exim
SYNOPSIS
exim4 [options] arguments ...
mailq [options] arguments ...
rsmtp [options] arguments ...
rmail [options] arguments ...
runq [options] arguments ...
newaliases [options] arguments ...
DESCRIPTION
Exim is a mail transfer agent (MTA) developed at the University of Cam-
bridge. It is a large program with very many facilities. For a full
specification, see the reference manual. This man page contains only a
description of the command line options. It has been automatically gen-
erated from the reference manual source, hopefully without too much
mangling.
Like other MTAs, Exim replaces Sendmail, and is normally called by user
agents (MUAs) using the path /usr/sbin/sendmail when they submit mes-
sages for delivery (some operating systems use /usr/lib/sendmail). This
path is normally set up as a symbolic link to the Exim binary. It may
also be used by boot scripts to start the Exim daemon. Many of Exim's
command line options are compatible with Sendmail so that it can act as
a drop-in replacement.
DEFAULT ACTION
If no options are present that require a specific action (such as
starting the daemon or a queue runner, testing an address, receiving a
message in a specific format, or listing the queue), and there are no
arguments on the command line, Exim outputs a brief message about
itself and exits.
However, if there is at least one command line argument, -bm (accept a
local message on the standard input, with the arguments specifying the
recipients) is assumed. Thus, for example, if Exim is installed in
/usr/sbin, you can send a message from the command line like this:
/usr/sbin/exim -i <recipient-address(es)>
<message content, including all the header lines>
CTRL-D
The -i option prevents a line containing just a dot from terminating
the message. Only an end-of-file (generated by typing CTRL-D if the
input is from a terminal) does so.
SETTING OPTIONS BY PROGRAM NAME
If an Exim binary is called using one of the names listed in this sec-
tion (typically via a symbolic link), certain options are assumed.
mailq Behave as if the option -bp were present before any other
options. The -bp option requests a listing of the contents of
runq Behave as if the option -q were present before any other
options, for compatibility with Smail. The -q option causes a
single queue runner process to be started. It processes the
queue once, then exits.
newaliases
Behave as if the option -bi were present before any other
options, for compatibility with Sendmail. This option is used
for rebuilding Sendmail's alias file. Exim does not have the
concept of a single alias file, but can be configured to run a
specified command if called with the -bi option.
OPTIONS
-- This is a pseudo-option whose only purpose is to terminate
the options and therefore to cause subsequent command line
items to be treated as arguments rather than options, even if
they begin with hyphens.
--help This option causes Exim to output a few sentences stating
what it is. The same output is generated if the Exim binary
is called with no options and no arguments.
-B<type> This is a Sendmail option for selecting 7 or 8 bit process-
ing. Exim is 8-bit clean; it ignores this option.
-bd This option runs Exim as a daemon, awaiting incoming SMTP
connections. Usually the -bd option is combined with the
-q<time> option, to specify that the daemon should also ini-
tiate periodic queue runs.
The -bd option can be used only by an admin user. If either
of the -d (debugging) or -v (verifying) options are set, the
daemon does not disconnect from the controlling terminal.
When running this way, it can be stopped by pressing ctrl-C.
By default, Exim listens for incoming connections to the
standard SMTP port on all the host's running interfaces. How-
ever, it is possible to listen on other ports, on multiple
ports, and only on specific interfaces.
When a listening daemon is started without the use of -oX
(that is, without overriding the normal configuration), it
writes its process id to a file called
/var/run/exim4/exim.pid. The file is written while Exim is
still running as root.
When -oX is used on the command line to start a listening
daemon, the process id is not written to the normal pid file
path. However, -oP can be used to specify a path on the com-
mand line if a pid file is required.
The SIGHUP signal can be used to cause the daemon to re-exe-
-be Run Exim in expansion testing mode. Exim discards its root
privilege, to prevent ordinary users from using this mode to
read otherwise inaccessible files. If no arguments are given,
Exim runs interactively, prompting for lines of data. Other-
wise, it processes each argument in turn.
If Exim was built with USE_READLINE=yes in Local/Makefile, it
tries to load the libreadline library dynamically whenever
the -be option is used without command line arguments. If
successful, it uses the readline() function, which provides
extensive line-editing facilities, for reading the test data.
A line history is supported.
Long expansion expressions can be split over several lines by
using backslash continuations. As in Exim's run time configu-
ration, white space at the start of continuation lines is
ignored. Each argument or data line is passed through the
string expansion mechanism, and the result is output. Vari-
able values from the configuration file (for example, $qual-
ify_domain) are available, but no message-specific values
(such as $sender_domain) are set, because no message is being
processed (but see -bem and -Mset).
Note: If you use this mechanism to test lookups, and you
change the data files or databases you are using, you must
exit and restart Exim before trying the same lookup again.
Otherwise, because each Exim process caches the results of
lookups, you will just get the same result as before.
-bem <filename>
This option operates like -be except that it must be followed
by the name of a file. For example:
exim -bem /tmp/testmessage
The file is read as a message (as if receiving a locally-sub-
mitted non-SMTP message) before any of the test expansions
are done. Thus, message-specific variables such as $mes-
sage_size and $header_from: are available. However, no
Received: header is added to the message. If the -t option is
set, recipients are read from the headers in the normal way,
and are shown in the $recipients variable. Note that recipi-
ents cannot be given on the command line, because further
arguments are taken as strings to expand (just like -be).
-bF <filename>
This option is the same as -bf except that it assumes that
the filter being tested is a system filter. The additional
commands that are available only in system filters are recog-
nized.
-bf <filename>
This option runs Exim in user filter testing mode; the file
is the filter file to be tested, and a test message must be
sets filter variables that are used by the user filter.
If the test filter file does not begin with one of the spe-
cial lines
# Exim filter
# Sieve filter
it is taken to be a normal .forward file, and is tested for
validity under that interpretation.
The result of an Exim command that uses -bf, provided no
errors are detected, is a list of the actions that Exim would
try to take if presented with the message for real. More
details of filter testing are given in the separate document
entitled Exim's interfaces to mail filtering.
When testing a filter file, the envelope sender can be set by
the -f option, or by a "From " line at the start of the test
message. Various parameters that would normally be taken from
the envelope recipient address of the message can be set by
means of additional command line options (see the next four
options).
-bfd <domain>
This sets the domain of the recipient address when a filter
file is being tested by means of the -bf option. The default
is the value of $qualify_domain.
-bfl <local part>
This sets the local part of the recipient address when a fil-
ter file is being tested by means of the -bf option. The
default is the username of the process that calls Exim. A
local part should be specified with any prefix or suffix
stripped, because that is how it appears to the filter when a
message is actually being delivered.
-bfp <prefix>
This sets the prefix of the local part of the recipient
address when a filter file is being tested by means of the
-bf option. The default is an empty prefix.
-bfs <suffix>
This sets the suffix of the local part of the recipient
address when a filter file is being tested by means of the
-bf option. The default is an empty suffix.
-bh <IP address>
This option runs a fake SMTP session as if from the given IP
address, using the standard input and output. The IP address
may include a port number at the end, after a full stop. For
example:
exim4 -bh 10.9.8.7.1234
you can test your relay controls using -bh.
Warning 1: You can test features of the configuration that
rely on ident (RFC 1413) information by using the -oMt
option. However, Exim cannot actually perform an ident call-
out when testing using -bh because there is no incoming SMTP
connection.
Warning 2: Address verification callouts are also skipped
when testing using -bh. If you want these callouts to occur,
use -bhc instead.
Messages supplied during the testing session are discarded,
and nothing is written to any of the real log files. There
may be pauses when DNS (and other) lookups are taking place,
and of course these may time out. The -oMi option can be used
to specify a specific IP interface and port if this is impor-
tant, and -oMaa and -oMai can be used to set parameters as if
the SMTP session were authenticated.
The exim_checkaccess utility is a "packaged" version of -bh
whose output just states whether a given recipient address
from a given host is acceptable or not.
Features such as authentication and encryption, where the
client input is not plain text, cannot easily be tested with
-bh. Instead, you should use a specialized SMTP test program
such as swaks.
-bhc <IP address>
This option operates in the same way as -bh, except that
address verification callouts are performed if required. This
includes consulting and updating the callout cache database.
-bi Sendmail interprets the -bi option as a request to rebuild
its alias file. Exim does not have the concept of a single
alias file, and so it cannot mimic this behaviour. However,
calls to /usr/lib/sendmail with the -bi option tend to appear
in various scripts such as NIS make files, so the option must
be recognized.
If -bi is encountered, the command specified by the bi_com-
mand configuration option is run, under the uid and gid of
the caller of Exim. If the -oA option is used, its value is
passed to the command as an argument. The command set by
bi_command may not contain arguments. The command can use the
exim_dbmbuild utility, or some other means, to rebuild alias
files if this is required. If the bi_command option is not
set, calling Exim with -bi is a no-op.
-bm This option runs an Exim receiving process that accepts an
incoming, locally-generated message on the current input. The
recipients are given as the command arguments (except when -t
is also present - see below). Each argument can be a
enforced by means of the non-SMTP ACL.
The return code is zero if the message is successfully
accepted. Otherwise, the action is controlled by the -oex
option setting - see below.
The format of the message must be as defined in RFC 2822,
except that, for compatibility with Sendmail and Smail, a
line in one of the forms
From sender Fri Jan 5 12:55 GMT 1997
From sender Fri, 5 Jan 97 12:55:01
(with the weekday optional, and possibly with additional text
after the date) is permitted to appear at the start of the
message. There appears to be no authoritative specification
of the format of this line. Exim recognizes it by matching
against the regular expression defined by the uucp_from_pat-
tern option, which can be changed if necessary.
The specified sender is treated as if it were given as the
argument to the -f option, but if a -f option is also
present, its argument is used in preference to the address
taken from the message. The caller of Exim must be a trusted
user for the sender of a message to be set in this way.
-bnq By default, Exim automatically qualifies unqualified
addresses (those without domains) that appear in messages
that are submitted locally (that is, not over TCP/IP). This
qualification applies both to addresses in envelopes, and
addresses in header lines. Sender addresses are qualified
using qualify_domain, and recipient addresses using qual-
ify_recipient (which defaults to the value of qual-
ify_domain).
Sometimes, qualification is not wanted. For example, if -bS
(batch SMTP) is being used to re-submit messages that origi-
nally came from remote hosts after content scanning, you
probably do not want to qualify unqualified addresses in
header lines. (Such lines will be present only if you have
not enabled a header syntax check in the appropriate ACL.)
The -bnq option suppresses all qualification of unqualified
addresses in messages that originate on the local host. When
this is used, unqualified addresses in the envelope provoke
errors (causing message rejection) and unqualified addresses
in header lines are left alone.
-bP If this option is given with no arguments, it causes the val-
ues of all Exim's main configuration options to be written to
the standard output. The values of one or more specific
options can be requested by giving their names as arguments,
for example:
the name of the file that was actually used.
If log_file_path or pid_file_path are given, the names of the
directories where log files and daemon pid files are written
are output, respectively. If these values are unset, log
files are written in a sub-directory of the spool directory
called log, and the pid file is written directly into the
spool directory.
If -bP is followed by a name preceded by +, for example,
exim4 -bP +local_domains
it searches for a matching named list of any type (domain,
host, address, or local part) and outputs what it finds.
If one of the words router, transport, or authenticator is
given, followed by the name of an appropriate driver
instance, the option settings for that driver are output. For
example:
exim4 -bP transport local_delivery
The generic driver options are output first, followed by the
driver's private options. A list of the names of drivers of a
particular type can be obtained by using one of the words
router_list, transport_list, or authenticator_list, and a
complete list of all drivers with their option settings can
be obtained by using routers, transports, or authenticators.
If invoked by an admin user, then macro, macro_list and
macros are available, similarly to the drivers. Because
macros are sometimes used for storing passwords, this option
is restricted. The output format is one item per line.
-bp This option requests a listing of the contents of the mail
queue on the standard output. If the -bp option is followed
by a list of message ids, just those messages are listed. By
default, this option can be used only by an admin user. How-
ever, the queue_list_requires_admin option can be set false
to allow any user to see the queue.
Each message on the queue is displayed as in the following
example:
25m 2.9K 0t5C6f-0000c8-00 <alice@wonderland.fict.example>
red.king@looking-glass.fict.example
<other addresses>
The first line contains the length of time the message has
been on the queue (in this case 25 minutes), the size of the
message (2.9K), the unique local identifier for the message,
and the message sender, as contained in the envelope. For
bounce messages, the sender address is empty, and appears as
"<>". If the message was submitted locally by an untrusted
the original is displayed with a D only when deliveries for
all of its child addresses are complete.
-bpa This option operates like -bp, but in addition it shows
delivered addresses that were generated from the original top
level address(es) in each message by alias or forwarding
operations. These addresses are flagged with "+D" instead of
just "D".
-bpc This option counts the number of messages on the queue, and
writes the total to the standard output. It is restricted to
admin users, unless queue_list_requires_admin is set false.
-bpr This option operates like -bp, but the output is not sorted
into chronological order of message arrival. This can speed
it up when there are lots of messages on the queue, and is
particularly useful if the output is going to be post-pro-
cessed in a way that doesn't need the sorting.
-bpra This option is a combination of -bpr and -bpa.
-bpru This option is a combination of -bpr and -bpu.
-bpu This option operates like -bp but shows only undelivered
top-level addresses for each message displayed. Addresses
generated by aliasing or forwarding are not shown, unless the
message was deferred after processing by a router with the
one_time option set.
-brt This option is for testing retry rules, and it must be fol-
lowed by up to three arguments. It causes Exim to look for a
retry rule that matches the values and to write it to the
standard output. For example:
exim4 -brt bach.comp.mus.example
Retry rule: *.comp.mus.example F,2h,15m; F,4d,30m;
The first argument, which is required, can be a complete
address in the form local_part@domain, or it can be just a
domain name. If the second argument contains a dot, it is
interpreted as an optional second domain name; if no retry
rule is found for the first argument, the second is tried.
This ties in with Exim's behaviour when looking for retry
rules for remote hosts - if no rule is found that matches the
host, one that matches the mail domain is sought. Finally, an
argument that is the name of a specific delivery error, as
used in setting up retry rules, can be given. For example:
exim4 -brt haydn.comp.mus.example quota_3d
Retry rule: *@haydn.comp.mus.example quota_3d F,1h,15m
-brw This option is for testing address rewriting rules, and it
must be followed by a single argument, consisting of either a
local part without a domain, or a complete address with a
The message itself is read from the standard input, in SMTP
format (leading dots doubled), terminated by a line contain-
ing just a single dot. An error is provoked if the terminat-
ing dot is missing. A further message may then follow.
As for other local message submissions, the contents of
incoming batch SMTP messages can be checked using the
non-SMTP ACL. Unqualified addresses are automatically quali-
fied using qualify_domain and qualify_recipient, as appropri-
ate, unless the -bnq option is used.
Some other SMTP commands are recognized in the input. HELO
and EHLO act as RSET; VRFY, EXPN, ETRN, and HELP act as NOOP;
QUIT quits, ignoring the rest of the standard input.
If any error is encountered, reports are written to the stan-
dard output and error streams, and Exim gives up immediately.
The return code is 0 if no error was detected; it is 1 if one
or more messages were accepted before the error was detected;
otherwise it is 2.
-bs This option causes Exim to accept one or more messages by
reading SMTP commands on the standard input, and producing
SMTP replies on the standard output. SMTP policy controls, as
defined in ACLs are applied. Some user agents use this
interface as a way of passing locally-generated messages to
the MTA.
In this usage, if the caller of Exim is trusted, or
untrusted_set_sender is set, the senders of messages are
taken from the SMTP MAIL commands. Otherwise the content of
these commands is ignored and the sender is set up as the
calling user. Unqualified addresses are automatically quali-
fied using qualify_domain and qualify_recipient, as appropri-
ate, unless the -bnq option is used.
The -bs option is also used to run Exim from inetd, as an
alternative to using a listening daemon. Exim can distinguish
the two cases by checking whether the standard input is a
TCP/IP socket. When Exim is called from inetd, the source of
the mail is assumed to be remote, and the comments above con-
cerning senders and qualification do not apply. In this situ-
ation, Exim behaves in exactly the same way as it does when
receiving a message via the listening daemon.
-bt This option runs Exim in address testing mode, in which each
argument is taken as a recipient address to be tested for
deliverability. The results are written to the standard out-
put. If a test fails, and the caller is not an admin user, no
details of the failure are output, because these might con-
tain sensitive information such as usernames and passwords
for database lookups.
However, any router that has no_address_test set is bypassed.
This can make -bt easier to use for genuine routing tests if
your first router passes everything to a scanner program.
The return code is 2 if any address failed outright; it is 1
if no address failed outright but at least one could not be
resolved for some reason. Return code 0 is given only when
all addresses succeed.
Note: When actually delivering a message, Exim removes dupli-
cate recipient addresses after routing is complete, so that
only one delivery takes place. This does not happen when
testing with -bt; the full results of routing are always
shown.
Warning: -bt can only do relatively simple testing. If any of
the routers in the configuration makes any tests on the
sender address of a message, you can use the -f option to set
an appropriate sender when running -bt tests. Without it, the
sender is assumed to be the calling user at the default qual-
ifying domain. However, if you have set up (for example)
routers whose behaviour depends on the contents of an incom-
ing message, you cannot test those conditions using -bt. The
-N option provides a possible way of doing such tests.
-bV This option causes Exim to write the current version number,
compilation number, and compilation date of the exim binary
to the standard output. It also lists the DBM library this
is being used, the optional modules (such as specific lookup
types), the drivers that are included in the binary, and the
name of the run time configuration file that is in use.
As part of its operation, -bV causes Exim to read and syntax
check its configuration file. However, this is a static check
only. It cannot check values that are to be expanded. For
example, although a misspelt ACL verb is detected, an error
in the verb's arguments is not. You cannot rely on -bV alone
to discover (for example) all the typos in the configuration;
some realistic testing is needed. The -bh and -N options pro-
vide more dynamic testing facilities.
-bv This option runs Exim in address verification mode, in which
each argument is taken as a recipient address to be verified
by the routers. (This does not involve any verification call-
outs). During normal operation, verification happens mostly
as a consequence processing a verify condition in an ACL. If
you want to test an entire ACL, possibly including callouts,
see the -bh and -bhc options.
If verification fails, and the caller is not an admin user,
no details of the failure are output, because these might
contain sensitive information such as usernames and passwords
for database lookups.
-bv is used; to test verification for a sender address, -bvs
should be used.
If the -v option is not set, the output consists of a single
line for each address, stating whether it was verified or
not, and giving a reason in the latter case. Without -v, gen-
erating more than one address by redirection causes verifica-
tion to end successfully, without considering the generated
addresses. However, if just one address is generated, pro-
cessing continues, and the generated address must verify suc-
cessfully for the overall verification to succeed.
When -v is set, more details are given of how the address has
been handled, and in the case of address redirection, all the
generated addresses are also considered. Verification may
succeed for some and fail for others.
The return code is 2 if any address failed outright; it is 1
if no address failed outright but at least one could not be
resolved for some reason. Return code 0 is given only when
all addresses succeed.
If any of the routers in the configuration makes any tests on
the sender address of a message, you should use the -f option
to set an appropriate sender when running -bv tests. Without
it, the sender is assumed to be the calling user at the
default qualifying domain.
-bvs This option acts like -bv, but verifies the address as a
sender rather than a recipient address. This affects any
rewriting and qualification that might happen.
-C <filelist>
This option causes Exim to find the run time configuration
file from the given list instead of from the list specified
by the CONFIGURE_FILE compile-time setting. Usually, the list
will consist of just a single file name, but it can be a
colon-separated list of names. In this case, the first file
that exists is used. Failure to open an existing file stops
Exim from proceeding any further along the list, and an error
is generated.
When this option is used by a caller other than root or the
Exim user, and the list is different from the compiled-in
list, Exim gives up its root privilege immediately, and runs
with the real and effective uid and gid set to those of the
caller. However, if ALT_CONFIG_ROOT_ONLY is defined in
Local/Makefile, root privilege is retained for -C only if the
caller of Exim is root.
That is, the Exim user is no longer privileged in this
regard. This build-time option is not set by default in the
Exim source distribution tarbundle. However, if you are
using a "packaged" version of Exim (source or binary), the
If ALT_CONFIG_PREFIX is defined in Local/Makefile, it speci-
fies a prefix string with which any file named in a -C com-
mand line option must start. In addition, the file name must
not contain the sequence /../. However, if the value of the
-C option is identical to the value of CONFIGURE_FILE in
Local/Makefile, Exim ignores -C and proceeds as usual. There
is no default setting for ALT_CONFIG_PREFIX; when it is
unset, any file name can be used with -C.
ALT_CONFIG_PREFIX can be used to confine alternative configu-
ration files to a directory to which only root has access.
This prevents someone who has broken into the Exim account
from running a privileged Exim with an arbitrary configura-
tion file.
The -C facility is useful for ensuring that configuration
files are syntactically correct, but cannot be used for test
deliveries, unless the caller is privileged, or unless it is
an exotic configuration that does not require privilege. No
check is made on the owner or group of the files specified by
this option.
-D<macro>=<value>
This option can be used to override macro definitions in the
configuration file. However, like -C, if it is used by an
unprivileged caller, it causes Exim to give up its root priv-
ilege. If DISABLE_D_OPTION is defined in Local/Makefile, the
use of -D is completely disabled, and its use causes an imme-
diate error exit.
The entire option (including equals sign if present) must all
be within one command line item. -D can be used to set the
value of a macro to the empty string, in which case the
equals sign is optional. These two commands are synonymous:
exim4 -DABC ...
exim4 -DABC= ...
To include spaces in a macro definition item, quotes must be
used. If you use quotes, spaces are permitted around the
macro name and the equals sign. For example:
exim4 '-D ABC = something' ...
-D may be repeated up to 10 times on a command line.
-d<debug options>
This option causes debugging information to be written to the
standard error stream. It is restricted to admin users
because debugging output may show database queries that con-
tain password information. Also, the details of users' filter
files should be protected. If a non-admin user uses -d, Exim
writes an error message to the standard error stream and
exits with a non-zero return code.
acl ACL interpretation
auth authenticators
deliver general delivery logic
dns DNS lookups (see also resolver)
dnsbl DNS black list (aka RBL) code
exec arguments for execv() calls
expand detailed debugging for string expansions
filter filter handling
hints_lookup hints data lookups
host_lookup all types of name-to-IP address handling
ident ident lookup
interface lists of local interfaces
lists matching things in lists
load system load checks
local_scan can be used by local_scan()
lookup general lookup code and all lookups
memory memory handling
pid add pid to debug output lines
process_info setting info for the process log
queue_run queue runs
receive general message reception logic
resolver turn on the DNS resolver's debugging output
retry retry handling
rewrite address rewriting
route address routing
timestamp add timestamp to debug output lines
tls TLS logic
transport transports
uid changes of uid/gid and looking up uid/gid
verify address verification logic
all almost all of the above (see below), and
also -v
The all option excludes memory when used as +all, but
includes it for -all. The reason for this is that +all is
something that people tend to use when generating debug out-
put for Exim maintainers. If +memory is included, an awful
lot of output that is very rarely of interest is generated,
so it now has to be explicitly requested. However, -all does
turn everything off.
The resolver option produces output only if the DNS resolver
was compiled with DEBUG enabled. This is not the case in some
operating systems. Also, unfortunately, debugging output from
the DNS resolver is written to stdout rather than stderr.
The default (-d with no argument) omits expand, filter,
interface, load, memory, pid, resolver, and timestamp. How-
ever, the pid selector is forced when debugging is turned on
for a daemon, which then passes it on to any re-executed
Exims. Exim also automatically adds the pid to debug lines
when several remote deliveries are run in parallel.
The timestamp selector causes the current time to be inserted
-dropcr This is an obsolete option that is now a no-op. It used to
affect the way Exim handled CR and LF characters in incoming
messages.
-E This option specifies that an incoming message is a
locally-generated delivery failure report. It is used inter-
nally by Exim when handling delivery failures and is not
intended for external use. Its only effect is to stop Exim
generating certain messages to the postmaster, as otherwise
message cascades could occur in some situations. As part of
the same option, a message id may follow the characters -E.
If it does, the log entry for the receipt of the new message
contains the id, following "R=", as a cross-reference.
-ex There are a number of Sendmail options starting with -oe
which seem to be called by various programs without the lead-
ing o in the option. For example, the vacation program uses
-eq. Exim treats all options of the form -ex as synonymous
with the corresponding -oex options.
-F <string>
This option sets the sender's full name for use when a
locally-generated message is being accepted. In the absence
of this option, the user's gecos entry from the password data
is used. As users are generally permitted to alter their
gecos entries, no security considerations are involved. White
space between -F and the <string> is optional.
-f <address>
This option sets the address of the envelope sender of a
locally-generated message (also known as the return path).
The option can normally be used only by a trusted user, but
untrusted_set_sender can be set to allow untrusted users to
use it.
Processes running as root or the Exim user are always
trusted. Other trusted users are defined by the trusted_users
or trusted_groups options. In the absence of -f, or if the
caller is not trusted, the sender of a local message is set
to the caller's login name at the default qualify domain.
There is one exception to the restriction on the use of -f:
an empty sender can be specified by any user, trusted or not,
to create a message that can never provoke a bounce. An empty
sender can be specified either as an empty string, or as a
pair of angle brackets with nothing between them, as in these
examples of shell commands:
exim4 -f '<>' user@domain
exim4 -f "" user@domain
In addition, the use of -f is not restricted when testing a
filter file with -bf or when testing or verifying addresses
sage - see the description of -bm above - but if -f is also
present, it overrides "From ".
-G This is a Sendmail option which is ignored by Exim.
-h <number>
This option is accepted for compatibility with Sendmail, but
has no effect. (In Sendmail it overrides the "hop count"
obtained by counting Received: headers.)
-i This option, which has the same effect as -oi, specifies that
a dot on a line by itself should not terminate an incoming,
non-SMTP message. I can find no documentation for this option
in Solaris 2.4 Sendmail, but the mailx command in Solaris 2.4
uses it. See also -ti.
-M <message id> <message id> ...
This option requests Exim to run a delivery attempt on each
message in turn. If any of the messages are frozen, they are
automatically thawed before the delivery attempt. The set-
tings of queue_domains, queue_smtp_domains, and hold_domains
are ignored.
Retry hints for any of the addresses are overridden - Exim
tries to deliver even if the normal retry time has not yet
been reached. This option requires the caller to be an admin
user. However, there is an option called prod_requires_admin
which can be set false to relax this restriction (and also
the same requirement for the -q, -R, and -S options).
The deliveries happen synchronously, that is, the original
Exim process does not terminate until all the delivery
attempts have finished. No output is produced unless there is
a serious error. If you want to see what is happening, use
the -v option as well, or inspect Exim's main log.
-Mar <message id> <address> <address> ...
This option requests Exim to add the addresses to the list of
recipients of the message ("ar" for "add recipients"). The
first argument must be a message id, and the remaining ones
must be email addresses. However, if the message is active
(in the middle of a delivery attempt), it is not altered.
This option can be used only by an admin user.
-MC <transport> <hostname> <sequence number> <message id>
This option is not intended for use by external callers. It
is used internally by Exim to invoke another instance of
itself to deliver a waiting message using an existing SMTP
connection, which is passed as the standard input. This must
be the final option, and the caller must be root or the Exim
user in order to use it.
-MCA This option is not intended for use by external callers. It
is used internally by Exim in conjunction with the -MC
passes on the process id of the queue runner, together with
the file descriptor number of an open pipe. Closure of the
pipe signals the final completion of the sequence of pro-
cesses that are passing messages through the same SMTP con-
nection.
-MCS This option is not intended for use by external callers. It
is used internally by Exim in conjunction with the -MC
option, and passes on the fact that the SMTP SIZE option
should be used on messages delivered down the existing con-
nection.
-MCT This option is not intended for use by external callers. It
is used internally by Exim in conjunction with the -MC
option, and passes on the fact that the host to which Exim is
connected supports TLS encryption.
-Mc <message id> <message id> ...
This option requests Exim to run a delivery attempt on each
message in turn, but unlike the -M option, it does check for
retry hints, and respects any that are found. This option is
not very useful to external callers. It is provided mainly
for internal use by Exim when it needs to re-invoke itself in
order to regain root privilege for a delivery. However, -Mc
can be useful when testing, in order to run a delivery that
respects retry times and other options such as hold_domains
that are overridden when -M is used. Such a delivery does not
count as a queue run. If you want to run a specific delivery
as if in a queue run, you should use -q with a message id
argument. A distinction between queue run deliveries and
other deliveries is made in one or two places.
-Mes <message id> <address>
This option requests Exim to change the sender address in the
message to the given address, which must be a fully qualified
address or "<>" ("es" for "edit sender"). There must be
exactly two arguments. The first argument must be a message
id, and the second one an email address. However, if the mes-
sage is active (in the middle of a delivery attempt), its
status is not altered. This option can be used only by an
admin user.
-Mf <message id> <message id> ...
This option requests Exim to mark each listed message as
"frozen". This prevents any delivery attempts taking place
until the message is "thawed", either manually or as a result
of the auto_thaw configuration option. However, if any of
the messages are active (in the middle of a delivery
attempt), their status is not altered. This option can be
used only by an admin user.
-Mg <message id> <message id> ...
This option requests Exim to give up trying to deliver the
listed messages, including any that are frozen. However, if
-Mmd <message id> <address> <address> ...
This option requests Exim to mark the given addresses as
already delivered ("md" for "mark delivered"). The first
argument must be a message id, and the remaining ones must be
email addresses. These are matched to recipient addresses in
the message in a case-sensitive manner. If the message is
active (in the middle of a delivery attempt), its status is
not altered. This option can be used only by an admin user.
-Mrm <message id> <message id> ...
This option requests Exim to remove the given messages from
the queue. No bounce messages are sent; each message is sim-
ply forgotten. However, if any of the messages are active,
their status is not altered. This option can be used only by
an admin user or by the user who originally caused the mes-
sage to be placed on the queue.
-Mset <message id>
This option is useful only in conjunction with -be (that is,
when testing string expansions). Exim loads the given message
from its spool before doing the test expansions, thus setting
message-specific variables such as $message_size and the
header variables. The $recipients variable is made available.
This feature is provided to make it easier to test expansions
that make use of these variables. However, this option can be
used only by an admin user. See also -bem.
-Mt <message id> <message id> ...
This option requests Exim to "thaw" any of the listed mes-
sages that are "frozen", so that delivery attempts can
resume. However, if any of the messages are active, their
status is not altered. This option can be used only by an
admin user.
-Mvb <message id>
This option causes the contents of the message body (-D)
spool file to be written to the standard output. This option
can be used only by an admin user.
-Mvc <message id>
This option causes a copy of the complete message (header
lines plus body) to be written to the standard output in RFC
2822 format. This option can be used only by an admin user.
-Mvh <message id>
This option causes the contents of the message headers (-H)
spool file to be written to the standard output. This option
can be used only by an admin user.
-Mvl <message id>
This option causes the contents of the message log spool file
to be written to the standard output. This option can be used
only by an admin user.
Because -N discards any message to which it applies, only
root or the Exim user are allowed to use it with -bd, -q, -R
or -M. In other words, an ordinary user can use it only when
supplying an incoming message to which it will apply.
Although transportation never fails when -N is set, an
address may be deferred because of a configuration problem on
a transport, or a routing problem. Once -N has been used for
a delivery attempt, it sticks to the message, and applies to
any subsequent delivery attempts that may happen for that
message.
-n This option is interpreted by Sendmail to mean "no aliasing".
It is ignored by Exim.
-O <data> This option is interpreted by Sendmail to mean set option. It
is ignored by Exim.
-oA <file name>
This option is used by Sendmail in conjunction with -bi to
specify an alternative alias file name. Exim handles -bi dif-
ferently; see the description above.
-oB <n> This is a debugging option which limits the maximum number of
messages that can be delivered down one SMTP connection,
overriding the value set in any smtp transport. If <n> is
omitted, the limit is set to 1.
-odb This option applies to all modes in which Exim accepts incom-
ing messages, including the listening daemon. It requests
"background" delivery of such messages, which means that the
accepting process automatically starts a delivery process for
each message received, but does not wait for the delivery
processes to finish.
When all the messages have been received, the reception
process exits, leaving the delivery processes to finish in
their own time. The standard output and error streams are
closed at the start of each delivery process. This is the
default action if none of the -od options are present.
If one of the queueing options in the configuration file
(queue_only or queue_only_file, for example) is in effect,
-odb overrides it if queue_only_override is set true, which
is the default setting. If queue_only_override is set false,
-odb has no effect.
-odf This option requests "foreground" (synchronous) delivery when
Exim has accepted a locally-generated message. (For the dae-
mon it is exactly the same as -odb.) A delivery process is
automatically started to deliver the message, and Exim waits
for it to complete before proceeding.
The original Exim reception process does not finish until the
delivery process for the final message has ended. The stan-
-odq This option applies to all modes in which Exim accepts incom-
ing messages, including the listening daemon. It specifies
that the accepting process should not automatically start a
delivery process for each message received. Messages are
placed on the queue, and remain there until a subsequent
queue runner process encounters them. There are several con-
figuration options (such as queue_only) that can be used to
queue incoming messages under certain conditions. This option
overrides all of them and also -odqs. It always forces queue-
ing.
-odqs This option is a hybrid between -odb/-odi and -odq. However,
like -odb and -odi, this option has no effect if
queue_only_override is false and one of the queueing options
in the configuration file is in effect.
When -odqs does operate, a delivery process is started for
each incoming message, in the background by default, but in
the foreground if -odi is also present. The recipient
addresses are routed, and local deliveries are done in the
normal way. However, if any SMTP deliveries are required,
they are not done at this time, so the message remains on the
queue until a subsequent queue runner process encounters it.
Because routing was done, Exim knows which messages are wait-
ing for which hosts, and so a number of messages for the same
host can be sent in a single SMTP connection. The
queue_smtp_domains configuration option has the same effect
for specific domains. See also the -qq option.
-oee If an error is detected while a non-SMTP message is being
received (for example, a malformed address), the error is
reported to the sender in a mail message.
Provided this error message is successfully sent, the Exim
receiving process exits with a return code of zero. If not,
the return code is 2 if the problem is that the original mes-
sage has no recipients, or 1 any other error. This is the
default -oex option if Exim is called as rmail.
-oem This is the same as -oee, except that Exim always exits with
a non-zero return code, whether or not the error message was
successfully sent. This is the default -oex option, unless
Exim is called as rmail.
-oep If an error is detected while a non-SMTP message is being
received, the error is reported by writing a message to the
standard error file (stderr). The return code is 1 for all
errors.
-oeq This option is supported for compatibility with Sendmail, but
has the same effect as -oep.
-oew This option is supported for compatibility with Sendmail, but
A number of options starting with -oM can be used to set val-
ues associated with remote hosts on locally-submitted mes-
sages (that is, messages not received over TCP/IP). These
options can be used by any caller in conjunction with the
-bh, -be, -bf, -bF, -bt, or -bv testing options. In other
circumstances, they are ignored unless the caller is trusted.
The -oMa option sets the sender host address. This may
include a port number at the end, after a full stop (period).
For example:
exim4 -bs -oMa 10.9.8.7.1234
An alternative syntax is to enclose the IP address in square
brackets, followed by a colon and the port number:
exim4 -bs -oMa [10.9.8.7]:1234
The IP address is placed in the $sender_host_address vari-
able, and the port, if present, in $sender_host_port. If both
-oMa and -bh are present on the command line, the sender host
IP address is taken from whichever one is last.
-oMaa <name>
See -oMa above for general remarks about the -oM options. The
-oMaa option sets the value of $sender_host_authenticated
(the authenticator name). This option can be used with -bh
and -bs to set up an authenticated SMTP session without actu-
ally using the SMTP AUTH command.
-oMai <string>
See -oMa above for general remarks about the -oM options. The
-oMai option sets the value of $authenticated_id (the id that
was authenticated). This overrides the default value (the
caller's login id, except with -bh, where there is no
default) for messages from local sources.
-oMas <address>
See -oMa above for general remarks about the -oM options. The
-oMas option sets the authenticated sender value in $authen-
ticated_sender. It overrides the sender address that is cre-
ated from the caller's login id for messages from local
sources, except when -bh is used, when there is no default.
For both -bh and -bs, an authenticated sender that is speci-
fied on a MAIL command overrides this value.
-oMi <interface address>
See -oMa above for general remarks about the -oM options. The
-oMi option sets the IP interface address value. A port num-
ber may be included, using the same syntax as for -oMa. The
interface address is placed in $received_ip_address and the
port number, if present, in $received_port.
-oMr <protocol name>
When this option is present, Exim does not attempt to look up
a host name from an IP address; it uses the name it is given.
-oMt <ident string>
See -oMa above for general remarks about the -oM options. The
-oMt option sets the sender ident value in $sender_ident. The
default setting for local callers is the login id of the
calling process, except when -bh is used, when there is no
default.
-om In Sendmail, this option means "me too", indicating that the
sender of a message should receive a copy of the message if
the sender appears in an alias expansion. Exim always does
this, so the option does nothing.
-oo This option is ignored. In Sendmail it specifies "old style
headers", whatever that means.
-oP <path>
This option is useful only in conjunction with -bd or -q with
a time value. The option specifies the file to which the
process id of the daemon is written. When -oX is used with
-bd, or when -q with a time is used without -bd, this is the
only way of causing Exim to write a pid file, because in
those cases, the normal pid file is not used.
-or <time>
This option sets a timeout value for incoming non-SMTP mes-
sages. If it is not set, Exim will wait forever for the stan-
dard input. The value can also be set by the receive_timeout
option.
-os <time>
This option sets a timeout value for incoming SMTP messages.
The timeout applies to each SMTP command and block of data.
The value can also be set by the smtp_receive_timeout option;
it defaults to 5 minutes.
-ov This option has exactly the same effect as -v.
-oX <number or string>
This option is relevant only when the -bd (start listening
daemon) option is also given. It controls which ports and
interfaces the daemon uses. When -oX is used to start a dae-
mon, no pid file is written unless -oP is also present to
specify a pid file name.
-pd This option applies when an embedded Perl interpreter is
linked with Exim. It overrides the setting of the
perl_at_start option, forcing the starting of the interpreter
to be delayed until it is needed.
-ps This option applies when an embedded Perl interpreter is
linked with Exim. It overrides the setting of the
Perl. It is therefore impossible to set a protocol value of p
or s using this option (but that does not seem a real limita-
tion).
-q This option is normally restricted to admin users. However,
there is a configuration option called prod_requires_admin
which can be set false to relax this restriction (and also
the same requirement for the -M, -R, and -S options).
The -q option starts one queue runner process. This scans the
queue of waiting messages, and runs a delivery process for
each one in turn. It waits for each delivery process to fin-
ish before starting the next one. A delivery process may not
actually do any deliveries if the retry times for the
addresses have not been reached. Use -qf (see below) if you
want to override this.
If the delivery process spawns other processes to deliver
other messages down passed SMTP connections, the queue runner
waits for these to finish before proceeding.
When all the queued messages have been considered, the origi-
nal queue runner process terminates. In other words, a single
pass is made over the waiting mail, one message at a time.
Use -q with a time (see below) if you want this to be
repeated periodically.
Exim processes the waiting messages in an unpredictable
order. It isn't very random, but it is likely to be different
each time, which is all that matters. If one particular mes-
sage screws up a remote MTA, other messages to the same MTA
have a chance of getting through if they get tried first.
It is possible to cause the messages to be processed in lexi-
cal message id order, which is essentially the order in which
they arrived, by setting the queue_run_in_order option, but
this is not recommended for normal use.
-q<qflags>
The -q option may be followed by one or more flag letters
that change its behaviour. They are all optional, but if more
than one is present, they must appear in the correct order.
Each flag is described in a separate item below.
-qq... An option starting with -qq requests a two-stage queue run.
In the first stage, the queue is scanned as if the
queue_smtp_domains option matched every domain. Addresses are
routed, local deliveries happen, but no remote transports are
run.
The hints database that remembers which messages are waiting
for specific hosts is updated, as if delivery to those hosts
had been deferred. After this is complete, a second, normal
queue scan happens, with routing and delivery taking place as
-q[q][i]f...
If one f flag is present, a delivery attempt is forced for
each non-frozen message, whereas without f only those
non-frozen addresses that have passed their retry times are
tried.
-q[q][i]ff...
If ff is present, a delivery attempt is forced for every mes-
sage, whether frozen or not.
-q[q][i][f[f]]l
The l (the letter "ell") flag specifies that only local
deliveries are to be done. If a message requires any remote
deliveries, it remains on the queue for later delivery.
-q<qflags> <start id> <end id>
When scanning the queue, Exim can be made to skip over mes-
sages whose ids are lexically less than a given value by fol-
lowing the -q option with a starting message id. For example:
exim4 -q 0t5C6f-0000c8-00
Messages that arrived earlier than 0t5C6f-0000c8-00 are not
inspected. If a second message id is given, messages whose
ids are lexically greater than it are also skipped. If the
same id is given twice, for example,
exim4 -q 0t5C6f-0000c8-00 0t5C6f-0000c8-00
just one delivery process is started, for that message. This
differs from -M in that retry data is respected, and it also
differs from -Mc in that it counts as a delivery from a queue
run. Note that the selection mechanism does not affect the
order in which the messages are scanned. There are also other
ways of selecting specific sets of messages for delivery in a
queue run - see -R and -S.
-q<qflags><time>
When a time value is present, the -q option causes Exim to
run as a daemon, starting a queue runner process at intervals
specified by the given time value. This form of the -q option
is commonly combined with the -bd option, in which case a
single daemon process handles both functions. A common way of
starting up a combined daemon at system boot time is to use a
command such as
/usr/exim/bin/exim4 -bd -q30m
Such a daemon listens for incoming SMTP calls, and also
starts a queue runner process every 30 minutes.
When a daemon is started by -q with a time value, but without
-bd, no pid file is written unless one is explicitly
requested by the -oP option.
White space is required if <rsflags> is not empty.
This option is similar to -q with no time value, that is, it
causes Exim to perform a single queue run, except that, when
scanning the messages on the queue, Exim processes only those
that have at least one undelivered recipient address contain-
ing the given string, which is checked in a case-independent
way. If the <rsflags> start with r, <string> is interpreted
as a regular expression; otherwise it is a literal string.
If you want to do periodic queue runs for messages with spe-
cific recipients, you can combine -R with -q and a time
value. For example:
exim -q25m -R @special.domain.example
This example does a queue run for messages with recipients in
the given domain every 25 minutes. Any additional flags that
are specified with -q are applied to each queue run.
Once a message is selected for delivery by this mechanism,
all its addresses are processed. For the first selected mes-
sage, Exim overrides any retry information and forces a
delivery attempt for each undelivered address. This means
that if delivery of any address in the first message is suc-
cessful, any existing retry information is deleted, and so
delivery attempts for that address in subsequently selected
messages (which are processed without forcing) will run. How-
ever, if delivery of any address does not succeed, the retry
information is updated, and in subsequently selected mes-
sages, the failing address will be skipped.
If the <rsflags> contain f or ff, the delivery forcing
applies to all selected messages, not just the first; frozen
messages are included when ff is present.
The -R option makes it straightforward to initiate delivery
of all messages to a given domain after a host has been down
for some time. When the SMTP command ETRN is accepted by its
ACL, its default effect is to run Exim with the -R option,
but it can be configured to run an arbitrary command instead.
-r This is a documented (for Sendmail) obsolete alternative name
for -f.
-S<rsflags> <string>
This option acts like -R except that it checks the string
against each message's sender instead of against the recipi-
ents. If -R is also set, both conditions must be met for a
message to be selected. If either of the options has f or ff
in its flags, the associated action is taken.
-Tqt <times>
This an option that is exclusively for use by the Exim test-
which the message is not to be delivered. That is, the argu-
ment addresses are removed from the recipients list obtained
from the headers. This is compatible with Smail 3 and in
accordance with the documented behaviour of several versions
of Sendmail, as described in man pages on a number of operat-
ing systems (e.g. Solaris 8, IRIX 6.5, HP-UX 11). However,
some versions of Sendmail add argument addresses to those
obtained from the headers, and the O'Reilly Sendmail book
documents it that way. Exim can be made to add argument
addresses instead of subtracting them by setting the option
extract_addresses_remove_arguments false.
If there are any Resent- header lines in the message, Exim
extracts recipients from all Resent-To:, Resent-Cc:, and
Resent-Bcc: header lines instead of from To:, Cc:, and Bcc:.
This is for compatibility with Sendmail and other MTAs.
(Prior to release 4.20, Exim gave an error if -t was used in
conjunction with Resent- header lines.)
RFC 2822 talks about different sets of Resent- header lines
(for when a message is resent several times). The RFC also
specifies that they should be added at the front of the mes-
sage, and separated by Received: lines. It is not at all
clear how -t should operate in the present of multiple sets,
nor indeed exactly what constitutes a "set". In practice, it
seems that MUAs do not follow the RFC. The Resent- lines are
often added at the end of the header, and if a message is
resent more than once, it is common for the original set of
Resent- headers to be renamed as X-Resent- when a new set is
added. This removes any possible ambiguity.
-ti This option is exactly equivalent to -t -i. It is provided
for compatibility with Sendmail.
-tls-on-connect
This option is available when Exim is compiled with TLS sup-
port. It forces all incoming SMTP connections to behave as if
the incoming port is listed in the tls_on_connect_ports
option.
-U Sendmail uses this option for "initial message submission",
and its documentation states that in future releases, it may
complain about syntactically invalid messages rather than
fixing them when this flag is not set. Exim ignores this
option.
-v This option causes Exim to write information to the standard
error stream, describing what it is doing. In particular, it
shows the log lines for receiving and delivering a message,
and if an SMTP connection is made, the SMTP dialogue is
shown. Some of the log lines shown may not actually be writ-
ten to the log if the setting of log_selector discards them.
Any relevant selectors are shown with each log line. If none
are shown, the logging is unconditional.
/usr/share/doc/exim4-base/README.Debian.[gz|html].
The full Exim specification, the Exim book, and the Exim wiki.
AUTHOR
This manual page was provided with the upstream Exim source package.
It was enhanced for the Debian GNU/Linux system.
EXIM4(8)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2012
Hurricane Electric.
All Rights Reserved.