1 <?xml version=
"1.0" encoding=
"utf-8"?>
2 <!DOCTYPE article PUBLIC
"-//OASIS//DTD DocBook XML V4.4//EN"
3 "http://www.docbook.org/xml/4.4/docbookx.dtd">
4 <article> <title>Exim
4 for Debian
</title>
5 <section> <title>Introduction
</title>
7 If you're reading this, you have found the README.Debian
8 file. This is good, thanks! Please continue reading this file in
9 its entirety. It is full of important information and has been
10 written with the questions in mind that keep popping up on the
13 <section> <title>How to find your way around the Documentation
</title>
15 Exim comes with very extensive documentation. Here is how to
20 A lot of information about Debian's Exim
4
21 packaging can be found in this document.
26 The packages contain a lot of Debian-specific man pages.
27 Use the
<command>apropos exim
</command> command to get a list.
32 Most files that control the default configuration are
33 documented in the exim4-config_files(
5) man page, which
34 is symlinked to the file names. man
<filename
> should
40 The Debian Exim
4 packages have their own
41 <ulink url=
"http://pkg-exim4.alioth.debian.org">
43 </ulink> which also links to a User FAQ.
48 The very extensive Upstream documentation is shipped
53 (
<filename>/usr/share/doc/exim4-base/spec.txt.gz
</filename>)
54 with the binary packages.
59 in HTML in the package
60 <filename>exim4-doc-html
</filename>
65 as a Texinfo file in the package
66 <filename>exim4-doc-info
</filename>
75 Please note that documentation found on the web or in other
76 parts of the Debian system (such as the Debian Reference)
77 might be outdated and thus give wrong advice. In doubt, the
78 documentation listed above should take precedence.
81 <section> <title>Getting Support
</title>
83 For your questions and comments, there is a
<ulink
84 url=
"http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users">
85 Debian-specific mailing list
</ulink>. Please ask Debian-specific
86 questions there, and only write to the upstream exim-users mailing
88 you are sure that your question is not Debian-specific.
89 Debian-specific questions are more likely to find answers on
90 our pkg-exim4-users mailing list, while complex custom
91 configuration issues might be more easily solved on the
92 upstream exim-users mailing list because of the broader and
93 more experienced audience there. You can subscribe to
94 pkg-exim4-users
<ulink
95 url=
"http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users">
96 via the subscription web page;
</ulink> you need to be
100 If you think that your question might be more easily answered
101 if one knows a bit about your configuration, you might want to
102 execute
<command>reportbug
--subject=
"none" --offline --quiet
103 --severity=wishlist
--body=
"none" --output=exim4.reportbug
104 exim4-config
</command> on the system in question, answer yes
105 to both
"include [extended] configuration" questions and include
106 the contents of the exim4.reportbug file generated by this
107 command with your question. Please check whether the file
108 contains any confidential information before sending.
111 <section> <title>Packaging
</title>
113 Similar to the Apache2 package, Exim
4 is an entirely
114 different package that does not currently offer a smooth
115 upgrade path from Debian's Exim
3 packages.
118 It is the first Exim package in Debian that can be configured
119 using debconf. However, the entire configuration framework is
120 extremely flexible, allowing you to get exactly the amount of
121 control you need for the job at hand.
124 The
<ulink url=
"http://pkg-exim4.alioth.debian.org"
125 type=
"http">development web page
</ulink> contains a lot of
126 useful links and other information. The subversion repository
127 of the Debian package is available for public read-only access
128 and is linked from the development web page.
130 <section> <title>Feature Sets in the daemon packages
</title>
132 To use Exim
4, you need at least the following packages:
135 <term>exim4-base
</term>
137 <simpara>support files for all Exim MTA (v4) packages
</simpara>
141 <term>exim4-config
</term>
143 <simpara>configuration for the Exim MTA (v4)
</simpara>
147 <term>exim4-daemon-light
</term>
149 <simpara>lightweight exim MTA (v4) daemon
</simpara>
155 Just apting the metapackage
<command>exim4
</command> will pull
156 in the other packages per dependency. You'll get an exim daemon
157 with minimal feature set (no external lookups).
160 If you need more advanced features like LDAP, sqlite, PostgreSQL
161 and MySQL data lookups, SASL and SPA SMTP authentication, embedded
162 Perl interpreter, and exiscan-acl for integration of
163 virus-scanners and SpamAssassin, you can replace
164 <command>exim4-daemon-heavy
</command> instead of
165 <command>exim4-daemon-light
</command>. Additionally, the source
166 package offers infrastructure to build your own custom-tailored
167 exim4-daemon-custom which exactly fits your special local needs.
168 The infrastructure to do so is already in place, see
169 debian/rules for instructions.
172 <section> <title>How to build a custom daemon
</title>
174 The process of building a custom daemon is partially
175 documented in the
<filename>debian/rules
</filename> file
176 in the source package. Patches for more documentation are welcome.
181 <section> <title>Configuration of Exim
4 in the Debian packages
</title>
183 Generally, the Debian Exim
4 packages are configured through
184 debconf. You have been asked some questions on package installation,
185 and your initial Exim configuration has been created from your
186 answers. You can repeat the configuration process any time by invoking
187 <command>dpkg-reconfigure exim4-config
</command>. If you are an
188 experienced Exim administrator and prefer to have your own,
189 hand-crafted, non-automatic Exim configuration, you will find
190 information about how to do so in
191 <xref linkend=
"completely-different-configuration"/>.
194 The debconf-driven configuration is mainly geared for a
195 one-domain shell account machine/workstation with local delivery
196 as suggested by the original upstream default configuration.
197 If you configure the packages to handle more than one local
198 domain, all local domains are treated identically. The domain
199 part is not used for routing and filtering decisions.
202 Despite the default configuration being extended somewhat from
203 the original upstream, chances are that you'll need to
204 manually change the Exim configuration with an editor if you intend to
205 do something that is not covered by the debconf-driven configuration.
206 It has never been the packages' intention to offer all possible
207 configuration methods through debconf. The configuration files are
208 there to be changed, feel free to do so if you see fit. The Debian
209 Exim
4 maintainers have tried to make the configuration as flexible as
210 possible so that manual intervention can be minimized.
213 If you need to make manual changes to the Exim configuration,
214 please be familiar with how Exim works. At minimum, have read this
215 README file and the manpages delivered with the Debian Exim
4
216 packages, and
<filename>/usr/share/doc/exim4-base/spec.txt.gz
</filename>
217 chapters
3 and
6.
<filename>spec.txt.gz
</filename> is an excellent
221 Please note that while most free-form fields in the
222 debconf-driven configuration have the entered string end up
223 verbatim in Exim's configuration file (and thus using more
224 advanced features like host, address and domain lists is possible
225 and will probably work), this is not officially supported.
226 Only plain lists are supported in the debconf dialogs. You may
227 use more advanced features, but they may stop working any time
230 <section> <title>The Configuration System
</title>
231 <section id=
"debconf-questions"> <title>The Debconf questions
</title>
233 In this section, we try to document and explain the debconf
234 questions, which are themselves limited to a small screen of
235 information and might leave questions unanswered. Since you
236 can usually read this file only after having answered the
237 questions, the process can always be repeated by invoking
238 <command>dpkg-reconfigure exim4-config.
</command>
239 <filename>/etc/exim4/update-exim4.conf.conf
</filename>,
240 documented in the
<command>update-exim4.conf
</command>
242 a simple shell-script snippet used to store the answers
243 that you passed to debconf when initially configuring Exim.
244 You may also modify this file with an editor of your choice.
245 The package maintainer scripts can handle this and will
246 preserve your changes.
248 <section> <title>General type of mail configuration
</title>
250 This is the main configuration question which will
251 control which of the remaining questions are
252 presented to you. It also controls things like daemon
253 invocation and delivery of outgoing mail.
255 <section> <title> internet site; mail is sent and
256 received directly using SMTP
</title>
258 This option is suitable for a standalone system
259 with full internet connectivity.
264 The Exim SMTP daemon will accept messages
265 to local domains, and deliver them locally.
270 Outgoing mail will be delivered directly
271 to the mail exchange servers of the
277 <section> <title> mail sent by smarthost; received via
278 SMTP or fetchmail
</title>
280 This option is suitable for a standalone client system
281 which has restricted internet connectivity, for
282 example on a residential connection where an SMTP
283 smarthost is used. Some ISPs block outgoing SMTP
284 connections to combat the spam problem, thus
285 requiring the use of their smarthosts. It is
286 generally a good idea to use the ISPs smart host
287 if one is connected with a dynamic IP address
288 since quite a few sites do not accept mail
289 directly delivered from a dial-in pool.
292 fetchmail can be used to retrieve incoming mail
293 from the ISP's POP3 or IMAP mail server and
294 deliver it to Exim via SMTP.
299 The Exim SMTP daemon will accept messages
300 to local domains, and deliver them locally.
305 Outgoing mail will always be delivered to
306 the smarthost configured in exim4.
311 <section> <title>mail sent by smarthost; no local mail
</title>
313 This option is suitable for a client system in a
314 computer pool which is not responsible for a local
315 e-mail domain. All locally generated e-mail is
316 sent to the smarthost without any local domains.
319 <section> <title>local delivery only; not on a network
</title>
321 This option is suitable for a standalone system
322 with no networking at all. Only messages for configured
323 local domains are accepted and delivered locally;
324 messages for all other domains are rejected:
325 ``Mailing to remote domains not supported''.
328 <section> <title>no configuration at this time
</title>
330 This option disables most of Debian's automatisms
331 and leaves exim in an unconfigured state.
332 update-exim4.conf will still copy
333 <filename>/etc/exim4/exim4.conf.template
</filename>
334 or concatenate the files from
335 <filename>/etc/exim4/conf.d,
</filename> and will
336 not generate any configuration control macros.
337 Unless you manually edit the configuration source,
338 this will leave Exim with a syntactically invalid
339 configuration file, thus in a state where the
340 daemon won't even start.
343 Only choose this option if you know what you're
344 doing and are prepared to create your own Exim
348 dpkg-conffile handling is still in place, and you
349 will be offered updates for configuration
350 snippets, as soon as they become available.
354 <section> <title>System mail name
</title>
356 The
"mail name" is the domain name used to
"qualify"
357 mail addresses without a domain name.
360 This name will also be used by other programs. It
361 should be the single, full domain name (FQDN).
364 For example, if a mail address on the local host is
365 foo@example.org, then the correct value for this
366 option would be example.org.
369 Exim, as a rule, handles only fully qualified mail
370 addresses, that is, addresses with a local part, an @
371 sign and a domain. If confronted with an unqualified
372 address, that is, one without @ sign and without
373 domain, first thing exim does is qualify the address
374 by adding the @ sign and a domain.
377 This qualification happens for all addresses exim
378 encounters, be it sender, recipient or else.
381 The domain name used to qualify unqualified mail addresses
382 is called ``mail name'' on Debian systems and entered
383 in this debconf dialog. What you enter here will end
384 up in
<filename>/etc/mailname,
</filename> which is a
385 file that might be used by other programs as well.
388 In some configuration types, the package configuration
389 will offer you, at a later step, to hide this name
390 from outgoing messages by rewriting the headers.
393 <section> <title>IP addresses to listen on for incoming SMTP
396 Please enter a semicolon-separated list of IP addresses.
397 The Exim SMTP listener daemon will listen on all IP
398 addresses listed here.
401 An empty value will cause Exim to listen for connections
402 on all available network interfaces.
405 If this system does only receive e-mail directly from
406 local services (and not from other hosts),
407 it is suggested to prohibit external connections to the
408 local Exim daemon. Such services include e-mail
409 programs (MUSs) which talk to localhost only as well as
410 fetchmail. External connections are impossible when
411 127.0.0.1 is entered here, as this will disable listening
412 on public network interfaces.
415 Do not change this unless you know what you are doing.
416 Altering this value could post a security risk to your
417 system. For most users, the default value is sufficient.
420 <section> <title>Other destinations for which mail is accepted
</title>
422 Please enter a semicolon-separated list of recipient
423 domains for which this machine should consider itself
424 the final destination. These domains are commonly
425 called 'local domains'. The local hostname and 'localhost'
426 are always added to the list given here.
429 By default all local domains will be treated
430 identically. If both a.example and b.example are
431 local domains, acc@a.example and acc@b.example will
432 be delivered to the same final destination. If
433 different domain names should be treated differently,
434 it is necessary to edit the config files afterwards.
437 The answer to this question ends up in the list of
438 domains that Exim will consider local domains. Mail
439 for recipients in one of these domains will be
440 subject to local alias expansion and then delivered
441 locally in the appropriate configuration types.
444 <section> <title>Domains to relay mail for
</title>
446 Please enter a semicolon-separated list of recipient
447 domains for which this system will relay mail, for
448 example as a fallback MX or mail gateway. This means
449 that this system will accept mail for these domains
450 from anywhere on the Internet and deliver them
451 according to local delivery rules.
454 Do not mention local domains here. Wildcards may be used.
457 The answer to this question is a list of the domains
458 for which Exim will relay messages coming in from anywhere
462 <section> <title>Machines to relay mail for
</title>
464 Please enter a semicolon-separated list of IP address
465 ranges for which this system will unconditionally relay
466 mail, functioning as a smarthost.
469 You should use the standard address/prefix format
470 (e.g.
194.222.242.0/
24 or
5f03:
1200:
836f::/
48).
473 If this system should not be a smarthost for any
474 other host, leave this list blank.
477 Please note that systems not listed here can still use
478 SMTP AUTH to relay through this system. If this system
479 only has clients on dynamic IP addresses that use SMTP
480 AUTH, leave this list blank as well. Do
481 <emphasis>NOT
</emphasis> list
0.0.0.0/
0!
484 Warning: While it is possible to use
485 host
<emphasis>names
</emphasis> instead of IP addresses in this
486 list extra care needs to be taken in this case.
487 <emphasis>Unresolvable names in the host list will break
488 relaying.
</emphasis> See
489 <ulink url=
"http://www.exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html">
490 Exim specification - chapter Domain, host, address, and
492 </ulink> and the exim4-config_files man page.
495 <section> <title>IP address or host name of the outgoing
498 Please enter the IP address or the host name of a mail
499 server that this system should use as outgoing
500 smarthost. If the smarthost only accepts your mail on
501 a port different from TCP/
25, append two colons and
502 the port number (for example smarthost.example::
587 or
503 192.168.254.254::
2525). Colons in IPv6 addresses need
507 If the smarthost requires authentication, please refer
508 to
<xref linkend=
"smtp-auth"/> for notes about setting
509 up SMTP authentication.
512 Multiple smarthost entries are permitted, semicolon
513 separated. Each of the hosts is tried, in the order
514 specified (See Exim specification, chapter
20.5).
517 <section> <title>Hide local mail name in outgoing mail
</title>
519 The headers of outgoing mail can be rewritten to make
520 it appear to have been generated on a different
521 system, replacing the local host name in From,
522 Reply-To, Sender and Return-Path.
525 <section> <title>Visible domain name for local users
</title>
527 If you ask Exim to hide the local mail name in
528 outgoing mail, it will next ask you for the domain
529 name that should be visible for your local users.
530 These information is then used to establish the
531 appropriate rewriting rules.
534 <section> <title>Keep number of DNS queries minimal
535 (Dial-on-Demand)
</title>
537 In normal mode of operation Exim does DNS lookups at
538 startup, and when receiving or delivering messages.
539 This is for logging purposes and allows keeping down
540 the number of hard-coded values in the configuration.
543 If this system does not have a DNS full service
544 resolver available at all times (for example if its
545 Internet access is a dial-up line using
546 dial-on-demand), this might have unwanted
547 consequences. For example, starting up Exim or
548 running the queue (even with no messages waiting)
549 might trigger a costly dial-up-event.
552 This option should be selected if this system is
553 using Dial-on-Demand. If it has always-on Internet
554 access, this option should be disabled.
557 <section><title>Delivery method for local mail
</title>
559 Exim is able to store locally delivered mail in
560 different formats. The most commonly used ones are
561 mbox and Maildir. mbox uses a single file for the
562 complete mail folder stored in /var/mail/. With
563 Maildir format every single message is stored in a
564 separate file in ~/Maildir/.
567 Please note that most mail tools in Debian expect the
568 local delivery method to be mbox in their default.
571 <section> <title>Split configuration into small files
</title>
573 Our packages offer two (actually three, see
574 <xref linkend=
"completely-different-configuration"/>)
580 Generate Exim's configuration from
581 <filename>/etc/exim4/exim4.conf.template,
</filename>
582 which is basically a normal Exim run-time
583 configuration file which will be supplemented
584 with some macros generated from Debconf in a
585 post-processing step before it is passed to exim.
590 Generate Exim's configuration from the
592 <filename>/etc/exim4/conf.d/
</filename>. The
594 <filename>/etc/exim4/conf.d/
</filename>
595 correspond to the sections of the Exim
596 run-time configuration file, so you should
597 easily find your way around there.
602 Splitting the configuration across multiple files
603 means that you have the actual configuration file
604 automatically generated from the files below
605 <filename>/etc/exim4/conf.d/
</filename> by invoking
606 <command>update-exim4.conf
</command>. Each section
607 of Exim's configuration has its own subdirectory and
608 the files in there are supposed to be read in
610 <filename>router/
00_exim4-config_header
</filename>
612 <filename>router/
100_exim4-config_domain_literal
</filename>,
616 If you chose unsplit configuration,
617 <command>update-exim4.conf
</command> builds the
619 <filename>/etc/exim4/exim4.conf.template
</filename>,
620 which is basically the files from
621 <filename>/etc/exim4/conf.d/
</filename> concatenated
622 together at package build time, and thus guarantees
623 consistency on the target system.
626 In both cases,
<command>update-exim4.conf
</command>
627 generates exim configuration macros from the debconf
628 configuration values and puts them into
629 the actual configuration file, which is then used by
630 the Exim daemon. See the
631 <command>update-exim4.conf
</command> manual
632 page for more in-depth information about this
636 Benefits of the split configuration approach:
640 it means less work for you when upgrading.
641 If we shipped one big file and modified
642 for example the Maildir transport in a new
643 version you won't have to do manual
644 conffile merging unless you had changed
645 exactly
<emphasis>this
</emphasis>
651 It allows other packages (e.g. sa-exim) to
652 modify Exim's configuration by dropping
654 <filename>/etc/exim4/conf.d
</filename>.
655 This needs, however quite exact syncing
656 between the exim4 packages and the other,
663 Drawbacks of the split configuration approach:
667 It is more fragile. If files from
668 different sources (package, manually
669 changed, or other package) get out of
670 sync, it is possible for Exim to break
671 until you manually correct this. This can
672 for example happen if we decide to add a
673 new option to the Debian setup of a later
674 version, and you have already set this
675 option in a local file.
681 Benefits of the unsplit configuration approach:
685 People familiar with configuring Exim may
686 find this approach easier to understand as
687 <filename>exim4.conf.template
</filename>
688 basically is a complete Exim configuration
689 file which will only undergo some basic
690 string replacement before is it passed to
696 Split-config's fragility mentioned
697 above does not occur.
703 Drawbacks of the unsplit configuration approach:
707 Will require manual intervention in case of an
714 If in doubt go for the unsplit config, because it is
715 easier to roll back to Debian's default configuration
716 in one step. If you intend to do many changes to the
717 Debian setup, you might want to use the split config
718 at the price of having to more closely examine the
719 config file after an update.
722 We'd appreciate a patch that uses ucf and the
723 3-way-merge mechanism offered by that package. It
724 might be the best way to handle the big configuration
728 If you are using unsplit configuration, have local
729 changes to
<filename>/etc/exim4/conf.d/
</filename>
730 (either made by yourself or by other packages dropping
731 their own routers or transports in) and want to
733 <filename>/etc/exim4/exim4.conf.template
</filename> to
734 activate these changes, you can do so by using
735 <command>update-exim4.conf.template
</command>.
739 <section> <title>Access Control in the default configuration
</title>
741 The Debian exim
4 packages come with a default configuration
742 that allows flexible access control and blacklisting of
743 sites and hosts. The acls involved can be found in
744 /etc/exim4/conf.d/acl, or in /etc/exim4/exim4.conf.template,
745 depending on which configuration scheme you use. Most
746 rejections of messages due to this mechanism happen at RCPT
747 time. Local configuration of the mechanisms happens through
748 data files in /etc/exim4 or via Exim macros that you can set
749 in /etc/exim4/conf.d/main, so there is normally no need to
750 change the files in the acl subdirectory in a split-config
751 setup. If you use the non-split config, you need to edit
752 /etc/exim4/exim4.conf.template, which, as a big
753 dpkg-conffile, won't give you any advantage of the .ifdef
757 The data files are documented in the exim4-config_files man
761 The access lists delivered with the exim4 packages also
762 contain quite a few configuration options that are too
763 restrictive to be active by default on a real-life site.
764 These are masked by .ifdef statements, can be activated by
765 setting the appropriate macros, and are documented in the
769 <section id='macros'
> <title>Using Exim Macros to control the
770 configuration
</title>
772 Our configuration can be controlled in a limited way by
773 setting macros. That way, you can switch on and off certain
774 parts of the default configuration and/or override values set
775 in Debconf without having to touch the dpkg-conffiles. While
776 touching dpkg-conffiles itself is explitly allowed and wanted,
777 it can be quite a nuisance to be asked on package upgrade
778 whether one wants to use the locally changed file or the
779 file changed by the package maintainer.
782 Whenever you see an
<command>.ifdef
</command> or
783 <command>.ifndef
</command> clause in the configuration file,
784 you can control the appropriate clause by setting the macro in
785 a local configuration file. For split configuration, you can
786 drop the local configuration file anywhere in
787 <filename>/etc/exim4/conf.d/main
</filename>. Just make sure it
788 gets read before the macro is first used.
789 <filename>000_localmacros
</filename> is a possible name,
790 guaranteeing first order. For a non-split configuration,
791 <filename>/etc/exim4/exim4.conf.localmacros
</filename> gets
793 <filename>/etc/exim4/exim4.conf.template
</filename>. To
794 actually set the macro
<varname>EXIM4_EXAMPLE
</varname> to the
795 value
"this is a sample", write the following line
798 EXIM4_EXAMPLE = this is a sample
801 into the appropriate file. For more detailed discussion of the
802 general macro mechanism, see the Exim specification, chapter
803 6.4, for details how macro expansion works.
806 <section> <title>How does this work?
</title>
808 The script
<command>update-exim4.conf
</command> parses the
809 <filename>/etc/exim4/update-exim4.conf.conf
</filename> file
810 and provides the configuration for the exim daemon.
813 Depending on the value of
814 <varname>dc_use_split_config
</varname>, it either
818 takes all the files below
819 <filename>/etc/exim4/conf.d/
</filename> and
820 concatenates them together or
825 uses
<filename>exim4.conf.template
</filename> as
830 The debconf-managed information from
831 <filename>/etc/exim4/update-exim4.conf.conf
</filename> is
832 merged into the generated configuration file by generating a
833 number of Exim configuration macros.
836 <varname>DCsmarthost
</varname>, for example, is set to the
837 value of
<varname>$dc_smarthost
</varname>
838 in
<filename>/etc/exim4/update-exim4.conf.conf
</filename>
839 which holds the answer to
"Which machine will act as the
840 smarthost and handle outgoing mail?"
843 The result of these operations is saved as
844 <filename>/var/lib/exim4/config.autogenerated
</filename>,
845 which is
<emphasis>not
</emphasis> a dpkg-conffile! Manual
846 changes to this file will be overwritten by
847 <command>update-exim4.conf
</command>.
850 Please consult
<command>update-exim4.conf
</command> manpage
851 for more detailed information.
854 <command>update-exim4.conf
</command> is invoked by the init
855 script prior to any operation that may invoke an exim process,
856 and gives an error message if the generated config file is
857 syntactically invalid. If you want to activate your changes to
858 files in conf.d/ just execute
<command>invoke-rc.d exim4 restart
</command>.
861 <section id=
"howto-change-config"><title>How do I do minor tweaks to the configuration?
</title>
863 Some times, you want to do minor adjustments to the Exim
864 configuration to make Exim behave exactly like you want it
865 to behave. There are the following possibilities to modify
868 <section><title>Adjustments supported by the debconf configuration
</title>
870 If you want to modify parameters that are supported by the
871 debconf configuration, things are easy. Just invoke
872 <command>dpkg-reconfigure exim4-config
</command> or hand-edit
873 <filename>/etc/exim4/update-exim4.conf.conf
</filename> to your
874 liking and restart Exim.
877 You can find explanation of the debconf questions in
<xref
878 linkend=
"debconf-questions"/>.
880 <filename>/etc/exim4/update-exim4.conf.conf
</filename>
881 is documented in the
<command>update-exim4.conf
</command>
885 <section><title>Adjustments controlled by macros in the Debian Exim configuration
</title>
887 Some aspects of the Debian Exim configuration can be
888 controlled by Exim macros. To find out about these, you
889 need basic understanding of Exim configuration. Just look
890 in our Exim configuration and see which macro needs to be
891 set to a different value to alter Exim's behavior.
894 <xref linkend=
"macros"/> gives a closer explanation about
898 <section><title>Making direct changes to the Debian Exim configuration
</title>
900 You can, of course, make direct change to the
901 configuration. All configuration files in /etc/exim4 are
902 dpkg-conffiles, and you can thus edit them any time. Your
903 changes will be preserved through updates. You need to
904 know about how to configure Exim to be successful.
907 If you use unsplit configuration, edit
908 <filename>/etc/exim4/exim4.conf.template
</filename>. If you use
909 split configuration, edit the Exim configuration snippets in
910 <filename>/etc/exim4/conf.d
</filename>.
913 More information about how the Exim configuration is built
914 can be found in this document and in the
915 <command>update-exim4.conf
</command> manual page.
919 <section id=
"completely-different-configuration"> <title>Using a completely different configuration scheme
</title>
921 If you are an experienced Exim administrator, you might feel
922 working with our pre-fabricated configuration
923 cumbersome and complex. You might feel right if you need to
924 make more complex changes and do not need to receive updates
925 from us. This section is going to tell about how to use
926 your own configuration.
929 But, you might profit from keeping the Debian magic. Most
930 files that come with Debian exim4 are conffiles. Debian is
931 going to care about your changes and keeps them around.
932 Additionally, a lot of configuration options can be
933 overridden with a macro, which does not require you to
934 actually change our configuration file. A lot of people are
935 using our configuration scheme, and maybe it is going to
936 save you a lot of time if you decide to spend some time
937 familiarizing yourself with our scheme.
939 <section> <title>Override exim4-config configuration magic
</title>
941 If you are only running a small number of systems and
942 want to completely disable Debian's magic, just take
943 your monolithic configuration file and install it as
944 <filename>/etc/exim4/exim4.conf
</filename>. Exim will
945 use that file verbatim. To have something to start,
947 <filename>/etc/exim4/exim4.conf.template
</filename>,
948 run
<command>update-exim4.conf --keepcomments --output
949 /etc/exim4/exim4.conf
</command>, or use upstream's
950 default configuration file that is installed as
951 <filename>/usr/share/doc/exim4-base/examples/example.conf.gz
</filename>.
952 You are going to lose all magic you get from packaging
953 though, so you need to be familiar with Exim to build
954 an actually working config.
957 <filename>/var/lib/exim4/config.autogenerated
</filename>,
958 the file generated by
959 <command>update-exim4.conf
</command>, is ignored as soon
960 as
<filename>/etc/exim4/exim4.conf
</filename> is found.
962 <filename>/etc/exim4/exim4.conf
</filename> directly when
963 Exim is running, because the forked processes Exim starts
964 for SMTP receiving or queue running would use the new
965 configuration file, while the original main exim-daemon
966 would still use the old configuration file.
969 Some third-party HOWTOs that reference Debian and
970 claim to make things easy suggest dumping a
971 pre-fabricated, static config file to
972 <filename>/etc/exim4/exim4.conf
</filename>. This is
973 considered bad advice by the Debian maintainers since
974 you are going to disable all updates and service magic
975 that Debian might deliver in the future this way. If
976 you do not know exactly what you're doing here, this
977 is a bad choice. We try to comment on external HOWTOs
978 found on the web in the
<ulink
979 url=
"http://wiki.debian.org/PkgExim4UserFAQ">Debian
980 Exim4 User FAQ
</ulink> to help you find out which
984 <section> <title>Replacing exim4-config with your own exim4 configuration package.
</title>
986 We split off Exim's configuration system (debconf,
987 <command>update-exim4.conf
</command>, and the files in
988 <filename>/etc/exim4/conf.d)
</filename> to a separate
989 package, exim4-config. If you want to, you can replace
990 exim4-config by something entirely different. The other
991 packages don't care. Your package needs to:
995 Provides: exim4-config-
2, Conflicts:
996 exim4-config-
2,exim4-config
1001 drop the Exim
4 configuration either into
1002 <filename>/var/lib/exim4/config.autogenerated
</filename>
1003 or into
<filename>/etc/exim4/exim4.conf
</filename>.
1007 Your package must provide an executable
<command>update-exim4.conf
</command>
1008 that must be in root's path (
<filename>/usr/sbin
</filename> recommended). The init
1009 script will invoke that executable prior to invoking the
1010 actual exim daemon. If you do not need that script, have it exit
0.
1013 If you want to create your own configuration packages, there is a
1014 number of helpers available.
1018 The Exim
4 Debian svn repository holds sources for a
1019 exim4-config-simple package which contains a simple, not
1020 debconf-driven configuration scheme as an example which can
1021 be used as a template for a classical, exim4.conf based
1022 configuration scheme.
1027 The Exim
4 Debian svn repository holds sources for a
1028 exim4-config-medium package which contains the conf.d
1029 driven configuration of the main package with the
1030 debconf interaction removed. This can be used to create
1031 your own non-debconf configuration package that uses the
1037 Finally, you can invoke the script
1038 <filename>debian/config-custom/create-custom-config-package
</filename>
1039 which will create a new source package
1040 "exim4-config-custom" with the debconf-driven config
1041 scheme of exim4-config for your local modification.
1045 Please note that exim4-config-simple and
1046 exim4-config-medium are only targeted to be used as a
1047 template. The configurations contained are not
1048 suitable for productive use. Of course, the Debian
1049 maintainers appreciate any patches you might find
1050 suitable. The scripts in exim4-config-simple and
1051 exim4-config-medium may not work at all in your
1052 environment. Unfortunately, they have not been
1053 updated in a long time as well. We are willing to
1057 See the development web page for links to the subversion
1061 Exchanging the entire exim4-config package with
1062 something custom comes particularly handy for sites
1063 that have more than a few machines that are
1064 similarly configured, but do not want to use the
1065 original exim4-config package. Build your own
1066 exim4-config-custom or exim4-config-foo, and simply
1067 apt that package to the machines that need to have
1068 that configuration. Future updates can then be
1069 handled via the dpkg-conffile mechanism, properly
1070 detecting local modifications.
1073 In the future, it might be possible that Debian will
1074 contain multiple flavours of Exim4 configuration.
1075 However, these packages would have to be maintained
1076 by someone else because the exim4 package
1077 maintainers think that the scheme delivered with
1078 exim4-config is the least of all evils and would
1079 rather not spend the time to maintain multiple configuration
1080 schemes while only actually using one. It would be
1081 nice to have a configuration scheme using a
1082 monolithic config file, managed by ucf in
1083 three-way-merge mode. If anybody feels ready to
1084 maintain it, please go ahead.
1089 <section id=
"TLS"> <title>Using TLS
</title>
1090 <section> <title>Exim
4 as TLS/SSL client
</title>
1092 Both exim4-daemon-heavy and exim4-daemon-light support TLS/SSL
1093 using the GnuTLS library and STARTTLS. Exim will use TLS
1094 via STARTTLS
<emphasis>automatically
</emphasis> as client if
1095 the server Exim connects to offers it.
1098 This means that you will not need any special configuration if
1099 you want to use TLS for outgoing mail. However, if your
1100 server setup mandates the use of client certificates, you
1101 need to amend your remote_smtp and/or remote_smtp_smarthost
1102 transports with a tls_certificate option. This is not
1107 presented by the remote host is not checked unless you
1108 specify a tls_verify_certificate option on the transport.
1110 <para id=
"tls_client_certicate">
1111 To make exim send a TLS certificate to the remote host set
1112 REMOTE_SMTP_TLS_CERTIFICATE/REMOTE_SMTP_PRIVATEKEY or for
1113 the remote_smtp_smarthost transport
1114 REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE/REMOTE_SMTP_SMARTHOST_PRIVATEKEY
1118 TLS on connect is not natively supported.
1121 <section> <title>Enabling TLS support for Exim as server
</title>
1123 You should have created certificates in
1124 <filename>/etc/exim4/
</filename> either by hand or by usage of
1125 the exim-gencert (which requires openssl). exim-gencert is
1127 <filename>/usr/share/doc/exim4-base/examples/
</filename> and
1128 takes care of proper access privileges on the private key
1132 Now, enable TLS by setting the macro MAIN_TLS_ENABLE in a
1133 local configuration file as described in
<xref linkend=
"macros"/>.
1136 After this configuration, Exim will advertise STARTTLS when
1137 connected to on the normal SMTP ports. Some broken clients
1138 (most prominent example being nearly all versions of Microsoft
1139 Outlook and Outlook Express, and Incredimail) insist on doing
1140 TLS on connect on Port
465. If you need to support these, set
1141 SMTPLISTENEROPTIONS='-oX
465:
25 -oP /var/run/exim4/exim.pid'
1142 in
<filename>/etc/default/exim4
</filename> and
1143 "tls_on_connect_ports=465" in the main configuration section.
1146 The -oP is needed because Exim does not write an implicit pid
1147 file if -oX is given. Without pid file, init script and cron
1148 job will malfunction.
1151 It might be appropriate to add
"+tls_cipher +tls_peerdn" to
1152 any log_selector statement you might already have, or to add a
1153 log_selector statement setting these two options in a local
1154 configuration file. These options have Exim log what cipher
1155 your Exim and the peer's mailer have negotiated to use to
1156 encrypt the transaction, and they have Exim log the
1157 Distinguished Name of the peer's certificate.
1160 Exim can be configured to ask a client for a certificate and to
1161 try to verify it. Debian's exim configuration used to enable
1162 this by default, but stopped doing so since it caused TLS errors
1163 with a couple of popular clients (Outlook, Incredimail, etc.).
1164 To enable this again set the macro MAIN_TLS_TRY_VERIFY_HOSTS to
1165 the lists hosts whose certificates you want to check. (Use * to
1166 try checking all hosts. The value of the macro is used to
1167 populate exim's main option tls_try_verify_hosts.) You should
1168 also point MAIN_TLS_VERIFY_CERTIFICATES to a file containing the
1169 accepted certificates, since its default setting
1170 (/etc/ssl/certs/ca-certificates.crt) can contain a large list of
1171 certificates which causes the interoperabilty problems with
1172 Outlook et.al. noted above.
1175 The server certificate is only used for incoming connections,
1176 please consult
<xref linkend=
"tls_client_certicate"/> for the
1177 corresponding outgoing conncection options.
1180 <section> <title>Troubleshooting
</title>
1182 If Exim complains in an SMTP session that TLS is unavailable,
1183 the Exim mainlog or paniclog frequently has exact information
1184 about what might be wrong. Fo example, you might see
1187 2003-
01-
27 19:
06:
45 TLS error on connection from localhost [
127.0.0.1]
1188 (cert/key setup): Error while reading file)
1191 showing that there has been an error while accessing the
1192 certificate or the private key file.
1195 Insuffient entropy available is a frequent cause of TLS
1196 failures in Exim context. If Exim logs
"not enough random bytes
1197 available", or simply hangs silently when an encrypted
1198 connection should be established, then Exim was
1199 unable to read enough random data from
1200 <filename>/dev/random
</filename> to do whatever cryptographic
1201 operation is requested. Please check that your
1202 <filename>/dev/random
</filename> device is setup properly.
1205 You might also find
"TLS error on connection to [...]
1206 (gnutls_handshake): The Diffie-Hellman prime sent by the server is
1207 not acceptable (not long enough)." given as reason. Exim by default
1208 requires a DH prime length of
1024 bits. This requirement can be
1209 downgraded by setting the tls_dh_min_bits option on the SMTP
1210 transport. The setting is accessible in the Debian configuration by
1211 setting the macro TLS_DH_MIN_BITS. (e.g.
"TLS_DH_MIN_BITS = 768").
1215 <section id=
"smtp-auth"> <title>SMTP-AUTH
</title>
1217 Exim can do SMTP AUTH both as a client and as a server.
1220 AUTH PLAIN and AUTH LOGIN are disabled for connections which are
1221 not protected by SSL/TLS per default. These authentication
1222 methods use cleartext passwords, and allowing the
1223 transmission of cleartext passwords on unencrypted connections
1224 is a security risk. Therefore, the default configuration configures
1225 Exim not to use and/or allow AUTH PLAIN and AUTH LOGIN over
1226 unencrypted connections.
1229 It is thus recommended to set up Exim to use TLS to encrypt
1230 the connections. Please refer to
<xref linkend=
"TLS"/> for
1231 documentation about this. Note that most Microsoft clients
1232 need special handling for TLS.
1234 <section> <title>Using Exim as SMTP-AUTH client
</title>
1236 If you want to set up Exim as SMTP AUTH client for delivery
1237 to your internet access provider's smarthost put the name of
1238 the server, your login and password in
1239 <filename>/etc/exim4/passwd.client
</filename>. See the man
1240 page for exim4-config_files(
5) for more information about the
1244 If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted
1245 connections because your service provider does support neither
1246 TLS encryption nor the CRAM MD5 authentication method, you can
1247 do so by setting the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro.
1248 Please refer to
<xref linkend=
"macros"/> for an explanation of
1249 how best to do this.
1252 <filename>/etc/exim4/passwd.client
</filename> needs to be
1253 readable for the exim user (user Debian-exim, group
1254 Debian-exim). It is suggested that you keep the default
1255 permissions root:Debian-exim
0640.
1258 <section> <title>Using Exim as SMTP-AUTH server
</title>
1260 The configuration files include many, verbosely commented,
1261 examples for server-side smtp-authentication which just need
1265 If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted
1266 connections because your clients neither support TLS encryption
1267 nor the CRAM MD5 authentication method, you can do so by setting
1268 the AUTH_SERVER_ALLOW_NOTLS_PASSWORDS macro. Please refer to
1269 <xref linkend=
"macros"/> for an explanation of how best to
1273 If you want to authenticate against system passwords (e.g.
1274 <filename>/etc/shadow
</filename>) the easiest way is to use
1275 saslauthd in the Debian package sasl2-bin. You have to add the
1276 exim-user (currently Debian-exim) to the sasl group, to give
1277 exim permission to use the saslauthd service.
1280 The Debian exim4 maintainers consider using system login
1281 passwords a bad idea for the following reasons:
1285 A compromised password will give access to a system account.
1290 E-Mail passwords could accidentally be transmitted unencrypted.
1295 E-Mail passwords are likely to be stored with the
1296 client software, which greatly increases the chance of a
1305 <section> <title>How the Exim daemon is started
</title>
1307 The Debian Exim
4 packages' init script is located in
1308 <filename>/etc/init.d/exim4
</filename>. Apart from the
1309 functions that are required by Debian policy and the LSB, it
1310 supports the commands
<command>what
</command>, which executes
1311 <command>exiwhat
</command> to show what your Exim processes
1312 are doing, and
<command>force_stop
</command> which
1313 unconditionally kills all Exim processes.
1316 The init script can be configured to start listening and/or
1317 queue running daemons. This configuration can be found in
1318 <filename>/etc/default/exim4
</filename>. This file is
1319 extensively documented.
1323 <section> <title>Miscellaneous packaging issues
</title>
1324 <section> <title>The daily cron job
</title>
1326 Exim4's daily cron job
1327 (
<filename>/etc/cron.daily/exim4-base
</filename>)
1328 does basic housekeeping tasks:
1332 It reads
<filename>/etc/default/exim4
</filename>, so you
1333 can use this file to change any of the variables used in
1339 It is a no-op if no Exim4 binary is found.
1344 If
<command>$E4BCD_DAILY_REPORT_TO
</command> is set
1345 to a non-empty string, the output of eximstats is
1346 mailed to the address given in that variable. The
1347 default is empty, so no reports are sent. Options
1348 for eximstats can be given in
1349 <command>$E4BCD_DAILY_REPORT_OPTIONS
</command>.
1354 A non-empty paniclog is a nearly sure sign of bad
1355 things going on. Thus, the cron job will send out
1356 warning messages to the syslog and root if it finds
1357 the panic log non-empty.
1358 Please note that the paniclog is not rotated daily,
1359 so existing issues will be reported daily until
1360 either the paniclog is rotated due to its sheer
1361 size, or you manually move it away, for example by
1362 calling
<command>logrotate -f
1363 /etc/logrotate.d/exim4-paniclog
</command> from a shell.
1366 Just in case your system logs transient error
1367 situations to the panic log as well (see, for
1369 <ulink url=
"http://www.exim.org/bugzilla/show_bug.cgi?id=92">Exim Bug
92</ulink>),
1371 <command>$E4BCD_PANICLOG_NOISE
</command> to a
1372 regular expression. If the paniclog contains only
1373 lines that match that regular expression, no warning
1374 messages are generated.
1377 If you want to disable paniclog monitoring
1378 completely, set
<command>$E4BCD_WATCH_PANICLOG
</command>
1379 to no.
<command>E4BCD_WATCH_PANICLOG=once
</command> will
1380 rotate a non-empty paniclog automatically after sending out
1386 It tidies up the retry and hints databases.
1394 <section> <title>Using Exim with inetd/xinetd
</title>
1396 Exim4 is run as a separate daemon instead of inetd/xinetd for
1400 <term>Ease of maintenance:
</term>
1403 update-inetd is difficult to impossible to handle
1404 correctly (Just check the archived bug reports of Exim.)
1405 and update-inetd seems to be unmaintained for a long
1406 time, nobody dares to touch it. To quote Mark Baker, the
1407 maintainer of Exim (v3):
"I really wish I had never used
1408 inetd in the first place, but simply set up exim to run
1409 as a daemon, but it's too late to change that now."
1414 <term>Extended features
</term>
1417 Running from
<command>inetd
</command> interferes with
1418 Exim's resource controls (e.g it disables
1419 smtp_accept_max_per_host and smtp_accept_max).
1426 If you introduce bugs on your systems by running from (x)inetd
1427 you are on your own! If you want to run exim from
1428 <command>xinetd
</command>, follow these steps:
1432 Disable Exim
4's listening daemon by executing
1433 <command>update-exim4defaults --queuerunner
1439 Create
<filename>/etc/xinetd.d/exim4
</filename>
1445 socket_type = stream
1450 server = /usr/sbin/exim4
1451 server_args = exim4 -bs
1457 <simpara>Run
<command>invoke-rc.d exim4 restart; invoke-rc.d
1458 (x)inetd restart
</command></simpara>
1462 <para>If you want to use plain inetd, insert following line into
1463 <filename>/etc/inetd.conf
</filename>:
<programlisting>
1464 smtp stream tcp nowait Debian-exim /usr/sbin/exim4 exim4 -bs
1469 <section> <title>Handling incoming mail for local accounts with low UID
</title>
1471 Since system accounts (mail, uucp, lp etc) are usually aliased
1472 to root, and root's mailbox is usually read by a human, these
1473 account names have started to be a common target for spammers.
1474 The Debian Exim
4 packages have a mechanism to deal with this
1475 situation. However, since this derives rather far from normal
1476 behavior, it is disabled by default.
1479 To enable it, set the macro FIRST_USER_ACCOUNT_UID to a numeric,
1480 non-zero value. Incoming mail for local users that have a UID
1481 lower than FIRST_USER_ACCOUNT_UID is rejected with the message
"no
1482 mail to system accounts". Incoming mail for local users that
1483 have a UID greater or equal FIRST_USER_ACCOUNT_UID are processed as
1484 usual. Therefore, the default value of
0 ensures that the
1485 mechanism is disabled. On Debian systems, setting
1486 FIRST_USER_ACCOUNT_UID to
500 or
1000 (depending on your local policy)
1487 will disable incoming mail for system accounts.
1490 Just in case that you need exceptions to the rule,
1491 <filename>/etc/exim4/lowuid_aliases
</filename> is an alias
1492 file that is only honored for local accounts with UID lower
1493 than FIRST_USER_ACCOUNT_UID. If you define an alias for such an
1494 account here, incoming mail is processed according to the
1495 alias. If you alias the account to itself, messages are
1496 delivered to the account itself, which is an exception to the
1497 rule that messages for low-UID accounts are rejected. The
1498 format of
<filename>/etc/exim4/lowuid_aliases
</filename> is
1499 just another alias file.
1502 <section> <title>How to bypass local routing specialities
</title>
1504 Sometimes, it might be desireable to be able to bypass local
1505 routing specialities like the alias file or a user-forward
1506 file. This is possible in the Debian Exim4 packages by
1507 prefixing the account name with
"real-". For a local account
1508 name
"foo",
"real-foo@hostname.example" will result in direct
1509 delivery to foo's local Mailbox.
1512 This feature is by default only available for locally
1513 generated messages. If you want it to be accessible for
1514 messages delivered from remote as well, set the Exim macro
1515 COND_LOCAL_SUBMITTER to true. If you do not want this at all,
1516 set the macro to false. Please note that the userforward
1517 router uses this feature to get error messages delivered, i.e.
1518 notifying the user of a syntax error in her
1519 <filename>.forward
</filename> file.
1522 <section> <title>Using more complex deliveries from alias files
</title>
1524 Delivery to arbitrary files, directory or to pipes in the
1525 <filename>/etc/aliases
</filename> file is disabled by default
1526 in the Debian Exim
4 packages. The delivery process including the
1527 program being piped to would run as the exim admin-user
1528 Debian-exim, which might open up security holes.
1531 Invoking pipes from
<filename>/etc/aliases
</filename> file is
1532 widely considered obsolete and deprecated. The Debian Exim
1533 package maintainers would like to suggest using a dedicated
1534 router/transport pair to invoke local processes for mail
1535 processing. For example, the Debian mailman package contains a
1536 <filename>/usr/share/doc/mailman/README.Exim4.Debian
</filename> file
1537 that gives a good example how to implement this. Using a
1538 dedicated router/transport pair have the following advantages:
1542 The router/transport pair can be put in place by another
1543 package, giving a well-defined transaction point between
1544 Exim
4 and $PACKAGE.
1549 Not allowing pipe deliveries from alias files makes it
1550 harder to accidentally run programs with wrong
1556 It is possible to run different pipe processes under
1562 Even if only invoking a single local program, it is easier
1563 to do with your dedicated router/transport since you won't
1564 need to change this file, making automatic updates of this
1565 file possible for future versions of the Exim
4 packages. If
1566 you do local changes here, dpkg conffile handling will
1567 bother you on future updates.
1571 If you insist on using
<filename>/etc/aliases
</filename> in
1572 the traditional way, you will need to activate the
1573 respective functions by setting the transport options on the
1574 system_aliases router appropriately. Macros are defined to make
1577 <filename>/etc/exim4/conf.d/router/
400_exim4-config_system_aliases
</filename>
1578 for information about which macros are available. You might
1579 find the address_file, address_pipe and/or address_directory
1580 transports that are used for the userforward router helpful in
1581 writing your own transports for use in the system_aliases router.
1584 If any of your aliases expand to pipes or files or directories
1585 you should set up a user and a group for these deliveries to run
1586 under. You can do this by setting the
"user" and - if necessary
1587 - a
"group" option and adding a
"group" option if necessary.
1588 Alternatively, you can specify
"user" and/or
"group" on the
1589 transports that are used.
1593 <section> <title>Putting Exim
4 and UUCP together
</title>
1595 UUCP is a traditional way to execute remote jobs (e.g. spool
1596 mails), and as a lot of old things there are much more than one
1597 way to do it. However, today, the ways to handle it have boiled
1598 down to more or less two different ways.
1601 Our recommendation is to use bsmtp/rsmtp wherever possible,
1602 because it supports all kinds of mail addresses (also the empty
1603 ones in bounces), and is also better from the security point of
1606 <section> <title>Sending mail via UUCP
</title>
1607 <section> <title>rmail with full addresses
</title>
1609 rmail is the oldest way to transfer mail to a remote system.
1610 However, today it is normally required to use addresses with
1611 full domains for that (Well, they look like any normal address
1612 for you, and we do not tell about the other way to not confuse
1613 you ;). If you want this, you can use this transport:
1617 debug_print =
"T: rmail for $pipe_addresses"
1619 command = uux - -r -a$sender_address -gC $domain_data!rmail $pipe_addresses
1625 However, all recipients are handled via the command line, so
1626 you are discouraged to use it.
1629 <section> <title>bsmtp/rsmtp
</title>
1631 This is a more efficient way to transfer mails. It works
1632 like sending SMTP via a pipe, but instead of waiting for an
1633 answer, the SMTP is just batched; from this is also the name
1634 batched SMTP or short bsmtp.
1637 Furthermore, this way won't fail on addresses like
"
1638 "@do.main. If you want this, please use this, if the remote
1639 site uses rsmtp (e.g. is Exim
4):
1643 debug_print =
"T: rsmtp for $pipe_addresses"
1645 command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!rsmtp
1652 and this if it wants bsmtp as the command:
1656 debug_print =
"T: bsmtp for $pipe_addresses"
1658 command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!bsmtp
1665 Of course, these examples can be extended for e.g.
1666 compression (but you can also use ssh for compression, if
1670 <section> <title>The router
</title>
1672 You need a router to tell Exim
4 which mails to forward to
1673 UUCP. You can use this one; please adopt the last line. Of
1674 course, it is also possible to send mail via more than one way.
1678 debug_print =
"R: uucp_router for $local_part@$domain"
1680 require_files = +/usr/bin/uux
1681 domains = wildlsearch;/etc/exim4/uucp
1685 The file
<filename>/etc/exim4/uucp
</filename> looks like:
1688 *.do.main uucp.name.of.remote.side
1691 <section> <title>Speaking UUCP with the smarthost
</title>
1693 If you have a leaf system (i.e. all your mail not for your
1694 local system goes to a single remote system), you can just
1695 forward all non-local mail to the remote UUCP system. In
1696 this case, you can replace
"domains = ..." with
"domains = !
1697 +local_domains", but then you need also to replace
1698 $domain_data in the transport by the UUCP-name of your
1699 smarthost. The file
<filename>/etc/exim4/uucp
</filename> is
1700 not needed in this case.
1704 <section> <title>Receiving mail via UUCP
</title>
1705 <section> <title>Allow UUCP to use any envelope address
</title>
1707 Depending how much you trust your local users, you might use
1708 trusted_users and add uucp to it or use
1709 local_sender_retain=true and local_from_check=false.
1712 <section> <title>If you get batched smtp
</title>
1714 Allow uucp to execute rsmtp via
1716 commands rmail rnews rsmtp
1718 in your
<filename>/etc/uucp/sys
</filename>, and ask the
1719 sending site to use rsmtp (and not bsmtp) as the batched
1727 <section> <title>Updating from Exim
3</title>
1729 If you use
<command>exim4-config
</command> from Debian, you will
1730 get the debconf based configuration scheme that is intended to
1731 cover the majority of cases.
1734 If
<command>exim4-config
</command> is installed while an Exim
3
1735 package is present on the system,
1736 <command>exim4-config
</command> tries to parse the Exim
3 config
1737 file to determine the answers that were given to
1738 <command>eximconfig
</command> on Exim
3 installation. These
1739 answers are then taken as default values for the debconf based
1740 configuration process. Be warned!
<command>eximconfig
</command>
1741 from the Exim
3 packages does not record the explicit answers
1742 given on Exim
3 configuration. So we have to guess the answers
1743 from the Exim
3 configuration file
1744 <filename>/etc/exim/exim.conf
</filename>, which is bound to fail
1745 if the config file has been modified after using
1746 <command>eximconfig
</command>.
1749 This is the reason why we refrained from doing a
"silent update", but
1750 only use the guessed answers to get reasonable defaults for our
1751 debconf based configuration process.
1754 Please note that we do not use the
1755 <command>exim_convert4r4
</command> script, but try to configure
1756 the Exim
4 package in the same way Exim
3 was. This will
1757 hopefully aid future updates.
1760 If you have used a customized Exim
3 configuration, you can of
1761 course use
<command>exim_convert4r4
</command>, and install the
1762 resulting file as
<filename>/etc/exim4/exim4.conf
</filename>
1763 after careful inspection. Exim
4 will then use that file and
1764 ignore the file that it generated from the debconf
1765 configuration. To aid future updates, we do, however, encourage
1767 <filename>exim_convert4r4-generated
</filename> file verbatim but
1768 instead drop appropriate configuration snippets in their
1769 appropriate place in
<filename>/etc/exim4/conf.d
</filename>.
1772 <section> <title>Misc Notes
</title>
1773 <section> <title>PAM
</title>
1775 PAM: On Debian systems the PAM modules run as the same user
1776 as the calling program, so they cannot do anything you
1777 could not do yourself, and in particular cannot access
1778 <filename>/etc/shadow
</filename> unless the user is in group
1779 shadow. - If you want to use
1780 <filename>/etc/shadow
</filename> for Exim's SMTP AUTH you
1781 will need to run exim as group shadow. Only
1782 exim4-daemon-heavy is linked against libpam. We suggest using
1786 <section> <title>Account name restrictions
</title>
1788 In the default configuration, Exim cannot locally deliver
1789 mail to accounts which have capitals in their name. This is
1790 caused by the fact that Exim converts the local part of incoming
1791 mail to lower case before the comparision done by the
1792 check_local_user directive in routers is done.
1795 The router option caseful_local_part can be used to control
1796 this, and we decided not to set this option in the Debian
1797 configuration since it would be a rather big change to Exim's
1801 <section> <title>No deliveries to root!
</title>
1803 No Exim
4 version released with any Debian OS can run
1804 deliveries as root. If you don't redirect mail for root via
1805 <filename>/etc/aliases
</filename> to a nonprivileged
1806 account, the mail will be delivered to
1807 <filename>/var/mail/mail
</filename> with permissions
0600 and
1811 This redirection is done by the mail4root router which
1812 is last in the list and will thus catch mail for root that has not
1813 been taken care of earlier.
1816 <section> <title>Debugging maintainer and init scripts
</title>
1818 Most of the scripts that come with this Debian package do a
1819 <command>set -x
</command> if invoked with the environment
1820 variable EX4DEBUG defined and non-zero. This is particularly
1821 handy if you need to debug the maintainer scripts that are
1822 invoked during package installation. Since dpkg redirects
1823 stdout of maintainer scripts, calling dpkg with EX4DEBUG
1824 set might yield interesting results. If in doubt, invoke
1825 the maintainer scripts with EX4DEBUG set manually directly
1826 from the command line.
1829 <section> <title>SELinux
</title>
1831 There is no SELinux policy for Exim4 available so far.
1832 Until this is resolved, users should use postfix or
1833 sendmail if they intend to run SELinux.
1836 The Debian Exim4 maintainers would appreciate if
1837 somebody could write an SELinux policy. We will gladly
1838 use them in the Debian packages as long as there is
1839 somebody available to test, debug and support.
1842 <section> <title>misc
</title>
1846 <command>convert4r4
</command> is installed as
1847 <filename>/usr/sbin/exim_convert4r4.
</filename>
1852 The charset for $header_foo expansions defaults to
1853 UTF-
8 instead of ISO-
8859-
1.
1858 <ulink url=
"http://marc.merlins.org/linux/exim/">
1859 Marc Merlin's Exim
4 Page
</ulink> has a lot of ACL
1865 For an example of Exim usage in a
1866 <emphasis>large
</emphasis> installation, see
1869 url=
"http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2005-02-eximconf/">
1871 about the Exim installation at University of Cambridge:
1877 <section> <title>Debian modifications to the Exim source
</title>
1881 <ulink url=
"http://www.arise.demon.co.uk/exim-patches/">
1882 Patches
</ulink> by Steve Haslam:
1886 boolean_redefine_protect
1888 Surround the definition of TRUE and FALSE macros with #ifndef
1889 /#endif, in case some other header defines them (from mixing No
1890 Perl and Exim, istr)
1902 link exim dynamically against pcre.
1907 The main binary is /usr/sbin/exim4:
1911 src/globals.c was changed to use 'US
1912 BIN_DIRECTORY
"/exim4"' as default for
1918 changed default for $exim_path (modulo
1919 lower/upper case) from BIN_DIRECTORY/exim to
1920 BIN_DIRECTORY/exim4 in exicyclog.src,
1921 exim_checkaccess.src, eximon.src, exinext.src,
1922 exiqgrep.src, exiwhat.src.
1927 OS/Makefile-Linux:EXIWHAT_MULTIKILL_ARG=exim4
1936 url=
"http://marc.merlins.org/linux/exim/files/sa-exim-current/">localscan_dlopen
1938 Allow to use and switch between different local_scan
1939 functions without recompiling Exim. Use
1940 local_scan_path = /path/to/sharedobject to utilize
1941 local_scan() in
<filename>/path/to/sharedobject
</filename>.
1946 changes to the documentation to have the
<ulink
1947 url=
"mailto:pkg-exim4-users@lists.alioth.debian.org">
1948 Debian-specific mailing list
</ulink> mentioned where
1949 the
<ulink url=
"mailto:exim-users@exim.org">official
1950 exim-users list
</ulink> is mentioned
1959 <section> <title>Credits
</title>
1960 <para><variablelist>
1962 <term><ulink url=
"mailto:aba@not.so.argh.org">Andreas
1963 Barth
</ulink></term>
1965 <simpara>UUCP documentation
</simpara>
1969 <term>Dan Weber, Ryen Underwood
</term>
1971 <simpara>inetd/xinetd documentation
</simpara>
HCoop / hcoop / debian / exim4.git / blob