I've recently been doing a detailed review of the Exim configuration
on our central email relay machines. In the course of this I became
irritated about inconsistencies in the ordering of the configuration
options, especially when this made it less clear what options were
router preconditions and which affected whether messages and addresses
were accepted or delayed etc. In the absence of guidelines in the Exim
specification I decided to create my own, which are included below. If
you have any suggestions or opinions about it I would welcome the
feedback. I haven't tried out the guidelines much yet, so it's hard to
say how helpful they are. I'd particularly like to hear from you if
you do try using them.
Tony.
--
f.a.n.finch <dot@???>
http://dotat.at/
BERWICK ON TWEED TO WHITBY: NORTHWEST 5 OR 6, OCCASIONALLY 7. SQUALLY SHOWERS
SPREAD FROM NORTH. GOOD. MODERATE LOCALLY ROUGH.
# $Cambridge: hermes/doc/misc/EximStyle,v 1.1 2003/10/03 15:18:49 fanf2 Exp $
# this file serves two purposes: it's a quick reference for
# exim's configuration options, and a suggested option ordering
# to use when writing configurations. the idea is to make it
# easier to understand what exim will do by dividing the options
# into categories and ordering them similarly to the order in
# which exim looks at them.
# options marked with a * are string expansions. in general
# expansion failures cause the router to defer the address. if
# the failure action is different, it is marked in brackets
# after the *. options marked with a second * mean that forced
# failure has a different action from other failures. this
# usually causes the option to have no effect (or the default
# effect), and if not the action is stated in brackets after the
# second *.
# options marked with + are domain/host/address/local-part lists
# which always defer if expansion fails, or do not match if
# failure is forced, i.e. * *(no match) in the notation above.
# for router preconditions this is equivalent to * *(decline).
# options marked ! are boolean. the y/n following is the default.
# options which are not unset by default have their value given
# after an = if it is sufficiently simple.
# first put macros that are used throughout the configuration.
# if a macro is only used to adjust one main configuration
# option then it can go next to that option.
# next put the main configuration options. order them according
# to the categorization in chapter 13 of the specification.
begin acl
# put your acl configuration next, in the same order as they
# were referred to in the main configuration section. if your
# acls refer to other acls, put the other acls after all the
# main acls in the order they were first mentioned
# end acl
begin local_scan
# then put private options for the local_scan function, if any
# end local_scan
begin authenticators
# authentication is related to the access control configuration
# in the previous two sections, so put it next. order the
# configuration options for each authenticator according to the
# generic template below. server options come before client
# options, following the general ordering of this file.
generic:
# mandatory options
driver
public_name
# generic server options
server_advertise_condition *
server_debug_print *
server_set_id *
server_mail_auth_condition *
# per-driver server options
(see below)
# per-driver client options
(see below)
# other per-driver options
(see below)
plaintext:
# per-driver server options
server_prompts *
server_condition * *
# per-driver client options
client_send * *
cram_md5:
# per-driver server options
server_secret * *
# per-driver client options
client_name * * =$primary_hostname
client_secret * *
spa:
# per-driver server options
server_password * *
# per-driver client options
client_domain * *
client_password * *
client_username * *
# end authenticators
begin rewrite
# in general addresses are rewritten the first time they are
# seen, so put rewrite rules immediately before the routers.
# end rewrite
begin routers
# the ordering for routers is mostly determined by external
# factors. order the configuration options for each router
# according to the generic template below.
generic:
# mandatory option
driver
# first put any preconditions in the order they are tested
local_part_prefix
local_part_prefix_optional !n
local_part_suffix
local_part_suffix_optional !n
verify_recipient !y
verify_sender !y
verify !y
address_test !y
verify_only !n
expn !y
domains +
local_parts +
check_local_user !n
debug_print *(log error)
router_home_directory * *(continue)
senders +
require_files * *(item ignored)
condition ! * *(decline)
# options that can control how the router accepts
address_data * *(decline)
caseful_local_part !n
fail_verify_recipient !n
fail_verify_sender !n
fail_verify !n
ignore_target_hosts +
self =freeze
# per-driver acceptance options
(see below)
# options that control subsequent routing
more !y * *
pass_on_timeout !n
pass_router
redirect_router
translate_ip_address * *
unseen !n * *
# per-driver subsequent routing options
(see below)
# other options
cannot_route_message *(default, log failure) *(default)
disable_logging !n
log_as_local !
retry_use_local_part !
# other per-driver options
(see below)
# ordered transport-related options
errors_to * *
headers_add * *
headers_remove * *
transport *
# per-driver transport options
(see below)
# other transport-related options
fallback_hosts
group * =
initgroups !n
transport_current_directory *
transport_home_directory * =
user * =
accept:
# no extra options
dnslookup:
# options that control how the router accepts
check_secondary_mx !n
mx_domains +
# other options
qualify_single !y
rewrite_headers !y
same_domain_copy_routing !n
search_parents !n
widen_domains
ipliteral:
# no extra options
iplookup:
# options that control how the router accepts
optional !n
reroute *
response_pattern
# other options
hosts
port =0
protocol =udp
query *
timeout =5s
manualroute:
# options that control how the router accepts
host_find_failed =freeze
route_data * *(decline)
route_list
# other options
hosts_randomize !n
same_domain_copy_routing !n
queryprogram:
# options that control how the router accepts
command *
# other options
command_group
command_user
current_directory =/
timeout =1h
redirect:
# options that control how the router accepts
data * *(decline)
file * *(decline)
ignore_eacces !n
ignore_enotdir !n
skip_syntax_errors !n
# options that control subsequent routing
check_ancestor !n
one_time !n
qualify_preserve_domain !n
repeat_use !y
rewrite !y
syntax_errors_to
# other options
allow_defer !n
allow_fail !n
allow_filter !n
allow_freeze !n
check_group !
check_owner !
forbid_blackhole !n
forbid_file !n
forbid_filter_existstest !n
forbid_filter_logwrite !n
forbid_filter_lookup !n
forbid_filter_perl !n
forbid_filter_readfile !n
forbid_filter_readsocket !n
forbid_filter_reply !n
forbid_filter_run !n
forbid_include !n
forbid_pipe !n
hide_child_in_errmsg !n
include_directory
modemask =022
owners
owngroups
syntax_errors_text *
# transport-related options
directory_transport *
file_transport *
pipe_transport *
reply_transport *
# end routers
begin transports
# put transports in the order in which they are mentioned by the
# routers. shadow transports should be placed immediately after
# their primary transport. you should order the options
# according to the lists below, in a similar way to the router
# options above.
generic:
# mandatory option
driver
# options that affect delivery destination and success
message_size_limit * =0
rcpt_includes_affixes !n
shadow_condition * *
shadow_transport
# per-driver options that affect delivery
(see below)
# message transformation options
body_only !n
delivery_date_add !n
envelope_to_add !n
headers_add * *
headers_only !n
headers_remove * *
headers_rewrite
return_path * *
return_path_add !n
transport_filter *
# per-driver message transformation options
(see below)
# options that override router settings
current_directory *
group * =exim
home_directory *
user * =exim
# per-driver options that override router settings
(see below)
# other options
disable_logging !n
debug_print *(log error)
initgroups !n
retry_use_local_part !
# other per-driver options
(see below)
appendfile:
# options that affect delivery destination and success
allow_fifo !n
allow_symlink !n
batch_id *(no batching)
batch_max =1
check_group !n
check_owner !y
create_directory !y
create_file =anywhere
directory_file * =q${base62:$tod_epoch}-$inode
file_format
file_must_exist !n
maildir_format !n
maildir_tag * *
mailstore_format !n
mbx_format !n
mode_fail_narrower !y
notify_comsat !f
quota *
quota_directory *
quota_filecount *
quota_is_inclusive !y
quota_size_regex
quota_warn_message *
quota_warn_threshold *
# options that override router settings
directory *
file *
# message transformation options
check_string
escape_string
mailstore_prefix * *
mailstore_suffix * *
message_prefix * =
message_suffix * =
use_bsmtp !y
use_crlf !n
# other options
directory_mode
lock_fcntl_timeout =0s
lock_flock_timeout =0s
lock_interval =3s
lock_retries =10
lockfile_mode =0600
lockfile_timeout =30m
maildir_retries =10
mode
use_fcntl_lock !
use_flock_lock !n
use_lockfile !
use_mbx_lock !
autoreply:
# options that affect delivery destination and success
file_optional !f
# options that DO NOT override router settings
bcc *
cc *
file *
file_expand !n
from *
log *
once *
once_repeat * =0s
reply_to *
return_message !f
subject *
text *
to *
# message transformation options
headers *
# other options
mode =0600
once_file_size =0
lmtp:
# options that affect delivery destination and success
batch_id *
batch_max =1
command *
socket *
# other options
timeout =5m
pipe:
# options that affect delivery destination and success
allow_commands *
batch_id *
batch_max =1
freeze_exec_fail !n
ignore_status !n
restrict_to_path !n
temp_errors
# options that override router settings
command *
# message transformation options
check_string
escape_string
message_prefix *
message_suffix *
use_bsmtp !n
use_crlf !n
# other options
environment *
log_defer_output !n
log_fail_output !n
log_output !n
max_output =20K
path =/usr/bin
pipe_as_creator !n
return_fail_output !n
return_output !n
timeout =1h
umask =022
use_shell !n
smtp:
# options that affect delivery destination and success
allow_localhost !n
authenticated_sender * *
delay_after_cutoff !y
dns_qualify_single !y
dns_search_parents !n
fallback_hosts
gethostbyname !n
hosts_max_try =5
interface * *
port =protocol
# options that override router settings
hosts *
hosts_override !n
# other options
command_timeout =5m
connect_timeout =5m
connection_max_messages =500
data_timeout =5m
final_timeout =10m
helo_data * =$primary_hostname
hosts_avoid_esmtp +
hosts_avoid_tls +
hosts_nopass_tls +
hosts_randomize !n
hosts_require_auth +
hosts_require_tls +
hosts_try_auth +
keepalive !y
max_rcpt =100
multi_domain !y
protocol =smtp
retry_include_ip_address !y
serialize_hosts +
size_addition =1024
tls_certificate *
tls_privatekey *
tls_require_ciphers *
tls_tempfail_tryclear !y
tls_verify_certificates *
# end transports
begin retry
# finally put the retry rules.
# end retry
# end of file
