Exim Internet Mailer

<-previousnext->

Chapter 5 - The Exim command line

Exim’s command line takes the standard Unix form of a sequence of options, each starting with a hyphen character, followed by a number of arguments. The options are compatible with the main options of Sendmail, and there are also some additional options, some of which are compatible with Smail 3. Certain combinations of options do not make sense, and provoke an error if used. The form of the arguments depends on which options are set.

1. Setting options by program name

If Exim is called under the name mailq, it behaves as if the option -bp were present before any other options. The -bp option requests a listing of the contents of the mail queue on the standard output. This feature is for compatibility with some systems that contain a command of that name in one of the standard libraries, symbolically linked to /usr/sbin/sendmail or /usr/lib/sendmail.

If Exim is called under the name rsmtp it behaves as if the option -bS were present before any other options, for compatibility with Smail. The -bS option is used for reading in a number of messages in batched SMTP format.

If Exim is called under the name rmail it behaves as if the -i and -oee options were present before any other options, for compatibility with Smail. The name rmail is used as an interface by some UUCP systems.

If Exim is called under the name runq it behaves as if the option -q were present before any other options, for compatibility with Smail. The -q option causes a single queue runner process to be started.

If Exim is called under the name newaliases it behaves as if the option -bi were present before any other options, for compatibility with Sendmail. This option is used for rebuilding Sendmail’s alias file. Exim does not have the concept of a single alias file, but can be configured to run a given command if called with the -bi option.

2. Trusted and admin users

Some Exim options are available only to trusted users and others are available only to admin users. In the description below, the phrases “Exim user” and “Exim group” mean the user and group defined by EXIM_USER and EXIM_GROUP in Local/Makefile or set by the exim_user and exim_group options. These do not necessarily have to use the name “exim”.

  • The trusted users are root, the Exim user, any user listed in the trusted_users configuration option, and any user whose current group or any supplementary group is one of those listed in the trusted_groups configuration option. Note that the Exim group is not automatically trusted.

    Trusted users are always permitted to use the -f option or a leading “From ” line to specify the envelope sender of a message that is passed to Exim through the local interface (see the -bm and -f options below). See the untrusted_set_sender option for a way of permitting non-trusted users to set envelope senders.

    For a trusted user, there is never any check on the contents of the From: header line, and a Sender: line is never added. Furthermore, any existing Sender: line in incoming local (non-TCP/IP) messages is not removed.

    Trusted users may also specify a host name, host address, interface address, protocol name, ident value, and authentication data when submitting a message locally. Thus, they are able to insert messages into Exim’s queue locally that have the characteristics of messages received from a remote host. Untrusted users may in some circumstances use -f, but can never set the other values that are available to trusted users.

  • The admin users are root, the Exim user, and any user that is a member of the Exim group or of any group listed in the admin_groups configuration option. The current group does not have to be one of these groups.

    Admin users are permitted to list the queue, and to carry out certain operations on messages, for example, to force delivery failures. It is also necessary to be an admin user in order to see the full information provided by the Exim monitor, and full debugging output.

    By default, the use of the -M, -q, -R, and -S options to cause Exim to attempt delivery of messages on its queue is restricted to admin users. However, this restriction can be relaxed by setting the prod_requires_admin option false (that is, specifying no_prod_requires_admin).

    Similarly, the use of the -bp option to list all the messages in the queue is restricted to admin users unless queue_list_requires_admin is set false.

Warning: If you configure your system so that admin users are able to edit Exim’s configuration file, you are giving those users an easy way of getting root. There is further discussion of this issue at the start of chapter 6.

3. Command line options

Exim’s command line options are described in alphabetical order below. If none of the options that specifies a specific action (such as starting the daemon or a queue runner, or testing an address, or receiving a message in a specific format, or listing the queue) are present, and there is at least one argument on the command line, -bm (accept a local message on the standard input, with the arguments specifying the recipients) is assumed. Otherwise, Exim outputs a brief message about itself and exits.

--

This is a pseudo-option whose only purpose is to terminate the options and therefore to cause subsequent command line items to be treated as arguments rather than options, even if they begin with hyphens.

--help

This option causes Exim to output a few sentences stating what it is. The same output is generated if the Exim binary is called with no options and no arguments.

--version

This option is an alias for -bV and causes version information to be displayed.

-Ac
-Am

These options are used by Sendmail for selecting configuration files and are ignored by Exim.

-B<type>

This is a Sendmail option for selecting 7 or 8 bit processing. Exim is 8-bit clean; it ignores this option.

-bd

This option runs Exim as a daemon, awaiting incoming SMTP connections. Usually the -bd option is combined with the -q<time> option, to specify that the daemon should also initiate periodic queue runs.

The -bd option can be used only by an admin user. If either of the -d (debugging) or -v (verifying) options are set, the daemon does not disconnect from the controlling terminal. When running this way, it can be stopped by pressing ctrl-C.

By default, Exim listens for incoming connections to the standard SMTP port on all the host’s running interfaces. However, it is possible to listen on other ports, on multiple ports, and only on specific interfaces. Chapter 13 contains a description of the options that control this.

When a listening daemon is started without the use of -oX (that is, without overriding the normal configuration), it writes its process id to a file called exim-daemon.pid in Exim’s spool directory. This location can be overridden by setting PID_FILE_PATH in Local/Makefile. The file is written while Exim is still running as root.

When -oX is used on the command line to start a listening daemon, the process id is not written to the normal pid file path. However, -oP can be used to specify a path on the command line if a pid file is required.

The SIGHUP signal can be used to cause the daemon to re-execute itself. This should be done whenever Exim’s configuration file, or any file that is incorporated into it by means of the .include facility, is changed, and also whenever a new version of Exim is installed. It is not necessary to do this when other files that are referenced from the configuration (for example, alias files) are changed, because these are reread each time they are used.

-bdf

This option has the same effect as -bd except that it never disconnects from the controlling terminal, even when no debugging is specified.

-be

Run Exim in expansion testing mode. Exim discards its root privilege, to prevent ordinary users from using this mode to read otherwise inaccessible files. If no arguments are given, Exim runs interactively, prompting for lines of data. Otherwise, it processes each argument in turn.

If Exim was built with USE_READLINE=yes in Local/Makefile, it tries to load the libreadline library dynamically whenever the -be option is used without command line arguments. If successful, it uses the readline() function, which provides extensive line-editing facilities, for reading the test data. A line history is supported.

Long expansion expressions can be split over several lines by using backslash continuations. As in Exim’s runtime configuration, white space at the start of continuation lines is ignored. Each argument or data line is passed through the string expansion mechanism, and the result is output. Variable values from the configuration file (for example, $qualify_domain) are available, but no message-specific values (such as $message_exim_id) are set, because no message is being processed (but see -bem and -Mset).

Note: If you use this mechanism to test lookups, and you change the data files or databases you are using, you must exit and restart Exim before trying the same lookup again. Otherwise, because each Exim process caches the results of lookups, you will just get the same result as before.

Macro processing is done on lines before string-expansion: new macros can be defined and macros will be expanded. Because macros in the config file are often used for secrets, those are only available to admin users.

-bem <filename>

This option operates like -be except that it must be followed by the name of a file. For example: 

exim -bem /tmp/testmessage

The file is read as a message (as if receiving a locally-submitted non-SMTP message) before any of the test expansions are done. Thus, message-specific variables such as $message_size and $header_from: are available. However, no Received: header is added to the message. If the -t option is set, recipients are read from the headers in the normal way, and are shown in the $recipients variable. Note that recipients cannot be given on the command line, because further arguments are taken as strings to expand (just like -be).

-bF <filename>

This option is the same as -bf except that it assumes that the filter being tested is a system filter. The additional commands that are available only in system filters are recognized.

-bf <filename>

This option runs Exim in user filter testing mode; the file is the filter file to be tested, and a test message must be supplied on the standard input. If there are no message-dependent tests in the filter, an empty file can be supplied.

If you want to test a system filter file, use -bF instead of -bf. You can use both -bF and -bf on the same command, in order to test a system filter and a user filter in the same run. For example: 

exim -bF /system/filter -bf /user/filter </test/message

This is helpful when the system filter adds header lines or sets filter variables that are used by the user filter.

If the test filter file does not begin with one of the special lines 

# Exim filter
# Sieve filter

it is taken to be a normal .forward file, and is tested for validity under that interpretation. See sections 22.4 to 22.6 for a description of the possible contents of non-filter redirection lists.

The result of an Exim command that uses -bf, provided no errors are detected, is a list of the actions that Exim would try to take if presented with the message for real. More details of filter testing are given in the separate document entitled Exim’s interfaces to mail filtering.

When testing a filter file, the envelope sender can be set by the -f option, or by a “From ” line at the start of the test message. Various parameters that would normally be taken from the envelope recipient address of the message can be set by means of additional command line options (see the next four options).

-bfd <domain>

This sets the domain of the recipient address when a filter file is being tested by means of the -bf option. The default is the value of $qualify_domain.

-bfl <local part>

This sets the local part of the recipient address when a filter file is being tested by means of the -bf option. The default is the username of the process that calls Exim. A local part should be specified with any prefix or suffix stripped, because that is how it appears to the filter when a message is actually being delivered.

-bfp <prefix>

This sets the prefix of the local part of the recipient address when a filter file is being tested by means of the -bf option. The default is an empty prefix.

-bfs <suffix>

This sets the suffix of the local part of the recipient address when a filter file is being tested by means of the -bf option. The default is an empty suffix.

-bh <IP address>

This option runs a fake SMTP session as if from the given IP address, using the standard input and output. The IP address may include a port number at the end, after a full stop. For example: 

exim -bh 10.9.8.7.1234
exim -bh fe80::a00:20ff:fe86:a061.5678

When an IPv6 address is given, it is converted into canonical form. In the case of the second example above, the value of $sender_host_address after conversion to the canonical form is fe80:0000:0000:0a00:20ff:fe86:a061.5678.

Comments as to what is going on are written to the standard error