<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >The Exim Configuration File</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Spam Filtering for Mail Exchangers" HREF="index.html"><LINK REL="UP" TITLE="Exim Implementation" HREF="exim.html"><LINK REL="PREVIOUS" TITLE="Prerequisites" HREF="exim-prereq.html"><LINK REL="NEXT" TITLE="Options and Settings" HREF="exim-options.html"></HEAD ><BODY CLASS="section" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Spam Filtering for Mail Exchangers: </TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="exim-prereq.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Appendix A. Exim Implementation</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="exim-options.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="section" ><H1 CLASS="section" ><A NAME="exim-configfile" ></A >A.2. The Exim Configuration File</H1 ><P > The Exim configuration file contains global definitions at the top (we will call this the <EM >main section</EM >), followed by several other sections<A NAME="AEN1380" HREF="#FTN.AEN1380" ><SPAN CLASS="footnote" >[1]</SPAN ></A >. Each of these other sections starts with: <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" >begin <TT CLASS="parameter" ><I >section</I ></TT ></PRE ></FONT ></TD ></TR ></TABLE > </P ><P > We will spend most of our time in the <TT CLASS="option" >acl</TT > section (i.e. after <TT CLASS="option" >begin acl</TT >); but we will also add and/or modify a few items in the <TT CLASS="option" >transports</TT > and <TT CLASS="option" >routers</TT > sections, as well as in the main section at the top of the file. </P ><DIV CLASS="section" ><H2 CLASS="section" ><A NAME="exim-acl" ></A >A.2.1. Access Control Lists</H2 ><P > As of version 4.xx, Exim incorporates perhaps the most sophisticated and flexible mechanism for SMTP-time filtering available anywhere, by way of so-called <EM >Access Control Lists</EM > (ACLs). </P ><P > An ACL can be used to evaluate whether to accept or reject an aspect of an incoming message transaction, such as the initial connection from a remote host, or the <B CLASS="command" >HELO/EHLO</B >, <B CLASS="command" >MAIL FROM:</B >, or <B CLASS="command" >RCPT TO:</B > SMTP commands. So, for instance, you may have an ACL named <TT CLASS="option" >acl_rcpt_to</TT > to validate each <B CLASS="command" >RCPT TO:</B > command received from the peer. </P ><P > An ACL consists of a series of <EM >statements</EM > (or <EM >rules</EM >). Each statement starts with an action verb, such as <TT CLASS="option" >accept</TT >, <TT CLASS="option" >warn</TT >, <TT CLASS="option" >require</TT >, <TT CLASS="option" >defer</TT >, or <TT CLASS="option" >deny</TT >, followed by a list of conditions, options, and other settings pertaining to that statement. Every <EM >statement</EM > is evaluated in order, until a definitive action (besides <TT CLASS="option" >warn</TT >) is taken. There is an implicit <TT CLASS="option" >deny</TT > at the end of the ACL. </P ><P > A sample statement in the <TT CLASS="option" >acl_rcpt_to</TT > ACL above may look like this: <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" > deny message = relay not permitted !hosts = +relay_from_hosts !domains = +local_domains : +relay_to_domains delay = 1m </PRE ></FONT ></TD ></TR ></TABLE > </P ><P > This statement will reject the <B CLASS="command" >RCPT TO:</B > command if it was not delivered by a host in the <SPAN CLASS="QUOTE" >"+relay_from_hosts"</SPAN > host list, and the recipient domain is not in the <SPAN CLASS="QUOTE" >"+local_domains"</SPAN > or <SPAN CLASS="QUOTE" >"+relay_to_domains"</SPAN > domain lists. However, before issuing the <SPAN CLASS="QUOTE" >"550"</SPAN > SMTP response to this command, the server will wait for one minute. </P ><P > To evaluate a particular ACL at a given stage of the message transaction, you need to point one of Exim's <EM >policy controls</EM > to that ACL. For instance, to use the <TT CLASS="option" >acl_rcpt_to</TT > ACL mentioned above to evaluate the <B CLASS="command" >RCPT TO:</B >, the main section of your Exim configuration file (before any <TT CLASS="option" >begin</TT > keywords) should include: <TABLE BORDER="0" BGCOLOR="#E0E0E0" WIDTH="100%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="screen" >acl_smtp_rcpt = acl_rcpt_to</PRE ></FONT ></TD ></TR ></TABLE > </P ><P > For a full list of such <EM >policy controls</EM >, refer to section 14.11 in the Exim specifications. </P ></DIV ><DIV CLASS="section" ><H2 CLASS="section" ><A NAME="exim-expansions" ></A >A.2.2. Expansions</H2 ><P > A large number of <EM >expansion items</EM > are available, including run-time variables, lookup functions, string/regex manipulations, host/domain lists, etc. etc. An exhaustive reference for the last x.x0 release (i.e. 4.20, 4.30..) can be found in the file <SPAN CLASS="QUOTE" >"spec.txt"</SPAN >; ACLs are described in section 38. </P ><P > In particular, Exim provides twenty general purpose expansion variables to which we can assign values in an ACL statement: </P ><P ></P ><UL ><LI ><P > <TT CLASS="varname" >$acl_c0</TT > - <TT CLASS="varname" >$acl_c9</TT > can hold values that will persist through the lifetime of an SMTP connection. </P ></LI ><LI ><P > <TT CLASS="varname" >$acl_m0</TT > - <TT CLASS="varname" >$acl_m9</TT > can hold values while a message is being received, but are then reset. They are also reset by the <B CLASS="command" >HELO</B >, <B CLASS="command" >EHLO</B >, <B CLASS="command" >MAIL</B >, and <B CLASS="command" >RSET</B > commands. </P ></LI ></UL ></DIV ></DIV ><H3 CLASS="FOOTNOTES" >Notes</H3 ><TABLE BORDER="0" CLASS="FOOTNOTES" WIDTH="100%" ><TR ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="5%" ><A NAME="FTN.AEN1380" HREF="exim-configfile.html#AEN1380" ><SPAN CLASS="footnote" >[1]</SPAN ></A ></TD ><TD ALIGN="LEFT" VALIGN="TOP" WIDTH="95%" ><P > <EM >Debian users:</EM > The <TT CLASS="option" >exim4-config</TT > package gives you a choice between splitting the Exim configuration into several small chunks distributed within subdirectories below <TT CLASS="option" >/etc/exim4/conf.d</TT >, or to keep the entire configuration in a single file. </P ><P > If you chose the former option (I recommend this!), you can keep your customization well separated from the stock configuration provided with the <TT CLASS="option" >exim4-config</TT > package by creating new files within these subdirectories, rather than modifying the existing ones. For instance, you may create a file named <TT CLASS="option" >/etc/exim4/conf.d/acl/80_local-config_rcpt_to</TT > to declare your own ACL for the <B CLASS="command" >RCPT TO:</B > command (see <A HREF="exim-firstpass.html#acl_rcpt_to_1" >below</A >). </P ><P > The Exim <SPAN CLASS="QUOTE" >"init"</SPAN > script (<TT CLASS="option" >/etc/init.d/exim4</TT >) will automatically consolidate all these files into a single large run-time configuration file next time you (re)start. </P ></TD ></TR ></TABLE ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="exim-prereq.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="exim-options.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Prerequisites</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="exim.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Options and Settings</TD ></TR ></TABLE ></DIV ></BODY ></HTML >