549
553
Exim behaves in exactly the same way as it does when receiving a message via
550
554
the listening daemon.
556
\fB\-bmalware\fP <\fIfilename\fP>
557
This debugging option causes Exim to scan the given file,
558
using the malware scanning framework. The option of \fBav_scanner\fP influences
559
this option, so if \fBav_scanner\fP's value is dependent upon an expansion then
560
the expansion should have defaults which apply to this invocation. ACLs are
561
not invoked, so if \fBav_scanner\fP references an ACL variable then that variable
562
will never be populated and \fB\-bmalware\fP will fail.
563
Exim will have changed working directory before resolving the filename, so
564
using fully qualified pathnames is advisable. Exim will be running as the Exim
565
user when it tries to open the file, rather than as the invoking user.
566
This option requires admin privileges.
567
The \fB\-bmalware\fP option will not be extended to be more generally useful,
568
there are better tools for file\-scanning. This option exists to help
569
administrators verify their Exim and AV scanner configuration.
553
572
This option runs Exim in address testing mode, in which each argument is taken
554
573
as a recipient address to be tested for deliverability. The results are
662
681
name, but it can be a colon\-separated list of names. In this case, the first
663
682
file that exists is used. Failure to open an existing file stops Exim from
664
683
proceeding any further along the list, and an error is generated.
666
When this option is used by a caller other than root or the Exim user, and the
667
list is different from the compiled\-in list, Exim gives up its root privilege
668
immediately, and runs with the real and effective uid and gid set to those of
669
the caller. However, if ALT_CONFIG_ROOT_ONLY is defined in
670
Local/Makefile, root privilege is retained for \fB\-C\fP only if the caller of
673
That is, the Exim user is no longer privileged in this regard. This build\-time
674
option is not set by default in the Exim source distribution tarbundle.
675
However, if you are using a "packaged" version of Exim (source or binary),
676
the packagers might have enabled it.
678
Setting ALT_CONFIG_ROOT_ONLY locks out the possibility of testing a
679
configuration using \fB\-C\fP right through message reception and delivery, even
680
if the caller is root. The reception works, but by that time, Exim is running
681
as the Exim user, so when it re\-executes to regain privilege for the delivery,
682
the use of \fB\-C\fP causes privilege to be lost. However, root can test reception
683
and delivery using two separate commands (one to put a message on the queue,
684
using \fB\-odq\fP, and another to do the delivery, using \fB\-M\fP).
684
When this option is used by a caller other than root, and the list is different
685
from the compiled\-in list, Exim gives up its root privilege immediately, and
686
runs with the real and effective uid and gid set to those of the caller.
687
However, if a TRUSTED_CONFIG_LIST file is defined in Local/Makefile, that
688
file contains a list of full pathnames, one per line, for configuration files
689
which are trusted. Root privilege is retained for any configuration file so
690
listed, as long as the caller is the Exim user (or the user specified in the
691
CONFIGURE_OWNER option, if any), and as long as the configuration file is
692
not writeable by inappropriate users or groups.
693
Leaving TRUSTED_CONFIG_LIST unset precludes the possibility of testing a
694
configuration using \fB\-C\fP right through message reception and delivery,
695
even if the caller is root. The reception works, but by that time, Exim is
696
running as the Exim user, so when it re\-executes to regain privilege for the
697
delivery, the use of \fB\-C\fP causes privilege to be lost. However, root can
698
test reception and delivery using two separate commands (one to put a message
699
on the queue, using \fB\-odq\fP, and another to do the delivery, using \fB\-M\fP).
686
700
If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a
687
701
prefix string with which any file named in a \fB\-C\fP command line option
688
702
must start. In addition, the file name must not contain the sequence /../.
690
704
CONFIGURE_FILE in Local/Makefile, Exim ignores \fB\-C\fP and proceeds as
691
705
usual. There is no default setting for ALT_CONFIG_PREFIX; when it is
692
706
unset, any file name can be used with \fB\-C\fP.
694
707
ALT_CONFIG_PREFIX can be used to confine alternative configuration files
695
708
to a directory to which only root has access. This prevents someone who has
696
709
broken into the Exim account from running a privileged Exim with an arbitrary
697
710
configuration file.
699
711
The \fB\-C\fP facility is useful for ensuring that configuration files are
700
712
syntactically correct, but cannot be used for test deliveries, unless the
701
713
caller is privileged, or unless it is an exotic configuration that does not
707
719
unprivileged caller, it causes Exim to give up its root privilege.
708
720
If DISABLE_D_OPTION is defined in Local/Makefile, the use of \fB\-D\fP is
709
721
completely disabled, and its use causes an immediate error exit.
722
If WHITELIST_D_MACROS is defined in Local/Makefile then it should be a
723
colon\-separated list of macros which are considered safe and, if \fB\-D\fP only
724
supplies macros from this list, and the values are acceptable, then Exim will
725
not give up root privilege if the caller is root, the Exim run\-time user, or
726
the CONFIGURE_OWNER, if set. This is a transition mechanism and is expected
727
to be removed in the future. Acceptable values for the macros satisfy the
728
regexp: ^[A\-Za\-z0\-9_/.\-]*$
711
729
The entire option (including equals sign if present) must all be within one
712
730
command line item. \fB\-D\fP can be used to set the value of a macro to the empty
713
731
string, in which case the equals sign is optional. These two commands are
added
removed
.pc/31_eximmanpage.dpatch/doc/exim.8
