547
551
Exim behaves in exactly the same way as it does when receiving a message via
548
552
the listening daemon.
554
\fB\-bmalware\fP <\fIfilename\fP>
555
This debugging option causes Exim to scan the given file,
556
using the malware scanning framework. The option of \fBav_scanner\fP influences
557
this option, so if \fBav_scanner\fP's value is dependent upon an expansion then
558
the expansion should have defaults which apply to this invocation. ACLs are
559
not invoked, so if \fBav_scanner\fP references an ACL variable then that variable
560
will never be populated and \fB\-bmalware\fP will fail.
561
Exim will have changed working directory before resolving the filename, so
562
using fully qualified pathnames is advisable. Exim will be running as the Exim
563
user when it tries to open the file, rather than as the invoking user.
564
This option requires admin privileges.
565
The \fB\-bmalware\fP option will not be extended to be more generally useful,
566
there are better tools for file\-scanning. This option exists to help
567
administrators verify their Exim and AV scanner configuration.
551
570
This option runs Exim in address testing mode, in which each argument is taken
552
571
as a recipient address to be tested for deliverability. The results are
660
679
name, but it can be a colon\-separated list of names. In this case, the first
661
680
file that exists is used. Failure to open an existing file stops Exim from
662
681
proceeding any further along the list, and an error is generated.
664
When this option is used by a caller other than root or the Exim user, and the
665
list is different from the compiled\-in list, Exim gives up its root privilege
666
immediately, and runs with the real and effective uid and gid set to those of
667
the caller. However, if ALT_CONFIG_ROOT_ONLY is defined in
668
Local/Makefile, root privilege is retained for \fB\-C\fP only if the caller of
671
That is, the Exim user is no longer privileged in this regard. This build\-time
672
option is not set by default in the Exim source distribution tarbundle.
673
However, if you are using a "packaged" version of Exim (source or binary),
674
the packagers might have enabled it.
676
Setting ALT_CONFIG_ROOT_ONLY locks out the possibility of testing a
677
configuration using \fB\-C\fP right through message reception and delivery, even
678
if the caller is root. The reception works, but by that time, Exim is running
679
as the Exim user, so when it re\-executes to regain privilege for the delivery,
680
the use of \fB\-C\fP causes privilege to be lost. However, root can test reception
681
and delivery using two separate commands (one to put a message on the queue,
682
using \fB\-odq\fP, and another to do the delivery, using \fB\-M\fP).
682
When this option is used by a caller other than root, and the list is different
683
from the compiled\-in list, Exim gives up its root privilege immediately, and
684
runs with the real and effective uid and gid set to those of the caller.
685
However, if a TRUSTED_CONFIG_LIST file is defined in Local/Makefile, that
686
file contains a list of full pathnames, one per line, for configuration files
687
which are trusted. Root privilege is retained for any configuration file so
688
listed, as long as the caller is the Exim user (or the user specified in the
689
CONFIGURE_OWNER option, if any), and as long as the configuration file is
690
not writeable by inappropriate users or groups.
691
Leaving TRUSTED_CONFIG_LIST unset precludes the possibility of testing a
692
configuration using \fB\-C\fP right through message reception and delivery,
693
even if the caller is root. The reception works, but by that time, Exim is
694
running as the Exim user, so when it re\-executes to regain privilege for the
695
delivery, the use of \fB\-C\fP causes privilege to be lost. However, root can
696
test reception and delivery using two separate commands (one to put a message
697
on the queue, using \fB\-odq\fP, and another to do the delivery, using \fB\-M\fP).
684
698
If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a
685
699
prefix string with which any file named in a \fB\-C\fP command line option
686
700
must start. In addition, the file name must not contain the sequence /../.
688
702
CONFIGURE_FILE in Local/Makefile, Exim ignores \fB\-C\fP and proceeds as
689
703
usual. There is no default setting for ALT_CONFIG_PREFIX; when it is
690
704
unset, any file name can be used with \fB\-C\fP.
692
705
ALT_CONFIG_PREFIX can be used to confine alternative configuration files
693
706
to a directory to which only root has access. This prevents someone who has
694
707
broken into the Exim account from running a privileged Exim with an arbitrary
695
708
configuration file.
697
709
The \fB\-C\fP facility is useful for ensuring that configuration files are
698
710
syntactically correct, but cannot be used for test deliveries, unless the
699
711
caller is privileged, or unless it is an exotic configuration that does not
705
717
unprivileged caller, it causes Exim to give up its root privilege.
706
718
If DISABLE_D_OPTION is defined in Local/Makefile, the use of \fB\-D\fP is
707
719
completely disabled, and its use causes an immediate error exit.
720
If WHITELIST_D_MACROS is defined in Local/Makefile then it should be a
721
colon\-separated list of macros which are considered safe and, if \fB\-D\fP only
722
supplies macros from this list, and the values are acceptable, then Exim will
723
not give up root privilege if the caller is root, the Exim run\-time user, or
724
the CONFIGURE_OWNER, if set. This is a transition mechanism and is expected
725
to be removed in the future. Acceptable values for the macros satisfy the
726
regexp: ^[A\-Za\-z0\-9_/.\-]*$
709
727
The entire option (including equals sign if present) must all be within one
710
728
command line item. \fB\-D\fP can be used to set the value of a macro to the empty
711
729
string, in which case the equals sign is optional. These two commands are
added
removed
doc/exim.8
