exim (8) Linux Manual Page
exim – a Mail Transfer Agent
Synopsis
exim [options] arguments ...mailq [options] arguments ...rsmtp [options] arguments ...rmail [options] arguments ...runq [options] arguments ...newaliases [options] arguments ...
Description
Exim is a mail transfer agent (MTA) developed at the University of Cambridge. It is a large program with very many facilities. For a full specification, see the reference manual. This man page contains only a description of the command line options. It has been automatically generated from the reference manual source, hopefully without too much mangling.
Like other MTAs, Exim replaces Sendmail, and is normally called by user agents (MUAs) using the path /usr/sbin/sendmail when they submit messages for delivery (some operating systems use /usr/lib/sendmail). This path is normally set up as a symbolic link to the Exim binary. It may also be used by boot scripts to start the Exim daemon. Many of Exim’s command line options are compatible with Sendmail so that it can act as a drop-in replacement.
Default Action
If no options are present that require a specific action (such as starting the daemon or a queue runner, testing an address, receiving a message in a specific format, or listing the queue), and there are no arguments on the command line, Exim outputs a brief message about itself and exits.
However, if there is at least one command line argument, -bm (accept a local message on the standard input, with the arguments specifying the recipients) is assumed. Thus, for example, if Exim is installed in /usr/sbin, you can send a message from the command line like this:
The -i option prevents a line containing just a dot from terminating the message. Only an end-of-file (generated by typing CTRL-D if the input is from a terminal) does so.
Setting Options By Program Name
If an Exim binary is called using one of the names listed in this section (typically via a symbolic link), certain options are assumed.
mailq- Behave as if the option
-bpwere present before any other options. The-bpoption requests a listing of the contents of the mail queue on the standard output. rsmtp- Behaves as if the option
-bSwere present before any other options, for compatibility with Smail. The-bSoption is used for reading in a number of messages in batched SMTP format. rmail- Behave as if the
-iand-oeeoptions were present before any other options, for compatibility with Smail. The namermailis used as an interface by some UUCP systems. The-ioption specifies that a dot on a line by itself does not terminate a non-SMTP message;-oeerequests that errors detected in non-SMTP messages be reported by emailing the sender. runq- Behave as if the option
-qwere present before any other options, for compatibility with Smail. The-qoption causes a single queue runner process to be started. It processes the queue once, then exits. newaliases- Behave as if the option
-biwere present before any other options, for compatibility with Sendmail. This option is used for rebuilding Sendmail’s alias file. Exim does not have the concept of a single alias file, but can be configured to run a specified command if called with the-bioption.
Options
—- This is a pseudo-option whose only purpose is to terminate the options and therefore to cause subsequent command line items to be treated as arguments rather than options, even if they begin with hyphens.
–help- This option causes Exim to output a few sentences stating what it is. The same output is generated if the Exim binary is called with no options and no arguments.
–version- This option is an alias for
-bVand causes version information to be displayed. -Ac-AmThese options are used by Sendmail for selecting configuration files and are ignored by Exim.-B<type>- This is a Sendmail option for selecting 7 or 8 bit processing. Exim is 8-bit clean; it ignores this option.
-bd- This option runs Exim as a daemon, awaiting incoming SMTP connections. Usually the
-bdoption is combined with the-q<time> option, to specify that the daemon should also initiate periodic queue runs.The
-bdoption can be used only by an admin user. If either of the-d(debugging) or-v(verifying) options are set, the daemon does not disconnect from the controlling terminal. When running this way, it can be stopped by pressing ctrl-C.By default, Exim listens for incoming connections to the standard SMTP port on all the host’s running interfaces. However, it is possible to listen on other ports, on multiple ports, and only on specific interfaces.
When a listening daemon is started without the use of
-oX(that is, without overriding the normal configuration), it writes its process id to a file called exim-daemon.pid in Exim’s spool directory. This location can be overridden by setting PID_FILE_PATH in Local/Makefile. The file is written while Exim is still running as root.When
-oXis used on the command line to start a listening daemon, the process id is not written to the normal pid file path. However,-oPcan be used to specify a path on the command line if a pid file is required.The SIGHUP signal can be used to cause the daemon to re-execute itself. This should be done whenever Exim’s configuration file, or any file that is incorporated into it by means of the
.includefacility, is changed, and also whenever a new version of Exim is installed. It is not necessary to do this when other files that are referenced from the configuration (for example, alias files) are changed, because these are reread each time they are used. -bdf- This option has the same effect as
-bdexcept that it never disconnects from the controlling terminal, even when no debugging is specified. -be- Run Exim in expansion testing mode. Exim discards its root privilege, to prevent ordinary users from using this mode to read otherwise inaccessible files. If no arguments are given, Exim runs interactively, prompting for lines of data. Otherwise, it processes each argument in turn.
If Exim was built with USE_READLINE=yes in Local/Makefile, it tries to load the
libreadlinelibrary dynamically whenever the-beoption is used without command line arguments. If successful, it uses the readline() function, which provides extensive line-editing facilities, for reading the test data. A line history is supported.Long expansion expressions can be split over several lines by using backslash continuations. As in Exim’s run time configuration, white space at the start of continuation lines is ignored. Each argument or data line is passed through the string expansion mechanism, and the result is output. Variable values from the configuration file (for example, $qualify_domain) are available, but no message-specific values (such as $message_exim_id) are set, because no message is being processed (but see
-bemand-Mset).Note: If you use this mechanism to test lookups, and you change the data files or databases you are using, you must exit and restart Exim before trying the same lookup again. Otherwise, because each Exim process caches the results of lookups, you will just get the same result as before. -bem<filename>- This option operates like
-beexcept that it must be followed by the name of a file. For example:exim -bem /tmp/testmessage The file is read as a message (as if receiving a locally-submitted non-SMTP message) before any of the test expansions are done. Thus, message-specific variables such as $message_size and $header_from: are available. However, no Received: header is added to the message. If the
-toption is set, recipients are read from the headers in the normal way, and are shown in the $recipients variable. Note that recipients cannot be given on the command line, because further arguments are taken as strings to expand (just like-be). -bF<filename>- This option is the same as
-bfexcept that it assumes that the filter being tested is a system filter. The additional commands that are available only in system filters are recognized. -bf<filename>- This option runs Exim in user filter testing mode; the file is the filter file to be tested, and a test message must be supplied on the standard input. If there are no message-dependent tests in the filter, an empty file can be supplied.
If you want to test a system filter file, use
-bFinstead of-bf. You can use both-bFand-bfon the same command, in order to test a system filter and a user filter in the same run. For example:exim -bF /system/filter -bf /user/filter </test/message This is helpful when the system filter adds header lines or sets filter variables that are used by the user filter.
If the test filter file does not begin with one of the special lines
# Exim filter
# Sieve filter it is taken to be a normal .forward file, and is tested for validity under that interpretation.
The result of an Exim command that uses
-bf, provided no errors are detected, is a list of the actions that Exim would try to take if presented with the message for real. More details of filter testing are given in the separate document entitled Exim’s interfaces to mail filtering.When testing a filter file, the envelope sender can be set by the
-foption, or by a "From " line at the start of the test message. Various parameters that would normally be taken from the envelope recipient address of the message can be set by means of additional command line options (see the next four options). -bfd<domain>- This sets the domain of the recipient address when a filter file is being tested by means of the
-bfoption. The default is the value of $qualify_domain. -bfl<local part>- This sets the local part of the recipient address when a filter file is being tested by means of the
-bfoption. The default is the username of the process that calls Exim. A local part should be specified with any prefix or suffix stripped, because that is how it appears to the filter when a message is actually being delivered. -bfp<prefix>- This sets the prefix of the local part of the recipient address when a filter file is being tested by means of the
-bfoption. The default is an empty prefix. -bfs<suffix>- This sets the suffix of the local part of the recipient address when a filter file is being tested by means of the
-bfoption. The default is an empty suffix. -bh<IP address>- This option runs a fake SMTP session as if from the given IP address, using the standard input and output. The IP address may include a port number at the end, after a full stop. For example:
exim -bh 10.9.8.7.1234
exim -bh fe80::a00:20ff:fe86:a061.5678 When an IPv6 address is given, it is converted into canonical form. In the case of the second example above, the value of $sender_host_address after conversion to the canonical form is fe80:0000:0000:0a00:20ff:fe86:a061.5678.
Comments as to what is going on are written to the standard error file. These include lines beginning with "LOG" for anything that would have been logged. This facility is provided for testing configuration options for incoming messages, to make sure they implement the required policy. For example, you can test your relay controls using
-bh.Warning 1: You can test features of the configuration that rely on ident (RFC 1413) information by using the-oMtoption. However, Exim cannot actually perform an ident callout when testing using-bhbecause there is no incoming SMTP connection.Warning 2: Address verification callouts are also skipped when testing using-bh. If you want these callouts to occur, use-bhcinstead.Messages supplied during the testing session are discarded, and nothing is written to any of the real log files. There may be pauses when DNS (and other) lookups are taking place, and of course these may time out. The
-oMioption can be used to specify a specific IP interface and port if this is important, and-oMaaand-oMaican be used to set parameters as if the SMTP session were authenticated.The exim_checkaccess utility is a "packaged" version of
-bhwhose output just states whether a given recipient address from a given host is acceptable or not.Features such as authentication and encryption, where the client input is not plain text, cannot easily be tested with
-bh. Instead, you should use a specialized SMTP test program such asswaks. -bhc<IP address>- This option operates in the same way as
-bh, except that address verification callouts are performed if required. This includes consulting and updating the callout cache database. -bi- Sendmail interprets the
-bioption as a request to rebuild its alias file. Exim does not have the concept of a single alias file, and so it cannot mimic this behaviour. However, calls to /usr/lib/sendmail with the-bioption tend to appear in various scripts such as NIS make files, so the option must be recognized.If
-biis encountered, the command specified by thebi_commandconfiguration option is run, under the uid and gid of the caller of Exim. If the-oAoption is used, its value is passed to the command as an argument. The command set bybi_commandmay not contain arguments. The command can use the exim_dbmbuild utility, or some other means, to rebuild alias files if this is required. If thebi_commandoption is not set, calling Exim with-biis a no-op. -bI:help- We shall provide various options starting -bI: for querying Exim for information. The output of many of these will be intended for machine consumption. This one is not. The
-bI:helpoption asks Exim for a synopsis of supported options beginning -bI:. Use of any of these options shall cause Exim to exit after producing the requested output. -bI:dscp- This option causes Exim to emit an alphabetically sorted list of all recognised DSCP names.
-bI:sieve- This option causes Exim to emit an alphabetically sorted list of all supported Sieve protocol extensions on stdout, one per line. This is anticipated to be useful for ManageSieve (RFC 5804) implementations, in providing that protocol’s SIEVE capability response line. As the precise list may depend upon compile-time build options, which this option will adapt to, this is the only way to guarantee a correct response.
-bm- This option runs an Exim receiving process that accepts an incoming, locally-generated message on the standard input. The recipients are given as the command arguments (except when
-tis also present – see below). Each argument can be a comma-separated list of RFC 2822 addresses. This is the default option for selecting the overall action of an Exim call; it is assumed if no other conflicting option is present.If any addresses in the message are unqualified (have no domain), they are qualified by the values of the
qualify_domainorqualify_recipientoptions, as appropriate. The-bnqoption (see below) provides a way of suppressing this for special cases.Policy checks on the contents of local messages can be enforced by means of the non-SMTP ACL.
The return code is zero if the message is successfully accepted. Otherwise, the action is controlled by the
-oex option setting – see below.The format of the message must be as defined in RFC 2822, except that, for compatibility with Sendmail and Smail, a line in one of the forms
From sender Fri Jan 5 12:55 GMT 1997
From sender Fri, 5 Jan 97 12:55:01 (with the weekday optional, and possibly with additional text after the date) is permitted to appear at the start of the message. There appears to be no authoritative specification of the format of this line. Exim recognizes it by matching against the regular expression defined by the
uucp_from_patternoption, which can be changed if necessary.The specified sender is treated as if it were given as the argument to the
-foption, but if a-foption is also present, its argument is used in preference to the address taken from the message. The caller of Exim must be a trusted user for the sender of a message to be set in this way. -bmalware<filename>- This debugging option causes Exim to scan the given file or directory (depending on the used scanner interface), using the malware scanning framework. The option of
av_scannerinfluences this option, so ifav_scanner‘s value is dependent upon an expansion then the expansion should have defaults which apply to this invocation. ACLs are not invoked, so ifav_scannerreferences an ACL variable then that variable will never be populated and-bmalwarewill fail.Exim will have changed working directory before resolving the filename, so using fully qualified pathnames is advisable. Exim will be running as the Exim user when it tries to open the file, rather than as the invoking user. This option requires admin privileges.
The
-bmalwareoption will not be extended to be more generally useful, there are better tools for file-scanning. This option exists to help administrators verify their Exim and AV scanner configuration. -bnq- By default, Exim automatically qualifies unqualified addresses (those without domains) that appear in messages that are submitted locally (that is, not over TCP/IP). This qualification applies both to addresses in envelopes, and addresses in header lines. Sender addresses are qualified using
qualify_domain, and recipient addresses usingqualify_recipient(which defaults to the value ofqualify_domain).Sometimes, qualification is not wanted. For example, if
-bS(batch SMTP) is being used to re-submit messages that originally came from remote hosts after content scanning, you probably do not want to qualify unqualified addresses in header lines. (Such lines will be present only if you have not enabled a header syntax check in the appropriate ACL.)The
-bnqoption suppresses all qualification of unqualified addresses in messages that originate on the local host. When this is used, unqualified addresses in the envelope provoke errors (causing message rejection) and unqualified addresses in header lines are left alone. -bP- If this option is given with no arguments, it causes the values of all Exim’s main configuration options to be written to the standard output. The values of one or more specific options can be requested by giving their names as arguments, for example:
exim -bP qualify_domain hold_domains However, any option setting that is preceded by the word "hide" in the configuration file is not shown in full, except to an admin user. For other users, the output is as in this example:
mysql_servers = <value not displayable> If
configis given as an argument, the config is output, as it was parsed, any include file resolved, any comment removed.If
config_fileis given as an argument, the name of the run time configuration file is output. (configure_fileworks too, for backward compatibility.) If a list of configuration files was supplied, the value that is output here is the name of the file that was actually used.If the
-nflag is given, then for most modes of-bPoperation the name will not be output.If
log_file_pathorpid_file_pathare given, the names of the directories where log files and daemon pid files are written are output, respectively. If these values are unset, log files are written in a sub-directory of the spool directory calledlog, and the pid file is written directly into the spool directory.If
-bPis followed by a name preceded by +, for example,exim -bP +local_domains it searches for a matching named list of any type (domain, host, address, or local part) and outputs what it finds.
If one of the words
router,transport, orauthenticatoris given, followed by the name of an appropriate driver instance, the option settings for that driver are output. For example:exim -bP transport local_delivery The generic driver options are output first, followed by the driver’s private options. A list of the names of drivers of a particular type can be obtained by using one of the words
router_list,transport_list, orauthenticator_list, and a complete list of all drivers with their option settings can be obtained by usingrouters,transports, orauthenticators.If
environmentis given as an argument, the set of environment variables is output, line by line. Using the-nflag suppresses the value of the variables.If invoked by an admin user, then
macro,macro_listandmacrosare available, similarly to the drivers. Because macros are sometimes used for storing passwords, this option is restricted. The output format is one item per line. -bp- This option requests a listing of the contents of the mail queue on the standard output. If the
-bpoption is followed by a list of message ids, just those messages are listed. By default, this option can be used only by an admin user. However, thequeue_list_requires_adminoption can be set false to allow any user to see the queue.Each message on the queue is displayed as in the following example:
25m 2.9K 0t5C6f-0000c8-00 <alice [at] wonderland.fict.example>
red.king [at] looking-glass.fict.example
<other addresses> The first line contains the length of time the message has been on the queue (in this case 25 minutes), the size of the message (2.9K), the unique local identifier for the message, and the message sender, as contained in the envelope. For bounce messages, the sender address is empty, and appears as "<>". If the message was submitted locally by an untrusted user who overrode the default sender address, the user’s login name is shown in parentheses before the sender address.
If the message is frozen (attempts to deliver it are suspended) then the text "*** frozen ***" is displayed at the end of this line.
The recipients of the message (taken from the envelope, not the headers) are displayed on subsequent lines. Those addresses to which the message has already been delivered are marked with the letter D. If an original address gets expanded into several addresses via an alias or forward file, the original is displayed with a D only when deliveries for all of its child addresses are complete.
-bpa- This option operates like
-bp, but in addition it shows delivered addresses that were generated from the original top level address(es) in each message by alias or forwarding operations. These addresses are flagged with "+D" instead of just "D". -bpc- This option counts the number of messages on the queue, and writes the total to the standard output. It is restricted to admin users, unless
queue_list_requires_adminis set false. -bpr- This option operates like
-bp, but the output is not sorted into chronological order of message arrival. This can speed it up when there are lots of messages on the queue, and is particularly useful if the output is going to be post-processed in a way that doesn’t need the sorting. -bpra- This option is a combination of
-bprand-bpa. -bpru- This option is a combination of
-bprand-bpu. -bpu- This option operates like
-bpbut shows only undelivered top-level addresses for each message displayed. Addresses generated by aliasing or forwarding are not shown, unless the message was deferred after processing by a router with theone_timeoption set. -brt- This option is for testing retry rules, and it must be followed by up to three arguments. It causes Exim to look for a retry rule that matches the values and to write it to the standard output. For example:
exim -brt bach.comp.mus.example
Retry rule: *.comp.mus.example F,2h,15m; F,4d,30m; The first argument, which is required, can be a complete address in the form local_part [at] domain, or it can be just a domain name. If the second argument contains a dot, it is interpreted as an optional second domain name; if no retry rule is found for the first argument, the second is tried. This ties in with Exim’s behaviour when looking for retry rules for remote hosts – if no rule is found that matches the host, one that matches the mail domain is sought. Finally, an argument that is the name of a specific delivery error, as used in setting up retry rules, can be given. For example: exim -brt haydn.comp.mus.example quota_3d
Retry rule: *@haydn.comp.mus.example quota_3d F,1h,15m -brw- This option is for testing address rewriting rules, and it must be followed by a single argument, consisting of either a local part without a domain, or a complete address with a fully qualified domain. Exim outputs how this address would be rewritten for each possible place it might appear.
-bS- This option is used for batched SMTP input, which is an alternative interface for non-interactive local message submission. A number of messages can be submitted in a single run. However, despite its name, this is not really SMTP input. Exim reads each message’s envelope from SMTP commands on the standard input, but generates no responses. If the caller is trusted, or
untrusted_set_senderis set, the senders in the SMTP MAIL commands are believed; otherwise the sender is always the caller of Exim.The message itself is read from the standard input, in SMTP format (leading dots doubled), terminated by a line containing just a single dot. An error is provoked if the terminating dot is missing. A further message may then follow.
As for other local message submissions, the contents of incoming batch SMTP messages can be checked using the non-SMTP ACL. Unqualified addresses are automatically qualified using
qualify_domainandqualify_recipient, as appropriate, unless the-bnqoption is used.Some other SMTP commands are recognized in the input. HELO and EHLO act as RSET; VRFY, EXPN, ETRN, and HELP act as NOOP; QUIT quits, ignoring the rest of the standard input.
If any error is encountered, reports are written to the standard output and error streams, and Exim gives up immediately. The return code is 0 if no error was detected; it is 1 if one or more messages were accepted before the error was detected; otherwise it is 2.
-bs- This option causes Exim to accept one or more messages by reading SMTP commands on the standard input, and producing SMTP replies on the standard output. SMTP policy controls, as defined in ACLs are applied. Some user agents use this interface as a way of passing locally-generated messages to the MTA.
In this usage, if the caller of Exim is trusted, or
untrusted_set_senderis set, the senders of messages are taken from the SMTP MAIL commands. Otherwise the content of these commands is ignored and the sender is set up as the calling user. Unqualified addresses are automatically qualified usingqualify_domainandqualify_recipient, as appropriate, unless the-bnqoption is used.The
-bsoption is also used to run Exim from inetd, as an alternative to using a listening daemon. Exim can distinguish the two cases by checking whether the standard input is a TCP/IP socket. When Exim is called from inetd, the source of the mail is assumed to be remote, and the comments above concerning senders and qualification do not apply. In this situation, Exim behaves in exactly the same way as it does when receiving a message via the listening daemon. -bt- This option runs Exim in address testing mode, in which each argument is taken as a recipient address to be tested for deliverability. The results are written to the standard output. If a test fails, and the caller is not an admin user, no details of the failure are output, because these might contain sensitive information such as usernames and passwords for database lookups.
If no arguments are given, Exim runs in an interactive manner, prompting with a right angle bracket for addresses to be tested.
Unlike the
-betest option, you cannot arrange for Exim to use the readline() function, because it is running as root and there are security issues.Each address is handled as if it were the recipient address of a message (compare the
-bvoption). It is passed to the routers and the result is written to the standard output. However, any router that hasno_address_testset is bypassed. This can make-bteasier to use for genuine routing tests if your first router passes everything to a scanner program.The return code is 2 if any address failed outright; it is 1 if no address failed outright but at least one could not be resolved for some reason. Return code 0 is given only when all addresses succeed.
Note: When actually delivering a message, Exim removes duplicate recipient addresses after routing is complete, so that only one delivery takes place. This does not happen when testing with-bt; the full results of routing are always shown.Warning:-btcan only do relatively simple testing. If any of the routers in the configuration makes any tests on the sender address of a message, you can use the-foption to set an appropriate sender when running-bttests. Without it, the sender is assumed to be the calling user at the default qualifying domain. However, if you have set up (for example) routers whose behaviour depends on the contents of an incoming message, you cannot test those conditions using-bt. The-Noption provides a possible way of doing such tests. -bV- This option causes Exim to write the current version number, compilation number, and compilation date of the exim binary to the standard output. It also lists the DBM library that is being used, the optional modules (such as specific lookup types), the drivers that are included in the binary, and the name of the run time configuration file that is in use.
As part of its operation,
-bVcauses Exim to read and syntax check its configuration file. However, this is a static check only. It cannot check values that are to be expanded. For example, although a misspelt ACL verb is detected, an error in the verb’s arguments is not. You cannot rely on-bValone to discover (for example) all the typos in the configuration; some realistic testing is needed. The-bhand-Noptions provide more dynamic testing facilities. -bv- This option runs Exim in address verification mode, in which each argument is taken as a recipient address to be verified by the routers. (This does not involve any verification callouts). During normal operation, verification happens mostly as a consequence processing a
verifycondition in an ACL. If you want to test an entire ACL, possibly including callouts, see the-bhand-bhcoptions.If verification fails, and the caller is not an admin user, no details of the failure are output, because these might contain sensitive information such as usernames and passwords for database lookups.
If no arguments are given, Exim runs in an interactive manner, prompting with a right angle bracket for addresses to be verified.
Unlike the
-betest option, you cannot arrange for Exim to use the readline() function, because it is running as exim and there are security issues.Verification differs from address testing (the
-btoption) in that routers that haveno_verifyset are skipped, and if the address is accepted by a router that hasfail_verifyset, verification fails. The address is verified as a recipient if-bvis used; to test verification for a sender address,-bvsshould be used.If the
-voption is not set, the output consists of a single line for each address, stating whether it was verified or not, and giving a reason in the latter case. Without-v, generating more than one address by redirection causes verification to end successfully, without considering the generated addresses. However, if just one address is generated, processing continues, and the generated address must verify successfully for the overall verification to succeed.When
-vis set, more details are given of how the address has been handled, and in the case of address redirection, all the generated addresses are also considered. Verification may succeed for some and fail for others.The return code is 2 if any address failed outright; it is 1 if no address failed outright but at least one could not be resolved for some reason. Return code 0 is given only when all addresses succeed.
If any of the routers in the configuration makes any tests on the sender address of a message, you should use the
-foption to set an appropriate sender when running-bvtests. Without it, the sender is assumed to be the calling user at the default qualifying domain. -bvs- This option acts like
-bv, but verifies the address as a sender rather than a recipient address. This affects any rewriting and qualification that might happen. -bw- This option runs Exim as a daemon, awaiting incoming SMTP connections, similarly to the
-bdoption. All port specifications on the command-line and in the configuration file are ignored. Queue-running may not be specified.In this mode, Exim expects to be passed a socket as fd 0 (stdin) which is listening for connections. This permits the system to start up and have inetd (or equivalent) listen on the SMTP ports, starting an Exim daemon for each port only when the first connection is received.
If the option is given as
-bw<time> then the time is a timeout, after which the daemon will exit, which should cause inetd to listen once more. -C<filelist>- This option causes Exim to find the run time configuration file from the given list instead of from the list specified by the CONFIGURE_FILE compile-time setting. Usually, the list will consist of just a single file name, but it can be a colon-separated list of names. In this case, the first file that exists is used. Failure to open an existing file stops Exim from proceeding any further along the list, and an error is generated.
When this option is used by a caller other than root, and the list is different from the compiled-in list, Exim gives up its root privilege immediately, and runs with the real and effective uid and gid set to those of the caller. However, if a TRUSTED_CONFIG_LIST file is defined in Local/Makefile, that file contains a list of full pathnames, one per line, for configuration files which are trusted. Root privilege is retained for any configuration file so listed, as long as the caller is the Exim user (or the user specified in the CONFIGURE_OWNER option, if any), and as long as the configuration file is not writeable by inappropriate users or groups.
Leaving TRUSTED_CONFIG_LIST unset precludes the possibility of testing a configuration using
-Cright through message reception and delivery, even if the caller is root. The reception works, but by that time, Exim is running as the Exim user, so when it re-executes to regain privilege for the delivery, the use of-Ccauses privilege to be lost. However, root can test reception and delivery using two separate commands (one to put a message on the queue, using-odq, and another to do the delivery, using-M).If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a prefix string with which any file named in a
-Ccommand line option must start. In addition, the file name must not contain the sequence /../. However, if the value of the-Coption is identical to the value of CONFIGURE_FILE in Local/Makefile, Exim ignores-Cand proceeds as usual. There is no default setting for ALT_CONFIG_PREFIX; when it is unset, any file name can be used with-C.ALT_CONFIG_PREFIX can be used to confine alternative configuration files to a directory to which only root has access. This prevents someone who has broken into the Exim account from running a privileged Exim with an arbitrary configuration file.
The
-Cfacility is useful for ensuring that configuration files are syntactically correct, but cannot be used for test deliveries, unless the caller is privileged, or unless it is an exotic configuration that does not require privilege. No check is made on the owner or group of the files specified by this option. -D<macro>=<value>- This option can be used to override macro definitions in the configuration file. However, like
-C, if it is used by an unprivileged caller, it causes Exim to give up its root privilege. If DISABLE_D_OPTION is defined in Local/Makefile, the use of-Dis completely disabled, and its use causes an immediate error exit.If WHITELIST_D_MACROS is defined in Local/Makefile then it should be a colon-separated list of macros which are considered safe and, if
-Donly supplies macros from this list, and the values are acceptable, then Exim will not give up root privilege if the caller is root, the Exim run-time user, or the CONFIGURE_OWNER, if set. This is a transition mechanism and is expected to be removed in the future. Acceptable values for the macros satisfy the regexp: ^[A-Za-z0-9_/.-]*$The entire option (including equals sign if present) must all be within one command line item.
-Dcan be used to set the value of a macro to the empty string, in which case the equals sign is optional. These two commands are synonymous:exim -DABC …
exim -DABC= … To include spaces in a macro definition item, quotes must be used. If you use quotes, spaces are permitted around the macro name and the equals sign. For example:
exim ‘-D ABC = something’ … -Dmay be repeated up to 10 times on a command line. Only macro names up to 22 letters long can be set. -d<debug options>- This option causes debugging information to be written to the standard error stream. It is restricted to admin users because debugging output may show database queries that contain password information. Also, the details of users’ filter files should be protected. If a non-admin user uses
-d, Exim writes an error message to the standard error stream and exits with a non-zero return code.When
-dis used,-vis assumed. If-dis given on its own, a lot of standard debugging data is output. This can be reduced, or increased to include some more rarely needed information, by directly following-dwith a string made up of names preceded by plus or minus characters. These add or remove sets of debugging data, respectively. For example,-d+filteradds filter debugging, whereas-d-all+filterselects only filter debugging. Note that no spaces are allowed in the debug setting. The available debugging categories are:acl ACL interpretation
auth authenticators
deliver general delivery logic
dns DNS lookups (see also resolver)
dnsbl DNS black list (aka RBL) code
exec arguments for execv() calls
expand detailed debugging for string expansions
filter filter handling
hints_lookup hints data lookups
host_lookup all types of name-to-IP address handling
ident ident lookup
interface lists of local interfaces
lists matching things in lists
load system load checks
local_scan can be used by local_scan()
lookup general lookup code and all lookups
memory memory handling
pid add pid to debug output lines
process_info setting info for the process log
queue_run queue runs
receive