1
######################################################################
2
# Runtime configuration file for Exim #
3
######################################################################
5
######################################################################
6
# MAIN CONFIGURATION SETTINGS #
7
######################################################################
9
# Just for reference and scripts, on debian, the main binary is
11
exim_path = /usr/sbin/exim4
13
# Let Exim autodetect this
16
# The next three settings create two lists of domains and one list of hosts.
17
# These lists are referred to later in this configuration using the syntax
18
# +local_domains, +relay_to_domains, and +relay_from_hosts, respectively. They
19
# are all colon-separated lists:
21
# '@' refers to 'the name of the local host'
23
domainlist local_domains = DEBCONFlocal_domainsDEBCONF
25
domainlist relay_to_domains = DEBCONFrelay_domainsDEBCONF
27
hostlist relay_from_hosts = 127.0.0.1 : ::::1 : DEBCONFrelay_netsDEBCONF
30
# Specify the domain you want to be added to all unqualified addresses
31
# here. An unqualified address is one that does not contain an "@" character
32
# followed by a domain. For example, "caesar@rome.example" is a fully qualified
33
# address, but the string "caesar" (i.e. just a login name) is an unqualified
34
# email address. Unqualified addresses are accepted only from local callers by
35
# default. See the recipient_unqualified_hosts option if you want to permit
36
# unqualified addresses from remote sources. If this option is not set, the
37
# primary_hostname value is used for qualification.
38
qualify_domain = DEBCONFvisiblenameDEBCONF
40
# only used for satellite-system
41
DCreadhost = DEBCONFreadhostDEBCONF
43
#for satellite and smarthost-systems
44
DCsmarthost = DEBCONFsmarthostDEBCONF
46
# listen on all all interfaces?
47
DEBCONFlistenonpublicDEBCONF
48
### EXPANSION-ends ######################
50
# The default delivery method. See /etc/exim4/conf.d/transports/ for other
52
LOCAL_DELIVERY=mail_spool
54
# The gecos field in /etc/passwd holds not only the name. see passwd(5).
55
gecos_pattern = ^([^,:]*)
61
# This option defines the access control list that is run when an
62
# SMTP RCPT command is received.
64
acl_smtp_rcpt = acl_check_rcpt
66
# If you want unqualified recipient addresses to be qualified with a different
67
# domain to unqualified sender addresses, specify the recipient domain here.
68
# If this option is not set, the qualify_domain value is used.
72
# The following line must be uncommented if you want Exim to recognize
73
# addresses of the form "user@[10.11.12.13]" that is, with a "domain literal"
74
# (an IP address) instead of a named domain. The RFCs still require this form,
75
# but it makes little sense to permit mail to be sent to specific hosts by
76
# their IP address in the modern Internet. This ancient format has been used
77
# by those seeking to abuse hosts by using them for unwanted relaying. If you
78
# really do want to support domain literals, uncomment the following line, and
79
# see also the "domain_literal" router below.
81
# allow_domain_literals
83
# The setting below causes Exim to do a reverse DNS lookup on all incoming
84
# IP calls, in order to get the true host name. If you feel this is too
85
# expensive, you can specify the networks for which a lookup is done, or
86
# remove the setting entirely.
90
# The settings below, which are actually the same as the defaults in the
91
# code, cause Exim to make RFC 1413 (ident) callbacks for all incoming SMTP
92
# calls. You can limit the hosts to which these calls are made, and/or change
93
# the timeout that is used. If you set the timeout to zero, all RFC 1413 calls
94
# are disabled. RFC 1413 calls are cheap and can provide useful information
95
# for tracing problem messages, but some hosts and firewalls have problems
96
# with them. This can result in a timeout instead of an immediate refused
97
# connection, leading to delays on starting up an SMTP session.
100
rfc1413_query_timeout = 30s
102
# By default, Exim expects all envelope addresses to be fully qualified, that
103
# is, they must contain both a local part and a domain. If you want to accept
104
# unqualified addresses (just a local part) from certain hosts, you can specify
105
# these hosts by setting one or both of
107
# sender_unqualified_hosts =
108
# recipient_unqualified_hosts =
110
# to control sender and recipient addresses, respectively. When this is done,
111
# unqualified addresses are qualified using the settings of qualify_domain
112
# and/or qualify_recipient (see above).
114
# If you want Exim to support the "percent hack" for certain domains,
115
# uncomment the following line and provide a list of domains. The "percent
116
# hack" is the feature by which mail addressed to x%y@z (where z is one of
117
# the domains listed) is locally rerouted to x@y and sent on. If z is not one
118
# of the "percent hack" domains, x%y is treated as an ordinary local part. This
119
# hack is rarely needed nowadays; you should not enable it unless you are sure
120
# that you really need it.
122
# percent_hack_domains =
124
# When Exim can neither deliver a message nor return it to sender, it "freezes"
125
# the delivery error message (aka "bounce message"). There are also other
126
# circumstances in which messages get frozen. They will stay on the queue for
127
# ever unless one of the following options is set.
129
# This option unfreezes frozen bounce messages after two days, tries
130
# once more to deliver them, and ignores any delivery failures.
132
ignore_bounce_errors_after = 2d
134
# This option cancels (removes) frozen messages that are older than a week.
136
timeout_frozen_after = 7d
138
freeze_tell = postmaster
140
# uucp should be able to set envelope-from to arbitrary values
143
received_header_text = "Received: \
144
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
145
{${if def:sender_ident {from ${sender_ident} }}\
146
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
147
by ${primary_hostname} \
148
${if def:received_protocol {with ${received_protocol}}} \
149
(Exim ${version_number} #${compile_number} (Debian) [+prerelease])\n\t\
151
${if def:received_for {\n\tfor <$received_for>}}"
155
# No deliveries will ever be run under the uids of these users (a colon-
156
# separated list). An attempt to do so causes a panic error to be logged, and
157
# the delivery to be deferred. This is a paranoic safety catch. Note that the
158
# default setting means you cannot deliver mail addressed to root as if it
159
# were a normal user. This isn't usually a problem, as most sites have an alias
160
# for root that redirects such mail to a human administrator.
164
######################################################################
165
# ACL CONFIGURATION #
166
# Specifies access control lists for incoming SMTP mail #
167
######################################################################
171
# This access control list is used for every RCPT command in an incoming
172
# SMTP message. The tests are run in order until the address is either
173
# accepted or denied.
176
# Accept if the source is local SMTP (i.e. not over TCP/IP). We do this by
177
# testing for an empty sending host field.
179
# Deny if the local part contains @ or % or / or | or !. These are rarely
180
# found in genuine local parts, but are often tried by people looking to
181
# circumvent relaying restrictions.
183
# Also deny if the local part starts with a dot. Empty components aren't
184
# strictly legal in RFC 2822, but Exim allows them because this is common.
185
# However, actually starting with a dot may cause trouble if the local part
186
# is used as a file name (e.g. for a mailing list).
188
deny local_parts = ^.*[@%!/|] : ^\\.
189
# Accept mail to postmaster in any local domain, regardless of the source,
190
# and without verifying the sender.
192
accept local_parts = postmaster
193
domains = +local_domains
194
# Deny unless the sender address can be verified.
196
# require verify = sender
198
#############################################################################
199
# There are no checks on DNS "black" lists because the domains that contain
200
# these lists are changing all the time. However, here are two examples of
201
# how you could get Exim to perform a DNS black list lookup at this point.
202
# The first one denies, while the second just warns.
204
# deny message = rejected because $sender_host_address is in a black list at $dnslist_domain\n$dnslist_text
205
# dnslists = black.list.example
207
# warn message = X-Warning: $sender_host_address is in a black list at $dnslist_domain
208
# log_message = found in $dnslist_domain
209
# dnslists = black.list.example
210
#############################################################################
212
# Accept if the address is in a local domain, but only if the recipient can
213
# be verified. Otherwise deny. The "endpass" line is the border between
214
# passing on to the next ACL statement (if tests above it fail) or denying
215
# access (if tests below it fail).
217
accept domains = +local_domains
219
message = unknown user
222
# Accept if the address is in a domain for which we are relaying, but again,
223
# only if the recipient can be verified.
225
accept domains = +relay_to_domains
227
message = unrouteable address
230
# If control reaches this point, the domain is neither in +local_domains
231
# nor in +relay_to_domains.
233
# Accept if the message comes from one of the hosts for which we are an
234
# outgoing relay. Recipient verification is omitted here, because in many
235
# cases the clients are dumb MUAs that don't cope well with SMTP error
236
# responses. If you are actually relaying out from MTAs, you should probably
237
# add recipient verification here.
239
accept hosts = +relay_from_hosts
241
# Accept if the message arrived over an authenticated connection, from
242
# any host. Again, these messages are usually from MUAs, so recipient
243
# verification is omitted.
245
accept authenticated = *
247
# Reaching the end of the ACL causes a "deny", but we might as well give
248
# an explicit message.
250
deny message = relay not permitted
254
######################################################################
255
# ROUTERS CONFIGURATION #
256
# Specifies how addresses are handled #
257
######################################################################
258
# THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT! #
259
# An address is passed to each router in turn until it is accepted. #
260
######################################################################
265
# This router routes to remote hosts over SMTP by explicit IP address,
266
# when an email address is given in "domain literal" form, for example,
267
# <user@[192.168.35.64]>. The RFCs require this facility. However, it is
268
# little-known these days, and has been exploited by evil people seeking
269
# to abuse SMTP relays. Consequently it is commented out in the default
270
# configuration. If you uncomment this router, you also need to uncomment
271
# allow_domain_literals above, so that Exim can recognize the syntax of
272
# domain literal addresses.
276
# domains = ! +local_domains
277
# transport = remote_smtp
281
domains = ! +local_domains
282
transport = remote_smtp
283
route_list = * DCsmarthost
284
host_find_failed = defer
287
# The "no_more" above means that all routers below here are for
288
# domains in the local_domains list, i.e. just like Exim 3 directors.
293
local_part_prefix = real-
295
transport = LOCAL_DELIVERY
298
# This router handles aliasing using a traditional /etc/aliases file.
300
##### NB You must ensure that /etc/aliases exists. It used to be the case
301
##### NB that every Unix had that file, because it was the Sendmail default.
302
##### NB These days, there are systems that don't have it. Your aliases
303
##### NB file should at least contain an alias for "postmaster".
305
# If any of your aliases expand to pipes or files, you will need to set
306
# up a user and a group for these deliveries to run under. You can do
307
# this by uncommenting the "user" option below (changing the user name
308
# as appropriate) and adding a "group" option if necessary. Alternatively, you
309
# can specify "user" on the transports that are used. Note that the transports
310
# listed below are the same as are used for .forward files; you might want
311
# to set up different ones for pipe and file deliveries from aliases.
317
data = ${lookup{$local_part}lsearch{/etc/aliases}}
319
file_transport = address_file
320
pipe_transport = address_pipe
324
data = ${local_part}@DCreadhost
327
# This router handles forwarding using traditional .forward files in users'
328
# home directories. If you want it also to allow mail filtering when a forward
329
# file starts with the string "# Exim filter", uncomment the "allow_filter"
332
# The no_verify setting means that this router is skipped when Exim is
333
# verifying addresses. Similarly, no_expn means that this router is skipped if
334
# Exim is processing an EXPN command.
336
# The check_ancestor option means that if the forward file generates an
337
# address that is an ancestor of the current one, the current one gets
338
# passed on instead. This covers the case where A is aliased to B and B
339
# has a .forward file pointing to A.
341
# The three transports specified at the end are those that are used when
342
# forwarding generates a direct delivery to a file, or to a pipe, or sets
343
# up an auto-reply, respectively.
348
file = $home/.forward
353
file_transport = address_file
354
pipe_transport = address_pipe
355
reply_transport = address_reply
361
transport = procmail_pipe
362
require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
371
# transport = maildrop_pipe
372
# require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
380
transport = LOCAL_DELIVERY
384
######################################################################
385
# TRANSPORTS CONFIGURATION #
386
######################################################################
387
# ORDER DOES NOT MATTER #
388
# Only one appropriate transport is called for each delivery. #
389
######################################################################
391
# A transport is used only when referenced from a router that successfully
392
# handles an address.
397
# This transport is used for handling deliveries directly to files that are
398
# generated by aliasing or forwarding.
407
# This transport is used for handling pipe deliveries generated by alias or
408
# .forward files. If the pipe generates any standard output, it is returned
409
# to the sender of the message as a delivery error. Set return_fail_output
410
# instead of return_output if you want this to happen only when the pipe fails
411
# to complete normally. You can set different transports for aliases and
412
# forwards if you want to - see the references to address_pipe in the routers
420
# This transport is used for handling autoreplies generated by the filtering
421
# option of the userforward router.
427
# This transport is used for local delivery to user mailboxes in traditional
428
# BSD mailbox format.
432
file = /var/mail/$local_part
440
# Use this instead of mail_spool if you want to to deliver to Maildir in
441
# home-directory - change the definition of LOCAL_DELIVERY
445
directory = $home/Maildir
452
path = "/bin:/usr/bin:/usr/local/bin"
453
command = "/usr/bin/maildrop"
461
path = "/bin:/usr/bin:/usr/local/bin"
462
command = "/usr/bin/procmail"
468
# This transport is used for delivering messages over SMTP connections.
472
######################################################################
473
# RETRY CONFIGURATION #
474
######################################################################
479
# This single retry rule applies to all domains and all errors. It specifies
480
# retries every 15 minutes for 2 hours, then increasing retry intervals,
481
# starting at 1 hour and increasing each time by a factor of 1.5, up to 16
482
# hours, then retries every 6 hours until 4 days have passed since the first
485
# Domain Error Retries
486
# ------ ----- -------
488
* * F,2h,15m; G,16h,1h,1.5; F,4d,6h
492
######################################################################
493
# REWRITE CONFIGURATION #
494
######################################################################
498
######################################################################
499
# AUTHENTICATION CONFIGURATION #
500
######################################################################