<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>The Exim Configuration File</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Spam Filtering for Mail Exchangers"
HREF="index.html"><LINK
REL="UP"
TITLE="Exim Implementation"
HREF="exim.html"><LINK
REL="PREVIOUS"
TITLE="Prerequisites"
HREF="exim-prereq.html"><LINK
REL="NEXT"
TITLE="Options and Settings"
HREF="exim-options.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Spam Filtering for Mail Exchangers: </TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="exim-prereq.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Appendix A. Exim Implementation</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="exim-options.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="exim-configfile"
></A
>A.2. The Exim Configuration File</H1
><P
> The Exim configuration file contains global definitions at the
top (we will call this the <EM
>main section</EM
>),
followed by several other sections<A
NAME="AEN1380"
HREF="#FTN.AEN1380"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
>. Each of these other sections starts with:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>begin <TT
CLASS="parameter"
><I
>section</I
></TT
></PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> We will spend most of our time in the <TT
CLASS="option"
>acl</TT
>
section (i.e. after <TT
CLASS="option"
>begin acl</TT
>); but we will
also add and/or modify a few items in the
<TT
CLASS="option"
>transports</TT
> and <TT
CLASS="option"
>routers</TT
>
sections, as well as in the main section at the top of the file.
</P
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="exim-acl"
></A
>A.2.1. Access Control Lists</H2
><P
> As of version 4.xx, Exim incorporates perhaps the most
sophisticated and flexible mechanism for SMTP-time filtering
available anywhere, by way of so-called <EM
>Access
Control Lists</EM
> (ACLs).
</P
><P
> An ACL can be used to evaluate whether to accept or reject an
aspect of an incoming message transaction, such as the initial
connection from a remote host, or the
<B
CLASS="command"
>HELO/EHLO</B
>, <B
CLASS="command"
>MAIL FROM:</B
>,
or <B
CLASS="command"
>RCPT TO:</B
> SMTP commands. So, for
instance, you may have an ACL named
<TT
CLASS="option"
>acl_rcpt_to</TT
> to validate each <B
CLASS="command"
>RCPT
TO:</B
> command received from the peer.
</P
><P
> An ACL consists of a series of <EM
>statements</EM
>
(or <EM
>rules</EM
>). Each statement starts with
an action verb, such as <TT
CLASS="option"
>accept</TT
>,
<TT
CLASS="option"
>warn</TT
>, <TT
CLASS="option"
>require</TT
>,
<TT
CLASS="option"
>defer</TT
>, or <TT
CLASS="option"
>deny</TT
>, followed by
a list of conditions, options, and other settings pertaining
to that statement. Every <EM
>statement</EM
> is
evaluated in order, until a definitive action (besides
<TT
CLASS="option"
>warn</TT
>) is taken. There is an implicit
<TT
CLASS="option"
>deny</TT
> at the end of the ACL.
</P
><P
> A sample statement in the <TT
CLASS="option"
>acl_rcpt_to</TT
> ACL
above may look like this:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
> deny
message = relay not permitted
!hosts = +relay_from_hosts
!domains = +local_domains : +relay_to_domains
delay = 1m
</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> This statement will reject the <B
CLASS="command"
>RCPT TO:</B
>
command if it was not delivered by a host in the
<SPAN
CLASS="QUOTE"
>"+relay_from_hosts"</SPAN
> host list, and the recipient
domain is not in the <SPAN
CLASS="QUOTE"
>"+local_domains"</SPAN
> or
<SPAN
CLASS="QUOTE"
>"+relay_to_domains"</SPAN
> domain lists. However, before
issuing the <SPAN
CLASS="QUOTE"
>"550"</SPAN
> SMTP response to this command,
the server will wait for one minute.
</P
><P
> To evaluate a particular ACL at a given stage of the message
transaction, you need to point one of Exim's <EM
>policy
controls</EM
> to that ACL. For instance, to use the
<TT
CLASS="option"
>acl_rcpt_to</TT
> ACL mentioned above to evaluate the
<B
CLASS="command"
>RCPT TO:</B
>, the main section of your Exim
configuration file (before any <TT
CLASS="option"
>begin</TT
> keywords)
should include:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>acl_smtp_rcpt = acl_rcpt_to</PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> For a full list of such <EM
>policy controls</EM
>,
refer to section 14.11 in the Exim specifications.
</P
></DIV
><DIV
CLASS="section"
><H2
CLASS="section"
><A
NAME="exim-expansions"
></A
>A.2.2. Expansions</H2
><P
> A large number of <EM
>expansion items</EM
> are
available, including run-time variables, lookup functions,
string/regex manipulations, host/domain lists, etc. etc. An
exhaustive reference for the last x.x0 release (i.e. 4.20,
4.30..) can be found in the file <SPAN
CLASS="QUOTE"
>"spec.txt"</SPAN
>; ACLs
are described in section 38.
</P
><P
> In particular, Exim provides twenty general purpose expansion
variables to which we can assign values in an ACL statement:
</P
><P
></P
><UL
><LI
><P
> <TT
CLASS="varname"
>$acl_c0</TT
> - <TT
CLASS="varname"
>$acl_c9</TT
> can
hold values that will persist through the lifetime of an
SMTP connection.
</P
></LI
><LI
><P
> <TT
CLASS="varname"
>$acl_m0</TT
> - <TT
CLASS="varname"
>$acl_m9</TT
> can
hold values while a message is being received, but are
then reset. They are also reset by the
<B
CLASS="command"
>HELO</B
>, <B
CLASS="command"
>EHLO</B
>,
<B
CLASS="command"
>MAIL</B
>, and <B
CLASS="command"
>RSET</B
>
commands.
</P
></LI
></UL
></DIV
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN1380"
HREF="exim-configfile.html#AEN1380"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
> <EM
>Debian users:</EM
> The
<TT
CLASS="option"
>exim4-config</TT
> package gives you a choice
between splitting the Exim configuration into several small
chunks distributed within subdirectories below
<TT
CLASS="option"
>/etc/exim4/conf.d</TT
>, or to keep the entire
configuration in a single file.
</P
><P
> If you chose the former option (I recommend this!), you can
keep your customization well separated from the stock
configuration provided with the <TT
CLASS="option"
>exim4-config</TT
>
package by creating new files within these subdirectories,
rather than modifying the existing ones. For instance, you
may create a file named
<TT
CLASS="option"
>/etc/exim4/conf.d/acl/80_local-config_rcpt_to</TT
>
to declare your own ACL for the <B
CLASS="command"
>RCPT TO:</B
>
command (see <A
HREF="exim-firstpass.html#acl_rcpt_to_1"
>below</A
>).
</P
><P
> The Exim <SPAN
CLASS="QUOTE"
>"init"</SPAN
> script
(<TT
CLASS="option"
>/etc/init.d/exim4</TT
>) will automatically
consolidate all these files into a single large run-time
configuration file next time you (re)start.
</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="exim-prereq.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="exim-options.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Prerequisites</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="exim.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Options and Settings</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
