---
MACRO:
default: ''
description: <p>This is a Macro definition. Their use is described in section <a href="http://www.exim.org/exim-html-current/doc/html/spec_html/ch06.html#SECTmacrodefs" target="_blank">6.4</a>.</p>
name: MACRO
type: MACRO
accept_8bitmime:
default: 'true'
description: "<p class=\"changed\">\n\n\nThis option causes Exim to send 8BITMIME in its response to an SMTP\nEHLO command, and to accept the BODY= parameter on MAIL commands.\nHowever, though Exim is 8-bit clean, it is not a protocol converter, and it\ntakes no steps to do anything special with messages received by this route.\n</p>\n<p class=\"changed\">\nHistorically Exim kept this option off by default, but the maintainers\nfeel that in today\xE2\x80\x99s Internet, this causes more problems than it solves.\nIt now defaults to true.\nA more detailed analysis of the issues is provided by Dan Bernstein:\n</p>\n<div class=\"docbook_literallayout\"><pre>\n<span class=\"docbook_emphasis\"><a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/http://cr.yp.to/smtp/8bitmime.html\" target=\"_blank\">http://cr.yp.to/smtp/8bitmime.html</a></span>\n</pre></div>"
name: accept_8bitmime
type: boolean
acl_not_smtp:
cpanel_default: acl_not_smtp
default: unset
description: "<p>\n\n\nThis option defines the ACL that is run when a non-SMTP message has been\nread and is on the point of being accepted. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for\nfurther details.\n</p>"
name: acl_not_smtp
type: string
acl_not_smtp_mime:
cpanel_default: acl_not_smtp_mime
default: unset
description: "<p>\nThis option defines the ACL that is run for individual MIME parts of non-SMTP\nmessages. It operates in exactly the same way as <span class=\"docbook_option\">acl_smtp_mime</span> operates for\nSMTP messages.\n</p>"
name: acl_not_smtp_mime
type: string
acl_not_smtp_start:
default: unset
description: "<p>\n\n\nThis option defines the ACL that is run before Exim starts reading a\nnon-SMTP message. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_not_smtp_start
type: string
acl_smtp_auth:
default: unset
description: "<p>\n\n\nThis option defines the ACL that is run when an SMTP AUTH command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_auth
type: string
acl_smtp_connect:
cpanel_default: acl_smtp_connect
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP connection is received.\nSee chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_connect
type: string
acl_smtp_data:
cpanel_default: acl_smtp_data
default: unset
description: "<p>\n\nThis option defines the ACL that is run after an SMTP DATA command has been\nprocessed and the message itself has been received, but before the final\nacknowledgment is sent. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_data
type: string
acl_smtp_dkim:
cpanel_default: acl_smtp_dkim
acl_smtp_etrn:
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP ETRN command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_etrn
type: string
acl_smtp_expn:
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP EXPN command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_expn
type: string
acl_smtp_helo:
cpanel_default: acl_smtp_helo
default: unset
description: "<p>\n\n\nThis option defines the ACL that is run when an SMTP EHLO or HELO\ncommand is received. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_helo
type: string
acl_smtp_mail:
cpanel_default: acl_smtp_mail
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP MAIL command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_mail
type: string
acl_smtp_mailauth:
default: unset
description: "<p>\n\nThis option defines the ACL that is run when there is an AUTH parameter on\na MAIL command. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for details of ACLs, and chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch33.html\" target=\"_blank\" title=\"33. SMTP authentication\">33</a> for details of authentication.\n</p>"
name: acl_smtp_mailauth
type: string
acl_smtp_mime:
cpanel_default: acl_smtp_mime
default: unset
description: "<p>\n\nThis option is available when Exim is built with the content-scanning\nextension. It defines the ACL that is run for each MIME part in a message. See\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch43.html#SECTscanmimepart\" target=\"_blank\" title=\"43. Content scanning at ACL time\">43.4</a> for details.\n</p>"
name: acl_smtp_mime
type: string
acl_smtp_notquit:
cpanel_default: acl_smtp_notquit
acl_smtp_predata:
default: unset
description: "<p>\nThis option defines the ACL that is run when an SMTP DATA command is\nreceived, before the message itself is received. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for\nfurther details.\n</p>"
name: acl_smtp_predata
type: string
acl_smtp_quit:
cpanel_default: acl_smtp_quit
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP QUIT command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_quit
type: string
acl_smtp_rcpt:
cpanel_default: acl_smtp_rcpt
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP RCPT command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_rcpt
type: string
acl_smtp_starttls:
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP STARTTLS command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_starttls
type: string
acl_smtp_vrfy:
default: unset
description: "<p>\n\nThis option defines the ACL that is run when an SMTP VRFY command is\nreceived. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a> for further details.\n</p>"
name: acl_smtp_vrfy
type: string
add_environment:
cpanel_default: PATH=/usr/local/sbin::/usr/local/bin::/sbin::/bin::/usr/sbin::/usr/bin::/sbin::/bin
default: empty
description: "<p>\n\n\nThis option allows to set individual environment variables that the\ncurrently linked libraries and programs in child processes use. The\ndefault list is empty,\n</p>"
name: add_environment
type: stringlist
addresslist:
default: ''
description: <p>This is a Named list definition. Their use is described in section <a href="http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html#SECTnamedlists" target="_blank">10.5</a>.</p>
name: addresslist
type: addresslist
addresslist secondarymx:
cpanel_default: "*@partial-lsearch;/etc/secondarymx"
admin_groups:
default: unset
description: "<p>\n\nThis option is expanded just once, at the start of Exim\xE2\x80\x99s processing. If the\ncurrent group or any of the supplementary groups of an Exim caller is in this\ncolon-separated list, the caller has admin privileges. If all your system\nprogrammers are in a specific group, for example, you can give them all Exim\nadmin privileges by putting that group in <span class=\"docbook_option\">admin_groups</span>. However, this does\nnot permit them to read Exim\xE2\x80\x99s spool files (whose group owner is the Exim gid).\nTo permit this, you have to add individuals to the Exim group.\n</p>"
name: admin_groups
type: stringlist
allow_domain_literals:
default: 'false'
description: "<p>\n\nIf this option is set, the RFC 2822 domain literal format is permitted in\nemail addresses. The option is not set by default, because the domain literal\nformat is not normally required these days, and few people know about it. It\nhas, however, been exploited by mail abusers.\n</p>\n<p>\nUnfortunately, it seems that some DNS black list maintainers are using this\nformat to report black listing to postmasters. If you want to accept messages\naddressed to your hosts by IP address, you need to set\n<span class=\"docbook_option\">allow_domain_literals</span> true, and also to add <code class=\"docbook_literal\">@[]</code> to the list of local\ndomains (defined in the named domain list <span class=\"docbook_option\">local_domains</span> in the default\nconfiguration). This \xE2\x80\x9Cmagic string\xE2\x80\x9D matches the domain literal form of all\nthe local host\xE2\x80\x99s IP addresses.\n</p>"
name: allow_domain_literals
type: boolean
allow_mx_to_ip:
default: 'false'
description: "<p>\n\nIt appears that more and more DNS zone administrators are breaking the rules\nand putting domain names that look like IP addresses on the right hand side of\nMX records. Exim follows the rules and rejects this, giving an error message\nthat explains the mis-configuration. However, some other MTAs support this\npractice, so to avoid \xE2\x80\x9CWhy can\xE2\x80\x99t Exim do this?\xE2\x80\x9D complaints,\n<span class=\"docbook_option\">allow_mx_to_ip</span> exists, in order to enable this heinous activity. It is not\nrecommended, except when you have no other choice.\n</p>"
name: allow_mx_to_ip
type: boolean
allow_utf8_domains:
default: 'false'
description: "<p>\n\n\nLots of discussion is going on about internationalized domain names. One\ncamp is strongly in favour of just using UTF-8 characters, and it seems\nthat at least two other MTAs permit this. This option allows Exim users to\nexperiment if they wish.\n</p>\n<p>\nIf it is set true, Exim\xE2\x80\x99s domain parsing function allows valid\nUTF-8 multicharacters to appear in domain name components, in addition to\nletters, digits, and hyphens. However, just setting this option is not\nenough; if you want to look up these domain names in the DNS, you must also\nadjust the value of <span class=\"docbook_option\">dns_check_names_pattern</span> to match the extended form. A\nsuitable setting is:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndns_check_names_pattern = (?i)^(?>(?(1)\\.|())[a-z0-9\\xc0-\\xff]\\\n (?>[-a-z0-9\\x80-\\xff]*[a-z0-9\\x80-\\xbf])?)+$\n</pre></div>\n<p>\nAlternatively, you can just disable this feature by setting\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndns_check_names_pattern =\n</pre></div>\n<p>\nThat is, set the option to an empty string so that no check is done.\n</p>"
name: allow_utf8_domains
type: boolean
auth_advertise_hosts:
default: "*"
description: "<p>\n\n\nIf any server authentication mechanisms are configured, Exim advertises them in\nresponse to an EHLO command only if the calling host matches this list.\nOtherwise, Exim does not advertise AUTH.\nExim does not accept AUTH commands from clients to which it has not\nadvertised the availability of AUTH. The advertising of individual\nauthentication mechanisms can be controlled by the use of the\n<span class=\"docbook_option\">server_advertise_condition</span> generic authenticator option on the individual\nauthenticators. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch33.html\" target=\"_blank\" title=\"33. SMTP authentication\">33</a> for further details.\n</p>\n<p>\nCertain mail clients (for example, Netscape) require the user to provide a name\nand password for authentication if AUTH is advertised, even though it may\nnot be needed (the host may accept messages from hosts on its local LAN without\nauthentication, for example). The <span class=\"docbook_option\">auth_advertise_hosts</span> option can be used\nto make these clients more friendly by excluding them from the set of hosts to\nwhich Exim advertises AUTH.\n</p>\n<p>\n\nIf you want to advertise the availability of AUTH only when the connection\nis encrypted using TLS, you can make use of the fact that the value of this\noption is expanded, with a setting like this:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nauth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}\n</pre></div>\n<p>\n\nIf $tls_cipher is empty, the session is not encrypted, and the result of\nthe expansion is empty, thus matching no hosts. Otherwise, the result of the\nexpansion is *, which matches all hosts.\n</p>"
name: auth_advertise_hosts
type: hostlist
auto_thaw:
cpanel_default: 7d
default: 0s
description: "<p>\n\n\nIf this option is set to a time greater than zero, a queue runner will try a\nnew delivery attempt on any frozen message, other than a bounce message, if\nthis much time has passed since it was frozen. This may result in the message\nbeing re-frozen if nothing has changed since the last attempt. It is a way of\nsaying \xE2\x80\x9Ckeep on trying, even though there are big problems\xE2\x80\x9D.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Note</span>: This is an old option, which predates <span class=\"docbook_option\">timeout_frozen_after</span> and\n<span class=\"docbook_option\">ignore_bounce_errors_after</span>. It is retained for compatibility, but it is not\nthought to be very useful any more, and its use should probably be avoided.\n</p>"
name: auto_thaw
type: time
av_scanner:
default: ~
description: "<p>\nThis option is available if Exim is built with the content-scanning extension.\nIt specifies which anti-virus scanner to use. The default value is:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nsophie:/var/run/sophie\n</pre></div>\n<p>\nIf the value of <span class=\"docbook_option\">av_scanner</span> starts with a dollar character, it is expanded\nbefore use. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch43.html#SECTscanvirus\" target=\"_blank\" title=\"43. Content scanning at ACL time\">43.1</a> for further details.\n</p>"
name: av_scanner
type: string
bi_command:
default: unset
description: "<p>\n\nThis option supplies the name of a command that is run when Exim is called with\nthe <span class=\"docbook_option\">-bi</span> option (see chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch05.html\" target=\"_blank\" title=\"5. The Exim command line\">5</a>). The string value is\njust the command name, it is not a complete command line. If an argument is\nrequired, it must come from the <span class=\"docbook_option\">-oA</span> command line option.\n</p>"
name: bi_command
type: string
bounce_message_file:
default: unset
description: "<p>\n\n\nThis option defines a template file containing paragraphs of text to be used\nfor constructing bounce messages. Details of the file\xE2\x80\x99s contents are given in\nchapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch48.html\" target=\"_blank\" title=\"48. Customizing bounce and warning messages\">48</a>. See also <span class=\"docbook_option\">warn_message_file</span>.\n</p>"
name: bounce_message_file
type: string
bounce_message_text:
default: unset
description: "<p>\nWhen this option is set, its contents are included in the default bounce\nmessage immediately after \xE2\x80\x9CThis message was created automatically by mail\ndelivery software.\xE2\x80\x9D It is not used if <span class=\"docbook_option\">bounce_message_file</span> is set.\n</p>"
name: bounce_message_text
type: string
bounce_return_body:
default: 'true'
description: "<p>\n\nThis option controls whether the body of an incoming message is included in a\nbounce message when <span class=\"docbook_option\">bounce_return_message</span> is true. The default setting\ncauses the entire message, both header and body, to be returned (subject to the\nvalue of <span class=\"docbook_option\">bounce_return_size_limit</span>). If this option is false, only the\nmessage header is included. In the case of a non-SMTP message containing an\nerror that is detected during reception, only those header lines preceding the\npoint at which the error was detected are returned.\n\n</p>"
name: bounce_return_body
type: boolean
bounce_return_message:
default: 'true'
description: "<p>\nIf this option is set false, none of the original message is included in\nbounce messages generated by Exim. See also <span class=\"docbook_option\">bounce_return_size_limit</span> and\n<span class=\"docbook_option\">bounce_return_body</span>.\n</p>"
name: bounce_return_message
type: boolean
bounce_return_size_limit:
default: 100K
description: "<p>\n\n\n\nThis option sets a limit in bytes on the size of messages that are returned to\nsenders as part of bounce messages when <span class=\"docbook_option\">bounce_return_message</span> is true. The\nlimit should be less than the value of the global <span class=\"docbook_option\">message_size_limit</span> and of\nany <span class=\"docbook_option\">message_size_limit</span> settings on transports, to allow for the bounce text\nthat Exim generates. If this option is set to zero there is no limit.\n</p>\n<p>\nWhen the body of any message that is to be included in a bounce message is\ngreater than the limit, it is truncated, and a comment pointing this out is\nadded at the top. The actual cutoff may be greater than the value given, owing\nto the use of buffering for transferring the message in chunks (typically 8K in\nsize). The idea is to save bandwidth on those undeliverable 15-megabyte\nmessages.\n</p>"
name: bounce_return_size_limit
type: integer
bounce_sender_authentication:
default: unset
description: "<p>\n\n\n\nThis option provides an authenticated sender address that is sent with any\nbounce messages generated by Exim that are sent over an authenticated SMTP\nconnection. A typical setting might be:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nbounce_sender_authentication = mailer-daemon@my.domain.example\n</pre></div>\n<p>\nwhich would cause bounce messages to be sent using the SMTP command:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nMAIL FROM:<> AUTH=mailer-daemon@my.domain.example\n</pre></div>\n<p>\nThe value of <span class=\"docbook_option\">bounce_sender_authentication</span> must always be a complete email\naddress.\n</p>"
name: bounce_sender_authentication
type: string
callout_domain_negative_expire:
cpanel_default: 1h
default: 3h
description: "<p>\n\n\nThis option specifies the expiry time for negative callout cache data for a\ndomain. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallver\" target=\"_blank\" title=\"42. Access control lists\">42.43</a> for details of callout verification, and\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallvercache\" target=\"_blank\" title=\"42. Access control lists\">42.45</a> for details of the caching.\n</p>"
name: callout_domain_negative_expire
type: time
callout_domain_positive_expire:
default: 7d
description: "<p>\nThis option specifies the expiry time for positive callout cache data for a\ndomain. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallver\" target=\"_blank\" title=\"42. Access control lists\">42.43</a> for details of callout verification, and\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallvercache\" target=\"_blank\" title=\"42. Access control lists\">42.45</a> for details of the caching.\n</p>"
name: callout_domain_positive_expire
type: time
callout_negative_expire:
cpanel_default: 1h
default: 2h
description: "<p>\nThis option specifies the expiry time for negative callout cache data for an\naddress. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallver\" target=\"_blank\" title=\"42. Access control lists\">42.43</a> for details of callout verification, and\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallvercache\" target=\"_blank\" title=\"42. Access control lists\">42.45</a> for details of the caching.\n</p>"
name: callout_negative_expire
type: time
callout_positive_expire:
default: 24h
description: "<p>\nThis option specifies the expiry time for positive callout cache data for an\naddress. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallver\" target=\"_blank\" title=\"42. Access control lists\">42.43</a> for details of callout verification, and\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcallvercache\" target=\"_blank\" title=\"42. Access control lists\">42.45</a> for details of the caching.\n</p>"
name: callout_positive_expire
type: time
callout_random_local_part:
default: ~
description: "<p>\nThis option defines the \xE2\x80\x9Crandom\xE2\x80\x9D local part that can be used as part of\ncallout verification. The default value is\n</p>\n<div class=\"docbook_literallayout\"><pre>\n$primary_hostname-$tod_epoch-testing\n</pre></div>\n<p>\nSee section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#CALLaddparcall\" target=\"_blank\" title=\"42. Access control lists\">42.44</a> for details of how this value is used.\n</p>"
name: callout_random_local_part
type: string
check_log_inodes:
default: 0
description: "<p>\n<p>\n\n\n\nThe four <span class=\"docbook_option\">check_...</span> options allow for checking of disk resources before a\nmessage is accepted.\n</p>\n<p>\n\n\n\n\nWhen any of these options are set, they apply to all incoming messages. If you\nwant to apply different checks to different kinds of message, you can do so by\ntesting the variables $log_inodes, $log_space, $spool_inodes, and\n$spool_space in an ACL with appropriate additional conditions.\n</p>\n<p>\n<span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_spool_inodes</span> check the spool partition if\neither value is greater than zero, for example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ncheck_spool_space = 10M\ncheck_spool_inodes = 100\n</pre></div>\n<p>\nThe spool partition is the one that contains the directory defined by\nSPOOL_DIRECTORY in <span class=\"docbook_filename\">Local/Makefile</span>. It is used for holding messages in\ntransit.\n</p>\n<p>\n<span class=\"docbook_option\">check_log_space</span> and <span class=\"docbook_option\">check_log_inodes</span> check the partition in which log\nfiles are written if either is greater than zero. These should be set only if\n<span class=\"docbook_option\">log_file_path</span> and <span class=\"docbook_option\">spool_directory</span> refer to different partitions.\n</p>\n<p>\nIf there is less space or fewer inodes than requested, Exim refuses to accept\nincoming mail. In the case of SMTP input this is done by giving a 452 temporary\nerror response to the MAIL command. If ESMTP is in use and there was a\nSIZE parameter on the MAIL command, its value is added to the\n<span class=\"docbook_option\">check_spool_space</span> value, and the check is performed even if\n<span class=\"docbook_option\">check_spool_space</span> is zero, unless <span class=\"docbook_option\">no_smtp_check_spool_space</span> is set.\n</p>\n<p>\nThe values for <span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_log_space</span> are held as a\nnumber of kilobytes. If a non-multiple of 1024 is specified, it is rounded up.\n</p>\n<p>\nFor non-SMTP input and for batched SMTP input, the test is done at start-up; on\nfailure a message is written to stderr and Exim exits with a non-zero code, as\nit obviously cannot send an error message of any kind.\n</p>below.\n</p>"
name: check_log_inodes
type: integer
check_log_space:
default: 0
description: "<p>\n<p>\n\n\n\nThe four <span class=\"docbook_option\">check_...</span> options allow for checking of disk resources before a\nmessage is accepted.\n</p>\n<p>\n\n\n\n\nWhen any of these options are set, they apply to all incoming messages. If you\nwant to apply different checks to different kinds of message, you can do so by\ntesting the variables $log_inodes, $log_space, $spool_inodes, and\n$spool_space in an ACL with appropriate additional conditions.\n</p>\n<p>\n<span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_spool_inodes</span> check the spool partition if\neither value is greater than zero, for example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ncheck_spool_space = 10M\ncheck_spool_inodes = 100\n</pre></div>\n<p>\nThe spool partition is the one that contains the directory defined by\nSPOOL_DIRECTORY in <span class=\"docbook_filename\">Local/Makefile</span>. It is used for holding messages in\ntransit.\n</p>\n<p>\n<span class=\"docbook_option\">check_log_space</span> and <span class=\"docbook_option\">check_log_inodes</span> check the partition in which log\nfiles are written if either is greater than zero. These should be set only if\n<span class=\"docbook_option\">log_file_path</span> and <span class=\"docbook_option\">spool_directory</span> refer to different partitions.\n</p>\n<p>\nIf there is less space or fewer inodes than requested, Exim refuses to accept\nincoming mail. In the case of SMTP input this is done by giving a 452 temporary\nerror response to the MAIL command. If ESMTP is in use and there was a\nSIZE parameter on the MAIL command, its value is added to the\n<span class=\"docbook_option\">check_spool_space</span> value, and the check is performed even if\n<span class=\"docbook_option\">check_spool_space</span> is zero, unless <span class=\"docbook_option\">no_smtp_check_spool_space</span> is set.\n</p>\n<p>\nThe values for <span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_log_space</span> are held as a\nnumber of kilobytes. If a non-multiple of 1024 is specified, it is rounded up.\n</p>\n<p>\nFor non-SMTP input and for batched SMTP input, the test is done at start-up; on\nfailure a message is written to stderr and Exim exits with a non-zero code, as\nit obviously cannot send an error message of any kind.\n</p>below.\n</p>"
name: check_log_space
type: integer
check_rfc2047_length:
cpanel_default: 'false'
default: 'true'
description: "<p>\nRFC 2047 defines a way of encoding non-ASCII characters in headers using a\nsystem of \xE2\x80\x9Cencoded words\xE2\x80\x9D. The RFC specifies a maximum length for an encoded\nword; strings to be encoded that exceed this length are supposed to use\nmultiple encoded words. By default, Exim does not recognize encoded words that\nexceed the maximum length. However, it seems that some software, in violation\nof the RFC, generates overlong encoded words. If <span class=\"docbook_option\">check_rfc2047_length</span> is\nset false, Exim recognizes encoded words of any length.\n</p>"
name: check_rfc2047_length
type: boolean
check_spool_inodes:
default: 0
description: "<p>\n<p>\n\n\n\nThe four <span class=\"docbook_option\">check_...</span> options allow for checking of disk resources before a\nmessage is accepted.\n</p>\n<p>\n\n\n\n\nWhen any of these options are set, they apply to all incoming messages. If you\nwant to apply different checks to different kinds of message, you can do so by\ntesting the variables $log_inodes, $log_space, $spool_inodes, and\n$spool_space in an ACL with appropriate additional conditions.\n</p>\n<p>\n<span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_spool_inodes</span> check the spool partition if\neither value is greater than zero, for example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ncheck_spool_space = 10M\ncheck_spool_inodes = 100\n</pre></div>\n<p>\nThe spool partition is the one that contains the directory defined by\nSPOOL_DIRECTORY in <span class=\"docbook_filename\">Local/Makefile</span>. It is used for holding messages in\ntransit.\n</p>\n<p>\n<span class=\"docbook_option\">check_log_space</span> and <span class=\"docbook_option\">check_log_inodes</span> check the partition in which log\nfiles are written if either is greater than zero. These should be set only if\n<span class=\"docbook_option\">log_file_path</span> and <span class=\"docbook_option\">spool_directory</span> refer to different partitions.\n</p>\n<p>\nIf there is less space or fewer inodes than requested, Exim refuses to accept\nincoming mail. In the case of SMTP input this is done by giving a 452 temporary\nerror response to the MAIL command. If ESMTP is in use and there was a\nSIZE parameter on the MAIL command, its value is added to the\n<span class=\"docbook_option\">check_spool_space</span> value, and the check is performed even if\n<span class=\"docbook_option\">check_spool_space</span> is zero, unless <span class=\"docbook_option\">no_smtp_check_spool_space</span> is set.\n</p>\n<p>\nThe values for <span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_log_space</span> are held as a\nnumber of kilobytes. If a non-multiple of 1024 is specified, it is rounded up.\n</p>\n<p>\nFor non-SMTP input and for batched SMTP input, the test is done at start-up; on\nfailure a message is written to stderr and Exim exits with a non-zero code, as\nit obviously cannot send an error message of any kind.\n</p>below.\n</p>"
name: check_spool_inodes
type: integer
check_spool_space:
default: 0
description: "<p>\n\n\n\nThe four <span class=\"docbook_option\">check_...</span> options allow for checking of disk resources before a\nmessage is accepted.\n</p>\n<p>\n\n\n\n\nWhen any of these options are set, they apply to all incoming messages. If you\nwant to apply different checks to different kinds of message, you can do so by\ntesting the variables $log_inodes, $log_space, $spool_inodes, and\n$spool_space in an ACL with appropriate additional conditions.\n</p>\n<p>\n<span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_spool_inodes</span> check the spool partition if\neither value is greater than zero, for example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ncheck_spool_space = 10M\ncheck_spool_inodes = 100\n</pre></div>\n<p>\nThe spool partition is the one that contains the directory defined by\nSPOOL_DIRECTORY in <span class=\"docbook_filename\">Local/Makefile</span>. It is used for holding messages in\ntransit.\n</p>\n<p>\n<span class=\"docbook_option\">check_log_space</span> and <span class=\"docbook_option\">check_log_inodes</span> check the partition in which log\nfiles are written if either is greater than zero. These should be set only if\n<span class=\"docbook_option\">log_file_path</span> and <span class=\"docbook_option\">spool_directory</span> refer to different partitions.\n</p>\n<p>\nIf there is less space or fewer inodes than requested, Exim refuses to accept\nincoming mail. In the case of SMTP input this is done by giving a 452 temporary\nerror response to the MAIL command. If ESMTP is in use and there was a\nSIZE parameter on the MAIL command, its value is added to the\n<span class=\"docbook_option\">check_spool_space</span> value, and the check is performed even if\n<span class=\"docbook_option\">check_spool_space</span> is zero, unless <span class=\"docbook_option\">no_smtp_check_spool_space</span> is set.\n</p>\n<p>\nThe values for <span class=\"docbook_option\">check_spool_space</span> and <span class=\"docbook_option\">check_log_space</span> are held as a\nnumber of kilobytes. If a non-multiple of 1024 is specified, it is rounded up.\n</p>\n<p>\nFor non-SMTP input and for batched SMTP input, the test is done at start-up; on\nfailure a message is written to stderr and Exim exits with a non-zero code, as\nit obviously cannot send an error message of any kind.\n</p>"
name: check_spool_space
type: integer
chunking_advertise_hosts:
cpanel_default: 198.51.100.1
daemon_smtp_ports:
cpanel_default: "25 : 465 : 587"
default: smtp
description: "<p>\n\n\nThis option specifies one or more default SMTP ports on which the Exim daemon\nlistens. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html\" target=\"_blank\" title=\"13. Starting the daemon and the use of network interfaces\">13</a> for details of how it is used. For\nbackward compatibility, <span class=\"docbook_option\">daemon_smtp_port</span> (singular) is a synonym.\n</p>"
name: daemon_smtp_ports
type: string
daemon_startup_retries:
default: 9
description: "<p>\n\nThis option, along with <span class=\"docbook_option\">daemon_startup_sleep</span>, controls the retrying done by\nthe daemon at startup when it cannot immediately bind a listening socket\n(typically because the socket is already in use): <span class=\"docbook_option\">daemon_startup_retries</span>\ndefines the number of retries after the first failure, and\n<span class=\"docbook_option\">daemon_startup_sleep</span> defines the length of time to wait between retries.\n</p>"
name: daemon_startup_retries
type: integer
daemon_startup_sleep:
default: 30s
description: "<p>\n<p>\n\nThis option, along with <span class=\"docbook_option\">daemon_startup_sleep</span>, controls the retrying done by\nthe daemon at startup when it cannot immediately bind a listening socket\n(typically because the socket is already in use): <span class=\"docbook_option\">daemon_startup_retries</span>\ndefines the number of retries after the first failure, and\n<span class=\"docbook_option\">daemon_startup_sleep</span> defines the length of time to wait between retries.\n</p></p>"
name: daemon_startup_sleep
type: time
delay_warning:
default: 24h
description: "<p>\n\n\nWhen a message is delayed, Exim sends a warning message to the sender at\nintervals specified by this option. The data is a colon-separated list of times\nafter which to send warning messages. If the value of the option is an empty\nstring or a zero time, no warnings are sent. Up to 10 times may be given. If a\nmessage has been on the queue for longer than the last time, the last interval\nbetween the times is used to compute subsequent warning times. For example,\nwith\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndelay_warning = 4h:8h:24h\n</pre></div>\n<p>\nthe first message is sent after 4 hours, the second after 8 hours, and\nthe third one after 24 hours. After that, messages are sent every 16 hours,\nbecause that is the interval between the last two times on the list. If you set\njust one time, it specifies the repeat interval. For example, with:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndelay_warning = 6h\n</pre></div>\n<p>\nmessages are repeated every six hours. To stop warnings after a given time, set\na very large time at the end of the list. For example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndelay_warning = 2h:12h:99d\n</pre></div>"
name: delay_warning
type: timelist
delay_warning_condition:
default: ~
description: "<p>\n\nThe string is expanded at the time a warning message might be sent. If all the\ndeferred addresses have the same domain, it is set in $domain during the\nexpansion. Otherwise $domain is empty. If the result of the expansion is a\nforced failure, an empty string, or a string matching any of \xE2\x80\x9C0\xE2\x80\x9D, \xE2\x80\x9Cno\xE2\x80\x9D or\n\xE2\x80\x9Cfalse\xE2\x80\x9D (the comparison being done caselessly) then the warning message is\nnot sent. The default is:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndelay_warning_condition = ${if or {\\\n { !eq{$h_list-id:$h_list-post:$h_list-subscribe:}{} }\\\n { match{$h_precedence:}{(?i)bulk|list|junk} }\\\n { match{$h_auto-submitted:}{(?i)auto-generated|auto-replied} }\\\n } {no}{yes}}\n</pre></div>\n<p>\nThis suppresses the sending of warnings for messages that contain <span class=\"docbook_emphasis\">List-ID:</span>,\n<span class=\"docbook_emphasis\">List-Post:</span>, or <span class=\"docbook_emphasis\">List-Subscribe:</span> headers, or have \xE2\x80\x9Cbulk\xE2\x80\x9D, \xE2\x80\x9Clist\xE2\x80\x9D or\n\xE2\x80\x9Cjunk\xE2\x80\x9D in a <span class=\"docbook_emphasis\">Precedence:</span> header, or have \xE2\x80\x9Cauto-generated\xE2\x80\x9D or\n\xE2\x80\x9Cauto-replied\xE2\x80\x9D in an <span class=\"docbook_emphasis\">Auto-Submitted:</span> header.\n</p>"
name: delay_warning_condition
type: string
deliver_drop_privilege:
default: 'false'
description: "<p>\n\n\nIf this option is set true, Exim drops its root privilege at the start of a\ndelivery process, and runs as the Exim user throughout. This severely restricts\nthe kinds of local delivery that are possible, but is viable in certain types\nof configuration. There is a discussion about the use of root privilege in\nchapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch54.html\" target=\"_blank\" title=\"54. Security considerations\">54</a>.\n</p>"
name: deliver_drop_privilege
type: boolean
deliver_queue_load_max:
cpanel_default: 18
default: unset
description: "<p>\n\n\nWhen this option is set, a queue run is abandoned if the system load average\nbecomes greater than the value of the option. The option has no effect on\nancient operating systems on which Exim cannot determine the load average.\nSee also <span class=\"docbook_option\">queue_only_load</span> and <span class=\"docbook_option\">smtp_load_reserve</span>.\n</p>"
name: deliver_queue_load_max
type: fixedpoint
delivery_date_remove:
default: 'true'
description: "<p>\n\nExim\xE2\x80\x99s transports have an option for adding a <span class=\"docbook_emphasis\">Delivery-date:</span> header to a\nmessage when it is delivered, in exactly the same way as <span class=\"docbook_emphasis\">Return-path:</span> is\nhandled. <span class=\"docbook_emphasis\">Delivery-date:</span> records the actual time of delivery. Such headers\nshould not be present in incoming messages, and this option causes them to be\nremoved at the time the message is received, to avoid any problems that might\noccur when a delivered message is subsequently sent on to some other recipient.\n</p>"
name: delivery_date_remove
type: boolean
disable_fsync:
default: 'false'
description: "<p>\n\nThis option is available only if Exim was built with the compile-time option\nENABLE_DISABLE_FSYNC. When this is not set, a reference to <span class=\"docbook_option\">disable_fsync</span> in\na runtime configuration generates an \xE2\x80\x9Cunknown option\xE2\x80\x9D error. You should not\nbuild Exim with ENABLE_DISABLE_FSYNC or set <span class=\"docbook_option\">disable_fsync</span> unless you\nreally, really, really understand what you are doing. <span class=\"docbook_emphasis\">No pre-compiled\ndistributions of Exim should ever make this option available.</span>\n</p>\n<p>\nWhen <span class=\"docbook_option\">disable_fsync</span> is set true, Exim no longer calls <span class=\"docbook_function\">fsync()</span> to force\nupdated files\xE2\x80\x99 data to be written to disc before continuing. Unexpected events\nsuch as crashes and power outages may cause data to be lost or scrambled.\nHere be Dragons. <span class=\"docbook_emphasis\">Beware.</span>\n</p>"
name: disable_fsync
type: boolean
disable_ipv6:
default: 'false'
description: "<p>\n\nIf this option is set true, even if the Exim binary has IPv6 support, no IPv6\nactivities take place. AAAA records are never looked up, and any IPv6 addresses\nthat are listed in <span class=\"docbook_option\">local_interfaces</span>, data for the <span class=\"docbook_option\">manualroute</span> router,\netc. are ignored. If IP literals are enabled, the <span class=\"docbook_command\">ipliteral</span> router declines\nto handle IPv6 literal addresses.\n</p>"
name: disable_ipv6
type: boolean
dns_again_means_nonexist:
default: unset
description: "<p>\n\nDNS lookups give a \xE2\x80\x9Ctry again\xE2\x80\x9D response for the DNS errors\n\xE2\x80\x9Cnon-authoritative host not found\xE2\x80\x9D and \xE2\x80\x9CSERVERFAIL\xE2\x80\x9D. This can cause Exim to\nkeep trying to deliver a message, or to give repeated temporary errors to\nincoming mail. Sometimes the effect is caused by a badly set up name server and\nmay persist for a long time. If a domain which exhibits this problem matches\nanything in <span class=\"docbook_option\">dns_again_means_nonexist</span>, it is treated as if it did not exist.\nThis option should be used with care. You can make it apply to reverse lookups\nby a setting such as this:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndns_again_means_nonexist = *.in-addr.arpa\n</pre></div>\n<p>\nThis option applies to all DNS lookups that Exim does. It also applies when the\n<span class=\"docbook_function\">gethostbyname()</span> or <span class=\"docbook_function\">getipnodebyname()</span> functions give temporary errors,\nsince these are most likely to be caused by DNS lookup problems. The\n<span class=\"docbook_command\">dnslookup</span> router has some options of its own for controlling what happens\nwhen lookups for MX or SRV records give temporary errors. These more specific\noptions are applied after this global option.\n</p>"
name: dns_again_means_nonexist
type: domainlist
dns_check_names_pattern:
default: ~
description: "<p>\n\nWhen this option is set to a non-empty string, it causes Exim to check domain\nnames for characters that are not allowed in host names before handing them to\nthe DNS resolver, because some resolvers give temporary errors for names that\ncontain unusual characters. If a domain name contains any unwanted characters,\na \xE2\x80\x9Cnot found\xE2\x80\x9D result is forced, and the resolver is not called. The check is\ndone by matching the domain name against a regular expression, which is the\nvalue of this option. The default pattern is\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndns_check_names_pattern = \\\n (?i)^(?>(?(1)\\.|())[^\\W_](?>[a-z0-9/-]*[^\\W_])?)+$\n</pre></div>\n<p>\nwhich permits only letters, digits, slashes, and hyphens in components, but\nthey must start and end with a letter or digit. Slashes are not, in fact,\npermitted in host names, but they are found in certain NS records (which can be\naccessed in Exim by using a <span class=\"docbook_option\">dnsdb</span> lookup). If you set\n<span class=\"docbook_option\">allow_utf8_domains</span>, you must modify this pattern, or set the option to an\nempty string.\n</p>"
name: dns_check_names_pattern
type: string
dns_csa_search_limit:
default: 5
description: "<p>\nThis option controls the depth of parental searching for CSA SRV records in the\nDNS, as described in more detail in section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTverifyCSA\" target=\"_blank\" title=\"42. Access control lists\">42.48</a>.\n</p>"
name: dns_csa_search_limit
type: integer
dns_csa_use_reverse:
default: 'true'
description: "<p>\nThis option controls whether or not an IP address, given as a CSA domain, is\nreversed and looked up in the reverse DNS, as described in more detail in\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTverifyCSA\" target=\"_blank\" title=\"42. Access control lists\">42.48</a>.\n</p>"
name: dns_csa_use_reverse
type: boolean
dns_ipv4_lookup:
default: unset
description: "<p>\n\n\nWhen Exim is compiled with IPv6 support and <span class=\"docbook_option\">disable_ipv6</span> is not set, it\nlooks for IPv6 address records (AAAA records) as well as IPv4 address records\n(A records) when trying to find IP addresses for hosts, unless the host\xE2\x80\x99s\ndomain matches this list.\n</p>\n<p>\nThis is a fudge to help with name servers that give big delays or otherwise do\nnot work for the AAAA record type. In due course, when the world\xE2\x80\x99s name\nservers have all been upgraded, there should be no need for this option.\n</p>"
name: dns_ipv4_lookup
type: domainlist
dns_retrans:
default: 0s
description: "<p>\n\nThe options <span class=\"docbook_option\">dns_retrans</span> and <span class=\"docbook_option\">dns_retry</span> can be used to set the\nretransmission and retry parameters for DNS lookups. Values of zero (the\ndefaults) leave the system default settings unchanged. The first value is the\ntime between retries, and the second is the number of retries. It isn\xE2\x80\x99t\ntotally clear exactly how these settings affect the total time a DNS lookup may\ntake. I haven\xE2\x80\x99t found any documentation about timeouts on DNS lookups; these\nparameter values are available in the external resolver interface structure,\nbut nowhere does it seem to describe how they are used or what you might want\nto set in them.\n</p>"
name: dns_retrans
type: time
dns_retry:
default: 0
description: "<p>\n<p>\n\nThe options <span class=\"docbook_option\">dns_retrans</span> and <span class=\"docbook_option\">dns_retry</span> can be used to set the\nretransmission and retry parameters for DNS lookups. Values of zero (the\ndefaults) leave the system default settings unchanged. The first value is the\ntime between retries, and the second is the number of retries. It isn\xE2\x80\x99t\ntotally clear exactly how these settings affect the total time a DNS lookup may\ntake. I haven\xE2\x80\x99t found any documentation about timeouts on DNS lookups; these\nparameter values are available in the external resolver interface structure,\nbut nowhere does it seem to describe how they are used or what you might want\nto set in them.\n</p>above.\n</p>\n<p class=\"changed\">\n\n</p>"
name: dns_retry
type: integer
dns_use_edns0:
default: -1
description: "<p class=\"changed\">\n\n\nIf this option is set to a non-negative number then Exim will initialise the\nDNS resolver library to either use or not use EDNS0 extensions, overriding\nthe system default. A value of 0 coerces EDNS0 off, a value of 1 coerces EDNS0\non.\n</p>\n<p class=\"changed\">\nIf the resolver library does not support EDNS0 then this option has no effect.\n</p>"
name: dns_use_edns0
type: integer
domainlist:
default: ''
description: <p>This is a Named list definition. Their use is described in section <a href="http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html#SECTnamedlists" target="_blank">10.5</a>.</p>
name: domainlist
type: domainlist
domainlist blocked_domains:
cpanel_default: wildlsearch;/etc/blocked_incoming_email_domains
domainlist local_domains:
cpanel_default: lsearch;/etc/localdomains
domainlist manualmx_domains:
cpanel_default: ${if exists {/etc/manualmx} {lsearch;/etc/manualmx} {} }
domainlist relay_domains:
cpanel_default: "+local_domains : +secondarymx_domains"
domainlist secondarymx_domains:
cpanel_default: lsearch;/etc/secondarymx
domainlist user_domains:
cpanel_default: ${if exists{/etc/userdomains} {lsearch;/etc/userdomains} fail}
drop_cr:
default: 'false'
description: "<p>\nThis is an obsolete option that is now a no-op. It used to affect the way Exim\nhandled CR and LF characters in incoming messages. What happens now is\ndescribed in section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch46.html#SECTlineendings\" target=\"_blank\" title=\"46. Message processing\">46.2</a>.\n</p>"
name: drop_cr
type: boolean
dsn_from:
default: ~
description: "<p>\n\n\nThis option can be used to vary the contents of <span class=\"docbook_emphasis\">From:</span> header lines in\nbounces and other automatically generated messages (\xE2\x80\x9CDelivery Status\nNotifications\xE2\x80\x9D \xE2\x80\x93 hence the name of the option). The default setting is:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ndsn_from = Mail Delivery System <Mailer-Daemon@$qualify_domain>\n</pre></div>\n<p>\nThe value is expanded every time it is needed. If the expansion fails, a\npanic is logged, and the default value is used.\n</p>"
name: dsn_from
type: string
envelope_to_remove:
default: 'true'
description: "<p>\n\nExim\xE2\x80\x99s transports have an option for adding an <span class=\"docbook_emphasis\">Envelope-to:</span> header to a\nmessage when it is delivered, in exactly the same way as <span class=\"docbook_emphasis\">Return-path:</span> is\nhandled. <span class=\"docbook_emphasis\">Envelope-to:</span> records the original recipient address from the\nmessages\xE2\x80\x99s envelope that caused the delivery to happen. Such headers should not\nbe present in incoming messages, and this option causes them to be removed at\nthe time the message is received, to avoid any problems that might occur when a\ndelivered message is subsequently sent on to some other recipient.\n</p>"
name: envelope_to_remove
type: boolean
errors_copy:
default: unset
description: "<p>\n\n\nSetting this option causes Exim to send bcc copies of bounce messages that it\ngenerates to other addresses. <span class=\"docbook_emphasis\">Note</span>: This does not apply to bounce messages\ncoming from elsewhere. The value of the option is a colon-separated list of\nitems. Each item consists of a pattern, terminated by white space, followed by\na comma-separated list of email addresses. If a pattern contains spaces, it\nmust be enclosed in double quotes.\n</p>\n<p>\nEach pattern is processed in the same way as a single item in an address list\n(see section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html#SECTaddresslist\" target=\"_blank\" title=\"10. Domain, host, address, and local part lists\">10.19</a>). When a pattern matches the recipient of\nthe bounce message, the message is copied to the addresses on the list. The\nitems are scanned in order, and once a matching one is found, no further items\nare examined. For example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nerrors_copy = spqr@mydomain postmaster@mydomain.example :\\\n rqps@mydomain hostmaster@mydomain.example,\\\n postmaster@mydomain.example\n</pre></div>\n<p>\n\n\nThe address list is expanded before use. The expansion variables $local_part\nand $domain are set from the original recipient of the error message, and if\nthere was any wildcard matching in the pattern, the expansion\n\nvariables $0, $1, etc. are set in the normal way.\n</p>"
name: errors_copy
type: stringlist
errors_reply_to:
default: unset
description: "<p>\n\nBy default, Exim\xE2\x80\x99s bounce and delivery warning messages contain the header line\n</p>\n<div class=\"docbook_literallayout\"><pre>\n<code class=\"docbook_literal\">From: Mail Delivery System <Mailer-Daemon@</code><span class=\"docbook_emphasis\">qualify-domain</span><code class=\"docbook_literal\">></code>\n</pre></div>\n<p>\n\nwhere <span class=\"docbook_emphasis\">qualify-domain</span> is the value of the <span class=\"docbook_option\">qualify_domain</span> option.\nA warning message that is generated by the <span class=\"docbook_option\">quota_warn_message</span> option in an\n<span class=\"docbook_command\">appendfile</span> transport may contain its own <span class=\"docbook_emphasis\">From:</span> header line that\noverrides the default.\n</p>\n<p>\nExperience shows that people reply to bounce messages. If the\n<span class=\"docbook_option\">errors_reply_to</span> option is set, a <span class=\"docbook_emphasis\">Reply-To:</span> header is added to bounce\nand warning messages. For example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nerrors_reply_to = postmaster@my.domain.example\n</pre></div>\n<p>\nThe value of the option is not expanded. It must specify a valid RFC 2822\naddress. However, if a warning message that is generated by the\n<span class=\"docbook_option\">quota_warn_message</span> option in an <span class=\"docbook_command\">appendfile</span> transport contain its\nown <span class=\"docbook_emphasis\">Reply-To:</span> header line, the value of the <span class=\"docbook_option\">errors_reply_to</span> option is\nnot used.\n</p>"
name: errors_reply_to
type: string
exim_group:
default: ~
description: "<p>\n\n\nThis option changes the gid under which Exim runs when it gives up root\nprivilege. The default value is compiled into the binary. The value of this\noption is used only when <span class=\"docbook_option\">exim_user</span> is also set. Unless it consists entirely\nof digits, the string is looked up using <span class=\"docbook_function\">getgrnam()</span>, and failure causes a\nconfiguration error. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch54.html\" target=\"_blank\" title=\"54. Security considerations\">54</a> for a discussion of\nsecurity issues.\n</p>"
name: exim_group
type: string
exim_path:
default: ~
description: "<p>\n\nThis option specifies the path name of the Exim binary, which is used when Exim\nneeds to re-exec itself. The default is set up to point to the file <span class=\"docbook_emphasis\">exim</span> in\nthe directory configured at compile time by the BIN_DIRECTORY setting. It\nis necessary to change <span class=\"docbook_option\">exim_path</span> if, exceptionally, Exim is run from some\nother place.\n<span class=\"docbook_emphasis\">Warning</span>: Do not use a macro to define the value of this option, because\nyou will break those Exim utilities that scan the configuration file to find\nwhere the binary is. (They then use the <span class=\"docbook_option\">-bP</span> option to extract option\nsettings such as the value of <span class=\"docbook_option\">spool_directory</span>.)\n</p>"
name: exim_path
type: string
exim_user:
default: ~
description: "<p>\n\n\nThis option changes the uid under which Exim runs when it gives up root\nprivilege. The default value is compiled into the binary. Ownership of the run\ntime configuration file and the use of the <span class=\"docbook_option\">-C</span> and <span class=\"docbook_option\">-D</span> command line\noptions is checked against the values in the binary, not what is set here.\n</p>\n<p>\nUnless it consists entirely of digits, the string is looked up using\n<span class=\"docbook_function\">getpwnam()</span>, and failure causes a configuration error. If <span class=\"docbook_option\">exim_group</span> is\nnot also supplied, the gid is taken from the result of <span class=\"docbook_function\">getpwnam()</span> if it is\nused. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch54.html\" target=\"_blank\" title=\"54. Security considerations\">54</a> for a discussion of security issues.\n</p>"
name: exim_user
type: string
extra_local_interfaces:
default: unset
description: "<p>\nThis option defines network interfaces that are to be considered local when\nrouting, but which are not used for listening by the daemon. See section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html#SECTreclocipadd\" target=\"_blank\" title=\"13. Starting the daemon and the use of network interfaces\">13.8</a> for details.\n</p>"
name: extra_local_interfaces
type: stringlist
extract_addresses_remove_arguments:
default: 'true'
description: "<p>\n\n\n\nAccording to some Sendmail documentation (Sun, IRIX, HP-UX), if any addresses\nare present on the command line when the <span class=\"docbook_option\">-t</span> option is used to build an\nenvelope from a message\xE2\x80\x99s <span class=\"docbook_emphasis\">To:</span>, <span class=\"docbook_emphasis\">Cc:</span> and <span class=\"docbook_emphasis\">Bcc:</span> headers, the command\nline addresses are removed from the recipients list. This is also how Smail\nbehaves. However, other Sendmail documentation (the O\xE2\x80\x99Reilly book) states that\ncommand line addresses are added to those obtained from the header lines. When\n<span class=\"docbook_option\">extract_addresses_remove_arguments</span> is true (the default), Exim subtracts\nargument headers. If it is set false, Exim adds rather than removes argument\naddresses.\n</p>"
name: extract_addresses_remove_arguments
type: boolean
finduser_retries:
default: 0
description: "<p>\n\nOn systems running NIS or other schemes in which user and group information is\ndistributed from a remote system, there can be times when <span class=\"docbook_function\">getpwnam()</span> and\nrelated functions fail, even when given valid data, because things time out.\nUnfortunately these failures cannot be distinguished from genuine \xE2\x80\x9Cnot found\xE2\x80\x9D\nerrors. If <span class=\"docbook_option\">finduser_retries</span> is set greater than zero, Exim will try that\nmany extra times to find a user or a group, waiting for one second between\nretries.\n</p>\n<p>\n\nYou should not set this option greater than zero if your user information is in\na traditional <span class=\"docbook_filename\">/etc/passwd</span> file, because it will cause Exim needlessly to\nsearch the file multiple times for non-existent users, and also cause delay.\n</p>"
name: finduser_retries
type: integer
freeze_tell:
default: unset
description: "<p>\n\nOn encountering certain errors, or when configured to do so in a system filter,\nACL, or special router, Exim freezes a message. This means that no further\ndelivery attempts take place until an administrator thaws the message, or the\n<span class=\"docbook_option\">auto_thaw</span>, <span class=\"docbook_option\">ignore_bounce_errors_after</span>, or <span class=\"docbook_option\">timeout_frozen_after</span>\nfeature cause it to be processed. If <span class=\"docbook_option\">freeze_tell</span> is set, Exim generates a\nwarning message whenever it freezes something, unless the message it is\nfreezing is a locally-generated bounce message. (Without this exception there\nis the possibility of looping.) The warning message is sent to the addresses\nsupplied as the comma-separated value of this option. If several of the\nmessage\xE2\x80\x99s addresses cause freezing, only a single message is sent. If the\nfreezing was automatic, the reason(s) for freezing can be found in the message\nlog. If you configure freezing in a filter or ACL, you must arrange for any\nlogging that you require.\n</p>"
name: freeze_tell
type: stringlistcommaseparated
gecos_name:
default: unset
description: "<p>\n\n\nSome operating systems, notably HP-UX, use the \xE2\x80\x9Cgecos\xE2\x80\x9D field in the system\npassword file to hold other information in addition to users\xE2\x80\x99 real names. Exim\nlooks up this field for use when it is creating <span class=\"docbook_emphasis\">Sender:</span> or <span class=\"docbook_emphasis\">From:</span>\nheaders. If either <span class=\"docbook_option\">gecos_pattern</span> or <span class=\"docbook_option\">gecos_name</span> are unset, the contents\nof the field are used unchanged, except that, if an ampersand is encountered,\nit is replaced by the user\xE2\x80\x99s login name with the first character forced to\nupper case, since this is a convention that is observed on many systems.\n</p>\n<p>\nWhen these options are set, <span class=\"docbook_option\">gecos_pattern</span> is treated as a regular\nexpression that is to be applied to the field (again with & replaced by the\nlogin name), and if it matches, <span class=\"docbook_option\">gecos_name</span> is expanded and used as the\nuser\xE2\x80\x99s name.\n</p>\n<p>\n\nNumeric variables such as $1, $2, etc. can be used in the expansion to\npick up sub-fields that were matched by the pattern. In HP-UX, where the user\xE2\x80\x99s\nname terminates at the first comma, the following can be used:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ngecos_pattern = ([^,]*)\ngecos_name = $1\n</pre></div>"
name: gecos_name
type: string
gecos_pattern:
default: unset
description: "<p>\n<p>\n\n\nSome operating systems, notably HP-UX, use the \xE2\x80\x9Cgecos\xE2\x80\x9D field in the system\npassword file to hold other information in addition to users\xE2\x80\x99 real names. Exim\nlooks up this field for use when it is creating <span class=\"docbook_emphasis\">Sender:</span> or <span class=\"docbook_emphasis\">From:</span>\nheaders. If either <span class=\"docbook_option\">gecos_pattern</span> or <span class=\"docbook_option\">gecos_name</span> are unset, the contents\nof the field are used unchanged, except that, if an ampersand is encountered,\nit is replaced by the user\xE2\x80\x99s login name with the first character forced to\nupper case, since this is a convention that is observed on many systems.\n</p>\n<p>\nWhen these options are set, <span class=\"docbook_option\">gecos_pattern</span> is treated as a regular\nexpression that is to be applied to the field (again with & replaced by the\nlogin name), and if it matches, <span class=\"docbook_option\">gecos_name</span> is expanded and used as the\nuser\xE2\x80\x99s name.\n</p>\n<p>\n\nNumeric variables such as $1, $2, etc. can be used in the expansion to\npick up sub-fields that were matched by the pattern. In HP-UX, where the user\xE2\x80\x99s\nname terminates at the first comma, the following can be used:\n</p>\n<div class=\"docbook_literallayout\"><pre>\ngecos_pattern = ([^,]*)\ngecos_name = $1\n</pre></div>above.\n</p>"
name: gecos_pattern
type: string
gnutls_compat_mode:
default: unset
description: "<p>\nThis option controls whether GnuTLS is used in compatibility mode in an Exim\nserver. This reduces security slightly, but improves interworking with older\nimplementations of TLS.\n</p>"
name: gnutls_compat_mode
type: boolean
header_line_maxsize:
default: 0
description: "<p>\n\n\nThis option limits the length of any individual header line in a message, after\nall the continuations have been joined together. Messages with individual\nheader lines that are longer than the limit are rejected. The default value of\nzero means \xE2\x80\x9Cno limit\xE2\x80\x9D.\n</p>"
name: header_line_maxsize
type: integer
header_maxsize:
default: ~
description: "<p>\n\n\nThis option controls the overall maximum size of a message\xE2\x80\x99s header\nsection. The default is the value of HEADER_MAXSIZE in\n<span class=\"docbook_filename\">Local/Makefile</span>; the default for that is 1M. Messages with larger header\nsections are rejected.\n</p>"
name: header_maxsize
type: integer
headers_charset:
default: ~
description: "<p>\nThis option sets a default character set for translating from encoded MIME\n\xE2\x80\x9Cwords\xE2\x80\x9D in header lines, when referenced by an $h_xxx expansion item. The\ndefault is the value of HEADERS_CHARSET in <span class=\"docbook_filename\">Local/Makefile</span>. The\nultimate default is ISO-8859-1. For more details see the description of header\ninsertions in section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch11.html#SECTexpansionitems\" target=\"_blank\" title=\"11. String expansions\">11.5</a>.\n</p>"
name: headers_charset
type: string
helo_accept_junk_hosts:
cpanel_default: "*"
default: unset
description: "<p>\n\n\nExim checks the syntax of HELO and EHLO commands for incoming SMTP\nmail, and gives an error response for invalid data. Unfortunately, there are\nsome SMTP clients that send syntactic junk. They can be accommodated by setting\nthis option. Note that this is a syntax check only. <p>\n\n\nLike <span class=\"docbook_option\">helo_try_verify_hosts</span>, this option is obsolete, and retained only for\nbackwards compatibility. For hosts that match this option, Exim checks the host\nname given in the HELO or EHLO in the same way as for\n<span class=\"docbook_option\">helo_try_verify_hosts</span>. If the check fails, the HELO or EHLO command is\nrejected with a 550 error, and entries are written to the main and reject logs.\nIf a MAIL command is received before EHLO or HELO, it is rejected with a 503\nerror.\n</p>if you want to do semantic checking.\nSee also <span class=\"docbook_option\">helo_allow_chars</span> for a way of extending the permitted character\nset.\n</p>"
name: helo_accept_junk_hosts
type: hostlist
helo_allow_chars:
default: unset
description: "<p>\n\n\n\nThis option can be set to a string of rogue characters that are permitted in\nall EHLO and HELO names in addition to the standard letters, digits,\nhyphens, and dots. If you really must allow underscores, you can set\n</p>\n<div class=\"docbook_literallayout\"><pre>\nhelo_allow_chars = _\n</pre></div>\n<p>\nNote that the value is one string, not a list.\n</p>"
name: helo_allow_chars
type: string
helo_lookup_domains:
default: "@:@[]"
description: "<p>\n\n\nIf the domain given by a client in a HELO or EHLO command matches this\nlist, a reverse lookup is done in order to establish the host\xE2\x80\x99s true name. The\ndefault forces a lookup if the client host gives the server\xE2\x80\x99s name or any of\nits IP addresses (in brackets), something that broken clients have been seen to\ndo.\n</p>"
name: helo_lookup_domains
type: domainlist
helo_try_verify_hosts:
default: unset
description: "<p>\n\n\nBy default, Exim just checks the syntax of HELO and EHLO commands (see\n<span class=\"docbook_option\">helo_accept_junk_hosts</span> and <span class=\"docbook_option\">helo_allow_chars</span>). However, some sites like\nto do more extensive checking of the data supplied by these commands. The ACL\ncondition <code class=\"docbook_literal\">verify = helo</code> is provided to make this possible.\nFormerly, it was necessary also to set this option (<span class=\"docbook_option\">helo_try_verify_hosts</span>)\nto force the check to occur. From release 4.53 onwards, this is no longer\nnecessary. If the check has not been done before <code class=\"docbook_literal\">verify = helo</code> is\nencountered, it is done at that time. Consequently, this option is obsolete.\nIts specification is retained here for backwards compatibility.\n</p>\n<p>\nWhen an EHLO or HELO command is received, if the calling host matches\n<span class=\"docbook_option\">helo_try_verify_hosts</span>, Exim checks that the host name given in the HELO or\nEHLO command either:\n</p>\n<ul>\n<li>\n<p>\nis an IP literal matching the calling address of the host, or\n</p>\n</li>\n<li>\n<p>\n\n\nmatches the host name that Exim obtains by doing a reverse lookup of the\ncalling host address, or\n</p>\n</li>\n<li>\n<p>\nwhen looked up using <span class=\"docbook_function\">gethostbyname()</span> (or <span class=\"docbook_function\">getipnodebyname()</span> when\navailable) yields the calling host address.\n</p>\n</li>\n</ul>\n<p>\nHowever, the EHLO or HELO command is not rejected if any of the checks\nfail. Processing continues, but the result of the check is remembered, and can\nbe detected later in an ACL by the <code class=\"docbook_literal\">verify = helo</code> condition.\n</p>"
name: helo_try_verify_hosts
type: hostlist
helo_verify_hosts:
default: unset
description: "<p>\n\n\nLike <span class=\"docbook_option\">helo_try_verify_hosts</span>, this option is obsolete, and retained only for\nbackwards compatibility. For hosts that match this option, Exim checks the host\nname given in the HELO or EHLO in the same way as for\n<span class=\"docbook_option\">helo_try_verify_hosts</span>. If the check fails, the HELO or EHLO command is\nrejected with a 550 error, and entries are written to the main and reject logs.\nIf a MAIL command is received before EHLO or HELO, it is rejected with a 503\nerror.\n</p>"
name: helo_verify_hosts
type: hostlist
hold_domains:
default: unset
description: "<p>\n\n\nThis option allows mail for particular domains to be held on the queue\nmanually. The option is overridden if a message delivery is forced with the\n<span class=\"docbook_option\">-M</span>, <span class=\"docbook_option\">-qf</span>, <span class=\"docbook_option\">-Rf</span> or <span class=\"docbook_option\">-Sf</span> options, and also while testing or\nverifying addresses using <span class=\"docbook_option\">-bt</span> or <span class=\"docbook_option\">-bv</span>. Otherwise, if a domain matches an\nitem in <span class=\"docbook_option\">hold_domains</span>, no routing or delivery for that address is done, and\nit is deferred every time the message is looked at.\n</p>\n<p>\nThis option is intended as a temporary operational measure for delaying the\ndelivery of mail while some problem is being sorted out, or some new\nconfiguration tested. If you just want to delay the processing of some\ndomains until a queue run occurs, you should use <span class=\"docbook_option\">queue_domains</span> or\n<span class=\"docbook_option\">queue_smtp_domains</span>, not <span class=\"docbook_option\">hold_domains</span>.\n</p>\n<p>\nA setting of <span class=\"docbook_option\">hold_domains</span> does not override Exim\xE2\x80\x99s code for removing\nmessages from the queue if they have been there longer than the longest retry\ntime in any retry rule. If you want to hold messages for longer than the normal\nretry times, insert a dummy retry rule with a long retry time.\n</p>"
name: hold_domains
type: domainlist
host_lookup:
default: unset
description: "<p>\n\nExim does not look up the name of a calling host from its IP address unless it\nis required to compare against some host list, or the host matches\n<span class=\"docbook_option\">helo_try_verify_hosts</span> or <span class=\"docbook_option\">helo_verify_hosts</span>, or the host matches this\noption (which normally contains IP addresses rather than host names). The\ndefault configuration file contains\n</p>\n<div class=\"docbook_literallayout\"><pre>\nhost_lookup = *\n</pre></div>\n<p>\nwhich causes a lookup to happen for all hosts. If the expense of these lookups\nis felt to be too great, the setting can be changed or removed.\n</p>\n<p>\nAfter a successful reverse lookup, Exim does a forward lookup on the name it\nhas obtained, to verify that it yields the IP address that it started with. If\nthis check fails, Exim behaves as if the name lookup failed.\n</p>\n<p>\n\n\nAfter any kind of failure, the host name (in $sender_host_name) remains\nunset, and $host_lookup_failed is set to the string \xE2\x80\x9C1\xE2\x80\x9D. See also\n<span class=\"docbook_option\">dns_again_means_nonexist</span>, <span class=\"docbook_option\">helo_lookup_domains</span>, and\n<code class=\"docbook_literal\">verify = reverse_host_lookup</code> in ACLs.\n</p>"
name: host_lookup
type: hostlist
host_lookup_order:
default: bydns:byaddr
description: "<p>\nThis option specifies the order of different lookup methods when Exim is trying\nto find a host name from an IP address. The default is to do a DNS lookup\nfirst, and then to try a local lookup (using <span class=\"docbook_function\">gethostbyaddr()</span> or equivalent)\nif that fails. You can change the order of these lookups, or omit one entirely,\nif you want.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Warning</span>: The \xE2\x80\x9Cbyaddr\xE2\x80\x9D method does not always yield aliases when there are\nmultiple PTR records in the DNS and the IP address is not listed in\n<span class=\"docbook_filename\">/etc/hosts</span>. Different operating systems give different results in this\ncase. That is why the default tries a DNS lookup first.\n</p>"
name: host_lookup_order
type: stringlist
host_reject_connection:
default: unset
description: "<p>\n\nIf this option is set, incoming SMTP calls from the hosts listed are rejected\nas soon as the connection is made.\nThis option is obsolete, and retained only for backward compatibility, because\nnowadays the ACL specified by <span class=\"docbook_option\">acl_smtp_connect</span> can also reject incoming\nconnections immediately.\n</p>\n<p>\nThe ability to give an immediate rejection (either by this option or using an\nACL) is provided for use in unusual cases. Many hosts will just try again,\nsometimes without much delay. Normally, it is better to use an ACL to reject\nincoming messages at a later stage, such as after RCPT commands. See\nchapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a>.\n</p>"
name: host_reject_connection
type: hostlist
hostlist:
default: ''
description: <p>This is a Named list definition. Their use is described in section <a href="http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html#SECTnamedlists" target="_blank">10.5</a>.</p>
name: hostlist
type: hostlist
hostlist backupmx_hosts:
cpanel_default: lsearch;/etc/backupmxhosts
hostlist blocked_incoming_email_country_ips:
cpanel_default: ${if exists{/etc/blocked_incoming_email_country_ips} {net-iplsearch;/etc/blocked_incoming_email_country_ips} {} }
hostlist cpanel_mail_netblocks:
cpanel_default: net-iplsearch;/etc/cpanel_mail_netblocks
hostlist greylist_common_mail_providers:
cpanel_default: net-iplsearch;/etc/greylist_common_mail_providers
hostlist greylist_trusted_netblocks:
cpanel_default: net-iplsearch;/etc/greylist_trusted_netblocks
hostlist loopback:
cpanel_default: <; @[]; 127.0.0.0/8 ; 0.0.0.0 ; ::1 ; 0000:0000:0000:0000:0000:ffff:7f00:0000/8
hostlist neighbor_netblocks:
cpanel_default: net-iplsearch;/etc/neighbor_netblocks
hostlist recent_authed_mail_ips:
cpanel_default: net-iplsearch;/etc/recent_authed_mail_ips
hostlist recent_recipient_mail_server_ips:
cpanel_default: net-iplsearch;/etc/recent_recipient_mail_server_ips
hostlist senderverifybypass_hosts:
cpanel_default: net-iplsearch;/etc/senderverifybypasshosts
hostlist skipsmtpcheck_hosts:
cpanel_default: net-iplsearch;/etc/skipsmtpcheckhosts
hostlist spammeripblocks:
cpanel_default: net-iplsearch;/etc/spammeripblocks
hostlist trustedmailhosts:
cpanel_default: lsearch;/etc/trustedmailhosts
hosts_connection_nolog:
default: unset
description: "<p>\n\nThis option defines a list of hosts for which connection logging does not\nhappen, even though the <span class=\"docbook_option\">smtp_connection</span> log selector is set. For example,\nyou might want not to log SMTP connections from local processes, or from\n127.0.0.1, or from your local LAN. This option is consulted in the main loop of\nthe daemon; you should therefore strive to restrict its value to a short inline\nlist of IP addresses and networks. To disable logging SMTP connections from\nlocal processes, you must create a host list with an empty item. For example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nhosts_connection_nolog = :\n</pre></div>\n<p>\nIf the <span class=\"docbook_option\">smtp_connection</span> log selector is not set, this option has no effect.\n</p>"
name: hosts_connection_nolog
type: hostlist
hosts_treat_as_local:
default: unset
description: "<p>\n\n\nIf this option is set, any host names that match the domain list are treated as\nif they were the local host when Exim is scanning host lists obtained from MX\nrecords\nor other sources. Note that the value of this option is a domain list, not a\nhost list, because it is always used to check host names, not IP addresses.\n</p>\n<p>\nThis option also applies when Exim is matching the special items\n<code class=\"docbook_literal\">@mx_any</code>, <code class=\"docbook_literal\">@mx_primary</code>, and <code class=\"docbook_literal\">@mx_secondary</code> in a domain list (see\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html#SECTdomainlist\" target=\"_blank\" title=\"10. Domain, host, address, and local part lists\">10.8</a>), and when checking the <span class=\"docbook_option\">hosts</span> option in the\n<span class=\"docbook_command\">smtp</span> transport for the local host (see the <span class=\"docbook_option\">allow_localhost</span> option in\nthat transport). See also <span class=\"docbook_option\">local_interfaces</span>, <span class=\"docbook_option\">extra_local_interfaces</span>, and\nchapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html\" target=\"_blank\" title=\"13. Starting the daemon and the use of network interfaces\">13</a>, which contains a discussion about local network\ninterfaces and recognizing the local host.\n</p>"
name: hosts_treat_as_local
type: domainlist
ibase_servers:
default: unset
description: "<p>\n\nThis option provides a list of InterBase servers and associated connection data,\nto be used in conjunction with <span class=\"docbook_command\">ibase</span> lookups (see section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECID72\" target=\"_blank\" title=\"9. File and database lookups\">9.21</a>).\nThe option is available only if Exim has been built with InterBase support.\n</p>"
name: ibase_servers
type: stringlist
ignore_bounce_errors_after:
cpanel_default: 1d
default: 10w
description: "<p>\n\n\nThis option affects the processing of bounce messages that cannot be delivered,\nthat is, those that suffer a permanent delivery failure. (Bounce messages that\nsuffer temporary delivery failures are of course retried in the usual way.)\n</p>\n<p>\nAfter a permanent delivery failure, bounce messages are frozen,\nbecause there is no sender to whom they can be returned. When a frozen bounce\nmessage has been on the queue for more than the given time, it is unfrozen at\nthe next queue run, and a further delivery is attempted. If delivery fails\nagain, the bounce message is discarded. This makes it possible to keep failed\nbounce messages around for a shorter time than the normal maximum retry time\nfor frozen messages. For example,\n</p>\n<div class=\"docbook_literallayout\"><pre>\nignore_bounce_errors_after = 12h\n</pre></div>\n<p>\nretries failed bounce message deliveries after 12 hours, discarding any further\nfailures. If the value of this option is set to a zero time period, bounce\nfailures are discarded immediately. Setting a very long time (as in the default\nvalue) has the effect of disabling this option. For ways of automatically\ndealing with other kinds of frozen message, see <span class=\"docbook_option\">auto_thaw</span> and\n<span class=\"docbook_option\">timeout_frozen_after</span>.\n</p>"
name: ignore_bounce_errors_after
type: time
ignore_fromline_hosts:
default: unset
description: "<p>\n\n\nSome broken SMTP clients insist on sending a UUCP-like \xE2\x80\x9CFrom\xC2\xA0\xE2\x80\x9D line before\nthe headers of a message. By default this is treated as the start of the\nmessage\xE2\x80\x99s body, which means that any following headers are not recognized as\nsuch. Exim can be made to ignore it by setting <span class=\"docbook_option\">ignore_fromline_hosts</span> to\nmatch those hosts that insist on sending it. If the sender is actually a local\nprocess rather than a remote host, and is using <span class=\"docbook_option\">-bs</span> to inject the messages,\n<span class=\"docbook_option\">ignore_fromline_local</span> must be set to achieve this effect.\n</p>"
name: ignore_fromline_hosts
type: hostlist
ignore_fromline_local:
default: 'false'
description: "<p>\n<p>\n\n\nSome broken SMTP clients insist on sending a UUCP-like \xE2\x80\x9CFrom\xC2\xA0\xE2\x80\x9D line before\nthe headers of a message. By default this is treated as the start of the\nmessage\xE2\x80\x99s body, which means that any following headers are not recognized as\nsuch. Exim can be made to ignore it by setting <span class=\"docbook_option\">ignore_fromline_hosts</span> to\nmatch those hosts that insist on sending it. If the sender is actually a local\nprocess rather than a remote host, and is using <span class=\"docbook_option\">-bs</span> to inject the messages,\n<span class=\"docbook_option\">ignore_fromline_local</span> must be set to achieve this effect.\n</p>above.\n</p>"
name: ignore_fromline_local
type: boolean
keep_environment:
cpanel_default: "X-SOURCE : X-SOURCE-ARGS : X-SOURCE-DIR"
default: unset
description: "<p>\n\n\nThis option contains a string list of environment variables to keep.\nYou have to trust these variables or you have to be sure that\nthese variables do not impose any security risk. Keep in mind that\nduring the startup phase Exim is running with an effective UID 0 in most\ninstallations. As the default value is an empty list, the default\nenvironment for using libraries, running embedded Perl code, or running\nexternal binaries is empty, and does not not even contain PATH or HOME.\n</p>"
name: keep_environment
type: stringlist
keep_malformed:
default: 4d
description: "<p>\nThis option specifies the length of time to keep messages whose spool files\nhave been corrupted in some way. This should, of course, never happen. At the\nnext attempt to deliver such a message, it gets removed. The incident is\nlogged.\n</p>"
name: keep_malformed
type: time
ldap_ca_cert_dir:
default: unset
description: "<p>\n\nThis option indicates which directory contains CA certificates for verifying\na TLS certificate presented by an LDAP server.\nWhile Exim does not provide a default value, your SSL library may.\nAnalogous to <span class=\"docbook_option\">tls_verify_certificates</span> but as a client-side option for LDAP\nand constrained to be a directory.\n</p>"
name: ldap_ca_cert_dir
type: string
ldap_ca_cert_file:
default: unset
description: "<p>\n\nThis option indicates which file contains CA certificates for verifying\na TLS certificate presented by an LDAP server.\nWhile Exim does not provide a default value, your SSL library may.\nAnalogous to <span class=\"docbook_option\">tls_verify_certificates</span> but as a client-side option for LDAP\nand constrained to be a file.\n</p>"
name: ldap_ca_cert_file
type: string
ldap_cert_file:
default: unset
description: "<p>\n\nThis option indicates which file contains an TLS client certificate which\nExim should present to the LDAP server during TLS negotiation.\nShould be used together with <span class=\"docbook_option\">ldap_cert_key</span>.\n</p>"
name: ldap_cert_file
type: string
ldap_cert_key:
default: unset
description: "<p>\n\nThis option indicates which file contains the secret/private key to use\nto prove identity to the LDAP server during TLS negotiation.\nShould be used together with <span class=\"docbook_option\">ldap_cert_file</span>, which contains the\nidentity to be proven.\n</p>"
name: ldap_cert_key
type: string
ldap_cipher_suite:
default: unset
description: "<p>\n\nThis controls the TLS cipher-suite negotiation during TLS negotiation with\nthe LDAP server. See <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTreqciphssl\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.4</a> for more details of the format of\ncipher-suite options with OpenSSL (as used by LDAP client libraries).\n</p>"
name: ldap_cipher_suite
type: string
ldap_default_servers:
default: unset
description: "<p>\n\nThis option provides a list of LDAP servers which are tried in turn when an\nLDAP query does not contain a server. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECTforldaque\" target=\"_blank\" title=\"9. File and database lookups\">9.14</a> for\ndetails of LDAP queries. This option is available only when Exim has been built\nwith LDAP support.\n</p>"
name: ldap_default_servers
type: stringlist
ldap_require_cert:
default: unset
description: "<p>\n\nThis should be one of the values \"hard\", \"demand\", \"allow\", \"try\" or \"never\".\nA value other than one of these is interpreted as \"never\".\nSee the entry \"TLS_REQCERT\" in your system man page for ldap.conf(5).\nAlthough Exim does not set a default, the LDAP library probably defaults\nto hard/demand.\n</p>"
name: ldap_require_cert
type: string
ldap_start_tls:
default: 'false'
description: "<p>\n\nIf set, Exim will attempt to negotiate TLS with the LDAP server when\nconnecting on a regular LDAP port. This is the LDAP equivalent of SMTP\xE2\x80\x99s\n\"STARTTLS\". This is distinct from using \"ldaps\", which is the LDAP form\nof SSL-on-connect.\nIn the event of failure to negotiate TLS, the action taken is controlled\nby <span class=\"docbook_option\">ldap_require_cert</span>.\n</p>"
name: ldap_start_tls
type: boolean
ldap_version:
default: unset
description: "<p>\n\nThis option can be used to force Exim to set a specific protocol version for\nLDAP. If it option is unset, it is shown by the <span class=\"docbook_option\">-bP</span> command line option as\n-1. When this is the case, the default is 3 if LDAP_VERSION3 is defined in\nthe LDAP headers; otherwise it is 2. This option is available only when Exim\nhas been built with LDAP support.\n</p>"
name: ldap_version
type: integer
local_from_check:
cpanel_default: 'false'
default: 'true'
description: "<p>\n\n\nWhen a message is submitted locally (that is, not over a TCP/IP connection) by\nan untrusted user, Exim removes any existing <span class=\"docbook_emphasis\">Sender:</span> header line, and\nchecks that the <span class=\"docbook_emphasis\">From:</span> header line matches the login of the calling user and\nthe domain specified by <span class=\"docbook_option\">qualify_domain</span>.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Note</span>: An unqualified address (no domain) in the <span class=\"docbook_emphasis\">From:</span> header in a\nlocally submitted message is automatically qualified by Exim, unless the\n<span class=\"docbook_option\">-bnq</span> command line option is used.\n</p>\n<p>\nYou can use <span class=\"docbook_option\">local_from_prefix</span> and <span class=\"docbook_option\">local_from_suffix</span> to permit affixes\non the local part. If the <span class=\"docbook_emphasis\">From:</span> header line does not match, Exim adds a\n<span class=\"docbook_emphasis\">Sender:</span> header with an address constructed from the calling user\xE2\x80\x99s login\nand the default qualify domain.\n</p>\n<p>\nIf <span class=\"docbook_option\">local_from_check</span> is set false, the <span class=\"docbook_emphasis\">From:</span> header check is disabled,\nand no <span class=\"docbook_emphasis\">Sender:</span> header is ever added. If, in addition, you want to retain\n<span class=\"docbook_emphasis\">Sender:</span> header lines supplied by untrusted users, you must also set\n<span class=\"docbook_option\">local_sender_retain</span> to be true.\n</p>\n<p>\n\nThese options affect only the header lines in the message. The envelope sender\nis still forced to be the login id at the qualify domain unless\n<span class=\"docbook_option\">untrusted_set_sender</span> permits the user to supply an envelope sender.\n</p>\n<p>\nFor messages received over TCP/IP, an ACL can specify \xE2\x80\x9Csubmission mode\xE2\x80\x9D to\nrequest similar header line checking. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch46.html#SECTthesenhea\" target=\"_blank\" title=\"46. Message processing\">46.16</a>, which\nhas more details about <span class=\"docbook_emphasis\">Sender:</span> processing.\n</p>"
name: local_from_check
type: boolean
local_from_prefix:
default: unset
description: "<p>\nWhen Exim checks the <span class=\"docbook_emphasis\">From:</span> header line of locally submitted messages for\nmatching the login id (see <span class=\"docbook_option\">local_from_check</span> above), it can be configured to\nignore certain prefixes and suffixes in the local part of the address. This is\ndone by setting <span class=\"docbook_option\">local_from_prefix</span> and/or <span class=\"docbook_option\">local_from_suffix</span> to\nappropriate lists, in the same form as the <span class=\"docbook_option\">local_part_prefix</span> and\n<span class=\"docbook_option\">local_part_suffix</span> router options (see chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch15.html\" target=\"_blank\" title=\"15. Generic options for routers\">15</a>). For\nexample, if\n</p>\n<div class=\"docbook_literallayout\"><pre>\nlocal_from_prefix = *-\n</pre></div>\n<p>\nis set, a <span class=\"docbook_emphasis\">From:</span> line containing\n</p>\n<div class=\"docbook_literallayout\"><pre>\nFrom: anything-user@your.domain.example\n</pre></div>\n<p>\nwill not cause a <span class=\"docbook_emphasis\">Sender:</span> header to be added if <span class=\"docbook_emphasis\">user@your.domain.example</span>\nmatches the actual sender address that is constructed from the login name and\nqualify domain.\n</p>"
name: local_from_prefix
type: string
local_from_suffix:
default: unset
description: "<p>\n<p>\nWhen Exim checks the <span class=\"docbook_emphasis\">From:</span> header line of locally submitted messages for\nmatching the login id (see <span class=\"docbook_option\">local_from_check</span> above), it can be configured to\nignore certain prefixes and suffixes in the local part of the address. This is\ndone by setting <span class=\"docbook_option\">local_from_prefix</span> and/or <span class=\"docbook_option\">local_from_suffix</span> to\nappropriate lists, in the same form as the <span class=\"docbook_option\">local_part_prefix</span> and\n<span class=\"docbook_option\">local_part_suffix</span> router options (see chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch15.html\" target=\"_blank\" title=\"15. Generic options for routers\">15</a>). For\nexample, if\n</p>\n<div class=\"docbook_literallayout\"><pre>\nlocal_from_prefix = *-\n</pre></div>\n<p>\nis set, a <span class=\"docbook_emphasis\">From:</span> line containing\n</p>\n<div class=\"docbook_literallayout\"><pre>\nFrom: anything-user@your.domain.example\n</pre></div>\n<p>\nwill not cause a <span class=\"docbook_emphasis\">Sender:</span> header to be added if <span class=\"docbook_emphasis\">user@your.domain.example</span>\nmatches the actual sender address that is constructed from the login name and\nqualify domain.\n</p>above.\n</p>"
name: local_from_suffix
type: string
local_interfaces:
default: ~
description: "<p>\nThis option controls which network interfaces are used by the daemon for\nlistening; they are also used to identify the local host when routing. Chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html\" target=\"_blank\" title=\"13. Starting the daemon and the use of network interfaces\">13</a> contains a full description of this option and the related\noptions <span class=\"docbook_option\">daemon_smtp_ports</span>, <span class=\"docbook_option\">extra_local_interfaces</span>,\n<span class=\"docbook_option\">hosts_treat_as_local</span>, and <span class=\"docbook_option\">tls_on_connect_ports</span>. The default value for\n<span class=\"docbook_option\">local_interfaces</span> is\n</p>\n<div class=\"docbook_literallayout\"><pre>\nlocal_interfaces = 0.0.0.0\n</pre></div>\n<p>\nwhen Exim is built without IPv6 support; otherwise it is\n</p>\n<div class=\"docbook_literallayout\"><pre>\nlocal_interfaces = <; ::0 ; 0.0.0.0\n</pre></div>"
name: local_interfaces
type: stringlist
local_scan_timeout:
default: 5m
description: "<p>\n\n\nThis timeout applies to the <span class=\"docbook_function\">local_scan()</span> function (see chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch44.html\" target=\"_blank\" title=\"44. Adding a local scan function to Exim\">44</a>). Zero means \xE2\x80\x9Cno timeout\xE2\x80\x9D. If the timeout is exceeded,\nthe incoming message is rejected with a temporary error if it is an SMTP\nmessage. For a non-SMTP message, the message is dropped and Exim ends with a\nnon-zero code. The incident is logged on the main and reject logs.\n</p>"
name: local_scan_timeout
type: time
local_sender_retain:
default: 'false'
description: "<p>\n\nWhen a message is submitted locally (that is, not over a TCP/IP connection) by\nan untrusted user, Exim removes any existing <span class=\"docbook_emphasis\">Sender:</span> header line. If you\ndo not want this to happen, you must set <span class=\"docbook_option\">local_sender_retain</span>, and you must\nalso set <span class=\"docbook_option\">local_from_check</span> to be false (Exim will complain if you do not).\nSee also the ACL modifier <code class=\"docbook_literal\">control = suppress_local_fixups</code>. Section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch46.html#SECTthesenhea\" target=\"_blank\" title=\"46. Message processing\">46.16</a> has more details about <span class=\"docbook_emphasis\">Sender:</span> processing.\n</p>"
name: local_sender_retain
type: boolean
localhost_number:
default: unset
description: "<p>\n\n\n\nExim\xE2\x80\x99s message ids are normally unique only within the local host. If\nuniqueness among a set of hosts is required, each host must set a different\nvalue for the <span class=\"docbook_option\">localhost_number</span> option. The string is expanded immediately\nafter reading the configuration file (so that a number can be computed from the\nhost name, for example) and the result of the expansion must be a number in the\nrange 0\xE2\x80\x9316 (or 0\xE2\x80\x9310 on operating systems with case-insensitive file\nsystems). This is available in subsequent string expansions via the variable\n$localhost_number. When <span class=\"docbook_option\">localhost_number is set</span>, the final two\ncharacters of the message id, instead of just being a fractional part of the\ntime, are computed from the time and the local host number as described in\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch03.html#SECTmessiden\" target=\"_blank\" title=\"3. How Exim receives and delivers mail\">3.4</a>.\n</p>"
name: localhost_number
type: string
localpartlist:
default: ''
description: <p>This is a Named list definition. Their use is described in section <a href="http://www.exim.org/exim-html-current/doc/html/spec_html/ch10.html#SECTnamedlists" target="_blank">10.5</a>.</p>
name: localpartlist
type: localpartlist
localpartlist path_safe_localparts:
cpanel_default: \N^\.*[^./][^/]*$\N
log_file_path:
default: ~
description: "<p>\n\nThis option sets the path which is used to determine the names of Exim\xE2\x80\x99s log\nfiles, or indicates that logging is to be to syslog, or both. It is expanded\nwhen Exim is entered, so it can, for example, contain a reference to the host\nname. If no specific path is set for the log files at compile or run time, they\nare written in a sub-directory called <span class=\"docbook_filename\">log</span> in Exim\xE2\x80\x99s spool directory.\nChapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html\" target=\"_blank\" title=\"51. Log files\">51</a> contains further details about Exim\xE2\x80\x99s logging, and\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html#SECTwhelogwri\" target=\"_blank\" title=\"51. Log files\">51.1</a> describes how the contents of <span class=\"docbook_option\">log_file_path</span> are\nused. If this string is fixed at your installation (contains no expansion\nvariables) it is recommended that you do not set this option in the\nconfiguration file, but instead supply the path using LOG_FILE_PATH in\n<span class=\"docbook_filename\">Local/Makefile</span> so that it is available to Exim for logging errors detected\nearly on \xE2\x80\x93 in particular, failure to read the configuration file.\n</p>"
name: log_file_path
type: stringlist
log_selector:
cpanel_default: +incoming_port +smtp_connection +all_parents +retry_defer +subject +arguments +received_recipients
default: unset
description: "<p>\n\nThis option can be used to reduce or increase the number of things that Exim\nwrites to its log files. Its argument is made up of names preceded by plus or\nminus characters. For example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nlog_selector = +arguments -retry_defer\n</pre></div>\n<p>\nA list of possible names and what they control is given in the chapter on\nlogging, in section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html#SECTlogselector\" target=\"_blank\" title=\"51. Log files\">51.15</a>.\n</p><br><p>Note that cPanel will always enable these <b>mandatory options</b> in your configuration.</p><div class=\"docbook_literallayout\"><pre>log_selector = +incoming_port +smtp_connection +all_parents</pre></div><p>The following <b>default options</b> will also be enabled except when you specify a negative form.</p><div class=\"docbook_literallayout\"><pre>log_selector = +retry_defer +subject +arguments +received_recipients</pre></div>"
name: log_selector
type: string
log_timezone:
default: 'false'
description: "<p>\n\n\n\nBy default, the timestamps on log lines are in local time without the\ntimezone. This means that if your timezone changes twice a year, the timestamps\nin log lines are ambiguous for an hour when the clocks go back. One way of\navoiding this problem is to set the timezone to UTC. An alternative is to set\n<span class=\"docbook_option\">log_timezone</span> true. This turns on the addition of the timezone offset to\ntimestamps in log lines. Turning on this option can add quite a lot to the size\nof log files because each line is extended by 6 characters. Note that the\n$tod_log variable contains the log timestamp without the zone, but there is\nanother variable called $tod_zone that contains just the timezone offset.\n</p>"
name: log_timezone
type: boolean
lookup_open_max:
default: 25
description: "<p>\n\n\n\n\n\nThis option limits the number of simultaneously open files for single-key\nlookups that use regular files (that is, <span class=\"docbook_command\">lsearch</span>, <span class=\"docbook_command\">dbm</span>, and <span class=\"docbook_command\">cdb</span>).\nExim normally keeps these files open during routing, because often the same\nfile is required several times. If the limit is reached, Exim closes the least\nrecently used file. Note that if you are using the <span class=\"docbook_emphasis\">ndbm</span> library, it\nactually opens two files for each logical DBM database, though it still counts\nas one for the purposes of <span class=\"docbook_option\">lookup_open_max</span>. If you are getting \xE2\x80\x9Ctoo many\nopen files\xE2\x80\x9D errors with NDBM, you need to reduce the value of\n<span class=\"docbook_option\">lookup_open_max</span>.\n</p>"
name: lookup_open_max
type: integer
max_username_length:
default: 0
description: "<p>\n\n\n\nSome operating systems are broken in that they truncate long arguments to\n<span class=\"docbook_function\">getpwnam()</span> to eight characters, instead of returning \xE2\x80\x9Cno such user\xE2\x80\x9D. If\nthis option is set greater than zero, any attempt to call <span class=\"docbook_function\">getpwnam()</span> with\nan argument that is longer behaves as if <span class=\"docbook_function\">getpwnam()</span> failed.\n</p>"
name: max_username_length
type: integer
message_body_newlines:
cpanel_default: 'true'
default: 'false'
description: "<p>\n\n\n\n\nBy default, newlines in the message body are replaced by spaces when setting\nthe $message_body and $message_body_end expansion variables. If this\noption is set true, this no longer happens.\n</p>"
name: message_body_newlines
type: bool
message_body_visible:
cpanel_default: 5000
default: 500
description: "<p>\n\n\n\n\nThis option specifies how much of a message\xE2\x80\x99s body is to be included in the\n$message_body and $message_body_end expansion variables.\n</p>"
name: message_body_visible
type: integer
message_id_header_domain:
default: unset
description: "<p>\n\nIf this option is set, the string is expanded and used as the right hand side\n(domain) of the <span class=\"docbook_emphasis\">Message-ID:</span> header that Exim creates if a\nlocally-originated incoming message does not have one. \xE2\x80\x9CLocally-originated\xE2\x80\x9D\nmeans \xE2\x80\x9Cnot received over TCP/IP.\xE2\x80\x9D\nOtherwise, the primary host name is used.\nOnly letters, digits, dot and hyphen are accepted; any other characters are\nreplaced by hyphens. If the expansion is forced to fail, or if the result is an\nempty string, the option is ignored.\n</p>"
name: message_id_header_domain
type: string
message_id_header_text:
default: unset
description: "<p>\nIf this variable is set, the string is expanded and used to augment the text of\nthe <span class=\"docbook_emphasis\">Message-id:</span> header that Exim creates if a locally-originated incoming\nmessage does not have one. The text of this header is required by RFC 2822 to\ntake the form of an address. By default, Exim uses its internal message id as\nthe local part, and the primary host name as the domain. If this option is set,\nit is expanded, and provided the expansion is not forced to fail, and does not\nyield an empty string, the result is inserted into the header immediately\nbefore the @, separated from the internal message id by a dot. Any characters\nthat are illegal in an address are automatically converted into hyphens. This\nmeans that variables such as $tod_log can be used, because the spaces and\ncolons will become hyphens.\n</p>"
name: message_id_header_text
type: string
message_logs:
default: 'true'
description: "<p>\n\n\nIf this option is turned off, per-message log files are not created in the\n<span class=\"docbook_filename\">msglog</span> spool sub-directory. This reduces the amount of disk I/O required by\nExim, by reducing the number of files involved in handling a message from a\nminimum of four (header spool file, body spool file, delivery journal, and\nper-message log) to three. The other major I/O activity is Exim\xE2\x80\x99s main log,\nwhich is not affected by this option.\n</p>"
name: message_logs
type: boolean
message_size_limit:
default: 50M
description: "<p>\n\n\n\nThis option limits the maximum size of message that Exim will process. The\nvalue is expanded for each incoming connection so, for example, it can be made\nto depend on the IP address of the remote host for messages arriving via\nTCP/IP. After expansion, the value must be a sequence of decimal digits,\noptionally followed by K or M.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Note</span>: This limit cannot be made to depend on a message\xE2\x80\x99s sender or any\nother properties of an individual message, because it has to be advertised in\nthe server\xE2\x80\x99s response to EHLO. String expansion failure causes a temporary\nerror. A value of zero means no limit, but its use is not recommended. See also\n<span class=\"docbook_option\">bounce_return_size_limit</span>.\n</p>\n<p>\nIncoming SMTP messages are failed with a 552 error if the limit is\nexceeded; locally-generated messages either get a stderr message or a delivery\nfailure message to the sender, depending on the <span class=\"docbook_option\">-oe</span> setting. Rejection of\nan oversized message is logged in both the main and the reject logs. See also\nthe generic transport option <span class=\"docbook_option\">message_size_limit</span>, which limits the size of\nmessage that an individual transport can process.\n</p>\n<p>\nIf you use a virus-scanner and set this option to to a value larger than the\nmaximum size that your virus-scanner is configured to support, you may get\nfailures triggered by large mails. The right size to configure for the\nvirus-scanner depends upon what data is passed and the options in use but it\xE2\x80\x99s\nprobably safest to just set it to a little larger than this value. Eg, with a\ndefault Exim message size of 50M and a default ClamAV StreamMaxLength of 10M,\nsome problems may result.\n</p>\n<p>\nA value of 0 will disable size limit checking; Exim will still advertise the\nSIZE extension in an EHLO response, but without a limit, so as to permit\nSMTP clients to still indicate the message size along with the MAIL verb.\n</p>"
name: message_size_limit
type: string
move_frozen_messages:
default: 'false'
description: "<p>\n\nThis option, which is available only if Exim has been built with the setting\n</p>\n<div class=\"docbook_literallayout\"><pre>\nSUPPORT_MOVE_FROZEN_MESSAGES=yes\n</pre></div>\n<p>\nin <span class=\"docbook_filename\">Local/Makefile</span>, causes frozen messages and their message logs to be\nmoved from the <span class=\"docbook_filename\">input</span> and <span class=\"docbook_filename\">msglog</span> directories on the spool to <span class=\"docbook_filename\">Finput</span>\nand <span class=\"docbook_filename\">Fmsglog</span>, respectively. There is currently no support in Exim or the\nstandard utilities for handling such moved messages, and they do not show up in\nlists generated by <span class=\"docbook_option\">-bp</span> or by the Exim monitor.\n</p>"
name: move_frozen_messages
type: boolean
mua_wrapper:
default: 'false'
description: "<p>\nSetting this option true causes Exim to run in a very restrictive mode in which\nit passes messages synchronously to a smart host. Chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch50.html\" target=\"_blank\" title=\"50. Using Exim as a non-queueing client\">50</a>\ncontains a full description of this facility.\n</p>"
name: mua_wrapper
type: boolean
mysql_servers:
default: unset
description: "<p>\n\nThis option provides a list of MySQL servers and associated connection data, to\nbe used in conjunction with <span class=\"docbook_command\">mysql</span> lookups (see section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECID72\" target=\"_blank\" title=\"9. File and database lookups\">9.21</a>). The\noption is available only if Exim has been built with MySQL support.\n</p>"
name: mysql_servers
type: stringlist
never_users:
cpanel_default: root
default: unset
description: "<p>\nThis option is expanded just once, at the start of Exim\xE2\x80\x99s processing. Local\nmessage deliveries are normally run in processes that are setuid to the\nrecipient, and remote deliveries are normally run under Exim\xE2\x80\x99s own uid and gid.\nIt is usually desirable to prevent any deliveries from running as root, as a\nsafety precaution.\n</p>\n<p>\nWhen Exim is built, an option called FIXED_NEVER_USERS can be set to a\nlist of users that must not be used for local deliveries. This list is fixed in\nthe binary and cannot be overridden by the configuration file. By default, it\ncontains just the single user name \xE2\x80\x9Croot\xE2\x80\x9D. The <span class=\"docbook_option\">never_users</span> runtime option\ncan be used to add more users to the fixed list.\n</p>\n<p>\nIf a message is to be delivered as one of the users on the fixed list or the\n<span class=\"docbook_option\">never_users</span> list, an error occurs, and delivery is deferred. A common\nexample is\n</p>\n<div class=\"docbook_literallayout\"><pre>\nnever_users = root:daemon:bin\n</pre></div>\n<p>\nIncluding root is redundant if it is also on the fixed list, but it does no\nharm. This option overrides the <span class=\"docbook_option\">pipe_as_creator</span> option of the <span class=\"docbook_command\">pipe</span>\ntransport driver.\n</p>"
name: never_users
type: stringlist
openssl_options:
cpanel_default: +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1
default: +no_sslv2
description: "<p>\n\nThis option allows an administrator to adjust the SSL options applied\nby OpenSSL to connections. It is given as a space-separated list of items,\neach one to be +added or -subtracted from the current value.\n</p>\n<p>\nThis option is only available if Exim is built against OpenSSL. The values\navailable for this option vary according to the age of your OpenSSL install.\nThe \xE2\x80\x9Call\xE2\x80\x9D value controls a subset of flags which are available, typically\nthe bug workaround options. The <span class=\"docbook_emphasis\">SSL_CTX_set_options</span> man page will\nlist the values known on your system and Exim should support all the\n\xE2\x80\x9Cbug workaround\xE2\x80\x9D options and many of the \xE2\x80\x9Cmodifying\xE2\x80\x9D options. The Exim\nnames lose the leading \xE2\x80\x9CSSL_OP_\xE2\x80\x9D and are lower-cased.\n</p>\n<p>\nNote that adjusting the options can have severe impact upon the security of\nSSL as used by Exim. It is possible to disable safety checks and shoot\nyourself in the foot in various unpleasant ways. This option should not be\nadjusted lightly. An unrecognised item will be detected at startup, by\ninvoking Exim with the <span class=\"docbook_option\">-bV</span> flag.\n</p>\n<p class=\"changed\">\nHistorical note: prior to release 4.80, Exim defaulted this value to\n\"+dont_insert_empty_fragments\", which may still be needed for compatibility\nwith some clients, but which lowers security by increasing exposure to\nsome now infamous attacks.\n</p>\n<p>\nAn example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\n# Make both old MS and old Eudora happy:\nopenssl_options = -all +microsoft_big_sslv3_buffer \\\n +dont_insert_empty_fragments\n</pre></div>\n<p>\nPossible options may include:\n</p>\n<ul>\n<li>\n<p>\n<code class=\"docbook_literal\">all</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">allow_unsafe_legacy_renegotiation</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">cipher_server_preference</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">dont_insert_empty_fragments</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">ephemeral_rsa</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">legacy_server_connect</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">microsoft_big_sslv3_buffer</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">microsoft_sess_id_bug</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">msie_sslv2_rsa_padding</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">netscape_challenge_bug</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">netscape_reuse_cipher_change_bug</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_compression</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_session_resumption_on_renegotiation</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_sslv2</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_sslv3</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_ticket</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_tlsv1</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_tlsv1_1</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">no_tlsv1_2</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">single_dh_use</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">single_ecdh_use</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">ssleay_080_client_dh_bug</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">sslref2_reuse_cert_type_bug</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">tls_block_padding_bug</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">tls_d5_bug</code>\n</p>\n</li>\n<li>\n<p>\n<code class=\"docbook_literal\">tls_rollback_bug</code>\n</p>\n</li>\n</ul>"
name: openssl_options
type: stringlist
oracle_servers:
default: unset
description: "<p>\n\nThis option provides a list of Oracle servers and associated connection data,\nto be used in conjunction with <span class=\"docbook_command\">oracle</span> lookups (see section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECID72\" target=\"_blank\" title=\"9. File and database lookups\">9.21</a>).\nThe option is available only if Exim has been built with Oracle support.\n</p>"
name: oracle_servers
type: stringlist
percent_hack_domains:
default: unset
description: "<p>\n\n\n\nThe \xE2\x80\x9Cpercent hack\xE2\x80\x9D is the convention whereby a local part containing a\npercent sign is re-interpreted as a new email address, with the percent\nreplaced by @. This is sometimes called \xE2\x80\x9Csource routing\xE2\x80\x9D, though that term is\nalso applied to RFC 2822 addresses that begin with an @ character. If this\noption is set, Exim implements the percent facility for those domains listed,\nbut no others. This happens before an incoming SMTP address is tested against\nan ACL.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Warning</span>: The \xE2\x80\x9Cpercent hack\xE2\x80\x9D has often been abused by people who are\ntrying to get round relaying restrictions. For this reason, it is best avoided\nif at all possible. Unfortunately, a number of less security-conscious MTAs\nimplement it unconditionally. If you are running Exim on a gateway host, and\nrouting mail through to internal MTAs without processing the local parts, it is\na good idea to reject recipient addresses with percent characters in their\nlocal parts. Exim\xE2\x80\x99s default configuration does this.\n</p>"
name: percent_hack_domains
type: domainlist
perl_at_start:
default: 'false'
description: "<p>\nThis option is available only when Exim is built with an embedded Perl\ninterpreter. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch12.html\" target=\"_blank\" title=\"12. Embedded Perl\">12</a> for details of its use.\n</p>"
name: perl_at_start
type: boolean
perl_startup:
cpanel_default: do '/etc/exim.pl'
default: unset
description: "<p>\nThis option is available only when Exim is built with an embedded Perl\ninterpreter. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch12.html\" target=\"_blank\" title=\"12. Embedded Perl\">12</a> for details of its use.\n</p>"
name: perl_startup
type: string
pgsql_servers:
default: unset
description: "<p>\n\nThis option provides a list of PostgreSQL servers and associated connection\ndata, to be used in conjunction with <span class=\"docbook_command\">pgsql</span> lookups (see section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECID72\" target=\"_blank\" title=\"9. File and database lookups\">9.21</a>). The option is available only if Exim has been built with\nPostgreSQL support.\n</p>"
name: pgsql_servers
type: stringlist
pid_file_path:
default: ~
description: "<p>\n\n\nThis option sets the name of the file to which the Exim daemon writes its\nprocess id. The string is expanded, so it can contain, for example, references\nto the host name:\n</p>\n<div class=\"docbook_literallayout\"><pre>\npid_file_path = /var/log/$primary_hostname/exim.pid\n</pre></div>\n<p>\nIf no path is set, the pid is written to the file <span class=\"docbook_filename\">exim-daemon.pid</span> in Exim\xE2\x80\x99s\nspool directory.\nThe value set by the option can be overridden by the <span class=\"docbook_option\">-oP</span> command line\noption. A pid file is not written if a \xE2\x80\x9Cnon-standard\xE2\x80\x9D daemon is run by means\nof the <span class=\"docbook_option\">-oX</span> option, unless a path is explicitly supplied by <span class=\"docbook_option\">-oP</span>.\n</p>"
name: pid_file_path
type: string
pipelining_advertise_hosts:
default: "*"
description: "<p>\n\nThis option can be used to suppress the advertisement of the SMTP\nPIPELINING extension to specific hosts. See also the <span class=\"docbook_emphasis\">no_pipelining</span>\ncontrol in section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcontrols\" target=\"_blank\" title=\"42. Access control lists\">42.21</a>. When PIPELINING is not advertised and\n<span class=\"docbook_option\">smtp_enforce_sync</span> is true, an Exim server enforces strict synchronization\nfor each SMTP command and response. When PIPELINING is advertised, Exim assumes\nthat clients will use it; \xE2\x80\x9Cout of order\xE2\x80\x9D commands that are \xE2\x80\x9Cexpected\xE2\x80\x9D do\nnot count as protocol errors (see <span class=\"docbook_option\">smtp_max_synprot_errors</span>).\n</p>"
name: pipelining_advertise_hosts
type: hostlist
preserve_message_logs:
default: 'false'
description: "<p>\n\nIf this option is set, message log files are not deleted when messages are\ncompleted. Instead, they are moved to a sub-directory of the spool directory\ncalled <span class=\"docbook_filename\">msglog.OLD</span>, where they remain available for statistical or debugging\npurposes. This is a dangerous option to set on systems with any appreciable\nvolume of mail. Use with care!\n</p>"
name: preserve_message_logs
type: boolean
primary_hostname:
default: ~
description: "<p>\n\n\n\n\nThis specifies the name of the current host. It is used in the default EHLO or\nHELO command for outgoing SMTP messages (changeable via the <span class=\"docbook_option\">helo_data</span>\noption in the <span class=\"docbook_command\">smtp</span> transport), and as the default for <span class=\"docbook_option\">qualify_domain</span>.\nThe value is also used by default in some SMTP response messages from an Exim\nserver. This can be changed dynamically by setting <span class=\"docbook_option\">smtp_active_hostname</span>.\n</p>\n<p>\nIf <span class=\"docbook_option\">primary_hostname</span> is not set, Exim calls <span class=\"docbook_function\">uname()</span> to find the host\nname. If this fails, Exim panics and dies. If the name returned by <span class=\"docbook_function\">uname()</span>\ncontains only one component, Exim passes it to <span class=\"docbook_function\">gethostbyname()</span> (or\n<span class=\"docbook_function\">getipnodebyname()</span> when available) in order to obtain the fully qualified\nversion. The variable $primary_hostname contains the host name, whether set\nexplicitly by this option, or defaulted.\n</p>"
name: primary_hostname
type: string
print_topbitchars:
default: 'false'
description: "<p>\n\n\nBy default, Exim considers only those characters whose codes lie in the range\n32\xE2\x80\x93126 to be printing characters. In a number of circumstances (for example,\nwhen writing log entries) non-printing characters are converted into escape\nsequences, primarily to avoid messing up the layout. If <span class=\"docbook_option\">print_topbitchars</span>\nis set, code values of 128 and above are also considered to be printing\ncharacters.\n</p>\n<p>\nThis option also affects the header syntax checks performed by the\n<span class=\"docbook_command\">autoreply</span> transport, and whether Exim uses RFC 2047 encoding of\nthe user\xE2\x80\x99s full name when constructing From: and Sender: addresses (as\ndescribed in section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch46.html#SECTconstr\" target=\"_blank\" title=\"46. Message processing\">46.18</a>). Setting this option can cause\nExim to generate eight bit message headers that do not conform to the\nstandards.\n</p>"
name: print_topbitchars
type: boolean
process_log_path:
default: unset
description: "<p>\n\n\n\nThis option sets the name of the file to which an Exim process writes its\n\xE2\x80\x9Cprocess log\xE2\x80\x9D when sent a USR1 signal. This is used by the <span class=\"docbook_emphasis\">exiwhat</span>\nutility script. If this option is unset, the file called <span class=\"docbook_filename\">exim-process.info</span>\nin Exim\xE2\x80\x99s spool directory is used. The ability to specify the name explicitly\ncan be useful in environments where two different Exims are running, using\ndifferent spool directories.\n</p>"
name: process_log_path
type: string
prod_requires_admin:
default: 'true'
description: "<p>\n\n\n\nThe <span class=\"docbook_option\">-M</span>, <span class=\"docbook_option\">-R</span>, and <span class=\"docbook_option\">-q</span> command-line options require the caller to be an\nadmin user unless <span class=\"docbook_option\">prod_requires_admin</span> is set false. See also\n<span class=\"docbook_option\">queue_list_requires_admin</span>.\n</p>"
name: prod_requires_admin
type: boolean
qualify_domain:
default: ~
description: "<p>\n\n\nThis option specifies the domain name that is added to any envelope sender\naddresses that do not have a domain qualification. It also applies to\nrecipient addresses if <span class=\"docbook_option\">qualify_recipient</span> is not set. Unqualified addresses\nare accepted by default only for locally-generated messages. Qualification is\nalso applied to addresses in header lines such as <span class=\"docbook_emphasis\">From:</span> and <span class=\"docbook_emphasis\">To:</span> for\nlocally-generated messages, unless the <span class=\"docbook_option\">-bnq</span> command line option is used.\n</p>\n<p>\nMessages from external sources must always contain fully qualified addresses,\nunless the sending host matches <span class=\"docbook_option\">sender_unqualified_hosts</span> or\n<span class=\"docbook_option\">recipient_unqualified_hosts</span> (as appropriate), in which case incoming\naddresses are qualified with <span class=\"docbook_option\">qualify_domain</span> or <span class=\"docbook_option\">qualify_recipient</span> as\nnecessary. Internally, Exim always works with fully qualified envelope\naddresses. If <span class=\"docbook_option\">qualify_domain</span> is not set, it defaults to the\n<span class=\"docbook_option\">primary_hostname</span> value.\n</p>"
name: qualify_domain
type: string
qualify_recipient:
default: ~
description: "<p>\nThis option allows you to specify a different domain for qualifying recipient\naddresses to the one that is used for senders. <p>\n\n\nThis option specifies the domain name that is added to any envelope sender\naddresses that do not have a domain qualification. It also applies to\nrecipient addresses if <span class=\"docbook_option\">qualify_recipient</span> is not set. Unqualified addresses\nare accepted by default only for locally-generated messages. Qualification is\nalso applied to addresses in header lines such as <span class=\"docbook_emphasis\">From:</span> and <span class=\"docbook_emphasis\">To:</span> for\nlocally-generated messages, unless the <span class=\"docbook_option\">-bnq</span> command line option is used.\n</p>\n<p>\nMessages from external sources must always contain fully qualified addresses,\nunless the sending host matches <span class=\"docbook_option\">sender_unqualified_hosts</span> or\n<span class=\"docbook_option\">recipient_unqualified_hosts</span> (as appropriate), in which case incoming\naddresses are qualified with <span class=\"docbook_option\">qualify_domain</span> or <span class=\"docbook_option\">qualify_recipient</span> as\nnecessary. Internally, Exim always works with fully qualified envelope\naddresses. If <span class=\"docbook_option\">qualify_domain</span> is not set, it defaults to the\n<span class=\"docbook_option\">primary_hostname</span> value.\n</p>above.\n</p>"
name: qualify_recipient
type: string
queue_domains:
default: unset
description: "<p>\n\n\n\nThis option lists domains for which immediate delivery is not required.\nA delivery process is started whenever a message is received, but only those\ndomains that do not match are processed. All other deliveries wait until the\nnext queue run. See also <span class=\"docbook_option\">hold_domains</span> and <span class=\"docbook_option\">queue_smtp_domains</span>.\n</p>"
name: queue_domains
type: domainlist
queue_list_requires_admin:
default: 'true'
description: "<p>\n\nThe <span class=\"docbook_option\">-bp</span> command-line option, which lists the messages that are on the\nqueue, requires the caller to be an admin user unless\n<span class=\"docbook_option\">queue_list_requires_admin</span> is set false. See also <span class=\"docbook_option\">prod_requires_admin</span>.\n</p>"
name: queue_list_requires_admin
type: boolean
queue_only:
default: 'false'
description: "<p>\n\n\nIf <span class=\"docbook_option\">queue_only</span> is set, a delivery process is not automatically started\nwhenever a message is received. Instead, the message waits on the queue for the\nnext queue run. Even if <span class=\"docbook_option\">queue_only</span> is false, incoming messages may not get\ndelivered immediately when certain conditions (such as heavy load) occur.\n</p>\n<p>\nThe <span class=\"docbook_option\">-odq</span> command line has the same effect as <span class=\"docbook_option\">queue_only</span>. The <span class=\"docbook_option\">-odb</span>\nand <span class=\"docbook_option\">-odi</span> command line options override <span class=\"docbook_option\">queue_only</span> unless\n<span class=\"docbook_option\">queue_only_override</span> is set false. See also <span class=\"docbook_option\">queue_only_file</span>,\n<span class=\"docbook_option\">queue_only_load</span>, and <span class=\"docbook_option\">smtp_accept_queue</span>.\n</p>"
name: queue_only
type: boolean
queue_only_file:
default: unset
description: "<p>\n\n\nThis option can be set to a colon-separated list of absolute path names, each\none optionally preceded by \xE2\x80\x9Csmtp\xE2\x80\x9D. When Exim is receiving a message,\nit tests for the existence of each listed path using a call to <span class=\"docbook_function\">stat()</span>. For\neach path that exists, the corresponding queueing option is set.\nFor paths with no prefix, <span class=\"docbook_option\">queue_only</span> is set; for paths prefixed by\n\xE2\x80\x9Csmtp\xE2\x80\x9D, <span class=\"docbook_option\">queue_smtp_domains</span> is set to match all domains. So, for example,\n</p>\n<div class=\"docbook_literallayout\"><pre>\nqueue_only_file = smtp/some/file\n</pre></div>\n<p>\ncauses Exim to behave as if <span class=\"docbook_option\">queue_smtp_domains</span> were set to \xE2\x80\x9C*\xE2\x80\x9D whenever\n<span class=\"docbook_filename\">/some/file</span> exists.\n</p>"
name: queue_only_file
type: string
queue_only_load:
cpanel_default: 36
default: unset
description: "<p>\n\n\n\nIf the system load average is higher than this value, incoming messages from\nall sources are queued, and no automatic deliveries are started. If this\nhappens during local or remote SMTP input, all subsequent messages received on\nthe same SMTP connection are queued by default, whatever happens to the load in\nthe meantime, but this can be changed by setting <span class=\"docbook_option\">queue_only_load_latch</span>\nfalse.\n</p>\n<p>\nDeliveries will subsequently be performed by queue runner processes. This\noption has no effect on ancient operating systems on which Exim cannot\ndetermine the load average. See also <span class=\"docbook_option\">deliver_queue_load_max</span> and\n<span class=\"docbook_option\">smtp_load_reserve</span>.\n</p>"
name: queue_only_load
type: fixedpoint
queue_only_load_latch:
default: 'true'
description: "<p>\n\nWhen this option is true (the default), once one message has been queued\nbecause the load average is higher than the value set by <span class=\"docbook_option\">queue_only_load</span>,\nall subsequent messages received on the same SMTP connection are also queued.\nThis is a deliberate choice; even though the load average may fall below the\nthreshold, it doesn\xE2\x80\x99t seem right to deliver later messages on the same\nconnection when not delivering earlier ones. However, there are special\ncircumstances such as very long-lived connections from scanning appliances\nwhere this is not the best strategy. In such cases, <span class=\"docbook_option\">queue_only_load_latch</span>\nshould be set false. This causes the value of the load average to be\nre-evaluated for each message.\n</p>"
name: queue_only_load_latch
type: boolean
queue_only_override:
default: 'true'
description: "<p>\n\nWhen this option is true, the <span class=\"docbook_option\">-od</span><span class=\"docbook_emphasis\">x</span> command line options override the\nsetting of <span class=\"docbook_option\">queue_only</span> or <span class=\"docbook_option\">queue_only_file</span> in the configuration file. If\n<span class=\"docbook_option\">queue_only_override</span> is set false, the <span class=\"docbook_option\">-od</span><span class=\"docbook_emphasis\">x</span> options cannot be used\nto override; they are accepted, but ignored.\n</p>"
name: queue_only_override
type: boolean
queue_run_in_order:
default: 'false'
description: "<p>\n\nIf this option is set, queue runs happen in order of message arrival instead of\nin an arbitrary order. For this to happen, a complete list of the entire queue\nmust be set up before the deliveries start. When the queue is all held in a\nsingle directory (the default), a single list is created for both the ordered\nand the non-ordered cases. However, if <span class=\"docbook_option\">split_spool_directory</span> is set, a\nsingle list is not created when <span class=\"docbook_option\">queue_run_in_order</span> is false. In this case,\nthe sub-directories are processed one at a time (in a random order), and this\navoids setting up one huge list for the whole queue. Thus, setting\n<span class=\"docbook_option\">queue_run_in_order</span> with <span class=\"docbook_option\">split_spool_directory</span> may degrade performance\nwhen the queue is large, because of the extra work in setting up the single,\nlarge list. In most situations, <span class=\"docbook_option\">queue_run_in_order</span> should not be set.\n</p>"
name: queue_run_in_order
type: boolean
queue_run_max:
default: 5
description: "<p>\n\nThis controls the maximum number of queue runner processes that an Exim daemon\ncan run simultaneously. This does not mean that it starts them all at once,\nbut rather that if the maximum number are still running when the time comes to\nstart another one, it refrains from starting another one. This can happen with\nvery large queues and/or very sluggish deliveries. This option does not,\nhowever, interlock with other processes, so additional queue runners can be\nstarted by other means, or by killing and restarting the daemon.\n</p>\n<p>\nSetting this option to zero does not suppress queue runs; rather, it disables\nthe limit, allowing any number of simultaneous queue runner processes to be\nrun. If you do not want queue runs to occur, omit the <span class=\"docbook_option\">-q</span><span class=\"docbook_emphasis\">xx</span> setting on\nthe daemon\xE2\x80\x99s command line.\n</p>"
name: queue_run_max
type: integer
queue_smtp_domains:
default: unset
description: "<p>\n\n\nWhen this option is set, a delivery process is started whenever a message is\nreceived, routing is performed, and local deliveries take place.\nHowever, if any SMTP deliveries are required for domains that match\n<span class=\"docbook_option\">queue_smtp_domains</span>, they are not immediately delivered, but instead the\nmessage waits on the queue for the next queue run. Since routing of the message\nhas taken place, Exim knows to which remote hosts it must be delivered, and so\nwhen the queue run happens, multiple messages for the same host are delivered\nover a single SMTP connection. The <span class=\"docbook_option\">-odqs</span> command line option causes all\nSMTP deliveries to be queued in this way, and is equivalent to setting\n<span class=\"docbook_option\">queue_smtp_domains</span> to \xE2\x80\x9C*\xE2\x80\x9D. See also <span class=\"docbook_option\">hold_domains</span> and\n<span class=\"docbook_option\">queue_domains</span>.\n</p>"
name: queue_smtp_domains
type: domainlist
receive_timeout:
default: 0s
description: "<p>\n\nThis option sets the timeout for accepting a non-SMTP message, that is, the\nmaximum time that Exim waits when reading a message on the standard input. If\nthe value is zero, it will wait for ever. This setting is overridden by the\n<span class=\"docbook_option\">-or</span> command line option. The timeout for incoming SMTP messages is\ncontrolled by <span class=\"docbook_option\">smtp_receive_timeout</span>.\n</p>"
name: receive_timeout
type: time
received_header_text:
default: ~
description: "<p>\n\n\nThis string defines the contents of the <span class=\"docbook_emphasis\">Received:</span> message header that is\nadded to each message, except for the timestamp, which is automatically added\non at the end (preceded by a semicolon). The string is expanded each time it is\nused. If the expansion yields an empty string, no <span class=\"docbook_emphasis\">Received:</span> header line is\nadded to the message. Otherwise, the string should start with the text\n\xE2\x80\x9CReceived:\xE2\x80\x9D and conform to the RFC 2822 specification for <span class=\"docbook_emphasis\">Received:</span>\nheader lines. The default setting is:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nreceived_header_text = Received: \\\n ${if def:sender_rcvhost {from $sender_rcvhost\\n\\t}\\\n {${if def:sender_ident \\\n {from ${quote_local_part:$sender_ident} }}\\\n ${if def:sender_helo_name {(helo=$sender_helo_name)\\n\\t}}}}\\\n by $primary_hostname \\\n ${if def:received_protocol {with $received_protocol}} \\\n ${if def:tls_cipher {($tls_cipher)\\n\\t}}\\\n (Exim $version_number)\\n\\t\\\n ${if def:sender_address \\\n {(envelope-from <$sender_address>)\\n\\t}}\\\n id $message_exim_id\\\n ${if def:received_for {\\n\\tfor $received_for}}\n</pre></div>\n<p>\nThe reference to the TLS cipher is omitted when Exim is built without TLS\nsupport. The use of conditional expansions ensures that this works for both\nlocally generated messages and messages received from remote hosts, giving\nheader lines such as the following:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nReceived: from scrooge.carol.example ([192.168.12.25] ident=root)\nby marley.carol.example with esmtp (Exim 4.00)\n(envelope-from <bob@carol.example>)\nid 16IOWa-00019l-00\nfor chas@dickens.example; Tue, 25 Dec 2001 14:43:44 +0000\nReceived: by scrooge.carol.example with local (Exim 4.00)\nid 16IOWW-000083-00; Tue, 25 Dec 2001 14:43:41 +0000\n</pre></div>\n<p>\nUntil the body of the message has been received, the timestamp is the time when\nthe message started to be received. Once the body has arrived, and all policy\nchecks have taken place, the timestamp is updated to the time at which the\nmessage was accepted.\n</p>"
name: received_header_text
type: string
received_headers_max:
default: 30
description: "<p>\n\n\n\nWhen a message is to be delivered, the number of <span class=\"docbook_emphasis\">Received:</span> headers is\ncounted, and if it is greater than this parameter, a mail loop is assumed to\nhave occurred, the delivery is abandoned, and an error message is generated.\nThis applies to both local and remote deliveries.\n</p>"
name: received_headers_max
type: integer
recipient_unqualified_hosts:
default: unset
description: "<p>\n\n\nThis option lists those hosts from which Exim is prepared to accept unqualified\nrecipient addresses in message envelopes. The addresses are made fully\nqualified by the addition of the <span class=\"docbook_option\">qualify_recipient</span> value. This option also\naffects message header lines. Exim does not reject unqualified recipient\naddresses in headers, but it qualifies them only if the message came from a\nhost that matches <span class=\"docbook_option\">recipient_unqualified_hosts</span>,\nor if the message was submitted locally (not using TCP/IP), and the <span class=\"docbook_option\">-bnq</span>\noption was not set.\n</p>"
name: recipient_unqualified_hosts
type: hostlist
recipients_max:
default: 0
description: "<p>\n\n\nIf this option is set greater than zero, it specifies the maximum number of\noriginal recipients for any message. Additional recipients that are generated\nby aliasing or forwarding do not count. SMTP messages get a 452 response for\nall recipients over the limit; earlier recipients are delivered as normal.\nNon-SMTP messages with too many recipients are failed, and no deliveries are\ndone.\n</p>\n<p>\n\n<span class=\"docbook_emphasis\">Note</span>: The RFCs specify that an SMTP server should accept at least 100\nRCPT commands in a single message.\n</p>"
name: recipients_max
type: integer
recipients_max_reject:
default: 'false'
description: "<p>\nIf this option is set true, Exim rejects SMTP messages containing too many\nrecipients by giving 552 errors to the surplus RCPT commands, and a 554\nerror to the eventual DATA command. Otherwise (the default) it gives a 452\nerror to the surplus RCPT commands and accepts the message on behalf of the\ninitial set of recipients. The remote server should then re-send the message\nfor the remaining recipients at a later time.\n</p>"
name: recipients_max_reject
type: boolean
remote_max_parallel:
cpanel_default: 10
default: 2
description: "<p>\n\nThis option controls parallel delivery of one message to a number of remote\nhosts. If the value is less than 2, parallel delivery is disabled, and Exim\ndoes all the remote deliveries for a message one by one. Otherwise, if a single\nmessage has to be delivered to more than one remote host, or if several copies\nhave to be sent to the same remote host, up to <span class=\"docbook_option\">remote_max_parallel</span>\ndeliveries are done simultaneously. If more than <span class=\"docbook_option\">remote_max_parallel</span>\ndeliveries are required, the maximum number of processes are started, and as\neach one finishes, another is begun. The order of starting processes is the\nsame as if sequential delivery were being done, and can be controlled by the\n<span class=\"docbook_option\">remote_sort_domains</span> option. If parallel delivery takes place while running\nwith debugging turned on, the debugging output from each delivery process is\ntagged with its process id.\n</p>\n<p>\nThis option controls only the maximum number of parallel deliveries for one\nmessage in one Exim delivery process. Because Exim has no central queue\nmanager, there is no way of controlling the total number of simultaneous\ndeliveries if the configuration allows a delivery attempt as soon as a message\nis received.\n</p>\n<p>\n\n\nIf you want to control the total number of deliveries on the system, you\nneed to set the <span class=\"docbook_option\">queue_only</span> option. This ensures that all incoming messages\nare added to the queue without starting a delivery process. Then set up an Exim\ndaemon to start queue runner processes at appropriate intervals (probably\nfairly often, for example, every minute), and limit the total number of queue\nrunners by setting the <span class=\"docbook_option\">queue_run_max</span> parameter. Because each queue runner\ndelivers only one message at a time, the maximum number of deliveries that can\nthen take place at once is <span class=\"docbook_option\">queue_run_max</span> multiplied by\n<span class=\"docbook_option\">remote_max_parallel</span>.\n</p>\n<p>\nIf it is purely remote deliveries you want to control, use\n<span class=\"docbook_option\">queue_smtp_domains</span> instead of <span class=\"docbook_option\">queue_only</span>. This has the added benefit of\ndoing the SMTP routing before queueing, so that several messages for the same\nhost will eventually get delivered down the same connection.\n</p>"
name: remote_max_parallel
type: integer
remote_sort_domains:
default: unset
description: "<p>\n\n\nWhen there are a number of remote deliveries for a message, they are sorted by\ndomain into the order given by this list. For example,\n</p>\n<div class=\"docbook_literallayout\"><pre>\nremote_sort_domains = *.cam.ac.uk:*.uk\n</pre></div>\n<p>\nwould attempt to deliver to all addresses in the <span class=\"docbook_emphasis\">cam.ac.uk</span> domain first,\nthen to those in the <span class=\"docbook_option\">uk</span> domain, then to any others.\n</p>"
name: remote_sort_domains
type: domainlist
retry_data_expire:
default: 7d
description: "<p>\n\nThis option sets a \xE2\x80\x9Cuse before\xE2\x80\x9D time on retry information in Exim\xE2\x80\x99s hints\ndatabase. Any older retry data is ignored. This means that, for example, once a\nhost has not been tried for 7 days, Exim behaves as if it has no knowledge of\npast failures.\n</p>"
name: retry_data_expire
type: time
retry_interval_max:
default: 24h
description: "<p>\n\n\nChapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch32.html\" target=\"_blank\" title=\"32. Retry configuration\">32</a> describes Exim\xE2\x80\x99s mechanisms for controlling the\nintervals between delivery attempts for messages that cannot be delivered\nstraight away. This option sets an overall limit to the length of time between\nretries. It cannot be set greater than 24 hours; any attempt to do so forces\nthe default value.\n</p>"
name: retry_interval_max
type: time
return_path_remove:
default: 'true'
description: "<p>\n\nRFC 2821, section 4.4, states that an SMTP server must insert a\n<span class=\"docbook_emphasis\">Return-path:</span> header line into a message when it makes a \xE2\x80\x9Cfinal delivery\xE2\x80\x9D.\nThe <span class=\"docbook_emphasis\">Return-path:</span> header preserves the sender address as received in the\nMAIL command. This description implies that this header should not be present\nin an incoming message. If <span class=\"docbook_option\">return_path_remove</span> is true, any existing\n<span class=\"docbook_emphasis\">Return-path:</span> headers are removed from messages at the time they are\nreceived. Exim\xE2\x80\x99s transports have options for adding <span class=\"docbook_emphasis\">Return-path:</span> headers at\nthe time of delivery. They are normally used only for final local deliveries.\n</p>"
name: return_path_remove
type: boolean
return_size_limit:
default: 100K
description: "<p>\nThis option is an obsolete synonym for <span class=\"docbook_option\">bounce_return_size_limit</span>.\n</p>"
name: return_size_limit
type: integer
rfc1413_hosts:
default: "*"
description: "<p>\n\n\nRFC 1413 identification calls are made to any client host which matches an item\nin the list.\n</p>"
name: rfc1413_hosts
type: hostlist
rfc1413_query_timeout:
cpanel_default: 0s
default: 5s
description: "<p>\n\n\nThis sets the timeout on RFC 1413 identification calls. If it is set to zero,\nno RFC 1413 calls are ever made.\n</p>"
name: rfc1413_query_timeout
type: time
sender_unqualified_hosts:
default: unset
description: "<p>\n\n\nThis option lists those hosts from which Exim is prepared to accept unqualified\nsender addresses. The addresses are made fully qualified by the addition of\n<span class=\"docbook_option\">qualify_domain</span>. This option also affects message header lines. Exim does\nnot reject unqualified addresses in headers that contain sender addresses, but\nit qualifies them only if the message came from a host that matches\n<span class=\"docbook_option\">sender_unqualified_hosts</span>, or if the message was submitted locally (not\nusing TCP/IP), and the <span class=\"docbook_option\">-bnq</span> option was not set.\n</p>"
name: sender_unqualified_hosts
type: hostlist
smtp_accept_keepalive:
default: 'true'
description: "<p>\n\nThis option controls the setting of the SO_KEEPALIVE option on incoming\nTCP/IP socket connections. When set, it causes the kernel to probe idle\nconnections periodically, by sending packets with \xE2\x80\x9Cold\xE2\x80\x9D sequence numbers. The\nother end of the connection should send an acknowledgment if the connection is\nstill okay or a reset if the connection has been aborted. The reason for doing\nthis is that it has the beneficial effect of freeing up certain types of\nconnection that can get stuck when the remote host is disconnected without\ntidying up the TCP/IP call properly. The keepalive mechanism takes several\nhours to detect unreachable hosts.\n</p>"
name: smtp_accept_keepalive
type: boolean
smtp_accept_max:
cpanel_default: 100
default: 20
description: "<p>\n\n\n\nThis option specifies the maximum number of simultaneous incoming SMTP calls\nthat Exim will accept. It applies only to the listening daemon; there is no\ncontrol (in Exim) when incoming SMTP is being handled by <span class=\"docbook_emphasis\">inetd</span>. If the\nvalue is set to zero, no limit is applied. However, it is required to be\nnon-zero if either <span class=\"docbook_option\">smtp_accept_max_per_host</span> or <span class=\"docbook_option\">smtp_accept_queue</span> is\nset. See also <span class=\"docbook_option\">smtp_accept_reserve</span> and <span class=\"docbook_option\">smtp_load_reserve</span>.\n</p>\n<p>\nA new SMTP connection is immediately rejected if the <span class=\"docbook_option\">smtp_accept_max</span> limit\nhas been reached. If not, Exim first checks <span class=\"docbook_option\">smtp_accept_max_per_host</span>. If\nthat limit has not been reached for the client host, <span class=\"docbook_option\">smtp_accept_reserve</span>\nand <span class=\"docbook_option\">smtp_load_reserve</span> are then checked before accepting the connection.\n</p>"
name: smtp_accept_max
type: integer
smtp_accept_max_nonmail:
default: 10
description: "<p>\n\n\nExim counts the number of \xE2\x80\x9Cnon-mail\xE2\x80\x9D commands in an SMTP session, and drops\nthe connection if there are too many. This option defines \xE2\x80\x9Ctoo many\xE2\x80\x9D. The\ncheck catches some denial-of-service attacks, repeated failing AUTHs, or a mad\nclient looping sending EHLO, for example. The check is applied only if the\nclient host matches <span class=\"docbook_option\">smtp_accept_max_nonmail_hosts</span>.\n</p>\n<p>\nWhen a new message is expected, one occurrence of RSET is not counted. This\nallows a client to send one RSET between messages (this is not necessary,\nbut some clients do it). Exim also allows one uncounted occurrence of HELO\nor EHLO, and one occurrence of STARTTLS between messages. After\nstarting up a TLS session, another EHLO is expected, and so it too is not\ncounted. The first occurrence of AUTH in a connection, or immediately\nfollowing STARTTLS is not counted. Otherwise, all commands other than\nMAIL, RCPT, DATA, and QUIT are counted.\n</p>"
name: smtp_accept_max_nonmail
type: integer
smtp_accept_max_nonmail_hosts:
default: "*"
description: "<p>\nYou can control which hosts are subject to the <span class=\"docbook_option\">smtp_accept_max_nonmail</span>\ncheck by setting this option. The default value makes it apply to all hosts. By\nchanging the value, you can exclude any badly-behaved hosts that you have to\nlive with.\n</p>"
name: smtp_accept_max_nonmail_hosts
type: hostlist
smtp_accept_max_per_connection:
default: 1000
description: "<p>\n\n\nThe value of this option limits the number of MAIL commands that Exim is\nprepared to accept over a single SMTP connection, whether or not each command\nresults in the transfer of a message. After the limit is reached, a 421\nresponse is given to subsequent MAIL commands. This limit is a safety\nprecaution against a client that goes mad (incidents of this type have been\nseen).\n</p>"
name: smtp_accept_max_per_connection
type: integer
smtp_accept_max_per_host:
default: unset
description: "<p>\n\n\nThis option restricts the number of simultaneous IP connections from a single\nhost (strictly, from a single IP address) to the Exim daemon. The option is\nexpanded, to enable different limits to be applied to different hosts by\nreference to $sender_host_address. Once the limit is reached, additional\nconnection attempts from the same host are rejected with error code 421. This\nis entirely independent of <span class=\"docbook_option\">smtp_accept_reserve</span>. The option\xE2\x80\x99s default value\nof zero imposes no limit. If this option is set greater than zero, it is\nrequired that <span class=\"docbook_option\">smtp_accept_max</span> be non-zero.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Warning</span>: When setting this option you should not use any expansion\nconstructions that take an appreciable amount of time. The expansion and test\nhappen in the main daemon loop, in order to reject additional connections\nwithout forking additional processes (otherwise a denial-of-service attack\ncould cause a vast number or processes to be created). While the daemon is\ndoing this processing, it cannot accept any other incoming connections.\n</p>"
name: smtp_accept_max_per_host
type: string
smtp_accept_queue:
default: 0
description: "<p>\n\n\n\nIf the number of simultaneous incoming SMTP connections being handled via the\nlistening daemon exceeds this value, messages received by SMTP are just placed\non the queue; no delivery processes are started automatically. The count is\nfixed at the start of an SMTP connection. It cannot be updated in the\nsubprocess that receives messages, and so the queueing or not queueing applies\nto all messages received in the same connection.\n</p>\n<p>\nA value of zero implies no limit, and clearly any non-zero value is useful only\nif it is less than the <span class=\"docbook_option\">smtp_accept_max</span> value (unless that is zero). See\nalso <span class=\"docbook_option\">queue_only</span>, <span class=\"docbook_option\">queue_only_load</span>, <span class=\"docbook_option\">queue_smtp_domains</span>, and the\nvarious <span class=\"docbook_option\">-od</span><span class=\"docbook_emphasis\">x</span> command line options.\n</p>"
name: smtp_accept_queue
type: integer
smtp_accept_queue_per_connection:
cpanel_default: 30
default: 10
description: "<p>\n\n\nThis option limits the number of delivery processes that Exim starts\nautomatically when receiving messages via SMTP, whether via the daemon or by\nthe use of <span class=\"docbook_option\">-bs</span> or <span class=\"docbook_option\">-bS</span>. If the value of the option is greater than zero,\nand the number of messages received in a single SMTP session exceeds this\nnumber, subsequent messages are placed on the queue, but no delivery processes\nare started. This helps to limit the number of Exim processes when a server\nrestarts after downtime and there is a lot of mail waiting for it on other\nsystems. On large systems, the default should probably be increased, and on\ndial-in client systems it should probably be set to zero (that is, disabled).\n</p>"
name: smtp_accept_queue_per_connection
type: integer
smtp_accept_reserve:
default: 0
description: "<p>\n\n\nWhen <span class=\"docbook_option\">smtp_accept_max</span> is set greater than zero, this option specifies a\nnumber of SMTP connections that are reserved for connections from the hosts\nthat are specified in <span class=\"docbook_option\">smtp_reserve_hosts</span>. The value set in\n<span class=\"docbook_option\">smtp_accept_max</span> includes this reserve pool. The specified hosts are not\nrestricted to this number of connections; the option specifies a minimum number\nof connection slots for them, not a maximum. It is a guarantee that this group\nof hosts can always get at least <span class=\"docbook_option\">smtp_accept_reserve</span> connections. However,\nthe limit specified by <span class=\"docbook_option\">smtp_accept_max_per_host</span> is still applied to each\nindividual host.\n</p>\n<p>\nFor example, if <span class=\"docbook_option\">smtp_accept_max</span> is set to 50 and <span class=\"docbook_option\">smtp_accept_reserve</span> is\nset to 5, once there are 45 active connections (from any hosts), new\nconnections are accepted only from hosts listed in <span class=\"docbook_option\">smtp_reserve_hosts</span>,\nprovided the other criteria for acceptance are met.\n</p>"
name: smtp_accept_reserve
type: integer
smtp_active_hostname:
default: unset
description: "<p>\n\n\n\nThis option is provided for multi-homed servers that want to masquerade as\nseveral different hosts. At the start of an incoming SMTP connection, its value\nis expanded and used instead of the value of $primary_hostname in SMTP\nresponses. For example, it is used as domain name in the response to an\nincoming HELO or EHLO command.\n</p>\n<p>\n\nThe active hostname is placed in the $smtp_active_hostname variable, which\nis saved with any messages that are received. It is therefore available for use\nin routers and transports when the message is later delivered.\n</p>\n<p>\nIf this option is unset, or if its expansion is forced to fail, or if the\nexpansion results in an empty string, the value of $primary_hostname is\nused. Other expansion failures cause a message to be written to the main and\npanic logs, and the SMTP command receives a temporary error. Typically, the\nvalue of <span class=\"docbook_option\">smtp_active_hostname</span> depends on the incoming interface address.\nFor example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nsmtp_active_hostname = ${if eq{$received_ip_address}{10.0.0.1}\\\n {cox.mydomain}{box.mydomain}}\n</pre></div>\n<p>\nAlthough $smtp_active_hostname is primarily concerned with incoming\nmessages, it is also used as the default for HELO commands in callout\nverification if there is no remote transport from which to obtain a\n<span class=\"docbook_option\">helo_data</span> value.\n</p>"
name: smtp_active_hostname
type: string
smtp_banner:
cpanel_default: "\"${primary_hostname} ESMTP Exim ${version_number} \\#${compile_number} ${tod_full} \\n We do not authorize the use of this system to transport unsolicited, \\n and/or bulk e-mail.\""
default: ~
description: "<p>\n\n\n\n\nThis string, which is expanded every time it is used, is output as the initial\npositive response to an SMTP connection. The default setting is:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nsmtp_banner = $smtp_active_hostname ESMTP Exim \\\n $version_number $tod_full\n</pre></div>\n<p>\nFailure to expand the string causes a panic error. If you want to create a\nmultiline response to the initial SMTP connection, use \xE2\x80\x9C\\n\xE2\x80\x9D in the string at\nappropriate points, but not at the end. Note that the 220 code is not included\nin this string. Exim adds it automatically (several times in the case of a\nmultiline response).\n</p>"
name: smtp_banner
type: string
smtp_check_spool_space:
default: 'true'
description: "<p>\n\n\n\nWhen this option is set, if an incoming SMTP session encounters the SIZE\noption on a MAIL command, it checks that there is enough space in the\nspool directory\xE2\x80\x99s partition to accept a message of that size, while still\nleaving free the amount specified by <span class=\"docbook_option\">check_spool_space</span> (even if that value\nis zero). If there isn\xE2\x80\x99t enough space, a temporary error code is returned.\n</p>"
name: smtp_check_spool_space
type: boolean
smtp_connect_backlog:
cpanel_default: 50
default: 20
description: "<p>\n\n\n\nThis option specifies a maximum number of waiting SMTP connections. Exim passes\nthis value to the TCP/IP system when it sets up its listener. Once this number\nof connections are waiting for the daemon\xE2\x80\x99s attention, subsequent connection\nattempts are refused at the TCP/IP level. At least, that is what the manuals\nsay; in some circumstances such connection attempts have been observed to time\nout instead. For large systems it is probably a good idea to increase the\nvalue (to 50, say). It also gives some protection against denial-of-service\nattacks by SYN flooding.\n</p>"
name: smtp_connect_backlog
type: integer
smtp_enforce_sync:
cpanel_default: 'false'
default: 'true'
description: "<p>\n\n\nThe SMTP protocol specification requires the client to wait for a response from\nthe server at certain points in the dialogue. Without PIPELINING these\nsynchronization points are after every command; with PIPELINING they are\nfewer, but they still exist.\n</p>\n<p>\nSome spamming sites send out a complete set of SMTP commands without waiting\nfor any response. Exim protects against this by rejecting a message if the\nclient has sent further input when it should not have. The error response \xE2\x80\x9C554\nSMTP synchronization error\xE2\x80\x9D is sent, and the connection is dropped. Testing\nfor this error cannot be perfect because of transmission delays (unexpected\ninput may be on its way but not yet received when Exim checks). However, it\ndoes detect many instances.\n</p>\n<p>\nThe check can be globally disabled by setting <span class=\"docbook_option\">smtp_enforce_sync</span> false.\nIf you want to disable the check selectively (for example, only for certain\nhosts), you can do so by an appropriate use of a <span class=\"docbook_option\">control</span> modifier in an ACL\n(see section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTcontrols\" target=\"_blank\" title=\"42. Access control lists\">42.21</a>). See also <span class=\"docbook_option\">pipelining_advertise_hosts</span>.\n</p>"
name: smtp_enforce_sync
type: boolean
smtp_etrn_command:
default: unset
description: "<p>\n\n\nIf this option is set, the given command is run whenever an SMTP ETRN\ncommand is received from a host that is permitted to issue such commands (see\nchapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html\" target=\"_blank\" title=\"42. Access control lists\">42</a>). The string is split up into separate arguments which\nare independently expanded. The expansion variable $domain is set to the\nargument of the ETRN command, and no syntax checking is done on it. For\nexample:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nsmtp_etrn_command = /etc/etrn_command $domain \\\n $sender_host_address\n</pre></div>\n<p>\nA new process is created to run the command, but Exim does not wait for it to\ncomplete. Consequently, its status cannot be checked. If the command cannot be\nrun, a line is written to the panic log, but the ETRN caller still receives\na 250 success response. Exim is normally running under its own uid when\nreceiving SMTP, so it is not possible for it to change the uid before running\nthe command.\n</p>"
name: smtp_etrn_command
type: string
smtp_etrn_serialize:
default: 'true'
description: "<p>\n\nWhen this option is set, it prevents the simultaneous execution of more than\none identical command as a result of ETRN in an SMTP connection. See\nsection <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch47.html#SECTETRN\" target=\"_blank\" title=\"47. SMTP processing\">47.8</a> for details.\n</p>"
name: smtp_etrn_serialize
type: boolean
smtp_load_reserve:
default: unset
description: "<p>\n\nIf the system load average ever gets higher than this, incoming SMTP calls are\naccepted only from those hosts that match an entry in <span class=\"docbook_option\">smtp_reserve_hosts</span>.\nIf <span class=\"docbook_option\">smtp_reserve_hosts</span> is not set, no incoming SMTP calls are accepted when\nthe load is over the limit. The option has no effect on ancient operating\nsystems on which Exim cannot determine the load average. See also\n<span class=\"docbook_option\">deliver_queue_load_max</span> and <span class=\"docbook_option\">queue_only_load</span>.\n</p>"
name: smtp_load_reserve
type: fixedpoint
smtp_max_synprot_errors:
default: 3
description: "<p>\n\n\nExim rejects SMTP commands that contain syntax or protocol errors. In\nparticular, a syntactically invalid email address, as in this command:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nRCPT TO:<abc xyz@a.b.c>\n</pre></div>\n<p>\ncauses immediate rejection of the command, before any other tests are done.\n(The ACL cannot be run if there is no valid address to set up for it.) An\nexample of a protocol error is receiving RCPT before MAIL. If there are\ntoo many syntax or protocol errors in one SMTP session, the connection is\ndropped. The limit is set by this option.\n</p>\n<p>\n\nWhen the PIPELINING extension to SMTP is in use, some protocol errors are\n\xE2\x80\x9Cexpected\xE2\x80\x9D, for instance, a RCPT command after a rejected MAIL command.\nExim assumes that PIPELINING will be used if it advertises it (see\n<span class=\"docbook_option\">pipelining_advertise_hosts</span>), and in this situation, \xE2\x80\x9Cexpected\xE2\x80\x9D errors do\nnot count towards the limit.\n</p>"
name: smtp_max_synprot_errors
type: integer
smtp_max_unknown_commands:
default: 3
description: "<p>\n\n\nIf there are too many unrecognized commands in an incoming SMTP session, an\nExim server drops the connection. This is a defence against some kinds of abuse\nthat subvert web\nclients\ninto making connections to SMTP ports; in these circumstances, a number of\nnon-SMTP command lines are sent first.\n</p>"
name: smtp_max_unknown_commands
type: integer
smtp_ratelimit_hosts:
default: unset
description: "<p>\n\n\n\nSome sites find it helpful to be able to limit the rate at which certain hosts\ncan send them messages, and the rate at which an individual message can specify\nrecipients.\n</p>\n<p>\nExim has two rate-limiting facilities. This section describes the older\nfacility, which can limit rates within a single connection. The newer\n<span class=\"docbook_option\">ratelimit</span> ACL condition can limit rates across all connections. See section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTratelimiting\" target=\"_blank\" title=\"42. Access control lists\">42.36</a> for details of the newer facility.\n</p>\n<p>\nWhen a host matches <span class=\"docbook_option\">smtp_ratelimit_hosts</span>, the values of\n<span class=\"docbook_option\">smtp_ratelimit_mail</span> and <span class=\"docbook_option\">smtp_ratelimit_rcpt</span> are used to control the\nrate of acceptance of MAIL and RCPT commands in a single SMTP session,\nrespectively. Each option, if set, must contain a set of four comma-separated\nvalues:\n</p>\n<ul>\n<li>\n<p>\nA threshold, before which there is no rate limiting.\n</p>\n</li>\n<li>\n<p>\nAn initial time delay. Unlike other times in Exim, numbers with decimal\nfractional parts are allowed here.\n</p>\n</li>\n<li>\n<p>\nA factor by which to increase the delay each time.\n</p>\n</li>\n<li>\n<p>\nA maximum value for the delay. This should normally be less than 5 minutes,\nbecause after that time, the client is liable to timeout the SMTP command.\n</p>\n</li>\n</ul>\n<p>\nFor example, these settings have been used successfully at the site which\nfirst suggested this feature, for controlling mail from their customers:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nsmtp_ratelimit_mail = 2,0.5s,1.05,4m\nsmtp_ratelimit_rcpt = 4,0.25s,1.015,4m\n</pre></div>\n<p>\nThe first setting specifies delays that are applied to MAIL commands after\ntwo have been received over a single connection. The initial delay is 0.5\nseconds, increasing by a factor of 1.05 each time. The second setting applies\ndelays to RCPT commands when more than four occur in a single message.\n</p>"
name: smtp_ratelimit_hosts
type: hostlist
smtp_ratelimit_mail:
default: unset
description: "<p>\n<p>\n\n\n\nSome sites find it helpful to be able to limit the rate at which certain hosts\ncan send them messages, and the rate at which an individual message can specify\nrecipients.\n</p>\n<p>\nExim has two rate-limiting facilities. This section describes the older\nfacility, which can limit rates within a single connection. The newer\n<span class=\"docbook_option\">ratelimit</span> ACL condition can limit rates across all connections. See section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTratelimiting\" target=\"_blank\" title=\"42. Access control lists\">42.36</a> for details of the newer facility.\n</p>\n<p>\nWhen a host matches <span class=\"docbook_option\">smtp_ratelimit_hosts</span>, the values of\n<span class=\"docbook_option\">smtp_ratelimit_mail</span> and <span class=\"docbook_option\">smtp_ratelimit_rcpt</span> are used to control the\nrate of acceptance of MAIL and RCPT commands in a single SMTP session,\nrespectively. Each option, if set, must contain a set of four comma-separated\nvalues:\n</p>\n<ul>\n<li>\n<p>\nA threshold, before which there is no rate limiting.\n</p>\n</li>\n<li>\n<p>\nAn initial time delay. Unlike other times in Exim, numbers with decimal\nfractional parts are allowed here.\n</p>\n</li>\n<li>\n<p>\nA factor by which to increase the delay each time.\n</p>\n</li>\n<li>\n<p>\nA maximum value for the delay. This should normally be less than 5 minutes,\nbecause after that time, the client is liable to timeout the SMTP command.\n</p>\n</li>\n</ul>\n<p>\nFor example, these settings have been used successfully at the site which\nfirst suggested this feature, for controlling mail from their customers:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nsmtp_ratelimit_mail = 2,0.5s,1.05,4m\nsmtp_ratelimit_rcpt = 4,0.25s,1.015,4m\n</pre></div>\n<p>\nThe first setting specifies delays that are applied to MAIL commands after\ntwo have been received over a single connection. The initial delay is 0.5\nseconds, increasing by a factor of 1.05 each time. The second setting applies\ndelays to RCPT commands when more than four occur in a single message.\n</p>above.\n</p>"
name: smtp_ratelimit_mail
type: string
smtp_ratelimit_rcpt:
default: unset
description: "<p>\n<p>\n\n\n\nSome sites find it helpful to be able to limit the rate at which certain hosts\ncan send them messages, and the rate at which an individual message can specify\nrecipients.\n</p>\n<p>\nExim has two rate-limiting facilities. This section describes the older\nfacility, which can limit rates within a single connection. The newer\n<span class=\"docbook_option\">ratelimit</span> ACL condition can limit rates across all connections. See section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTratelimiting\" target=\"_blank\" title=\"42. Access control lists\">42.36</a> for details of the newer facility.\n</p>\n<p>\nWhen a host matches <span class=\"docbook_option\">smtp_ratelimit_hosts</span>, the values of\n<span class=\"docbook_option\">smtp_ratelimit_mail</span> and <span class=\"docbook_option\">smtp_ratelimit_rcpt</span> are used to control the\nrate of acceptance of MAIL and RCPT commands in a single SMTP session,\nrespectively. Each option, if set, must contain a set of four comma-separated\nvalues:\n</p>\n<ul>\n<li>\n<p>\nA threshold, before which there is no rate limiting.\n</p>\n</li>\n<li>\n<p>\nAn initial time delay. Unlike other times in Exim, numbers with decimal\nfractional parts are allowed here.\n</p>\n</li>\n<li>\n<p>\nA factor by which to increase the delay each time.\n</p>\n</li>\n<li>\n<p>\nA maximum value for the delay. This should normally be less than 5 minutes,\nbecause after that time, the client is liable to timeout the SMTP command.\n</p>\n</li>\n</ul>\n<p>\nFor example, these settings have been used successfully at the site which\nfirst suggested this feature, for controlling mail from their customers:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nsmtp_ratelimit_mail = 2,0.5s,1.05,4m\nsmtp_ratelimit_rcpt = 4,0.25s,1.015,4m\n</pre></div>\n<p>\nThe first setting specifies delays that are applied to MAIL commands after\ntwo have been received over a single connection. The initial delay is 0.5\nseconds, increasing by a factor of 1.05 each time. The second setting applies\ndelays to RCPT commands when more than four occur in a single message.\n</p>above.\n</p>"
name: smtp_ratelimit_rcpt
type: string
smtp_receive_timeout:
cpanel_default: 165s
default: 5m
description: "<p>\n\n\nThis sets a timeout value for SMTP reception. It applies to all forms of SMTP\ninput, including batch SMTP. If a line of input (either an SMTP command or a\ndata line) is not received within this time, the SMTP connection is dropped and\nthe message is abandoned.\nA line is written to the log containing one of the following messages:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nSMTP command timeout on connection from...\nSMTP data timeout on connection from...\n</pre></div>\n<p>\nThe former means that Exim was expecting to read an SMTP command; the latter\nmeans that it was in the DATA phase, reading the contents of a message.\n</p>\n<p>\n\nThe value set by this option can be overridden by the\n<span class=\"docbook_option\">-os</span> command-line option. A setting of zero time disables the timeout, but\nthis should never be used for SMTP over TCP/IP. (It can be useful in some cases\nof local input using <span class=\"docbook_option\">-bs</span> or <span class=\"docbook_option\">-bS</span>.) For non-SMTP input, the reception\ntimeout is controlled by <span class=\"docbook_option\">receive_timeout</span> and <span class=\"docbook_option\">-or</span>.\n</p>"
name: smtp_receive_timeout
type: time
smtp_reserve_hosts:
default: unset
description: "<p>\nThis option defines hosts for which SMTP connections are reserved; see\n<span class=\"docbook_option\">smtp_accept_reserve</span> and <span class=\"docbook_option\">smtp_load_reserve</span> above.\n</p>"
name: smtp_reserve_hosts
type: hostlist
smtp_return_error_details:
default: 'false'
description: "<p>\n\n\nIn the default state, Exim uses bland messages such as\n\xE2\x80\x9CAdministrative prohibition\xE2\x80\x9D when it rejects SMTP commands for policy\nreasons. Many sysadmins like this because it gives away little information\nto spammers. However, some other sysadmins who are applying strict checking\npolicies want to give out much fuller information about failures. Setting\n<span class=\"docbook_option\">smtp_return_error_details</span> true causes Exim to be more forthcoming. For\nexample, instead of \xE2\x80\x9CAdministrative prohibition\xE2\x80\x9D, it might give:\n</p>\n<div class=\"docbook_literallayout\"><pre>\n550-Rejected after DATA: '>' missing at end of address:\n550 failing address in \"From\" header is: <user@dom.ain\n</pre></div>"
name: smtp_return_error_details
type: boolean
smtputf8_advertise_hosts:
cpanel_default: ":"
spamd_address:
cpanel_default: 127.0.0.1 783 retry=30s tmo=3m
default: ~
description: "<p>\nThis option is available when Exim is compiled with the content-scanning\nextension. It specifies how Exim connects to SpamAssassin\xE2\x80\x99s <span class=\"docbook_option\">spamd</span> daemon.\nThe default value is\n</p>\n<div class=\"docbook_literallayout\"><pre>\n127.0.0.1 783\n</pre></div>\n<p>\nSee section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch43.html#SECTscanspamass\" target=\"_blank\" title=\"43. Content scanning at ACL time\">43.2</a> for more details.\n</p>"
name: spamd_address
type: string
split_spool_directory:
cpanel_default: 'yes'
default: 'false'
description: "<p>\n\n\n\nIf this option is set, it causes Exim to split its input directory into 62\nsubdirectories, each with a single alphanumeric character as its name. The\nsixth character of the message id is used to allocate messages to\nsubdirectories; this is the least significant base-62 digit of the time of\narrival of the message.\n</p>\n<p>\nSplitting up the spool in this way may provide better performance on systems\nwhere there are long mail queues, by reducing the number of files in any one\ndirectory. The msglog directory is also split up in a similar way to the input\ndirectory; however, if <span class=\"docbook_option\">preserve_message_logs</span> is set, all old msglog files\nare still placed in the single directory <span class=\"docbook_filename\">msglog.OLD</span>.\n</p>\n<p>\nIt is not necessary to take any special action for existing messages when\nchanging <span class=\"docbook_option\">split_spool_directory</span>. Exim notices messages that are in the\n\xE2\x80\x9Cwrong\xE2\x80\x9D place, and continues to process them. If the option is turned off\nafter a period of being on, the subdirectories will eventually empty and be\nautomatically deleted.\n</p>\n<p>\nWhen <span class=\"docbook_option\">split_spool_directory</span> is set, the behaviour of queue runner processes\nchanges. Instead of creating a list of all messages in the queue, and then\ntrying to deliver each one in turn, it constructs a list of those in one\nsub-directory and tries to deliver them, before moving on to the next\nsub-directory. The sub-directories are processed in a random order. This\nspreads out the scanning of the input directories, and uses less memory. It is\nparticularly beneficial when there are lots of messages on the queue. However,\nif <span class=\"docbook_option\">queue_run_in_order</span> is set, none of this new processing happens. The\nentire queue has to be scanned and sorted before any deliveries can start.\n</p>"
name: split_spool_directory
type: boolean
spool_directory:
default: ~
description: "<p>\n\nThis defines the directory in which Exim keeps its spool, that is, the messages\nit is waiting to deliver. The default value is taken from the compile-time\nconfiguration setting, if there is one. If not, this option must be set. The\nstring is expanded, so it can contain, for example, a reference to\n$primary_hostname.\n</p>\n<p>\nIf the spool directory name is fixed on your installation, it is recommended\nthat you set it at build time rather than from this option, particularly if the\nlog files are being written to the spool directory (see <span class=\"docbook_option\">log_file_path</span>).\nOtherwise log files cannot be used for errors that are detected early on, such\nas failures in the configuration file.\n</p>\n<p>\nBy using this option to override the compiled-in path, it is possible to run\ntests of Exim without using the standard spool.\n</p>"
name: spool_directory
type: string
sqlite_lock_timeout:
default: 5s
description: "<p>\n\nThis option controls the timeout that the <span class=\"docbook_command\">sqlite</span> lookup uses when trying to\naccess an SQLite database. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch09.html#SECTsqlite\" target=\"_blank\" title=\"9. File and database lookups\">9.25</a> for more details.\n</p>"
name: sqlite_lock_timeout
type: time
strict_acl_vars:
default: 'false'
description: "<p>\n\nThis option controls what happens if a syntactically valid but undefined ACL\nvariable is referenced. If it is false (the default), an empty string\nis substituted; if it is true, an error is generated. See section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch42.html#SECTaclvariables\" target=\"_blank\" title=\"42. Access control lists\">42.18</a> for details of ACL variables.\n</p>"
name: strict_acl_vars
type: boolean
strip_excess_angle_brackets:
default: 'false'
description: "<p>\n\nIf this option is set, redundant pairs of angle brackets round \xE2\x80\x9Croute-addr\xE2\x80\x9D\nitems in addresses are stripped. For example, <span class=\"docbook_emphasis\"><<xxx@a.b.c.d>></span> is\ntreated as <span class=\"docbook_emphasis\"><xxx@a.b.c.d></span>. If this is in the envelope and the message is\npassed on to another MTA, the excess angle brackets are not passed on. If this\noption is not set, multiple pairs of angle brackets cause a syntax error.\n</p>"
name: strip_excess_angle_brackets
type: boolean
strip_trailing_dot:
default: 'false'
description: "<p>\n\n\nIf this option is set, a trailing dot at the end of a domain in an address is\nignored. If this is in the envelope and the message is passed on to another\nMTA, the dot is not passed on. If this option is not set, a dot at the end of a\ndomain causes a syntax error.\nHowever, addresses in header lines are checked only when an ACL requests header\nsyntax checking.\n</p>"
name: strip_trailing_dot
type: boolean
syslog_duplication:
default: 'true'
description: "<p>\n\nWhen Exim is logging to syslog, it writes the log lines for its three\nseparate logs at different syslog priorities so that they can in principle\nbe separated on the logging hosts. Some installations do not require this\nseparation, and in those cases, the duplication of certain log lines is a\nnuisance. If <span class=\"docbook_option\">syslog_duplication</span> is set false, only one copy of any\nparticular log line is written to syslog. For lines that normally go to\nboth the main log and the reject log, the reject log version (possibly\ncontaining message header lines) is written, at LOG_NOTICE priority.\nLines that normally go to both the main and the panic log are written at\nthe LOG_ALERT priority.\n</p>"
name: syslog_duplication
type: boolean
syslog_facility:
default: unset
description: "<p>\n\nThis option sets the syslog \xE2\x80\x9Cfacility\xE2\x80\x9D name, used when Exim is logging to\nsyslog. The value must be one of the strings \xE2\x80\x9Cmail\xE2\x80\x9D, \xE2\x80\x9Cuser\xE2\x80\x9D, \xE2\x80\x9Cnews\xE2\x80\x9D,\n\xE2\x80\x9Cuucp\xE2\x80\x9D, \xE2\x80\x9Cdaemon\xE2\x80\x9D, or \xE2\x80\x9Clocal<span class=\"docbook_emphasis\">x</span>\xE2\x80\x9D where <span class=\"docbook_emphasis\">x</span> is a digit between 0 and 7.\nIf this option is unset, \xE2\x80\x9Cmail\xE2\x80\x9D is used. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html\" target=\"_blank\" title=\"51. Log files\">51</a> for\ndetails of Exim\xE2\x80\x99s logging.\n</p>"
name: syslog_facility
type: string
syslog_processname:
default: exim
description: "<p>\n\nThis option sets the syslog \xE2\x80\x9Cident\xE2\x80\x9D name, used when Exim is logging to\nsyslog. The value must be no longer than 32 characters. See chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html\" target=\"_blank\" title=\"51. Log files\">51</a> for details of Exim\xE2\x80\x99s logging.\n</p>"
name: syslog_processname
type: string
syslog_timestamp:
default: 'true'
description: "<p>\n\nIf <span class=\"docbook_option\">syslog_timestamp</span> is set false, the timestamps on Exim\xE2\x80\x99s log lines are\nomitted when these lines are sent to syslog. See chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html\" target=\"_blank\" title=\"51. Log files\">51</a> for\ndetails of Exim\xE2\x80\x99s logging.\n</p>"
name: syslog_timestamp
type: boolean
system_filter:
cpanel_default: /etc/cpanel_exim_system_filter
default: unset
description: "<p>\n\n\n\nThis option specifies an Exim filter file that is applied to all messages at\nthe start of each delivery attempt, before any routing is done. System filters\nmust be Exim filters; they cannot be Sieve filters. If the system filter\ngenerates any deliveries to files or pipes, or any new mail messages, the\nappropriate <span class=\"docbook_option\">system_filter_..._transport</span> option(s) must be set, to define\nwhich transports are to be used. Details of this facility are given in chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch45.html\" target=\"_blank\" title=\"45. System-wide message filtering\">45</a>.\n</p>"
name: system_filter
type: string
system_filter_directory_transport:
default: unset
description: "<p>\n\nThis sets the name of the transport driver that is to be used when the\n<span class=\"docbook_option\">save</span> command in a system message filter specifies a path ending in \xE2\x80\x9C/\xE2\x80\x9D,\nimplying delivery of each message into a separate file in some directory.\nDuring the delivery, the variable $address_file contains the path name.\n</p>"
name: system_filter_directory_transport
type: string
system_filter_file_transport:
default: unset
description: "<p>\n\nThis sets the name of the transport driver that is to be used when the <span class=\"docbook_option\">save</span>\ncommand in a system message filter specifies a path not ending in \xE2\x80\x9C/\xE2\x80\x9D. During\nthe delivery, the variable $address_file contains the path name.\n</p>"
name: system_filter_file_transport
type: string
system_filter_group:
cpanel_default: cpaneleximfilter
default: unset
description: "<p>\n\nThis option is used only when <span class=\"docbook_option\">system_filter_user</span> is also set. It sets the\ngid under which the system filter is run, overriding any gid that is associated\nwith the user. The value may be numerical or symbolic.\n</p>"
name: system_filter_group
type: string
system_filter_pipe_transport:
default: unset
description: "<p>\n\n\nThis specifies the transport driver that is to be used when a <span class=\"docbook_option\">pipe</span> command\nis used in a system filter. During the delivery, the variable $address_pipe\ncontains the pipe command.\n</p>"
name: system_filter_pipe_transport
type: string
system_filter_reply_transport:
default: unset
description: "<p>\n\nThis specifies the transport driver that is to be used when a <span class=\"docbook_option\">mail</span> command\nis used in a system filter.\n</p>"
name: system_filter_reply_transport
type: string
system_filter_user:
cpanel_default: cpaneleximfilter
default: unset
description: "<p>\n\nIf this option is set to root, the system filter is run in the main Exim\ndelivery process, as root. Otherwise, the system filter runs in a separate\nprocess, as the given user, defaulting to the Exim run-time user.\nUnless the string consists entirely of digits, it\nis looked up in the password data. Failure to find the named user causes a\nconfiguration error. The gid is either taken from the password data, or\nspecified by <span class=\"docbook_option\">system_filter_group</span>. When the uid is specified numerically,\n<span class=\"docbook_option\">system_filter_group</span> is required to be set.\n</p>\n<p>\nIf the system filter generates any pipe, file, or reply deliveries, the uid\nunder which the filter is run is used when transporting them, unless a\ntransport option overrides.\n</p>"
name: system_filter_user
type: string
tcp_nodelay:
default: 'true'
description: "<p>\n\n\n\nIf this option is set false, it stops the Exim daemon setting the\nTCP_NODELAY option on its listening sockets. Setting TCP_NODELAY\nturns off the \xE2\x80\x9CNagle algorithm\xE2\x80\x9D, which is a way of improving network\nperformance in interactive (character-by-character) situations. Turning it off\nshould improve Exim\xE2\x80\x99s performance a bit, so that is what happens by default.\nHowever, it appears that some broken clients cannot cope, and time out. Hence\nthis option. It affects only those sockets that are set up for listening by the\ndaemon. Sockets created by the smtp transport for delivering mail always set\nTCP_NODELAY.\n</p>"
name: tcp_nodelay
type: boolean
timeout_frozen_after:
cpanel_default: 5d
default: 0s
description: "<p>\n\n\nIf <span class=\"docbook_option\">timeout_frozen_after</span> is set to a time greater than zero, a frozen\nmessage of any kind that has been on the queue for longer than the given time\nis automatically cancelled at the next queue run. If the frozen message is a\nbounce message, it is just discarded; otherwise, a bounce is sent to the\nsender, in a similar manner to cancellation by the <span class=\"docbook_option\">-Mg</span> command line option.\nIf you want to timeout frozen bounce messages earlier than other kinds of\nfrozen message, see <span class=\"docbook_option\">ignore_bounce_errors_after</span>.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Note:</span> the default value of zero means no timeouts; with this setting,\nfrozen messages remain on the queue forever (except for any frozen bounce\nmessages that are released by <span class=\"docbook_option\">ignore_bounce_errors_after</span>).\n</p>"
name: timeout_frozen_after
type: time
timezone:
cpanel_default: America/Chicago
default: unset
description: "<p>\n\nThe value of <span class=\"docbook_option\">timezone</span> is used to set the environment variable TZ while\nrunning Exim (if it is different on entry). This ensures that all timestamps\ncreated by Exim are in the required timezone. If you want all your timestamps\nto be in UTC (aka GMT) you should set\n</p>\n<div class=\"docbook_literallayout\"><pre>\ntimezone = UTC\n</pre></div>\n<p>\nThe default value is taken from TIMEZONE_DEFAULT in <span class=\"docbook_filename\">Local/Makefile</span>,\nor, if that is not set, from the value of the TZ environment variable when Exim\nis built. If <span class=\"docbook_option\">timezone</span> is set to the empty string, either at build or run\ntime, any existing TZ variable is removed from the environment when Exim\nruns. This is appropriate behaviour for obtaining wall-clock time on some, but\nunfortunately not all, operating systems.\n</p>"
name: timezone
type: string
tls_advertise_hosts:
cpanel_default: "*"
default: unset
description: "<p>\n\n\n\nWhen Exim is built with support for TLS encrypted connections, the availability\nof the STARTTLS command to set up an encrypted session is advertised in\nresponse to EHLO only to those client hosts that match this option. See\nchapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41</a> for details of Exim\xE2\x80\x99s support for TLS.\n</p>"
name: tls_advertise_hosts
type: hostlist
tls_certificate:
cpanel_default: ${if and { {gt{$tls_in_sni}{}} {!match{$tls_in_sni}{/}} } {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} {/etc/exim.crt} }} }} {/etc/exim.crt} }
default: unset
description: "<p>\n\n\nThe value of this option is expanded, and must then be the absolute path to a\nfile which contains the server\xE2\x80\x99s certificates. The server\xE2\x80\x99s private key is also\nassumed to be in this file if <span class=\"docbook_option\">tls_privatekey</span> is unset. See chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41</a> for further details.\n</p>\n<p>\n<span class=\"docbook_emphasis\">Note</span>: The certificates defined by this option are used only when Exim is\nreceiving incoming messages as a server. If you want to supply certificates for\nuse when sending messages as a client, you must set the <span class=\"docbook_option\">tls_certificate</span>\noption in the relevant <span class=\"docbook_command\">smtp</span> transport.\n</p>\n<p class=\"changed\">\nIf the option contains $tls_sni and Exim is built against OpenSSL, then\nif the OpenSSL build supports TLS extensions and the TLS client sends the\nServer Name Indication extension, then this option and others documented in\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTtlssni\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.10</a> will be re-expanded.\n</p>"
name: tls_certificate
type: string
tls_crl:
default: unset
description: "<p>\n\n\nThis option specifies a certificate revocation list. The expanded value must\nbe the name of a file that contains a CRL in PEM format.\n</p>\n<p class=\"changed\">\nSee <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTtlssni\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.10</a> for discussion of when this option might be re-expanded.\n</p>\n<p class=\"changed\">\n\n</p>"
name: tls_crl
type: string
tls_dh_max_bits:
default: 2236
description: "<p class=\"changed\">\n\nThe number of bits used for Diffie-Hellman key-exchange may be suggested by\nthe chosen TLS library. That value might prove to be too high for\ninteroperability. This option provides a maximum clamp on the value\nsuggested, trading off security for interoperability.\n</p>\n<p class=\"changed\">\nThe value must be at least 1024.\n</p>\n<p class=\"changed\">\nThe value 2236 was chosen because, at time of adding the option, it was the\nhard-coded maximum value supported by the NSS cryptographic library, as used\nby Thunderbird, while GnuTLS was suggesting 2432 bits as normal.\n</p>\n<p class=\"changed\">\nIf you prefer more security and are willing to break some clients, raise this\nnumber.\n</p>\n<p class=\"changed\">\nNote that the value passed to GnuTLS for *generating* a new prime may be a\nlittle less than this figure, because GnuTLS is inexact and may produce a\nlarger prime than requested.\n</p>"
name: tls_dh_max_bits
type: integer
tls_dhparam:
default: unset
description: "<p>\n\n</p>\n<p class=\"changed\">\nThe value of this option is expanded and indicates the source of DH parameters\nto be used by Exim.\n</p>\n<p class=\"changed\">\nIf it is a filename starting with a <code class=\"docbook_literal\">/</code>, then it names a file from which DH\nparameters should be loaded. If the file exists, it should hold a PEM-encoded\nPKCS#3 representation of the DH prime. If the file does not exist, for\nOpenSSL it is an error. For GnuTLS, Exim will attempt to create the file and\nfill it with a generated DH prime. For OpenSSL, if the DH bit-count from\nloading the file is greater than <span class=\"docbook_option\">tls_dh_max_bits</span> then it will be ignored,\nand treated as though the <span class=\"docbook_option\">tls_dhparam</span> were set to \"none\".\n</p>\n<p class=\"changed\">\nIf this option expands to the string \"none\", then no DH parameters will be\nloaded by Exim.\n</p>\n<p class=\"changed\">\nIf this option expands to the string \"historic\" and Exim is using GnuTLS, then\nExim will attempt to load a file from inside the spool directory. If the file\ndoes not exist, Exim will attempt to create it.\nSee section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTgnutlsparam\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.3</a> for further details.\n</p>\n<p class=\"changed\">\nIf Exim is using OpenSSL and this option is empty or unset, then Exim will load\na default DH prime; the default is the 2048 bit prime described in section\n2.2 of RFC 5114, \"2048-bit MODP Group with 224-bit Prime Order Subgroup\", which\nin IKE is assigned number 23.\n</p>\n<p class=\"changed\">\nOtherwise, the option must expand to the name used by Exim for any of a number\nof DH primes specified in RFC 2409, RFC 3526 and RFC 5114. As names, Exim uses\n\"ike\" followed by the number used by IKE, of \"default\" which corresponds to\n\"ike23\".\n</p>\n<p class=\"changed\">\nThe available primes are:\n<code class=\"docbook_literal\">ike1</code>, <code class=\"docbook_literal\">ike2</code>, <code class=\"docbook_literal\">ike5</code>,\n<code class=\"docbook_literal\">ike14</code>, <code class=\"docbook_literal\">ike15</code>, <code class=\"docbook_literal\">ike16</code>, <code class=\"docbook_literal\">ike17</code>, <code class=\"docbook_literal\">ike18</code>,\n<code class=\"docbook_literal\">ike22</code>, <code class=\"docbook_literal\">ike23</code> (aka <code class=\"docbook_literal\">default</code>) and <code class=\"docbook_literal\">ike24</code>.\n</p>\n<p class=\"changed\">\nSome of these will be too small to be accepted by clients.\nSome may be too large to be accepted by clients.\n</p>"
name: tls_dhparam
type: string
tls_on_connect_ports:
cpanel_default: 465
default: unset
description: "<p>\nThis option specifies a list of incoming SSMTP (aka SMTPS) ports that should\noperate the obsolete SSMTP (SMTPS) protocol, where a TLS session is immediately\nset up without waiting for the client to issue a STARTTLS command. For\nfurther details, see section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch13.html#SECTsupobssmt\" target=\"_blank\" title=\"13. Starting the daemon and the use of network interfaces\">13.4</a>.\n</p>"
name: tls_on_connect_ports
type: stringlist
tls_privatekey:
cpanel_default: ${if and { {gt{$tls_in_sni}{}} {!match{$tls_in_sni}{/}} } {${if exists {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} {/var/cpanel/ssl/domain_tls/$tls_in_sni/combined} {${if exists {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} {${sg{/var/cpanel/ssl/domain_tls/$tls_in_sni/combined}{(.+/)[^.]+(.+/combined)}{\$1*\$2}}} {/etc/exim.key} }} }} {/etc/exim.key} }
default: unset
description: "<p>\n\nThe value of this option is expanded, and must then be the absolute path to a\nfile which contains the server\xE2\x80\x99s private key. If this option is unset, or if\nthe expansion is forced to fail, or the result is an empty string, the private\nkey is assumed to be in the same file as the server\xE2\x80\x99s certificates. See chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41</a> for further details.\n</p>\n<p class=\"changed\">\nSee <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTtlssni\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.10</a> for discussion of when this option might be re-expanded.\n</p>"
name: tls_privatekey
type: string
tls_remember_esmtp:
default: 'false'
description: "<p>\n\n\nIf this option is set true, Exim violates the RFCs by remembering that it is in\n\xE2\x80\x9Cesmtp\xE2\x80\x9D state after successfully negotiating a TLS session. This provides\nsupport for broken clients that fail to send a new EHLO after starting a\nTLS session.\n</p>"
name: tls_remember_esmtp
type: boolean
tls_require_ciphers:
cpanel_default: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
default: unset
description: "<p>\n\n\nThis option controls which ciphers can be used for incoming TLS connections.\nThe <span class=\"docbook_command\">smtp</span> transport has an option of the same name for controlling outgoing\nconnections. This option is expanded for each connection, so can be varied for\ndifferent clients if required. The value of this option must be a list of\npermitted cipher suites. The OpenSSL and GnuTLS libraries handle cipher control\nin somewhat different ways. If GnuTLS is being used, the client controls the\npreference order of the available ciphers. Details are given in sections\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTreqciphssl\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.4</a> and <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTreqciphgnu\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.5</a>.\n</p>"
name: tls_require_ciphers
type: string
tls_try_verify_hosts:
default: unset
description: "<p>\n\n\n<p>\n\n\nThis option, along with <span class=\"docbook_option\">tls_try_verify_hosts</span>, controls the checking of\ncertificates from clients. The expected certificates are defined by\n<span class=\"docbook_option\">tls_verify_certificates</span>, which must be set. A configuration error occurs if\neither <span class=\"docbook_option\">tls_verify_hosts</span> or <span class=\"docbook_option\">tls_try_verify_hosts</span> is set and\n<span class=\"docbook_option\">tls_verify_certificates</span> is not set.\n</p>\n<p>\nAny client that matches <span class=\"docbook_option\">tls_verify_hosts</span> is constrained by\n<span class=\"docbook_option\">tls_verify_certificates</span>. When the client initiates a TLS session, it must\npresent one of the listed certificates. If it does not, the connection is\naborted. <span class=\"docbook_emphasis\">Warning</span>: Including a host in <span class=\"docbook_option\">tls_verify_hosts</span> does not require\nthe host to use TLS. It can still send SMTP commands through unencrypted\nconnections. Forcing a client to use TLS has to be done separately using an\nACL to reject inappropriate commands when the connection is not encrypted.\n</p>\n<p>\nA weaker form of checking is provided by <span class=\"docbook_option\">tls_try_verify_hosts</span>. If a client\nmatches this option (but not <span class=\"docbook_option\">tls_verify_hosts</span>), Exim requests a\ncertificate and checks it against <span class=\"docbook_option\">tls_verify_certificates</span>, but does not\nabort the connection if there is no certificate or if it does not match. This\nstate can be detected in an ACL, which makes it possible to implement policies\nsuch as \xE2\x80\x9Caccept for relay only if a verified certificate has been received,\nbut accept for local delivery if encrypted, even without a verified\ncertificate\xE2\x80\x9D.\n</p>\n<p>\nClient hosts that match neither of these lists are not asked to present\ncertificates.\n</p>below.\n</p>"
name: tls_try_verify_hosts
type: hostlist
tls_verify_certificates:
default: unset
description: "<p>\n\n\nThe value of this option is expanded, and must then be the absolute path to\na file containing permitted certificates for clients that\nmatch <span class=\"docbook_option\">tls_verify_hosts</span> or <span class=\"docbook_option\">tls_try_verify_hosts</span>. Alternatively, if you\nare using OpenSSL, you can set <span class=\"docbook_option\">tls_verify_certificates</span> to the name of a\ndirectory containing certificate files. This does not work with GnuTLS; the\noption must be set to the name of a single file if you are using GnuTLS.\n</p>\n<p>\nThese certificates should be for the certificate authorities trusted, rather\nthan the public cert of individual clients. With both OpenSSL and GnuTLS, if\nthe value is a file then the certificates are sent by Exim as a server to\nconnecting clients, defining the list of accepted certificate authorities.\nThus the values defined should be considered public data. To avoid this,\nuse OpenSSL with a directory.\n</p>\n<p class=\"changed\">\nSee <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch41.html#SECTtlssni\" target=\"_blank\" title=\"41. Encrypted SMTP connections using TLS/SSL\">41.10</a> for discussion of when this option might be re-expanded.\n</p>"
name: tls_verify_certificates
type: string
tls_verify_hosts:
default: unset
description: "<p>\n\n\nThis option, along with <span class=\"docbook_option\">tls_try_verify_hosts</span>, controls the checking of\ncertificates from clients. The expected certificates are defined by\n<span class=\"docbook_option\">tls_verify_certificates</span>, which must be set. A configuration error occurs if\neither <span class=\"docbook_option\">tls_verify_hosts</span> or <span class=\"docbook_option\">tls_try_verify_hosts</span> is set and\n<span class=\"docbook_option\">tls_verify_certificates</span> is not set.\n</p>\n<p>\nAny client that matches <span class=\"docbook_option\">tls_verify_hosts</span> is constrained by\n<span class=\"docbook_option\">tls_verify_certificates</span>. When the client initiates a TLS session, it must\npresent one of the listed certificates. If it does not, the connection is\naborted. <span class=\"docbook_emphasis\">Warning</span>: Including a host in <span class=\"docbook_option\">tls_verify_hosts</span> does not require\nthe host to use TLS. It can still send SMTP commands through unencrypted\nconnections. Forcing a client to use TLS has to be done separately using an\nACL to reject inappropriate commands when the connection is not encrypted.\n</p>\n<p>\nA weaker form of checking is provided by <span class=\"docbook_option\">tls_try_verify_hosts</span>. If a client\nmatches this option (but not <span class=\"docbook_option\">tls_verify_hosts</span>), Exim requests a\ncertificate and checks it against <span class=\"docbook_option\">tls_verify_certificates</span>, but does not\nabort the connection if there is no certificate or if it does not match. This\nstate can be detected in an ACL, which makes it possible to implement policies\nsuch as \xE2\x80\x9Caccept for relay only if a verified certificate has been received,\nbut accept for local delivery if encrypted, even without a verified\ncertificate\xE2\x80\x9D.\n</p>\n<p>\nClient hosts that match neither of these lists are not asked to present\ncertificates.\n</p>"
name: tls_verify_hosts
type: hostlist
trusted_groups:
default: unset
description: "<p>\n\n\nThis option is expanded just once, at the start of Exim\xE2\x80\x99s processing. If this\noption is set, any process that is running in one of the listed groups, or\nwhich has one of them as a supplementary group, is trusted. The groups can be\nspecified numerically or by name. See section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch05.html#SECTtrustedadmin\" target=\"_blank\" title=\"5. The Exim command line\">5.2</a> for\ndetails of what trusted callers are permitted to do. If neither\n<span class=\"docbook_option\">trusted_groups</span> nor <span class=\"docbook_option\">trusted_users</span> is set, only root and the Exim user\nare trusted.\n</p>"
name: trusted_groups
type: stringlist
trusted_users:
default: unset
description: "<p>\n\n\nThis option is expanded just once, at the start of Exim\xE2\x80\x99s processing. If this\noption is set, any process that is running as one of the listed users is\ntrusted. The users can be specified numerically or by name. See section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch05.html#SECTtrustedadmin\" target=\"_blank\" title=\"5. The Exim command line\">5.2</a> for details of what trusted callers are permitted to do.\nIf neither <span class=\"docbook_option\">trusted_groups</span> nor <span class=\"docbook_option\">trusted_users</span> is set, only root and the\nExim user are trusted.\n</p>"
name: trusted_users
type: stringlist
unknown_login:
default: unset
description: "<p>\n\n\nThis is a specialized feature for use in unusual configurations. By default, if\nthe uid of the caller of Exim cannot be looked up using <span class=\"docbook_function\">getpwuid()</span>, Exim\ngives up. The <span class=\"docbook_option\">unknown_login</span> option can be used to set a login name to be\nused in this circumstance. It is expanded, so values like <span class=\"docbook_option\">user$caller_uid</span>\ncan be set. When <span class=\"docbook_option\">unknown_login</span> is used, the value of <span class=\"docbook_option\">unknown_username</span>\nis used for the user\xE2\x80\x99s real name (gecos field), unless this has been set by the\n<span class=\"docbook_option\">-F</span> option.\n</p>"
name: unknown_login
type: string
unknown_username:
default: unset
description: "<p>\n<p>\n\n\nThis is a specialized feature for use in unusual configurations. By default, if\nthe uid of the caller of Exim cannot be looked up using <span class=\"docbook_function\">getpwuid()</span>, Exim\ngives up. The <span class=\"docbook_option\">unknown_login</span> option can be used to set a login name to be\nused in this circumstance. It is expanded, so values like <span class=\"docbook_option\">user$caller_uid</span>\ncan be set. When <span class=\"docbook_option\">unknown_login</span> is used, the value of <span class=\"docbook_option\">unknown_username</span>\nis used for the user\xE2\x80\x99s real name (gecos field), unless this has been set by the\n<span class=\"docbook_option\">-F</span> option.\n</p></p>"
name: unknown_username
type: string
untrusted_set_sender:
cpanel_default: "*"
default: unset
description: "<p>\n\n\n\n\n\nWhen an untrusted user submits a message to Exim using the standard input, Exim\nnormally creates an envelope sender address from the user\xE2\x80\x99s login and the\ndefault qualification domain. Data from the <span class=\"docbook_option\">-f</span> option (for setting envelope\nsenders on non-SMTP messages) or the SMTP MAIL command (if <span class=\"docbook_option\">-bs</span> or <span class=\"docbook_option\">-bS</span>\nis used) is ignored.\n</p>\n<p>\nHowever, untrusted users are permitted to set an empty envelope sender address,\nto declare that a message should never generate any bounces. For example:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nexim -f '<>' user@domain.example\n</pre></div>\n<p>\n\nThe <span class=\"docbook_option\">untrusted_set_sender</span> option allows you to permit untrusted users to set\nother envelope sender addresses in a controlled way. When it is set, untrusted\nusers are allowed to set envelope sender addresses that match any of the\npatterns in the list. Like all address lists, the string is expanded. The\nidentity of the user is in $sender_ident, so you can, for example, restrict\nusers to setting senders that start with their login ids\nfollowed by a hyphen\nby a setting like this:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nuntrusted_set_sender = ^$sender_ident-\n</pre></div>\n<p>\nIf you want to allow untrusted users to set envelope sender addresses without\nrestriction, you can use\n</p>\n<div class=\"docbook_literallayout\"><pre>\nuntrusted_set_sender = *\n</pre></div>\n<p>\nThe <span class=\"docbook_option\">untrusted_set_sender</span> option applies to all forms of local input, but\nonly to the setting of the envelope sender. It does not permit untrusted users\nto use the other options which trusted user can use to override message\nparameters. Furthermore, it does not stop Exim from removing an existing\n<span class=\"docbook_emphasis\">Sender:</span> header in the message, or from adding a <span class=\"docbook_emphasis\">Sender:</span> header if\nnecessary. <p>\n\nWhen a message is submitted locally (that is, not over a TCP/IP connection) by\nan untrusted user, Exim removes any existing <span class=\"docbook_emphasis\">Sender:</span> header line. If you\ndo not want this to happen, you must set <span class=\"docbook_option\">local_sender_retain</span>, and you must\nalso set <span class=\"docbook_option\">local_from_check</span> to be false (Exim will complain if you do not).\nSee also the ACL modifier <code class=\"docbook_literal\">control = suppress_local_fixups</code>. Section\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch46.html#SECTthesenhea\" target=\"_blank\" title=\"46. Message processing\">46.16</a> has more details about <span class=\"docbook_emphasis\">Sender:</span> processing.\n</p>and <span class=\"docbook_option\">local_from_check</span> for ways of\noverriding these actions. The handling of the <span class=\"docbook_emphasis\">Sender:</span> header is also\ndescribed in section <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch46.html#SECTthesenhea\" target=\"_blank\" title=\"46. Message processing\">46.16</a>.\n</p>\n<p>\nThe log line for a message\xE2\x80\x99s arrival shows the envelope sender following\n\xE2\x80\x9C<=\xE2\x80\x9D. For local messages, the user\xE2\x80\x99s login always follows, after \xE2\x80\x9CU=\xE2\x80\x9D. In\n<span class=\"docbook_option\">-bp</span> displays, and in the Exim monitor, if an untrusted user sets an\nenvelope sender address, the user\xE2\x80\x99s login is shown in parentheses after the\nsender address.\n</p>"
name: untrusted_set_sender
type: addresslist
uucp_from_pattern:
default: ~
description: "<p>\n\n\nSome applications that pass messages to an MTA via a command line interface use\nan initial line starting with \xE2\x80\x9CFrom\xC2\xA0\xE2\x80\x9D to pass the envelope sender. In\nparticular, this is used by UUCP software. Exim recognizes such a line by means\nof a regular expression that is set in <span class=\"docbook_option\">uucp_from_pattern</span>. When the pattern\nmatches, the sender address is constructed by expanding the contents of\n<span class=\"docbook_option\">uucp_from_sender</span>, provided that the caller of Exim is a trusted user. The\ndefault pattern recognizes lines in the following two forms:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nFrom ph10 Fri Jan 5 12:35 GMT 1996\nFrom ph10 Fri, 7 Jan 97 14:00:00 GMT\n</pre></div>\n<p>\nThe pattern can be seen by running\n</p>\n<div class=\"docbook_literallayout\"><pre>\nexim -bP uucp_from_pattern\n</pre></div>\n<p>\nIt checks only up to the hours and minutes, and allows for a 2-digit or 4-digit\nyear in the second case. The first word after \xE2\x80\x9CFrom\xC2\xA0\xE2\x80\x9D is matched in the\nregular expression by a parenthesized subpattern. The default value for\n<span class=\"docbook_option\">uucp_from_sender</span> is \xE2\x80\x9C$1\xE2\x80\x9D, which therefore just uses this first word\n(\xE2\x80\x9Cph10\xE2\x80\x9D in the example above) as the message\xE2\x80\x99s sender. See also\n<span class=\"docbook_option\">ignore_fromline_hosts</span>.\n</p>"
name: uucp_from_pattern
type: string
uucp_from_sender:
default: $1
description: "<p>\n<p>\n\n\nSome applications that pass messages to an MTA via a command line interface use\nan initial line starting with \xE2\x80\x9CFrom\xC2\xA0\xE2\x80\x9D to pass the envelope sender. In\nparticular, this is used by UUCP software. Exim recognizes such a line by means\nof a regular expression that is set in <span class=\"docbook_option\">uucp_from_pattern</span>. When the pattern\nmatches, the sender address is constructed by expanding the contents of\n<span class=\"docbook_option\">uucp_from_sender</span>, provided that the caller of Exim is a trusted user. The\ndefault pattern recognizes lines in the following two forms:\n</p>\n<div class=\"docbook_literallayout\"><pre>\nFrom ph10 Fri Jan 5 12:35 GMT 1996\nFrom ph10 Fri, 7 Jan 97 14:00:00 GMT\n</pre></div>\n<p>\nThe pattern can be seen by running\n</p>\n<div class=\"docbook_literallayout\"><pre>\nexim -bP uucp_from_pattern\n</pre></div>\n<p>\nIt checks only up to the hours and minutes, and allows for a 2-digit or 4-digit\nyear in the second case. The first word after \xE2\x80\x9CFrom\xC2\xA0\xE2\x80\x9D is matched in the\nregular expression by a parenthesized subpattern. The default value for\n<span class=\"docbook_option\">uucp_from_sender</span> is \xE2\x80\x9C$1\xE2\x80\x9D, which therefore just uses this first word\n(\xE2\x80\x9Cph10\xE2\x80\x9D in the example above) as the message\xE2\x80\x99s sender. See also\n<span class=\"docbook_option\">ignore_fromline_hosts</span>.\n</p>above.\n</p>"
name: uucp_from_sender
type: string
warn_message_file:
default: unset
description: "<p>\n\n\nThis option defines a template file containing paragraphs of text to be used\nfor constructing the warning message which is sent by Exim when a message has\nbeen on the queue for a specified amount of time, as specified by\n<span class=\"docbook_option\">delay_warning</span>. Details of the file\xE2\x80\x99s contents are given in chapter\n<a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch48.html\" target=\"_blank\" title=\"48. Customizing bounce and warning messages\">48</a>. See also <span class=\"docbook_option\">bounce_message_file</span>.\n</p>"
name: warn_message_file
type: string
write_rejectlog:
default: 'true'
description: "<p>\n\nIf this option is set false, Exim no longer writes anything to the reject log.\nSee chapter <a href=\"http://www.exim.org/exim-html-current/doc/html/spec_html/ch51.html\" target=\"_blank\" title=\"51. Log files\">51</a> for details of what Exim writes to its logs.\n\n\n</p>"
name: write_rejectlog
type: boolean