This file is indexed.

/usr/share/doc/exim4-base/README.Debian.html is in exim4-base 4.76-3ubuntu3.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Exim 4 for Debian</title><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="article" title="Exim 4 for Debian"><div class="titlepage"><div><div><h2 class="title"><a name="idm25148176"></a>Exim 4 for Debian</h2></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="section"><a href="#idp235264">1. Introduction</a></span></dt><dd><dl><dt><span class="section"><a href="#idp236464">1.1. How to find your way around the Documentation</a></span></dt><dt><span class="section"><a href="#idp67312">1.2. Getting Support</a></span></dt><dt><span class="section"><a href="#idp143616">1.3. Packaging</a></span></dt></dl></dd><dt><span class="section"><a href="#idp159232">2. Configuration of Exim 4 in the Debian packages</a></span></dt><dd><dl><dt><span class="section"><a href="#idp3788192">2.1. The Configuration System</a></span></dt><dt><span class="section"><a href="#TLS">2.2. Using TLS</a></span></dt><dt><span class="section"><a href="#smtp-auth">2.3. SMTP-AUTH</a></span></dt><dt><span class="section"><a href="#idp5631552">2.4. How the Exim daemon is started</a></span></dt><dt><span class="section"><a href="#idp5636624">2.5. Miscellaneous packaging issues</a></span></dt><dt><span class="section"><a href="#idp5650624">2.6. Using Exim with inetd/xinetd</a></span></dt><dt><span class="section"><a href="#idp5665344">2.7. Handling incoming mail for local accounts with low UID</a></span></dt><dt><span class="section"><a href="#idp5669936">2.8. How to bypass local routing specialities</a></span></dt><dt><span class="section"><a href="#idp5672896">2.9. Using more complex deliveries from alias files</a></span></dt><dt><span class="section"><a href="#idp5683920">2.10. Putting Exim 4 and UUCP together</a></span></dt></dl></dd><dt><span class="section"><a href="#idp5704960">3. Updating from Exim 3</a></span></dt><dt><span class="section"><a href="#idp5716768">4. Misc Notes</a></span></dt><dd><dl><dt><span class="section"><a href="#idp5717408">4.1. PAM</a></span></dt><dt><span class="section"><a href="#idp5720272">4.2. Account name restrictions</a></span></dt><dt><span class="section"><a href="#idp5722416">4.3. No deliveries to root!</a></span></dt><dt><span class="section"><a href="#idp5725744">4.4. Debugging maintainer and init scripts</a></span></dt><dt><span class="section"><a href="#idp5728064">4.5. SELinux</a></span></dt><dt><span class="section"><a href="#idp5730048">4.6. misc</a></span></dt></dl></dd><dt><span class="section"><a href="#idp5737584">5. Debian modifications to the Exim source</a></span></dt><dt><span class="section"><a href="#idp5751664">6. Credits</a></span></dt></dl></div><div class="section" title="1. Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp235264"></a>1. Introduction</h2></div></div></div><p>
      If you're reading this, you have found the README.Debian
      file. This is good, thanks! Please continue reading this file in
      its entirety. It is full of important information and has been
      written with the questions in mind that keep popping up on the
      mailing lists.
    </p><div class="section" title="1.1. How to find your way around the Documentation"><div class="titlepage"><div><div><h3 class="title"><a name="idp236464"></a>1.1. How to find your way around the Documentation</h3></div></div></div><p>
        Exim comes with very extensive documentation. Here is how to
        find it.
     	</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">
	      A lot of information about Debian's Exim 4
              packaging can be found in this document.
            </li><li class="listitem">
	      The packages contain a lot of Debian-specific man pages.
              Use the <span class="command"><strong>apropos exim</strong></span> command to get a list.
            </li><li class="listitem">
	      Most files that control the default configuration are
	      documented in the exim4-config_files(5) man page, which
	      is symlinked to the file names. man &lt;filename&gt; should
	      lead you to the page.
            </li><li class="listitem">
              The Debian Exim 4 packages have their own
	      <a class="ulink" href="http://pkg-exim4.alioth.debian.org" target="_top">
	        Home Page
	      </a> which also links to a User FAQ.
	    </li><li class="listitem"><p>
	      The very extensive Upstream documentation is shipped
	      </p><div class="orderedlist"><ol class="orderedlist" type="a"><li class="listitem">
		    in text form
	            (<code class="filename">/usr/share/doc/exim4-base/spec.txt.gz</code>)
	            with the binary packages.
		  </li><li class="listitem">
		    in HTML in the package
		    <code class="filename">exim4-doc-html</code>
		  </li><li class="listitem">
		    as a Texinfo file in the package
                    <code class="filename">exim4-doc-info</code>
		  </li></ol></div><p>
	    </p></li></ol></div><p>
      </p><p>
        Please note that documentation found on the web or in other
	parts of the Debian system (such as the Debian Reference)
	might be outdated and thus give wrong advice. In doubt, the
	documentation listed above should take precedence.
      </p></div><div class="section" title="1.2. Getting Support"><div class="titlepage"><div><div><h3 class="title"><a name="idp67312"></a>1.2. Getting Support</h3></div></div></div><p>
	For your questions and comments, there is a <a class="ulink" href="http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users" target="_top">
	Debian-specific mailing	list</a>. Please ask Debian-specific
	questions there, and only write to the upstream exim-users mailing
	list if
	you are sure that your question is not Debian-specific. 
	Debian-specific questions are more likely to find answers on
	our pkg-exim4-users mailing list, while complex custom
	configuration issues might be more easily solved on the
	upstream exim-users mailing list because of the broader and
	more experienced audience there. You can subscribe to
	pkg-exim4-users <a class="ulink" href="http://lists.alioth.debian.org/mailman/listinfo/pkg-exim4-users" target="_top">
	  via the subscription web page;</a> you need to be
        subscribed to post.
      </p><p>
        If you think that your question might be more easily answered
	if one knows a bit about your configuration, you might want to
	execute <span class="command"><strong>reportbug --subject="none" --offline --quiet
	--severity=wishlist --body="none" --output=exim4.reportbug
	exim4-config</strong></span> on the system in question, answer yes
        to both "include [extended] configuration" questions and include
	the contents of the exim4.reportbug file generated by this
	command with your question. Please check whether the file
	contains any confidential information before sending.
      </p></div><div class="section" title="1.3. Packaging"><div class="titlepage"><div><div><h3 class="title"><a name="idp143616"></a>1.3. Packaging</h3></div></div></div><p>
	Similar to the Apache2 package, Exim 4 is an entirely
	different package that does not currently offer a smooth
	upgrade path from Debian's Exim 3 packages.
      </p><p>
	It is the first Exim package in Debian that can be configured
	using debconf. However, the entire configuration framework is
	extremely flexible, allowing you to get exactly the amount of
	control you need for the job at hand.
      </p><p>
	The <a class="ulink" href="http://pkg-exim4.alioth.debian.org" target="_top">development web page</a> contains a lot of
	useful links and other information. The subversion repository
	of the Debian package is available for public read-only access
	and is linked from the development web page.
      </p><div class="section" title="1.3.1. Feature Sets in the daemon packages"><div class="titlepage"><div><div><h4 class="title"><a name="idp146976"></a>1.3.1. Feature Sets in the daemon packages</h4></div></div></div><p>
	  To use Exim 4, you need at least the following packages:
	  </p><div class="variablelist"><dl><dt><span class="term">exim4-base</span></dt><dd>support files for all Exim MTA (v4) packages</dd><dt><span class="term">exim4-config</span></dt><dd>configuration for the Exim MTA (v4)</dd><dt><span class="term">exim4-daemon-light</span></dt><dd>lightweight exim MTA (v4) daemon</dd></dl></div><p>
	</p><p>
	  Just apting the metapackage <span class="command"><strong>exim4</strong></span> will pull
	  in the other packages per dependency. You'll get an exim daemon
	  with minimal feature set (no external lookups).
	</p><p>
	  If you need more advanced features like LDAP, sqlite, PostgreSQL
	  and MySQL data lookups, SASL and SPA SMTP authentication, embedded
	  Perl interpreter, and exiscan-acl for integration of
	  virus-scanners and SpamAssassin, you can replace
	  <span class="command"><strong>exim4-daemon-heavy</strong></span> instead of
	  <span class="command"><strong>exim4-daemon-light</strong></span>. Additionally, the source
	  package offers infrastructure to build your own custom-tailored
	  exim4-daemon-custom which exactly fits your special local needs. 
	  The infrastructure to do so is already in place, see
	  debian/rules for instructions.
	</p></div><div class="section" title="1.3.2. How to build a custom daemon"><div class="titlepage"><div><div><h4 class="title"><a name="idp157088"></a>1.3.2. How to build a custom daemon</h4></div></div></div><p>
	  The process of building a custom daemon is partially
          documented in the <code class="filename">debian/rules</code> file
	  in the source package. Patches for more documentation are welcome.
	</p></div></div></div><div class="section" title="2. Configuration of Exim 4 in the Debian packages"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp159232"></a>2. Configuration of Exim 4 in the Debian packages</h2></div></div></div><p>
      Generally, the Debian Exim 4 packages are configured through
      debconf. You have been asked some questions on package installation,
      and your initial Exim configuration has been created from your
      answers. You can repeat the configuration process any time by invoking
      <span class="command"><strong>dpkg-reconfigure exim4-config</strong></span>. If you are an
      experienced Exim administrator and prefer to have your own,
      hand-crafted, non-automatic Exim configuration, you will find
      information about how to do so in
      <a class="xref" href="#completely-different-configuration" title="2.1.6. Using a completely different configuration scheme">Section 2.1.6, &#8220;Using a completely different configuration scheme&#8221;</a>.
    </p><p>
      The debconf-driven configuration is mainly geared for a
      one-domain shell account machine/workstation with local delivery
      as suggested by the original upstream default configuration.
      If you configure the packages to handle more than one local
      domain, all local domains are treated identically. The domain
      part is not used for routing and filtering decisions.
    </p><p>
      Despite the default configuration being extended somewhat from
      the original upstream, chances are that you'll need to
      manually change the Exim configuration with an editor if you intend to
      do something that is not covered by the debconf-driven configuration.
      It has never been the packages' intention to offer all possible
      configuration methods through debconf. The configuration files are
      there to be changed, feel free to do so if you see fit. The Debian
      Exim 4 maintainers have tried to make the configuration as flexible as
      possible so that manual intervention can be minimized.
    </p><p>
      If you need to make manual changes to the Exim configuration,
      please be familiar with how Exim works. At minimum, have read this
      README file and the manpages delivered with the Debian Exim 4
      packages, and <code class="filename">/usr/share/doc/exim4-base/spec.txt.gz</code>
      chapters 3 and 6. <code class="filename">spec.txt.gz</code> is an excellent
      reference.
    </p><p>
      Please note that while most free-form fields in the
      debconf-driven configuration have the entered string end up
      verbatim in Exim's configuration file (and thus using more
      advanced features like host, address and domain lists is possible
      and will probably work), this is not officially supported.
      Only plain lists are supported in the debconf dialogs. You may
      use more advanced features, but they may stop working any time
      during upgrades.
    </p><div class="section" title="2.1. The Configuration System"><div class="titlepage"><div><div><h3 class="title"><a name="idp3788192"></a>2.1. The Configuration System</h3></div></div></div><div class="section" title="2.1.1. The Debconf questions"><div class="titlepage"><div><div><h4 class="title"><a name="debconf-questions"></a>2.1.1. The Debconf questions</h4></div></div></div><p>
	      In this section, we try to document and explain the debconf
	      questions, which are themselves limited to a small screen of
	      information and might leave questions unanswered. Since you
	      can usually read this file only after having answered the 
	      questions, the process can always be repeated by invoking
	      <span class="command"><strong>dpkg-reconfigure exim4-config.</strong></span> 
	      <code class="filename">/etc/exim4/update-exim4.conf.conf</code>,
	      documented in the <span class="command"><strong>update-exim4.conf</strong></span>
	      manual page, is
	      a simple shell-script snippet used to store the answers
	      that you passed to debconf when initially configuring Exim.
	      You may also modify this file with an editor of your choice.
	      The package maintainer scripts can handle this and will
	      preserve your changes. 
	    </p><div class="section" title="2.1.1.1. General type of mail configuration"><div class="titlepage"><div><div><h5 class="title"><a name="idp2368608"></a>2.1.1.1. General type of mail configuration</h5></div></div></div><p>
                This is the main configuration question which will
		control which of the remaining questions are
		presented to you. It also controls things like daemon
		invocation and delivery of outgoing mail.
              </p><div class="section" title="2.1.1.1.1.  internet site; mail is sent and received directly using SMTP"><div class="titlepage"><div><div><h6 class="title"><a name="idp3246448"></a>2.1.1.1.1.  internet site; mail is sent and
	      received directly using SMTP</h6></div></div></div><p>
		    This option is suitable for a standalone system
		    with full internet connectivity.
		  </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
			    The Exim SMTP daemon will accept messages
			    to local domains, and deliver them locally.
                          </p></li><li class="listitem"><p>
			    Outgoing mail will be delivered directly
			    to the mail exchange servers of the
			    recipient domain
                          </p></li></ul></div></div><div class="section" title="2.1.1.1.2.  mail sent by smarthost; received via SMTP or fetchmail"><div class="titlepage"><div><div><h6 class="title"><a name="idp38080"></a>2.1.1.1.2.  mail sent by smarthost; received via
	      SMTP or fetchmail</h6></div></div></div><p>
		    This option is suitable for a standalone client system
		    which has restricted internet connectivity, for
		    example on a residential connection where an SMTP
		    smarthost is used. Some ISPs block outgoing SMTP
		    connections to combat the spam problem, thus
		    requiring the use of their smarthosts. It is
		    generally a good idea to use the ISPs smart host
		    if one is connected with a dynamic IP address
		    since quite a few sites do not accept mail
		    directly delivered from a dial-in pool.
		  </p><p>
		    fetchmail can be used to retrieve incoming mail
		    from the ISP's POP3 or IMAP mail server and
		    deliver it to Exim via SMTP.
		  </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
			    The Exim SMTP daemon will accept messages
			    to local domains, and deliver them locally.
                          </p></li><li class="listitem"><p>
			    Outgoing mail will always be delivered to
			    the smarthost configured in exim4.
                          </p></li></ul></div></div><div class="section" title="2.1.1.1.3. mail sent by smarthost; no local mail"><div class="titlepage"><div><div><h6 class="title"><a name="idp111168"></a>2.1.1.1.3. mail sent by smarthost; no local mail</h6></div></div></div><p>
		    This option is suitable for a client system in a
		    computer pool which is not responsible for a local
		    e-mail domain. All locally generated e-mail is
		    sent to the smarthost without any local domains.
		  </p></div><div class="section" title="2.1.1.1.4. local delivery only; not on a network"><div class="titlepage"><div><div><h6 class="title"><a name="idp112608"></a>2.1.1.1.4. local delivery only; not on a network</h6></div></div></div><p>
		    This option is suitable for a standalone system
		    with no networking at all. Only messages for configured
		    local domains are accepted and delivered locally;
		    messages for all other domains are rejected:
		    ``Mailing to remote domains not supported''.
		  </p></div><div class="section" title="2.1.1.1.5. no configuration at this time"><div class="titlepage"><div><div><h6 class="title"><a name="idp114096"></a>2.1.1.1.5. no configuration at this time</h6></div></div></div><p>
		    This option disables most of Debian's automatisms
		    and leaves exim in an unconfigured state.
		    update-exim4.conf will still copy
		    <code class="filename">/etc/exim4/exim4.conf.template</code>
		    or concatenate the files from
		    <code class="filename">/etc/exim4/conf.d,</code> and will
		    not generate any configuration control macros.
		    Unless you manually edit the configuration source,
		    this will leave Exim with a syntactically invalid
		    configuration file, thus in a state where the
		    daemon won't even start.
		  </p><p>
		    Only choose this option if you know what you're
		    doing and are prepared to create your own Exim
		    configuration.
		  </p><p>
		    dpkg-conffile handling is still in place, and you
		    will be offered updates for configuration
		    snippets, as soon as they become available.
		  </p></div></div><div class="section" title="2.1.1.2. System mail name"><div class="titlepage"><div><div><h5 class="title"><a name="idp5471744"></a>2.1.1.2. System mail name</h5></div></div></div><p>
	         The "mail name" is the domain name used to "qualify"
		 mail addresses without a domain name.
	      </p><p>
                 This name will also be used by other programs. It
		 should be the single, full domain name (FQDN).
	      </p><p>
                 For example, if a mail address on the local host is
		 foo@example.org, then the correct value for this
		 option would be example.org.
	      </p><p>
	        Exim, as a rule, handles only fully qualified mail
		addresses, that is, addresses with a local part, an @
		sign and a domain. If confronted with an unqualified
		address, that is, one without @ sign and without
       		domain, first thing exim does is qualify the address
		by adding the @ sign and a domain.
	      </p><p>
	        This qualification happens for all addresses exim
                encounters, be it sender, recipient or else.
              </p><p>
	        The domain name used to qualify unqualified mail addresses
		is called ``mail name'' on Debian systems and entered
                in this debconf dialog. What you enter here will end
		up in <code class="filename">/etc/mailname,</code> which is a
		file that might be used by other programs as well.
	      </p><p>
	        In some configuration types, the package configuration
		will offer you, at a later step, to hide this name 
		from outgoing messages by rewriting the headers.
	      </p></div><div class="section" title="2.1.1.3. IP addresses to listen on for incoming SMTP connections"><div class="titlepage"><div><div><h5 class="title"><a name="idp5477184"></a>2.1.1.3. IP addresses to listen on for incoming SMTP
	  connections</h5></div></div></div><p>
	        Please enter a semicolon-separated list of IP addresses.
	        The Exim SMTP listener daemon will listen on all IP
	        addresses listed here.
	      </p><p>
	        An empty value will cause Exim to listen for connections
	        on all available network interfaces.
	      </p><p>
	        If this system does only receive e-mail directly from
	        local services (and not from other hosts),
	        it is suggested to prohibit external connections to the
	        local Exim daemon. Such services include e-mail
                programs (MUSs) which talk to localhost only as well as
		fetchmail. External connections are impossible when
	        127.0.0.1 is entered here, as this will disable listening
		on public network interfaces.
	      </p><p>
	        Do not change this unless you know what you are doing.
		Altering this value could post a security risk to your
		system. For most users, the default value is sufficient.
	      </p></div><div class="section" title="2.1.1.4. Other destinations for which mail is accepted"><div class="titlepage"><div><div><h5 class="title"><a name="idp5480576"></a>2.1.1.4. Other destinations for which mail is accepted</h5></div></div></div><p>
	         Please enter a semicolon-separated list of recipient
		 domains for which this machine should consider itself
		 the final destination. These domains are commonly
                 called 'local domains'. The local hostname and 'localhost'
		 are always added to the list given here.
	      </p><p>
                 By  default  all  local    domains  will   be  treated
		 identically.  If   both a.example and  b.example   are
		 local  domains, acc@a.example   and acc@b.example will
		 be delivered to the  same final   destination.      If
		 different  domain names should be treated differently,
		 it is necessary to edit the config files afterwards.
	      </p><p>
	        The answer to this question ends up in the list of
		domains that Exim will consider local domains. Mail
		for recipients in one of these domains will be
		subject to local alias expansion and then delivered
		locally in the appropriate configuration types.
	      </p></div><div class="section" title="2.1.1.5. Domains to relay mail for"><div class="titlepage"><div><div><h5 class="title"><a name="idp5483488"></a>2.1.1.5. Domains to relay mail for</h5></div></div></div><p>
	        Please enter a semicolon-separated list of recipient
		domains for which this system will relay mail, for
		example as a fallback MX or mail gateway. This means
		that this system will accept mail for these domains
	        from anywhere on the Internet and deliver them
	        according to local delivery rules.
	      </p><p>
                Do not mention local domains here. Wildcards may be used.
	      </p><p>
                The answer to this question is a list of the domains
		for which Exim will relay messages coming in from anywhere
		on the Internet.
	      </p></div><div class="section" title="2.1.1.6. Machines to relay mail for"><div class="titlepage"><div><div><h5 class="title"><a name="idp5486032"></a>2.1.1.6. Machines to relay mail for</h5></div></div></div><p>
	         Please enter a semicolon-separated list of IP address
		 ranges for which this system will unconditionally relay
		 mail, functioning as a smarthost.
	      </p><p>
                 You should use the standard address/prefix format
		 (e.g. 194.222.242.0/24 or 5f03:1200:836f::/48).
	      </p><p>
                 If this system should not be a smarthost for any
		 other host, leave this list blank.
	      </p><p>
	        Please note that systems not listed here can still use
		SMTP AUTH to relay through this system. If this system
		only has clients on dynamic IP addresses that use SMTP
		AUTH, leave this list blank as well. Do
		<span class="emphasis"><em>NOT</em></span> list 0.0.0.0/0!
	      </p></div><div class="section" title="2.1.1.7. IP address or host name of the outgoing smarthost"><div class="titlepage"><div><div><h5 class="title"><a name="idp5489424"></a>2.1.1.7. IP address or host name of the outgoing
              smarthost</h5></div></div></div><p>
	        Please enter the IP address or the host name of a mail
		server that this system should use as outgoing
		smarthost. If the smarthost only accepts your mail on
		a port different from TCP/25, append two colons and
		the port number (for example smarthost.example::587 or
		192.168.254.254::2525). Colons in IPv6 addresses need
		to be doubled.
	      </p><p>
	        If the smarthost requires authentication, please refer
		to <a class="xref" href="#smtp-auth" title="2.3. SMTP-AUTH">Section 2.3, &#8220;SMTP-AUTH&#8221;</a> for notes about setting
		up SMTP authentication.
	      </p><p>
	        Multiple smarthost entries are permitted, semicolon
		separated. Each of the hosts is tried, in the order
		specified (See Exim specification, chapter 20.5).
	      </p></div><div class="section" title="2.1.1.8. Hide local mail name in outgoing mail"><div class="titlepage"><div><div><h5 class="title"><a name="idp5492656"></a>2.1.1.8. Hide local mail name in outgoing mail</h5></div></div></div><p>
	        The headers of outgoing mail can be rewritten to make
		it appear to have been generated on a different
		system, replacing the local host name in From,
		Reply-To, Sender and Return-Path.
              </p></div><div class="section" title="2.1.1.9. Visible domain name for local users"><div class="titlepage"><div><div><h5 class="title"><a name="idp5494032"></a>2.1.1.9. Visible domain name for local users</h5></div></div></div><p>
	        If you ask Exim to hide the local mail name in
		outgoing mail, it will next ask you for the domain
		name that should be visible for your local users.
		These information is then used to establish the
		appropriate rewriting rules.
              </p></div><div class="section" title="2.1.1.10. Keep number of DNS queries minimal (Dial-on-Demand)"><div class="titlepage"><div><div><h5 class="title"><a name="idp5495456"></a>2.1.1.10. Keep number of DNS queries minimal
              (Dial-on-Demand)</h5></div></div></div><p>
	         In normal mode of operation Exim does DNS lookups at
		 startup, and when receiving or delivering messages.
		 This is for logging purposes and allows keeping down
		 the number of hard-coded values in the configuration.
	      </p><p>
                 If this system does not have a DNS full service
		 resolver available at all times (for example if its
		 Internet access is a dial-up line using
		 dial-on-demand), this might have unwanted
		 consequences. For example, starting up Exim or
		 running the queue (even with no messages waiting)
		 might trigger a costly dial-up-event.
	      </p><p>
                 This option should be selected if this system is
		 using Dial-on-Demand. If it has always-on Internet
		 access, this option should be disabled.
	      </p></div><div class="section" title="2.1.1.11. Delivery method for local mail"><div class="titlepage"><div><div><h5 class="title"><a name="idp5498288"></a>2.1.1.11. Delivery method for local mail</h5></div></div></div><p>
	        Exim is able to store locally delivered mail in
		different formats. The most commonly used ones are
		mbox and Maildir. mbox uses a single file for the
		complete mail folder stored in /var/mail/. With
		Maildir format every single message is stored in a
		separate file in ~/Maildir/.
	      </p><p>
	        Please note that most mail tools in Debian expect the
		local delivery method to be mbox in their default.
	      </p></div><div class="section" title="2.1.1.12. Split configuration into small files"><div class="titlepage"><div><div><h5 class="title"><a name="idp5500160"></a>2.1.1.12. Split configuration into small files</h5></div></div></div><p>
	        Our packages offer two (actually three, see
		<a class="xref" href="#completely-different-configuration" title="2.1.6. Using a completely different configuration scheme">Section 2.1.6, &#8220;Using a completely different configuration scheme&#8221;</a>)
		possibilities:
              </p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">
		          Generate Exim's configuration from
			  <code class="filename">/etc/exim4/exim4.conf.template,</code>
			  which is basically a normal Exim run-time
			  configuration file which will be supplemented
			  with some macros generated from Debconf in a
			  post-processing step before it is passed to exim.
		      </li><li class="listitem">
			  Generate Exim's configuration from the
			  multiple files in
			  <code class="filename">/etc/exim4/conf.d/</code>. The
			  directories in
			  <code class="filename">/etc/exim4/conf.d/</code>
			  correspond to the sections of the Exim
			  run-time configuration file, so you should
			  easily find your way around there.
		      </li></ol></div><p>
	        Splitting the configuration across multiple files
		means that you have the actual configuration file
		automatically generated from the files below
		<code class="filename">/etc/exim4/conf.d/</code> by invoking
		<span class="command"><strong>update-exim4.conf</strong></span>. Each section
		of Exim's configuration has its own subdirectory and
		the files in there are supposed to be read in
		alphanumeric order.
		<code class="filename">router/00_exim4-config_header</code>
		is followed by
		<code class="filename">router/100_exim4-config_domain_literal</code>,
		...
              </p><p>
    	        If you chose unsplit configuration,
		<span class="command"><strong>update-exim4.conf</strong></span> builds the
		configuration from
		<code class="filename">/etc/exim4/exim4.conf.template</code>,
		which is basically the files from
		<code class="filename">/etc/exim4/conf.d/</code> concatenated
		together at package build time, and thus guarantees
		consistency on the target system.
              </p><p>
    	        In both cases, <span class="command"><strong>update-exim4.conf</strong></span>
		generates exim configuration macros from the debconf
		configuration values and puts them into
		the actual configuration file, which is then used by
		the Exim daemon. See the
		<span class="command"><strong>update-exim4.conf</strong></span> manual
		page for more in-depth information about this
		mechanism.
              </p><p>
    	        Benefits of the split configuration approach:
    		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
                          it means less work for you when upgrading.
			  If we shipped one big file and modified
			  for example the Maildir transport in a new
			  version you won't have to do manual
			  conffile merging unless you had changed
			  exactly <span class="emphasis"><em>this</em></span>
			  transport.
			</li><li class="listitem">
			  It allows other packages (e.g. sa-exim) to
			  modify Exim's configuration by dropping
			  files into
			  <code class="filename">/etc/exim4/conf.d</code>.
			  This needs, however quite exact syncing
			  between the exim4 packages and the other,
			  cooperating package.
			</li></ul></div><p>
	      </p><p>
		Drawbacks of the split configuration approach:
		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
			  It is more fragile. If files from
			  different sources (package, manually
			  changed, or other package) get out of
			  sync, it is possible for Exim to break
			  until you manually correct this. This can
			  for example happen if we decide to add a
			  new option to the Debian setup of a later
			  version, and you have already set this
			  option in a local file.
			</li></ul></div><p>
	      </p><p>
	        Benefits of the unsplit configuration approach:
		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
			  People familiar with configuring Exim may
			  find this approach easier to understand as
			  <code class="filename">exim4.conf.template</code>
			  basically is a complete Exim configuration
			  file which will only undergo some basic
			  string replacement before is it passed to
			  exim.
		        </li><li class="listitem">
			  Split-config's fragility mentioned
			  above does not occur.
			</li></ul></div><p>
	      </p><p>
	        Drawbacks of the unsplit configuration approach:
		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
			  Will require manual intervention in case of an
			  upgrade.
			</li></ul></div><p>
	      </p><p>
                If in doubt go for the unsplit config, because it is
		easier to roll back to Debian's default configuration
		in one step. If you intend to do many changes to the
		Debian setup, you might want to use the split config
		at the price of having to more closely examine the
		config file after an update.
	      </p><p>
	        We'd appreciate a patch that uses ucf and the
		3-way-merge mechanism offered by that package. It
		might be the best way to handle the big configuration
		file.
	      </p><p>
	        If you are using unsplit configuration, have local
		changes to <code class="filename">/etc/exim4/conf.d/</code>
		(either made by yourself or by other packages dropping
		their own routers or transports in) and want to
		re-generate
		<code class="filename">/etc/exim4/exim4.conf.template</code> to
		activate these changes, you can do so by using
		<span class="command"><strong>update-exim4.conf.template</strong></span>.
	      </p></div></div><div class="section" title="2.1.2. Access Control in the default configuration"><div class="titlepage"><div><div><h4 class="title"><a name="idp5529360"></a>2.1.2. Access Control in the default configuration</h4></div></div></div><p>
          The Debian exim 4 packages come with a default configuration
	  that allows flexible access control and blacklisting of
	  sites and hosts. The acls involved can be found in
	  /etc/exim4/conf.d/acl, or in /etc/exim4/exim4.conf.template,
	  depending on which configuration scheme you use. Most
	  rejections of messages due to this mechanism happen at RCPT
	  time. Local configuration of the mechanisms happens through
	  data files in /etc/exim4 or via Exim macros that you can set
	  in /etc/exim4/conf.d/main, so there is normally no need to
	  change the files in the acl subdirectory in a split-config
	  setup. If you use the non-split config, you need to edit
	  /etc/exim4/exim4.conf.template, which, as a big
	  dpkg-conffile, won't give you any advantage of the .ifdef
	  scheme.
        </p><p>
          The data files are documented in the exim4-config_files man
          page.
        </p><p>
          The access lists delivered with the exim4 packages also
	  contain quite a few configuration options that are too
	  restrictive to be active by default on a real-life site.
	  These are masked by .ifdef statements, can be activated by
	  setting the appropriate macros, and are documented in the
	  ACL files itself.
        </p></div><div class="section" title="2.1.3. Using Exim Macros to control the configuration"><div class="titlepage"><div><div><h4 class="title"><a name="macros"></a>2.1.3. Using Exim Macros to control the
      configuration</h4></div></div></div><p>
	Our configuration can be controlled in a limited way by
	setting macros. That way, you can switch on and off certain
	parts of the default configuration and/or override values set
        in Debconf without having to touch the dpkg-conffiles. While
	touching dpkg-conffiles itself is explitly allowed and wanted,
	it can be quite a nuisance to be asked on package upgrade
	whether one wants to use the locally changed file or the
	file changed by the package maintainer.
      </p><p>
	Whenever you see an <span class="command"><strong>.ifdef</strong></span> or
	<span class="command"><strong>.ifndef</strong></span> clause in the configuration file,
	you can control the appropriate clause by setting the macro in
	a local configuration file. For split configuration, you can
	drop the local configuration file anywhere in
	<code class="filename">/etc/exim4/conf.d/main</code>. Just make sure it
	gets read before the macro is first used. 
	<code class="filename">000_localmacros</code> is a possible name,
	guaranteeing first order. For a non-split configuration,
	<code class="filename">/etc/exim4/exim4.conf.localmacros</code> gets
	read before
	<code class="filename">/etc/exim4/exim4.conf.template</code>. To
	actually set the macro <code class="varname">EXIM4_EXAMPLE</code> to the
	value "this is a sample", write the following line
      </p><p>
	EXIM4_EXAMPLE = this is a sample
      </p><p>
	into the appropriate file. For more detailed discussion of the
	general macro mechanism, see the Exim specification, chapter
	6.4, for details how macro expansion works.
      </p></div><div class="section" title="2.1.4. How does this work?"><div class="titlepage"><div><div><h4 class="title"><a name="idp5540416"></a>2.1.4. How does this work?</h4></div></div></div><p>
	  The script <span class="command"><strong>update-exim4.conf</strong></span> parses the
	  <code class="filename">/etc/exim4/update-exim4.conf.conf</code> file
	  and provides the configuration for the exim daemon.
	</p><p>
	  Depending on the value of
	  <code class="varname">dc_use_split_config</code>, it either
	  </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
		takes all the files below
		<code class="filename">/etc/exim4/conf.d/</code> and
		concatenates them together or
	      </li><li class="listitem">
		uses <code class="filename">exim4.conf.template</code> as
		input.
	      </li></ul></div><p>
	  The debconf-managed information from
	  <code class="filename">/etc/exim4/update-exim4.conf.conf</code> is
	  merged into the generated configuration file by generating a
          number of Exim configuration macros.
	</p><p>
	  <code class="varname">DCsmarthost</code>, for example, is set to the
	  value of <code class="varname">$dc_smarthost</code>
	  in <code class="filename">/etc/exim4/update-exim4.conf.conf</code>
	  which holds the answer to "Which machine will act as the
	  smarthost and handle outgoing mail?"
	</p><p>
	  The result of these operations is saved as
	  <code class="filename">/var/lib/exim4/config.autogenerated</code>,
	  which is <span class="emphasis"><em>not</em></span> a dpkg-conffile! Manual
	  changes to this file will be overwritten by
	  <span class="command"><strong>update-exim4.conf</strong></span>.
	</p><p>
	  Please consult <span class="command"><strong>update-exim4.conf</strong></span> manpage
	  for more detailed information.
	</p><p>
	  <span class="command"><strong>update-exim4.conf</strong></span> is invoked by the init
	  script prior to any operation that may invoke an exim process,
	  and gives an error message if the generated config file is
	  syntactically invalid. If you want to activate your changes to
	  files in conf.d/ just execute <span class="command"><strong>invoke-rc.d exim4 restart</strong></span>.
	</p></div><div class="section" title="2.1.5. How do I do minor tweaks to the configuration?"><div class="titlepage"><div><div><h4 class="title"><a name="howto-change-config"></a>2.1.5. How do I do minor tweaks to the configuration?</h4></div></div></div><p>
	  Some times, you want to do minor adjustments to the Exim
	  configuration to make Exim behave exactly like you want it
	  to behave. There are the following possibilities to modify
	  Exim's behavior.
	</p><div class="section" title="2.1.5.1. Adjustments supported by the debconf configuration"><div class="titlepage"><div><div><h5 class="title"><a name="idp5555856"></a>2.1.5.1. Adjustments supported by the debconf configuration</h5></div></div></div><p>
	    If you want to modify parameters that are supported by the
	    debconf configuration, things are easy. Just invoke
	    <span class="command"><strong>dpkg-reconfigure exim4-config</strong></span> or hand-edit
	    <code class="filename">/etc/exim4/update-exim4.conf.conf</code> to your
	    liking and restart Exim.
	  </p><p>
	    You can find explanation of the debconf questions in <a class="xref" href="#debconf-questions" title="2.1.1. The Debconf questions">Section 2.1.1, &#8220;The Debconf questions&#8221;</a>.
            Additionally,
	    <code class="filename">/etc/exim4/update-exim4.conf.conf</code>
	    is documented in the <span class="command"><strong>update-exim4.conf</strong></span>
	    man page.
	  </p></div><div class="section" title="2.1.5.2. Adjustments controlled by macros in the Debian Exim configuration"><div class="titlepage"><div><div><h5 class="title"><a name="idp5560480"></a>2.1.5.2. Adjustments controlled by macros in the Debian Exim configuration</h5></div></div></div><p>
	    Some aspects of the Debian Exim configuration can be
	    controlled by Exim macros. To find out about these, you
	    need basic understanding of Exim configuration. Just look
	    in our Exim configuration and see which macro needs to be
	    set to a different value to alter Exim's behavior.
	  </p><p>
	    <a class="xref" href="#macros" title="2.1.3. Using Exim Macros to control the configuration">Section 2.1.3, &#8220;Using Exim Macros to control the
      configuration&#8221;</a> gives a closer explanation about
            how to do this.
	  </p></div><div class="section" title="2.1.5.3. Making direct changes to the Debian Exim configuration"><div class="titlepage"><div><div><h5 class="title"><a name="idp5562864"></a>2.1.5.3. Making direct changes to the Debian Exim configuration</h5></div></div></div><p>
	    You can, of course, make direct change to the
	    configuration. All configuration files in /etc/exim4 are
	    dpkg-conffiles, and you can thus edit them any time. Your
	    changes will be preserved through updates. You need to
            know about how to configure Exim to be successful.
	  </p><p>
	    If you use unsplit configuration, edit
            <code class="filename">/etc/exim4/exim4.conf.template</code>. If you use
	    split configuration, edit the Exim configuration snippets in
	    <code class="filename">/etc/exim4/conf.d</code>.
	  </p><p>
	    More information about how the Exim configuration is built
            can be found in this document and in the
	    <span class="command"><strong>update-exim4.conf</strong></span> manual page.
	  </p></div></div><div class="section" title="2.1.6. Using a completely different configuration scheme"><div class="titlepage"><div><div><h4 class="title"><a name="completely-different-configuration"></a>2.1.6. Using a completely different configuration scheme</h4></div></div></div><p>
	  If you are an experienced Exim administrator, you might feel
	  working with our pre-fabricated configuration
	  cumbersome and complex. You might feel right if you need to
	  make more complex changes and do not need to receive updates
	  from us. This section is going to tell about how to use
	  your own configuration.
	</p><p>
	  But, you might profit from keeping the Debian magic. Most
	  files that come with Debian exim4 are conffiles. Debian is
	  going to care about your changes and keeps them around.
	  Additionally, a lot of configuration options can be
	  overridden with a macro, which does not require you to
	  actually change our configuration file. A lot of people are
	  using our configuration scheme, and maybe it is going to
	  save you a lot of time if you decide to spend some time
	  familiarizing yourself with our scheme.
	</p><div class="section" title="2.1.6.1. Override exim4-config configuration magic"><div class="titlepage"><div><div><h5 class="title"><a name="idp5569840"></a>2.1.6.1. Override exim4-config configuration magic</h5></div></div></div><p>
	    	If you are only running a small number of systems and
		want to completely disable Debian's magic, just take
		your monolithic configuration file and install it as
		<code class="filename">/etc/exim4/exim4.conf</code>. Exim will
		use that file verbatim. To have something to start,
		you can either take
		<code class="filename">/etc/exim4/exim4.conf.template</code>, 
		run <span class="command"><strong>update-exim4.conf --keepcomments --output
		/etc/exim4/exim4.conf</strong></span>, or use upstream's
		default configuration file that is installed as
		<code class="filename">/usr/share/doc/exim4-base/examples/example.conf.gz</code>.
		You are going to lose all magic you get from packaging
		though, so you need to be familiar with Exim to build
		an actually working config.
	    </p><p>
		<code class="filename">/var/lib/exim4/config.autogenerated</code>,
		the file generated by
		<span class="command"><strong>update-exim4.conf</strong></span>, is ignored as soon
		as <code class="filename">/etc/exim4/exim4.conf</code> is found. 
		You should not edit
		<code class="filename">/etc/exim4/exim4.conf</code> directly when
		Exim is running, because the forked processes Exim starts
		for SMTP receiving or queue running would use the new
		configuration file, while the original main exim-daemon
		would still use the old configuration file.
	    </p><p>
	    	Some third-party HOWTOs that reference Debian and
		claim to make things easy suggest dumping a
		pre-fabricated, static config file to
		<code class="filename">/etc/exim4/exim4.conf</code>. This is
		considered bad advice by the Debian maintainers since
		you are going to disable all updates and service magic
		that Debian might deliver in the future this way. If
		you do not know exactly what you're doing here, this
		is a bad choice. We try to comment on external HOWTOs
		found on the web in the <a class="ulink" href="http://wiki.debian.org/PkgExim4UserFAQ" target="_top">Debian
		Exim4 User FAQ</a> to help you find out which
		advice to follow.
	    </p></div><div class="section" title="2.1.6.2. Replacing exim4-config with your own exim4 configuration package."><div class="titlepage"><div><div><h5 class="title"><a name="idp5579392"></a>2.1.6.2. Replacing exim4-config with your own exim4 configuration package.</h5></div></div></div><p>
		We split off Exim's configuration system (debconf,
		<span class="command"><strong>update-exim4.conf</strong></span>, and the files in
		<code class="filename">/etc/exim4/conf.d)</code> to a separate
		package, exim4-config. If you want to, you can replace
		exim4-config by something entirely different. The other
		packages don't care. Your package needs to:
		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
			Provides: exim4-config-2, Conflicts:
			exim4-config-2,exim4-config
		    </li><li class="listitem">
			drop the Exim 4 configuration either into
			<code class="filename">/var/lib/exim4/config.autogenerated</code>
			or into <code class="filename">/etc/exim4/exim4.conf</code>.
		    </li></ul></div><p>
		Your package must provide an executable <span class="command"><strong>update-exim4.conf</strong></span>
		that must be in root's path (<code class="filename">/usr/sbin</code> recommended). The init
		script will invoke that executable prior to invoking the
		actual exim daemon. If you do not need that script, have it exit 0.
	    </p><p>
		If you want to create your own configuration packages, there is a
		number of helpers available.
		</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
			The Exim 4 Debian svn repository holds sources for a
			exim4-config-simple package which contains a simple, not
			debconf-driven configuration scheme as an example which can
			be used as a template for a classical, exim4.conf based
			configuration scheme.
		    </li><li class="listitem">
			The Exim 4 Debian svn repository holds sources for a
			exim4-config-medium package which contains the conf.d
			driven configuration of the main package with the
			debconf interaction removed. This can be used to create
			your own non-debconf configuration package that uses the
			conf.d mechanism.
		    </li><li class="listitem">
			Finally, you can invoke the script
			<code class="filename">debian/config-custom/create-custom-config-package</code>
			which will create a new source package
			"exim4-config-custom" with the debconf-driven config
			scheme of exim4-config for your local modification.
		    </li></ul></div><p>
		Please note that exim4-config-simple and
		exim4-config-medium are only targeted to be used as a
		template. The configurations contained are not
		suitable for productive use. Of course, the Debian
		maintainers appreciate any patches you might find
		suitable. The scripts in exim4-config-simple and
		exim4-config-medium may not work at all in your
		environment. Unfortunately, they have not been
		updated in a long time as well. We are willing to
		accept patches.
	    </p><p>
		See the development web page for links to the subversion
		repository.
	    </p><p>
		Exchanging the entire exim4-config package with
		something custom comes particularly handy for sites
		that have more than a few machines that are
		similarly configured, but do not want to use the
		original exim4-config package. Build your own
		exim4-config-custom or exim4-config-foo, and simply
		 apt that package to the machines that need to have
		that configuration.  Future updates can then be
		handled via the dpkg-conffile mechanism, properly
		detecting local modifications.
	    </p><p>
		In the future, it might be possible that Debian will
		contain multiple flavours of Exim4 configuration.
		However, these packages would have to be maintained
		by someone else because the exim4 package
		maintainers think that the scheme delivered with
		exim4-config is the least of all evils and would
		rather not spend the time to maintain multiple configuration
		schemes while only actually using one. It would be
		nice to have a configuration scheme using a
		monolithic config file, managed by ucf in
		three-way-merge mode. If anybody feels ready to
		maintain it, please go ahead.
	    </p></div></div></div><div class="section" title="2.2. Using TLS"><div class="titlepage"><div><div><h3 class="title"><a name="TLS"></a>2.2. Using TLS</h3></div></div></div><div class="section" title="2.2.1. Exim 4 as TLS/SSL client"><div class="titlepage"><div><div><h4 class="title"><a name="idp5595456"></a>2.2.1. Exim 4 as TLS/SSL client</h4></div></div></div><p>
	  Both exim4-daemon-heavy and exim4-daemon-light support TLS/SSL
	  using the GnuTLS library and STARTTLS. Exim will use TLS
	  via STARTTLS <span class="emphasis"><em>automatically</em></span> as client if
	  the server Exim connects to offers it.
	</p><p>
	  This means that you will not need any special configuration if
	  you want to use TLS for outgoing mail. However, if your
	  server setup mandates the use of client certificates, you
	  need to amend your remote_smtp and/or remote_smtp_smarthost
	  transports with a tls_certificate option. This is not
          commonly needed.
	</p><p>
	  The certificate
	  presented by the remote host is not checked unless you
	  specify a tls_verify_certificate option on the transport.
	</p><p>
	   TLS on connect is not natively supported.
	</p></div><div class="section" title="2.2.2. Enabling TLS support for Exim as server"><div class="titlepage"><div><div><h4 class="title"><a name="idp5598896"></a>2.2.2. Enabling TLS support for Exim as server</h4></div></div></div><p>
	  You should have created certificates in
	  <code class="filename">/etc/exim4/</code> either by hand or by usage of
	  the exim-gencert (which requires openssl). exim-gencert is
	  shipped in
	  <code class="filename">/usr/share/doc/exim4-base/examples/</code> and
	  takes care of proper access privileges on the private key
	  file.
	</p><p>
	  Now, enable TLS by setting the macro MAIN_TLS_ENABLE in a
	  local configuration file as described in <a class="xref" href="#macros" title="2.1.3. Using Exim Macros to control the configuration">Section 2.1.3, &#8220;Using Exim Macros to control the
      configuration&#8221;</a>.
	</p><p>
	  After this configuration, Exim will advertise STARTTLS when
	  connected to on the normal SMTP ports. Some broken clients
          (most prominent example being nearly all versions of Microsoft
	  Outlook and Outlook Express, and Incredimail) insist on doing
	  TLS on connect on Port 465. If you need to support these, set
	  SMTPLISTENEROPTIONS='-oX 465:25 -oP /var/run/exim4/exim.pid'
	  in <code class="filename">/etc/default/exim4</code> and
	  "tls_on_connect_ports=465" in the main configuration section.
	</p><p>
	  The -oP is needed because Exim does not write an implicit pid
	  file if -oX is given. Without pid file, init script and cron
          job will malfunction.
	</p><p>
	  It might be appropriate to add "+tls_cipher +tls_peerdn" to
	  any log_selector statement you might already have, or to add a
	  log_selector statement setting these two options in a local
	  configuration file. These options have Exim log what cipher
	  your Exim and the peer's mailer have negotiated to use to
	  encrypt the transaction, and they have Exim log the
	  Distinguished Name of the peer's certificate.
	</p><p>
	  Exim can be configured to ask a client for a certificate and to
	  try to verify it. Debian's exim configuration used to enable
	  this by default, but stopped doing so since it caused TLS errors
	  with a couple of popular clients (Outlook, Incredimail, etc.).
	  To enable this again set the macro MAIN_TLS_TRY_VERIFY_HOSTS to
	  the lists hosts whose certificates you want to check. (Use * to
	  try checking all hosts. The value of the macro is used to
	  populate exim's main option tls_try_verify_hosts.) You should
	  also point MAIN_TLS_VERIFY_CERTIFICATES to a file containing the
	  accepted certificates, since its default setting
	  (/etc/ssl/certs/ca-certificates.crt) can contain a large list of
	  certificates which causes the interoperabilty problems with
	  Outlook et.al. noted above.
	</p></div><div class="section" title="2.2.3. Diffie-Hellman parameters"><div class="titlepage"><div><div><h4 class="title"><a name="dhparams"></a>2.2.3. Diffie-Hellman parameters</h4></div></div></div><p>
	  This version of Exim is compiled against GnuTLS. GnuTLS is a
	  replacement for the restrictively licensed OpenSSL libraries. 
	  GnuTLS does not support varying its Diffie-Hellman parameters. 
	  Therefore tls_dhparam settings are ignored in Exim's
	  configuration file, and no dhparam file is generated by
	  exim-gencerts. GnuTLS uses Diffie-Hellman parameters that are
	  computed when they are needed. When someone sends STARTTLS,
	  Exim will compute these parameters and then store these
	  parameters in a cache file located in Exim's spool directory
	  (<code class="filename">/var/spool/exim4/gnutls-params</code>). Generating the
	  parameters for the first time is very time-consuming. This is why
	  the Debian packages already include pre-generated Diffie-Hellman
	  parameters in <code class="filename">/var/spool/exim4/gnutls-params</code>.
	  <span class="command"><strong>/usr/share/exim4/exim4_refresh_gnutls-params</strong></span>
	  can be used to regenerate the parameters offline if necessary.
	</p><p>
	  For more reference, you can refer to
	  <code class="filename">/usr/share/doc/exim4-base/spec.txt.gz</code>,
	  section 39.
	</p></div><div class="section" title="2.2.4. Troubleshooting"><div class="titlepage"><div><div><h4 class="title"><a name="idp5611760"></a>2.2.4. Troubleshooting</h4></div></div></div><p>
	  If Exim complains in an SMTP session that TLS is unavailable,
	  the Exim mainlog or paniclog frequently has exact information
	  about what might be wrong. Fo example, you might see
	</p><p>
	  2003-01-27 19:06:45 TLS error on connection from localhost [127.0.0.1]
	  (cert/key setup): Error while reading file)
	</p><p>
	  showing that there has been an error while accessing the
	  certificate or the private key file.
	</p><p>
	  Insuffient entropy available is a frequent cause of TLS
          failures in Exim context. If Exim logs "not enough random bytes
	  available", or simply hangs silently when an encrypted
          connection should be established, then Exim was
	  unable to read enough random data from
	  <code class="filename">/dev/random</code> to do whatever cryptographic
	  operation is requested. Please check that your
	  <code class="filename">/dev/random</code> device is setup properly.
	</p></div></div><div class="section" title="2.3. SMTP-AUTH"><div class="titlepage"><div><div><h3 class="title"><a name="smtp-auth"></a>2.3. SMTP-AUTH</h3></div></div></div><p>
        Exim can do SMTP AUTH both as a client and as a server.
      </p><p>
	AUTH PLAIN and AUTH LOGIN are disabled for connections which are
	not protected by SSL/TLS per default. These authentication
	methods use cleartext passwords, and allowing the
	transmission of cleartext passwords on unencrypted connections
	is a security risk. Therefore, the default configuration configures
	Exim not to use and/or allow AUTH PLAIN and AUTH LOGIN over
        unencrypted connections.
      </p><p>
        It is thus recommended to set up Exim to use TLS to encrypt
        the connections. Please refer to <a class="xref" href="#TLS" title="2.2. Using TLS">Section 2.2, &#8220;Using TLS&#8221;</a> for
        documentation about this. Note that most Microsoft clients
        need special handling for TLS.
      </p><div class="section" title="2.3.1. Using Exim as SMTP-AUTH client"><div class="titlepage"><div><div><h4 class="title"><a name="idp5619600"></a>2.3.1. Using Exim as SMTP-AUTH client</h4></div></div></div><p>
	  If you want to set up Exim as SMTP AUTH client for delivery
	  to your internet access provider's smarthost put the name of
	  the server, your login and password in
	  <code class="filename">/etc/exim4/passwd.client</code>. See the man
          page for exim4-config_files(5) for more information about the
	  required format.
	</p><p>
	  If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted
	  connections because your service provider does support neither
	  TLS encryption nor the CRAM MD5 authentication method, you can
	  do so by setting the AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS macro.
	  Please refer to <a class="xref" href="#macros" title="2.1.3. Using Exim Macros to control the configuration">Section 2.1.3, &#8220;Using Exim Macros to control the
      configuration&#8221;</a> for an explanation of
	  how best to do this.
	</p><p>
	  <code class="filename">/etc/exim4/passwd.client</code> needs to be
	  readable for the exim user (user Debian-exim, group
	  Debian-exim). It is suggested that you keep the default
	  permissions root:Debian-exim 0640.
	</p></div><div class="section" title="2.3.2. Using Exim as SMTP-AUTH server"><div class="titlepage"><div><div><h4 class="title"><a name="idp5624064"></a>2.3.2. Using Exim as SMTP-AUTH server</h4></div></div></div><p>
	  The configuration files include many, verbosely commented,
	  examples for server-side smtp-authentication which just need
	  to be uncommented.
	</p><p>
	  If you need to enable AUTH PLAIN or AUTH LOGIN for unencrypted
	  connections because your clients neither support TLS encryption
	  nor the CRAM MD5 authentication method, you can do so by setting
	  the AUTH_SERVER_ALLOW_NOTLS_PASSWORDS macro. Please refer to
	  <a class="xref" href="#macros" title="2.1.3. Using Exim Macros to control the configuration">Section 2.1.3, &#8220;Using Exim Macros to control the
      configuration&#8221;</a> for an explanation of how best to
	  do this.
	</p><p>
	  If you want to authenticate against system passwords (e.g. 
	  <code class="filename">/etc/shadow</code>) the easiest way is to use
	  saslauthd in the Debian package sasl2-bin. You have to add the
	  exim-user (currently Debian-exim) to the sasl group, to give
	  exim permission to use the saslauthd service.
	</p><p>
	  The Debian exim4 maintainers consider using system login
	  passwords a bad idea for the following reasons:
	  </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
	        A compromised password will give access to a system account.
	      </li><li class="listitem">
	        E-Mail passwords could accidentally be transmitted unencrypted.
	      </li><li class="listitem">
	        E-Mail passwords are likely to be stored with the
                client software, which greatly increases the chance of a
		compromise.
	      </li></ul></div><p>
	</p></div></div><div class="section" title="2.4. How the Exim daemon is started"><div class="titlepage"><div><div><h3 class="title"><a name="idp5631552"></a>2.4. How the Exim daemon is started</h3></div></div></div><p>
        The Debian Exim 4 packages' init script is located in
	<code class="filename">/etc/init.d/exim4</code>. Apart from the
	functions that are required by Debian policy and the LSB, it
	supports the commands <span class="command"><strong>what</strong></span>, which executes
	<span class="command"><strong>exiwhat</strong></span> to show what your Exim processes
	are doing, and <span class="command"><strong>force_stop</strong></span> which
	unconditionally kills all Exim processes.
      </p><p>
        The init script can be configured to start listening and/or
	queue running daemons. This configuration can be found in
	<code class="filename">/etc/default/exim4</code>. This file is
	extensively documented.
      </p></div><div class="section" title="2.5. Miscellaneous packaging issues"><div class="titlepage"><div><div><h3 class="title"><a name="idp5636624"></a>2.5. Miscellaneous packaging issues</h3></div></div></div><div class="section" title="2.5.1. The daily cron job"><div class="titlepage"><div><div><h4 class="title"><a name="idp5637264"></a>2.5.1. The daily cron job</h4></div></div></div><p>
	    Exim4's daily cron job
            (<code class="filename">/etc/cron.daily/exim4-base</code>)
	    does basic housekeeping tasks:
	    </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
		  It reads <code class="filename">/etc/default/exim4</code>, so you
		  can use this file to change any of the variables used in
		  the cron job.
	        </li><li class="listitem">
		  It is a no-op if no Exim4 binary is found.
	        </li><li class="listitem">
		  If <span class="command"><strong>$E4BCD_DAILY_REPORT_TO</strong></span> is set
		  to a non-empty string, the output of eximstats is
		  mailed to the address given in that variable. The
                  default is empty, so no reports are sent. Options
                  for eximstats can be given in
                  <span class="command"><strong>$E4BCD_DAILY_REPORT_OPTIONS</strong></span>.
	        </li><li class="listitem"><p class="simpara">
		  A non-empty paniclog is a nearly sure sign of bad
		  things going on. Thus, the cron job will send out
		  warning messages to the syslog and root if it finds
		  the panic log non-empty.
		  Please note that the paniclog is not rotated daily,
		  so existing issues will be reported daily until
		  either the paniclog is rotated due to its sheer
		  size, or you manually move it away, for example by
		  calling <span class="command"><strong>logrotate -f
		  /etc/logrotate.d/exim4-paniclog</strong></span> from a shell.
	        </p><p class="simpara">
		  Just in case your system logs transient error
		  situations to the panic log as well (see, for
		  example,
		  <a class="ulink" href="http://www.exim.org/bugzilla/show_bug.cgi?id=92" target="_top">Exim Bug 92</a>),
		  you can configure
		  <span class="command"><strong>$E4BCD_PANICLOG_NOISE</strong></span> to a
		  regular expression. If the paniclog contains only
		  lines that match that regular expression, no warning
		  messages are generated.
	        </p><p class="simpara">
		  If you want to disable paniclog monitoring
		  completely, set <span class="command"><strong>$E4BCD_WATCH_PANICLOG</strong></span>
		  to no. <span class="command"><strong>E4BCD_WATCH_PANICLOG=once</strong></span> will
		  rotate a non-empty paniclog automatically after sending out
		  the warning e-mail.
		</p></li><li class="listitem">
		  It tidies up the retry and hints databases.
	        </li></ul></div><p>
	  </p></div></div><div class="section" title="2.6. Using Exim with inetd/xinetd"><div class="titlepage"><div><div><h3 class="title"><a name="idp5650624"></a>2.6. Using Exim with inetd/xinetd</h3></div></div></div><p>
	Exim4 is run as a separate daemon instead of inetd/xinetd for
	two reasons:
	</p><div class="variablelist"><dl><dt><span class="term">Ease of maintenance:</span></dt><dd>
		update-inetd is difficult to impossible to handle
		correctly (Just check the archived bug reports of Exim.) 
		and update-inetd seems to be unmaintained for a long
		time, nobody dares to touch it. To quote Mark Baker, the
		maintainer of Exim (v3): "I really wish I had never used
		inetd in the first place, but simply set up exim to run
		as a daemon, but it's too late to change that now."
	      </dd><dt><span class="term">Extended features</span></dt><dd>
		Running from <span class="command"><strong>inetd</strong></span> interferes with
		Exim's resource controls (e.g it disables
		smtp_accept_max_per_host and smtp_accept_max).
	      </dd></dl></div><p>
      </p><p>
	If you introduce bugs on your systems by running from (x)inetd
	you are on your own! If you want to run exim from
	<span class="command"><strong>xinetd</strong></span>, follow these steps:
	</p><div class="orderedlist"><ol class="orderedlist" type="1"><li class="listitem">
	      Disable Exim 4's listening daemon by executing
	      <span class="command"><strong>update-exim4defaults --queuerunner
		queueonly</strong></span>
	    </li><li class="listitem"><p>
	      Create <code class="filename">/etc/xinetd.d/exim4</code>
	      </p><pre class="programlisting">
service smtp
{
    disable     = no
    flags       = NAMEINARGS
    socket_type = stream
    protocol    = tcp
    wait        = no
    user        = Debian-exim
    group       = Debian-exim
    server      = /usr/sbin/exim4
    server_args = exim4 -bs
}
	      </pre><p>
	    </p></li><li class="listitem">Run <span class="command"><strong>invoke-rc.d exim4 restart; invoke-rc.d
(x)inetd restart</strong></span></li></ol></div><p>
      </p><p>If you want to use plain inetd, insert following line into
	<code class="filename">/etc/inetd.conf</code>:</p><pre class="programlisting">
smtp stream   tcp     nowait  Debian-exim     /usr/sbin/exim4 exim4 -bs
	</pre><p>
      </p></div><div class="section" title="2.7. Handling incoming mail for local accounts with low UID"><div class="titlepage"><div><div><h3 class="title"><a name="idp5665344"></a>2.7. Handling incoming mail for local accounts with low UID</h3></div></div></div><p>
        Since system accounts (mail, uucp, lp etc) are usually aliased
	to root, and root's mailbox is usually read by a human, these
	account names have started to be a common target for spammers.
	The Debian Exim 4 packages have a mechanism to deal with this
	situation. However, since this derives rather far from normal
	behavior, it is disabled by default.
      </p><p>
        To enable it, set the macro FIRST_USER_UID to a numeric,
	non-zero value. Incoming mail for local users that have a UID
	lower than FIRST_USER_UID is rejected with the message "no
	mail to system accounts". Incoming mail for local users that
	have a UID greater or equal FIRST_USER_UID are processed as
	usual. Therefore, the default value of 0 ensures that the
	mechanism is disabled. On Debian systems, setting
	FIRST_USER_UID to 500 or 1000 (depending on your local policy)
	will disable incoming mail for system accounts.
      </p><p>
        Just in case that you need exceptions to the rule,
	<code class="filename">/etc/exim4/lowuid_aliases</code> is an alias
	file that is only honored for local accounts with UID lower
	than FIRST_USER_UID. If you define an alias for such an
	account here, incoming mail is processed according to the
	alias. If you alias the account to itself, messages are
	delivered to the account itself, which is an exception to the
	rule that messages for low-UID accounts are rejected. The
	format of <code class="filename">/etc/exim4/lowuid_aliases</code> is
	just another alias file.
      </p></div><div class="section" title="2.8. How to bypass local routing specialities"><div class="titlepage"><div><div><h3 class="title"><a name="idp5669936"></a>2.8. How to bypass local routing specialities</h3></div></div></div><p>
        Sometimes, it might be desireable to be able to bypass local
	routing specialities like the alias file or a user-forward
	file. This is possible in the Debian Exim4 packages by
	prefixing the account name with "real-". For a local account
	name "foo", "real-foo@hostname.example" will result in direct
	delivery to foo's local Mailbox.
      </p><p>
        This feature is by default only available for locally
	generated messages. If you want it to be accessible for
	messages delivered from remote as well, set the Exim macro
	COND_LOCAL_SUBMITTER to true. If you do not want this at all,
	set the macro to false. Please note that the userforward
	router uses this feature to get error messages delivered, i.e.
	notifying the user of a syntax error in her
	<code class="filename">.forward</code> file.
      </p></div><div class="section" title="2.9. Using more complex deliveries from alias files"><div class="titlepage"><div><div><h3 class="title"><a name="idp5672896"></a>2.9. Using more complex deliveries from alias files</h3></div></div></div><p>
	Delivery to arbitrary files, directory or to pipes in the
	<code class="filename">/etc/aliases</code> file is disabled by default
	in the Debian Exim 4 packages. The delivery process including the
	program being piped to would run as the exim admin-user
	Debian-exim, which might open up security holes.
      </p><p>
	Invoking pipes from <code class="filename">/etc/aliases</code> file is
	widely considered obsolete and deprecated. The Debian Exim
	package maintainers would like to suggest using a dedicated
	router/transport pair to invoke local processes for mail
	processing. For example, the Debian mailman package contains a
	<code class="filename">/usr/share/doc/mailman/README.Exim4.Debian</code> file
	that gives a good example how to implement this. Using a
	dedicated router/transport pair have the following advantages:
	</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
	      The router/transport pair can be put in place by another
	      package, giving a well-defined transaction point between
	      Exim 4 and $PACKAGE.
	    </p></li><li class="listitem"><p>
	      Not allowing pipe deliveries from alias files makes it
	      harder to accidentally run programs with wrong
	      privileges.
	    </p></li><li class="listitem"><p>
	      It is possible to run different pipe processes under
	      different accounts.
	    </p></li><li class="listitem"><p>
	      Even if only invoking a single local program, it is easier
	      to do with your dedicated router/transport since you won't
	      need to change this file, making automatic updates of this
	      file possible for future versions of the Exim 4 packages. If
	      you do local changes here, dpkg conffile handling will
	      bother you on future updates.
	    </p></li></ul></div><p>
	If you insist on using <code class="filename">/etc/aliases</code> in
	the traditional way, you will need to activate the
	respective functions by setting the transport options on the
        system_aliases router appropriately. Macros are defined to make
	this easier. See
       
<code class="filename">/etc/exim4/conf.d/router/400_exim4-config_system_aliases</code>
	for information about which macros are available. You might
        find the address_file, address_pipe and/or address_directory
        transports that are used for the userforward router helpful in
	writing your own transports for use in the system_aliases router.
      </p><p>
	If any of your aliases expand to pipes or files or directories
	you should set up a user and a group for these deliveries to run
	under. You can do this by setting the "user" and - if necessary
	- a "group" option and adding a "group" option if necessary. 
	Alternatively, you can specify "user" and/or "group" on the
	transports that are used.
      </p></div><div class="section" title="2.10. Putting Exim 4 and UUCP together"><div class="titlepage"><div><div><h3 class="title"><a name="idp5683920"></a>2.10. Putting Exim 4 and UUCP together</h3></div></div></div><p>
	UUCP is a traditional way to execute remote jobs (e.g. spool
	mails), and as a lot of old things there are much more than one
	way to do it. However, today, the ways to handle it have boiled
	down to more or less two different ways.
      </p><p>
	Our recommendation is to use bsmtp/rsmtp wherever possible,
	because it supports all kinds of mail addresses (also the empty
	ones in bounces), and is also better from the security point of
	view.
      </p><div class="section" title="2.10.1. Sending mail via UUCP"><div class="titlepage"><div><div><h4 class="title"><a name="idp5685808"></a>2.10.1. Sending mail via UUCP</h4></div></div></div><div class="section" title="2.10.1.1. rmail with full addresses"><div class="titlepage"><div><div><h5 class="title"><a name="idp5686448"></a>2.10.1.1. rmail with full addresses</h5></div></div></div><p>
	    rmail is the oldest way to transfer mail to a remote system. 
	    However, today it is normally required to use addresses with
	    full domains for that (Well, they look like any normal address
	    for you, and we do not tell about the other way to not confuse
	    you ;). If you want this, you can use this transport:
	  </p><pre class="programlisting">
rmail:
    debug_print = "T: rmail for $pipe_addresses"
    driver=pipe
    command = uux - -r -a$sender_address -gC $domain_data!rmail $pipe_addresses
    return_fail_output
    user=uucp
    batch_max = 20
	  </pre><p>
	    However, all recipients are handled via the command line, so
	    you are discouraged to use it.
	  </p></div><div class="section" title="2.10.1.2. bsmtp/rsmtp"><div class="titlepage"><div><div><h5 class="title"><a name="idp5689312"></a>2.10.1.2. bsmtp/rsmtp</h5></div></div></div><p>
	    This is a more efficient way to transfer mails. It works
	    like sending SMTP via a pipe, but instead of waiting for an
	    answer, the SMTP is just batched; from this is also the name
	    batched SMTP or short bsmtp.
	  </p><p>
	    Furthermore, this way won't fail on addresses like "
	    "@do.main. If you want this, please use this, if the remote
	    site uses rsmtp (e.g. is Exim 4):
	  </p><pre class="programlisting">
rsmtp:
    debug_print = "T: rsmtp for $pipe_addresses"
    driver=pipe
    command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!rsmtp
    use_bsmtp
    return_fail_output
    user=uucp
    batch_max = 100
	  </pre><p>
	    and this if it wants bsmtp as the command:
	  </p><pre class="programlisting">
bsmtp:
    debug_print = "T: bsmtp for $pipe_addresses"
    driver=pipe
    command = /usr/bin/uux - -r -a$sender_address -gC $domain_data!bsmtp
    use_bsmtp
    return_fail_output
    user=uucp
    batch_max = 100
	  </pre><p>
	    Of course, these examples can be extended for e.g. 
	    compression (but you can also use ssh for compression, if
	    you want).
	  </p></div><div class="section" title="2.10.1.3. The router"><div class="titlepage"><div><div><h5 class="title"><a name="idp5693920"></a>2.10.1.3. The router</h5></div></div></div><p>
	    You need a router to tell Exim 4 which mails to forward to
	    UUCP. You can use this one; please adopt the last line. Of
	    course, it is also possible to send mail via more than one way.
	  </p><pre class="programlisting">
uucp_router:
    debug_print = "R: uucp_router for $local_part@$domain"
    driver=accept
    require_files = +/usr/bin/uux
    domains = wildlsearch;/etc/exim4/uucp
    transport = rsmtp
	  </pre><p>
	    The file <code class="filename">/etc/exim4/uucp</code> looks like:
	  </p><pre class="programlisting">
*.do.main       uucp.name.of.remote.side
	  </pre></div><div class="section" title="2.10.1.4. Speaking UUCP with the smarthost"><div class="titlepage"><div><div><h5 class="title"><a name="idp5697760"></a>2.10.1.4. Speaking UUCP with the smarthost</h5></div></div></div><p>
	    If you have a leaf system (i.e. all your mail not for your
	    local system goes to a single remote system), you can just
	    forward all non-local mail to the remote UUCP system. In
	    this case, you can replace "domains = ..." with "domains = ! 
	    +local_domains", but then you need also to replace
	    $domain_data in the transport by the UUCP-name of your
	    smarthost. The file <code class="filename">/etc/exim4/uucp</code> is
	    not needed in this case.
	  </p></div></div><div class="section" title="2.10.2. Receiving mail via UUCP"><div class="titlepage"><div><div><h4 class="title"><a name="idp5700080"></a>2.10.2. Receiving mail via UUCP</h4></div></div></div><div class="section" title="2.10.2.1. Allow UUCP to use any envelope address"><div class="titlepage"><div><div><h5 class="title"><a name="idp5700720"></a>2.10.2.1. Allow UUCP to use any envelope address</h5></div></div></div><p>
	    Depending how much you trust your local users, you might use
	    trusted_users and add uucp to it or use
	    local_sender_retain=true and local_from_check=false.
	  </p></div><div class="section" title="2.10.2.2. If you get batched smtp"><div class="titlepage"><div><div><h5 class="title"><a name="idp5702064"></a>2.10.2.2. If you get batched smtp</h5></div></div></div><p>
	    Allow uucp to execute rsmtp via
	    </p><pre class="programlisting">
commands        rmail rnews rsmtp
	    </pre><p>
	    in your <code class="filename">/etc/uucp/sys</code>, and ask the
	    sending site to use rsmtp (and not bsmtp) as the batched
	    command.
	  </p></div></div></div></div><div class="section" title="3. Updating from Exim 3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp5704960"></a>3. Updating from Exim 3</h2></div></div></div><p>
      If you use <span class="command"><strong>exim4-config</strong></span> from Debian, you will
      get the debconf based configuration scheme that is intended to
      cover the majority of cases.
    </p><p>
      If <span class="command"><strong>exim4-config</strong></span> is installed while an Exim 3
      package is present on the system,
      <span class="command"><strong>exim4-config</strong></span> tries to parse the Exim 3 config
      file to determine the answers that were given to
      <span class="command"><strong>eximconfig</strong></span> on Exim 3 installation. These
      answers are then taken as default values for the debconf based
      configuration process. Be warned! <span class="command"><strong>eximconfig</strong></span>
      from the Exim 3 packages does not record the explicit answers
      given on Exim 3 configuration. So we have to guess the answers
      from the Exim 3 configuration file
      <code class="filename">/etc/exim/exim.conf</code>, which is bound to fail
      if the config file has been modified after using
      <span class="command"><strong>eximconfig</strong></span>.
    </p><p>
      This is the reason why we refrained from doing a "silent update", but
      only use the guessed answers to get reasonable defaults for our
      debconf based configuration process.
    </p><p>
      Please note that we do not use the
      <span class="command"><strong>exim_convert4r4</strong></span> script, but try to configure
      the Exim 4 package in the same way Exim 3 was. This will
      hopefully aid future updates.
    </p><p>
      If you have used a customized Exim 3 configuration, you can of
      course use <span class="command"><strong>exim_convert4r4</strong></span>, and install the
      resulting file as <code class="filename">/etc/exim4/exim4.conf</code>
      after careful inspection. Exim 4 will then use that file and
      ignore the file that it generated from the debconf
      configuration. To aid future updates, we do, however, encourage
      you not to use the
      <code class="filename">exim_convert4r4-generated</code> file verbatim but
      instead drop appropriate configuration snippets in their
      appropriate place in <code class="filename">/etc/exim4/conf.d</code>.
    </p></div><div class="section" title="4. Misc Notes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp5716768"></a>4. Misc Notes</h2></div></div></div><div class="section" title="4.1. PAM"><div class="titlepage"><div><div><h3 class="title"><a name="idp5717408"></a>4.1. PAM</h3></div></div></div><p>
	  PAM: On Debian systems the PAM modules run as the same user
	  as the calling program, so they cannot do anything you
	  could not do yourself, and in particular cannot access
	  <code class="filename">/etc/shadow</code> unless the user is in group
	  shadow. - If you want to use
	  <code class="filename">/etc/shadow</code> for Exim's SMTP AUTH you
	  will need to run exim as group shadow.  Only
	  exim4-daemon-heavy is linked against libpam. We suggest using
	  saslauthd instead.
        </p></div><div class="section" title="4.2. Account name restrictions"><div class="titlepage"><div><div><h3 class="title"><a name="idp5720272"></a>4.2. Account name restrictions</h3></div></div></div><p>
          In the default configuration, Exim cannot locally deliver
          mail to accounts which have capitals in their name. This is
          caused by the fact that Exim converts the local part of incoming
          mail to lower case before the comparision done by the
          check_local_user directive in routers is done.
        </p><p>
          The router option caseful_local_part can be used to control
          this, and we decided not to set this option in the Debian
          configuration since it would be a rather big change to Exim's
          default behavior.
        </p></div><div class="section" title="4.3. No deliveries to root!"><div class="titlepage"><div><div><h3 class="title"><a name="idp5722416"></a>4.3. No deliveries to root!</h3></div></div></div><p>
            No Exim 4 version released with any Debian OS can run
	    deliveries as root. If you don't redirect mail for root via
            <code class="filename">/etc/aliases</code> to a nonprivileged
            account, the mail will be delivered to
	    <code class="filename">/var/mail/mail</code> with permissions 0600 and
            owner mail:mail.
	</p><p>
	    This redirection is done by the mail4root router which
            is last in the list and will thus catch mail for root that has not
            been taken care of earlier.
        </p></div><div class="section" title="4.4. Debugging maintainer and init scripts"><div class="titlepage"><div><div><h3 class="title"><a name="idp5725744"></a>4.4. Debugging maintainer and init scripts</h3></div></div></div><p>
	    Most of the scripts that come with this Debian package do a
	    <span class="command"><strong>set -x</strong></span> if invoked with the environment
	    variable EX4DEBUG defined and non-zero. This is particularly
	    handy if you need to debug the maintainer scripts that are
	    invoked during package installation. Since dpkg redirects
	    stdout of maintainer scripts, calling dpkg with EX4DEBUG
	    set might yield interesting results. If in doubt, invoke
	    the maintainer scripts with EX4DEBUG set manually directly
	    from the command line.
        </p></div><div class="section" title="4.5. SELinux"><div class="titlepage"><div><div><h3 class="title"><a name="idp5728064"></a>4.5. SELinux</h3></div></div></div><p>
            There is no SELinux policy for Exim4 available so far.
	    Until this is resolved, users should use postfix or
	    sendmail if they intend to run SELinux.
        </p><p>
	    The Debian Exim4 maintainers would appreciate if
            somebody could write an SELinux policy. We will gladly
	    use them in the Debian packages as long as there is
	    somebody available to test, debug and support.
	</p></div><div class="section" title="4.6. misc"><div class="titlepage"><div><div><h3 class="title"><a name="idp5730048"></a>4.6. misc</h3></div></div></div><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
                    <span class="command"><strong>convert4r4</strong></span> is installed as
                    <code class="filename">/usr/sbin/exim_convert4r4.</code>
		</li><li class="listitem">
                    The charset for $header_foo expansions defaults to
		    UTF-8 instead of ISO-8859-1.
		</li><li class="listitem">
		    <a class="ulink" href="http://marc.merlins.org/linux/exim/" target="_top">
		    Marc Merlin's Exim 4 Page</a> has a lot of ACL
		    examples.
		</li><li class="listitem">
		    For an example of Exim usage in a
		    <span class="emphasis"><em>large</em></span> installation, see
		    Tony Finch's 
		    <a class="ulink" href="http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/talks/2005-02-eximconf/" target="_top">
paper</a>
		    about the Exim installation at University of Cambridge:
		</li></ul></div></div></div><div class="section" title="5. Debian modifications to the Exim source"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp5737584"></a>5. Debian modifications to the Exim source</h2></div></div></div><div class="variablelist"><dl><dt><span class="term">
	  <a class="ulink" href="http://www.arise.demon.co.uk/exim-patches/" target="_top">
	    Patches</a> by Steve Haslam:
	</span></dt><dd>
	    boolean_redefine_protect
	    [src/mytypes.h]
	    Surround the definition of TRUE and FALSE macros with #ifndef
	    /#endif, in case some other header defines them (from mixing  No
	    Perl and Exim, istr)
	  </dd><dt><span class="term">
	  Other stuff
	</span></dt><dd><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem">
		link exim dynamically against pcre.
	      </li><li class="listitem"><p>
		The main binary is /usr/sbin/exim4:
		</p><div class="itemizedlist"><ul class="itemizedlist" type="circle"><li class="listitem">
		      src/globals.c was changed to use 'US
		      BIN_DIRECTORY "/exim4"' as default for
		      exim_path.
		    </li><li class="listitem">
		      changed default for $exim_path (modulo
		      lower/upper case) from BIN_DIRECTORY/exim to
		      BIN_DIRECTORY/exim4 in exicyclog.src,
		      exim_checkaccess.src, eximon.src, exinext.src,
		      exiqgrep.src, exiwhat.src.
		    </li><li class="listitem">
		      OS/Makefile-Linux:EXIWHAT_MULTIKILL_ARG=exim4
		    </li></ul></div><p>
	      </p></li><li class="listitem">
		<a class="ulink" href="http://marc.merlins.org/linux/exim/files/sa-exim-current/" target="_top">localscan_dlopen
.patch</a>:
		Allow to use and switch between different local_scan
		functions without recompiling Exim. Use
		local_scan_path = /path/to/sharedobject to utilize
		local_scan() in <code class="filename">/path/to/sharedobject</code>.
	      </li><li class="listitem">
		changes to the documentation to have the <a class="ulink" href="mailto:pkg-exim4-users@lists.alioth.debian.org" target="_top">
		Debian-specific mailing list</a> mentioned where
		the <a class="ulink" href="mailto:exim-users@exim.org" target="_top">official
		exim-users list</a> is mentioned
	      </li></ul></div></dd></dl></div></div><div class="section" title="6. Credits"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="idp5751664"></a>6. Credits</h2></div></div></div><div class="variablelist"><dl><dt><span class="term"><a class="ulink" href="mailto:aba@not.so.argh.org" target="_top">Andreas
	      Barth</a></span></dt><dd>UUCP documentation</dd><dt><span class="term">Dan Weber, Ryen Underwood</span></dt><dd>inetd/xinetd documentation</dd></dl></div><p>
    </p></div></div></body></html>