[Exim] style guide and quick reference

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Tony Finch
Dátum:  
Címzett: exim-users
Tárgy: [Exim] style guide and quick reference
I've recently been doing a detailed review of the Exim configuration
on our central email relay machines. In the course of this I became
irritated about inconsistencies in the ordering of the configuration
options, especially when this made it less clear what options were
router preconditions and which affected whether messages and addresses
were accepted or delayed etc. In the absence of guidelines in the Exim
specification I decided to create my own, which are included below. If
you have any suggestions or opinions about it I would welcome the
feedback. I haven't tried out the guidelines much yet, so it's hard to
say how helpful they are. I'd particularly like to hear from you if
you do try using them.

Tony.
--
f.a.n.finch <dot@???> http://dotat.at/
BERWICK ON TWEED TO WHITBY: NORTHWEST 5 OR 6, OCCASIONALLY 7. SQUALLY SHOWERS
SPREAD FROM NORTH. GOOD. MODERATE LOCALLY ROUGH.


# $Cambridge: hermes/doc/misc/EximStyle,v 1.1 2003/10/03 15:18:49 fanf2 Exp $

# this file serves two purposes: it's a quick reference for
# exim's configuration options, and a suggested option ordering
# to use when writing configurations. the idea is to make it
# easier to understand what exim will do by dividing the options
# into categories and ordering them similarly to the order in
# which exim looks at them.

# options marked with a * are string expansions. in general
# expansion failures cause the router to defer the address. if
# the failure action is different, it is marked in brackets
# after the *. options marked with a second * mean that forced
# failure has a different action from other failures. this
# usually causes the option to have no effect (or the default
# effect), and if not the action is stated in brackets after the
# second *.

# options marked with + are domain/host/address/local-part lists
# which always defer if expansion fails, or do not match if
# failure is forced, i.e. * *(no match) in the notation above.
# for router preconditions this is equivalent to * *(decline).

# options marked ! are boolean. the y/n following is the default.

# options which are not unset by default have their value given
# after an = if it is sufficiently simple.


# first put macros that are used throughout the configuration.
# if a macro is only used to adjust one main configuration
# option then it can go next to that option.


# next put the main configuration options. order them according
# to the categorization in chapter 13 of the specification.


begin acl

# put your acl configuration next, in the same order as they
# were referred to in the main configuration section. if your
# acls refer to other acls, put the other acls after all the
# main acls in the order they were first mentioned

# end acl


begin local_scan

# then put private options for the local_scan function, if any

# end local_scan


begin authenticators

# authentication is related to the access control configuration
# in the previous two sections, so put it next. order the
# configuration options for each authenticator according to the
# generic template below. server options come before client
# options, following the general ordering of this file.

generic:
    # mandatory options
    driver
    public_name
    # generic server options
    server_advertise_condition *
    server_debug_print *
    server_set_id *
    server_mail_auth_condition *
    # per-driver server options
    (see below)
    # per-driver client options
    (see below)
    # other per-driver options
    (see below)


plaintext:
    # per-driver server options
    server_prompts *
    server_condition * *
    # per-driver client options
    client_send * *


cram_md5:
    # per-driver server options
    server_secret * *
    # per-driver client options
    client_name * * =$primary_hostname
    client_secret * *


spa:
    # per-driver server options
    server_password * *
    # per-driver client options
    client_domain * *
    client_password * *
    client_username * *


# end authenticators


begin rewrite

# in general addresses are rewritten the first time they are
# seen, so put rewrite rules immediately before the routers.

# end rewrite


begin routers

# the ordering for routers is mostly determined by external
# factors. order the configuration options for each router
# according to the generic template below.

generic:
    # mandatory option
    driver
    # first put any preconditions in the order they are tested
    local_part_prefix
    local_part_prefix_optional !n
    local_part_suffix
    local_part_suffix_optional !n
    verify_recipient !y
    verify_sender !y
    verify !y
    address_test !y
    verify_only !n
    expn !y
    domains +
    local_parts +
    check_local_user !n
    debug_print *(log error)
    router_home_directory * *(continue)
    senders +
    require_files * *(item ignored)
    condition ! * *(decline)
    # options that can control how the router accepts
    address_data * *(decline)
    caseful_local_part !n
    fail_verify_recipient !n
    fail_verify_sender !n
    fail_verify !n
    ignore_target_hosts +
    self =freeze
    # per-driver acceptance options
    (see below)
    # options that control subsequent routing
    more !y * *
    pass_on_timeout !n
    pass_router
    redirect_router
    translate_ip_address * *
    unseen !n * *
    # per-driver subsequent routing options
    (see below)
    # other options
    cannot_route_message *(default, log failure) *(default)
    disable_logging !n
    log_as_local !
    retry_use_local_part !
    # other per-driver options
    (see below)
    # ordered transport-related options
    errors_to * *
    headers_add * *
    headers_remove * *
    transport *
    # per-driver transport options
    (see below)
    # other transport-related options
    fallback_hosts
    group * =
    initgroups !n
    transport_current_directory *
    transport_home_directory * =
    user * =


accept:
    # no extra options


dnslookup:
    # options that control how the router accepts
    check_secondary_mx !n
    mx_domains +
    # other options
    qualify_single !y
    rewrite_headers !y
    same_domain_copy_routing !n
    search_parents !n
    widen_domains


ipliteral:
    # no extra options


iplookup:
    # options that control how the router accepts
    optional !n
    reroute *
    response_pattern
    # other options
    hosts
    port =0
    protocol =udp
    query *
    timeout =5s


manualroute:
    # options that control how the router accepts
    host_find_failed =freeze
    route_data * *(decline)
    route_list
    # other options
    hosts_randomize !n
    same_domain_copy_routing !n


queryprogram:
    # options that control how the router accepts
    command *
    # other options
    command_group
    command_user
    current_directory =/
    timeout =1h


redirect:
    # options that control how the router accepts
    data * *(decline)
    file * *(decline)
    ignore_eacces !n
    ignore_enotdir !n
    skip_syntax_errors !n
    # options that control subsequent routing
    check_ancestor !n
    one_time !n
    qualify_preserve_domain !n
    repeat_use !y
    rewrite !y
    syntax_errors_to
    # other options
    allow_defer !n
    allow_fail !n
    allow_filter !n
    allow_freeze !n
    check_group !
    check_owner !
    forbid_blackhole !n
    forbid_file !n
    forbid_filter_existstest !n
    forbid_filter_logwrite !n
    forbid_filter_lookup !n
    forbid_filter_perl !n
    forbid_filter_readfile !n
    forbid_filter_readsocket !n
    forbid_filter_reply !n
    forbid_filter_run !n
    forbid_include !n
    forbid_pipe !n
    hide_child_in_errmsg !n
    include_directory
    modemask =022
    owners
    owngroups
    syntax_errors_text *
    # transport-related options
    directory_transport *
    file_transport *
    pipe_transport *
    reply_transport *


# end routers


begin transports

# put transports in the order in which they are mentioned by the
# routers. shadow transports should be placed immediately after
# their primary transport. you should order the options
# according to the lists below, in a similar way to the router
# options above.

generic:
    # mandatory option
    driver
    # options that affect delivery destination and success
    message_size_limit * =0
    rcpt_includes_affixes !n
    shadow_condition * *
    shadow_transport
    # per-driver options that affect delivery
    (see below)
    # message transformation options
    body_only !n
    delivery_date_add !n
    envelope_to_add !n
    headers_add * *
    headers_only !n
    headers_remove * *
    headers_rewrite
    return_path * *
    return_path_add !n
    transport_filter *
    # per-driver message transformation options
    (see below)
    # options that override router settings
    current_directory *
    group * =exim
    home_directory *
    user * =exim
    # per-driver options that override router settings
    (see below)
    # other options
    disable_logging !n
    debug_print *(log error)
    initgroups !n
    retry_use_local_part !
    # other per-driver options
    (see below)


appendfile:
    # options that affect delivery destination and success
    allow_fifo !n
    allow_symlink !n
    batch_id *(no batching)
    batch_max =1
    check_group !n
    check_owner !y
    create_directory !y
    create_file =anywhere
    directory_file * =q${base62:$tod_epoch}-$inode
    file_format
    file_must_exist !n
    maildir_format !n
    maildir_tag * *
    mailstore_format !n
    mbx_format !n
    mode_fail_narrower !y
    notify_comsat !f
    quota *
    quota_directory *
    quota_filecount *
    quota_is_inclusive !y
    quota_size_regex
    quota_warn_message *
    quota_warn_threshold *
    # options that override router settings
    directory *
    file *
    # message transformation options
    check_string
    escape_string
    mailstore_prefix * *
    mailstore_suffix * *
    message_prefix * =
    message_suffix * =
    use_bsmtp !y
    use_crlf !n
    # other options
    directory_mode
    lock_fcntl_timeout =0s
    lock_flock_timeout =0s
    lock_interval =3s
    lock_retries =10
    lockfile_mode =0600
    lockfile_timeout =30m
    maildir_retries =10
    mode
    use_fcntl_lock !
    use_flock_lock !n
    use_lockfile !
    use_mbx_lock !


autoreply:
    # options that affect delivery destination and success
    file_optional !f
    # options that DO NOT override router settings
    bcc *
    cc *
    file *
    file_expand !n
    from *
    log *
    once *
    once_repeat * =0s
    reply_to *
    return_message !f
    subject *
    text *
    to *
    # message transformation options
    headers *
    # other options
    mode =0600
    once_file_size =0


lmtp:
    # options that affect delivery destination and success
    batch_id *
    batch_max =1
    command *
    socket *
    # other options
    timeout =5m


pipe:
    # options that affect delivery destination and success
    allow_commands *
    batch_id *
    batch_max =1
    freeze_exec_fail !n
    ignore_status !n
    restrict_to_path !n
    temp_errors
    # options that override router settings
    command *
    # message transformation options
    check_string
    escape_string
    message_prefix *
    message_suffix *
    use_bsmtp !n
    use_crlf !n
    # other options
    environment *
    log_defer_output !n
    log_fail_output !n
    log_output !n
    max_output =20K
    path =/usr/bin
    pipe_as_creator !n
    return_fail_output !n
    return_output !n
    timeout =1h
    umask =022
    use_shell !n


smtp:
    # options that affect delivery destination and success
    allow_localhost !n
    authenticated_sender * *
    delay_after_cutoff !y
    dns_qualify_single !y
    dns_search_parents !n
    fallback_hosts
    gethostbyname !n
    hosts_max_try =5
    interface * *
    port =protocol
    # options that override router settings
    hosts *
    hosts_override !n
    # other options
    command_timeout =5m
    connect_timeout =5m
    connection_max_messages =500
    data_timeout =5m
    final_timeout =10m
    helo_data * =$primary_hostname
    hosts_avoid_esmtp +
    hosts_avoid_tls +
    hosts_nopass_tls +
    hosts_randomize !n
    hosts_require_auth +
    hosts_require_tls +
    hosts_try_auth +
    keepalive !y
    max_rcpt =100
    multi_domain !y
    protocol =smtp
    retry_include_ip_address !y
    serialize_hosts +
    size_addition =1024
    tls_certificate *
    tls_privatekey *
    tls_require_ciphers *
    tls_tempfail_tryclear !y
    tls_verify_certificates *


# end transports


begin retry

# finally put the retry rules.

# end retry


# end of file