the escape string of your choice into a newline.

directory_transport Use: redirect Type: string Default: unset

A redirect router sets up a direct delivery to a directory when a path name ending with a slash is specified as a new “address”. The transport used is specified by this option, which, after expansion, must be the name of a configured transport. This should normally be an appendfile transport.

file Use: redirect Type: string Default: unset

This option specifies the name of a file that contains the redirection data. It is mutually exclusive with the data option. The string is expanded before use; if the expansion is forced to fail, the router declines. Other expansion failures cause delivery to be deferred. The result of a successful expansion must be an absolute path. The entire file is read and used as the redirection data. If the data is an empty string or a string that has no effect (consists entirely of comments), the router declines.

If the attempt to open the file fails with a “does not exist” error, Exim runs a check on the containing directory, unless ignore_enotdir is true (see below). If the directory does not appear to exist, delivery is deferred. This can happen when users’ .forward files are in NFS-mounted directories, and there is a mount problem. If the containing directory does exist, but the file does not, the router declines.

file_transport Use: redirect Type: string Default: unset

A redirect router sets up a direct delivery to a file when a path name not ending in a slash is specified as a new “address”. The transport used is specified by this option, which, after expansion, must be the name of a configured transport. This should normally be an appendfile transport. When it is running, the filename is in $address_file.

filter_prepend_home Use: redirect Type: boolean Default: true

When this option is true, if a save command in an Exim filter specifies a relative path, and $home is defined, it is automatically prepended to the relative path. If this option is set false, this action does not happen. The relative path is then passed to the transport unmodified.

forbid_blackhole Use: redirect Type: boolean Default: false

If this option is true, the :blackhole: item may not appear in a redirection list.

forbid_exim_filter Use: redirect Type: boolean Default: false

If this option is set true, only Sieve filters are permitted when allow_filter is true.

forbid_file Use: redirect Type: boolean Default: false

If this option is true, this router may not generate a new address that specifies delivery to a local file or directory, either from a filter or from a conventional forward file. This option is forced to be true if one_time is set. It applies to Sieve filters as well as to Exim filters, but if true, it locks out the Sieve’s “keep” facility.

forbid_filter_dlfunc Use: redirect Type: boolean Default: false

If this option is true, string expansions in Exim filters are not allowed to make use of the dlfunc expansion facility to run dynamically loaded functions.

forbid_filter_existstest Use: redirect Type: boolean Default: false

If this option is true, string expansions in Exim filters are not allowed to make use of the exists condition or the stat expansion item.

forbid_filter_logwrite Use: redirect Type: boolean Default: false

If this option is true, use of the logging facility in Exim filters is not permitted. Logging is in any case available only if the filter is being run under some unprivileged uid (which is normally the case for ordinary users’ .forward files).

forbid_filter_lookup Use: redirect Type: boolean Default: false

If this option is true, string expansions in Exim filter files are not allowed to make use of lookup items.

forbid_filter_perl Use: redirect Type: boolean Default: false

This option has an effect only if Exim is built with embedded Perl support. If it is true, string expansions in Exim filter files are not allowed to make use of the embedded Perl support.

forbid_filter_readfile Use: redirect Type: boolean Default: false

If this option is true, string expansions in Exim filter files are not allowed to make use of readfile items.

forbid_filter_readsocket Use: redirect Type: boolean Default: false

If this option is true, string expansions in Exim filter files are not allowed to make use of readsocket items.

forbid_filter_reply Use: redirect Type: boolean Default: false

If this option is true, this router may not generate an automatic reply message. Automatic replies can be generated only from Exim or Sieve filter files, not from traditional forward files. This option is forced to be true if one_time is set.

forbid_filter_run Use: redirect Type: boolean Default: false

If this option is true, string expansions in Exim filter files are not allowed to make use of run items.

forbid_include Use: redirect Type: boolean Default: false

If this option is true, items of the form

:include:<path name>

are not permitted in non-filter redirection lists.

forbid_pipe Use: redirect Type: boolean Default: false

If this option is true, this router may not generate a new address which specifies delivery to a pipe, either from an Exim filter or from a conventional forward file. This option is forced to be true if one_time is set.

forbid_sieve_filter Use: redirect Type: boolean Default: false

If this option is set true, only Exim filters are permitted when allow_filter is true.

forbid_smtp_code Use: redirect Type: boolean Default: false

If this option is set true, any SMTP error codes that are present at the start of messages specified for :defer: or :fail: are quietly ignored, and the default codes (451 and 550, respectively) are always used.

hide_child_in_errmsg Use: redirect Type: boolean Default: false

If this option is true, it prevents Exim from quoting a child address if it generates a bounce or delay message for it. Instead it says “an address generated from <the top level address>”. Of course, this applies only to bounces generated locally. If a message is forwarded to another host, its bounce may well quote the generated address.

ignore_eacces Use: redirect Type: boolean Default: false

If this option is set and an attempt to open a redirection file yields the EACCES error (permission denied), the redirect router behaves as if the file did not exist.

ignore_enotdir Use: redirect Type: boolean Default: false

If this option is set and an attempt to open a redirection file yields the ENOTDIR error (something on the path is not a directory), the redirect router behaves as if the file did not exist.

Setting ignore_enotdir has another effect as well: When a redirect router that has the file option set discovers that the file does not exist (the ENOENT error), it tries to stat() the parent directory, as a check against unmounted NFS directories. If the parent can not be statted, delivery is deferred. However, it seems wrong to do this check when ignore_enotdir is set, because that option tells Exim to ignore “something on the path is not a directory” (the ENOTDIR error). This is a confusing area, because it seems that some operating systems give ENOENT where others give ENOTDIR.

include_directory Use: redirect Type: string Default: unset

If this option is set, the path names of any :include: items in a redirection list must start with this directory.

modemask Use: redirect Type: octal integer Default: 022

This specifies mode bits which must not be set for a file specified by the file option. If any of the forbidden bits are set, delivery is deferred.

one_time Use: redirect Type: boolean Default: false

Sometimes the fact that Exim re-evaluates aliases and reprocesses redirection files each time it tries to deliver a message causes a problem when one or more of the generated addresses fails be delivered at the first attempt. The problem is not one of duplicate delivery – Exim is clever enough to handle that – but of what happens when the redirection list changes during the time that the message is on Exim’s queue. This is particularly true in the case of mailing lists, where new subscribers might receive copies of messages that were posted before they subscribed.

If one_time is set and any addresses generated by the router fail to deliver at the first attempt, the failing addresses are added to the message as “top level” addresses, and the parent address that generated them is marked “delivered”. Thus, redirection does not happen again at the next delivery attempt.

Warning 1: Any header line addition or removal that is specified by this router would be lost if delivery did not succeed at the first attempt. For this reason, the headers_add and headers_remove generic options are not permitted when one_time is set.

Warning 2: To ensure that the router generates only addresses (as opposed to pipe or file deliveries or auto-replies) forbid_file, forbid_pipe, and forbid_filter_reply are forced to be true when one_time is set.

Warning 3: The unseen generic router option may not be set with one_time.

The original top-level address is remembered with each of the generated addresses, and is output in any log messages. However, any intermediate parent addresses are not recorded. This makes a difference to the log only if all_parents log selector is set. It is expected that one_time will typically be used for mailing lists, where there is normally just one level of expansion.

owners Use: redirect Type: string list Default: unset

This specifies a list of permitted owners for the file specified by file. This list is in addition to the local user when check_local_user is set. See check_owner above.

owngroups Use: redirect Type: string list Default: unset

This specifies a list of permitted groups for the file specified by file. The list is in addition to the local user’s primary group when check_local_user is set. See check_group above.

pipe_transport Use: redirect Type: string Default: unset

A redirect router sets up a direct delivery to a pipe when a string starting with a vertical bar character is specified as a new “address”. The transport used is specified by this option, which, after expansion, must be the name of a configured transport. This should normally be a pipe transport. When the transport is run, the pipe command is in $address_pipe.

qualify_domain Use: redirect Type: string Default: unset

If this option is set, and an unqualified address (one without a domain) is generated, and that address would normally be qualified by the global setting in qualify_recipient, it is instead qualified with the domain specified by expanding this string. If the expansion fails, the router declines. If you want to revert to the default, you can have the expansion generate $qualify_recipient.

This option applies to all unqualified addresses generated by Exim filters, but for traditional .forward files, it applies only to addresses that are not preceded by a backslash. Sieve filters cannot generate unqualified addresses.

qualify_preserve_domain Use: redirect Type: boolean Default: false

If this option is set, the router’s local qualify_domain option must not be set (a configuration error occurs if it is). If an unqualified address (one without a domain) is generated, it is qualified with the domain of the parent address (the immediately preceding ancestor) instead of the global qualify_recipient value. In the case of a traditional .forward file, this applies whether or not the address is preceded by a backslash.

repeat_use Use: redirect Type: boolean Default: true

If this option is set false, the router is skipped for a child address that has any ancestor that was routed by this router. This test happens before any of the other preconditions are tested. Exim’s default anti-looping rules skip only when the ancestor is the same as the current address. See also check_ancestor above and the generic redirect_router option.

reply_transport Use: redirect Type: string Default: unset

A redirect router sets up an automatic reply when a mail or vacation command is used in a filter file. The transport used is specified by this option, which, after expansion, must be the name of a configured transport. This should normally be an autoreply transport. Other transports are unlikely to do anything sensible or useful.

rewrite Use: redirect Type: boolean Default: true

If this option is set false, addresses generated by the router are not subject to address rewriting. Otherwise, they are treated like new addresses and are rewritten according to the global rewriting rules.

sieve_subaddress Use: redirect Type: string Default: unset

The value of this option is passed to a Sieve filter to specify the :subaddress part of an address.

sieve_useraddress Use: redirect Type: string Default: unset

The value of this option is passed to a Sieve filter to specify the :user part of an address. However, if it is unset, the entire original local part (including any prefix or suffix) is used for :user.

sieve_vacation_directory Use: redirect Type: string Default: unset

To enable the “vacation” extension for Sieve filters, you must set sieve_vacation_directory to the directory where vacation databases are held (do not put anything else in that directory), and ensure that the reply_transport option refers to an autoreply transport. Each user needs their own directory; Exim will create it if necessary.

skip_syntax_errors Use: redirect Type: boolean Default: false

If skip_syntax_errors is set, syntactically malformed addresses in non-filter redirection data are skipped, and each failing address is logged. If syntax_errors_to is set, a message is sent to the address it defines, giving details of the failures. If syntax_errors_text is set, its contents are expanded and placed at the head of the error message generated by syntax_errors_to. Usually it is appropriate to set syntax_errors_to to be the same address as the generic errors_to option. The skip_syntax_errors option is often used when handling mailing lists.

If all the addresses in a redirection list are skipped because of syntax errors, the router declines to handle the original address, and it is passed to the following routers.

If skip_syntax_errors is set when an Exim filter is interpreted, any syntax error in the filter causes filtering to be abandoned without any action being taken. The incident is logged, and the router declines to handle the address, so it is passed to the following routers.

Syntax errors in a Sieve filter file cause the “keep” action to occur. This action is specified by RFC 3028. The values of skip_syntax_errors, syntax_errors_to, and syntax_errors_text are not used.

skip_syntax_errors can be used to specify that errors in users’ forward lists or filter files should not prevent delivery. The syntax_errors_to option, used with an address that does not get redirected, can be used to notify users of these errors, by means of a router like this:

userforward:
  driver = redirect
  allow_filter
  check_local_user
  file = $home/.forward
  file_transport = address_file
  pipe_transport = address_pipe
  reply_transport = address_reply
  no_verify
  skip_syntax_errors
  syntax_errors_to = real-$local_part@$domain
  syntax_errors_text = \
   This is an automatically generated message. An error has\n\
   been found in your .forward file. Details of the error are\n\
   reported below. While this error persists, you will receive\n\
   a copy of this message for every message that is addressed\n\
   to you. If your .forward file is a filter file, or if it is\n\
   a non-filter file containing no valid forwarding addresses,\n\
   a copy of each incoming message will be put in your normal\n\
   mailbox. If a non-filter file contains at least one valid\n\
   forwarding address, forwarding to the valid addresses will\n\
   happen, and those will be the only deliveries that occur.

You also need a router to ensure that local addresses that are prefixed by real- are recognized, but not forwarded or filtered. For example, you could put this immediately before the userforward router:

real_localuser:
  driver = accept
  check_local_user
  local_part_prefix = real-
  transport = local_delivery

For security, it would probably be a good idea to restrict the use of this router to locally-generated messages, using a condition such as this:

  condition = ${if match {$sender_host_address}\
                         {\N^(|127\.0\.0\.1)$\N}}

syntax_errors_text Use: redirect Type: string Default: unset

See skip_syntax_errors above.

syntax_errors_to Use: redirect Type: string Default: unset

See skip_syntax_errors above.

<-previousTable of Contentsnext->