bionic (5) exim4_local_rcpt_callout.5.gz

Provided by: exim4-config_4.90.1-1ubuntu1.10_all bug

NAME

       exim4-config_files - Files in use by the Debian exim4 packages

SYNOPSIS

       /etc/aliases
       /etc/email-addresses
       /etc/exim4/local_host_blacklist
       /etc/exim4/host_local_deny_exceptions
       /etc/exim4/local_sender_blacklist
       /etc/exim4/sender_local_deny_exceptions
       /etc/exim4/local_sender_callout
       /etc/exim4/local_rcpt_callout
       /etc/exim4/local_domain_dnsbl_whitelist
       /etc/exim4/hubbed_hosts
       /etc/exim4/passwd
       /etc/exim4/passwd.client
       /etc/exim4/exim.crt
       /etc/exim4/exim.key

DESCRIPTION

       This  manual page describes the files that are in use by the Debian exim4 packages and which are not part
       of an exim installation done from source.

/etc/aliases

       is a table providing a mechanism to redirect mail for local recipients. /etc/aliases is a text file which
       is roughly compatible with Sendmail. The file should contain lines of the form
       name: address, address, ...
       The name is a local address without domain part. All local domains are handled equally. For more detailed
       documentation,   please   refer   to   /usr/share/doc/exim4-base/spec.txt.gz,   chapter   22,   and    to
       /usr/share/doc/exim4-base/README.Debian.gz.  Please  note  that  it  is  not  possible to use delivery to
       arbitrary files, directories and to pipes. This is forbidden in Debian's exim4 default configuration.

       You should at least set up an alias for postmaster in the /etc/aliases file.

/etc/email-addresses

       is used to rewrite the email addresses of users. This is particularly useful  for  users  who  use  their
       ISP's domain for email.

       The file should contain lines of the form

       user: someone@isp.com
       otheruser: someoneelse@anotherisp.com

       This  way  emails from user will appear to be from someone@isp.com to the outside world. Technically, the
       from, reply-to, and sender addresses, along with the envelope sender, are rewritten for users that appear
       to be in the local domain.

/etc/exim4/local_host_blacklist

       [exim  host  list]  is  an optional file containing a list of IP addresses, networks and host names whose
       messages will be denied with the error message "locally blacklisted". This is a full exim  4  host  list,
       and  all  available  features can be used. This includes negative items, and so it is possible to exclude
       addresses from being blacklisted. For convenience, as an additional method to  whitelist  addresses  from
       being  blocked,  an  explicit whitelist is read in from /etc/exim4/host_local_deny_exceptions. Entries in
       the whitelist override corresponding blacklist entries.

       In the blacklist, the trick is to read a line break as "or" if it follows a positive item, and  as  "and"
       if it follows a negative item.

       For example, a /etc/exim4/local_host_blacklist

       192.168.10.0/24
       !172.16.10.128/26
       172.16.10.0/24
       10.0.0.0/8

       Exim  just  evaluates  left  to right (or up-down in the file listing context), so you don't get the same
       kind of operator binding as in a programming language.

/etc/exim4/host_local_deny_exceptions

       [exim host list] contains a list of IP addresses, networks and host names whose messages will be accepted
       despite the address is also listed in /etc/exim4/local_host_blacklist, overriding a blacklisting.

/etc/exim4/local_sender_blacklist

       [exim  address  list]  is  an optional files containing a list of envelope senders whose messages will be
       denied with the error message "locally blacklisted".  This is  a  full  exim  4  address  list,  and  all
       available  features can be used. This includes negative items, and so it is possible to exclude addresses
       from being blacklisted. For convenience, as an  additional  method  to  whitelist  addresses  from  being
       blocked,  an  explicit  whitelist is read in from /etc/exim4/sender_local_deny_exceptions. Entries in the
       whitelist override corresponding blacklist entries.

       In the blacklist, the trick is to read a line break as "or" if it follows a positive item, and  as  "and"
       if it follows a negative item.

       For example, a /etc/exim4/local_sender_blacklist

       domain1.example
       !local@domain2.example
       domain2.example
       domain3.example

       Exim  just  evaluates  left  to right (or up-down in the file listing context), so you don't get the same
       kind of operator binding as in a programming language.

/etc/exim4/sender_local_deny_exceptions

       [exim address list] is an optional file containing a list of envelope  senders  whose  messages  will  be
       accepted  despite  the  address  being  also  listed  in  /etc/exim4/local_sender_blacklist, overriding a
       blacklisting.

/etc/exim4/local_sender_callout

       [exim address list] is an optional file containing a list of envelope senders whose messages are  subject
       to  sender verification with a callout. This is a full exim4 address list, and all available features can
       be used.

/etc/exim4/local_rcpt_callout

       [exim address list] is an optional file containing a list  of  envelope  recipients  for  which  incoming
       messages are subject to recipient verification with a callout. This is a full exim4 address list, and all
       available features can be used.

/etc/exim4/local_domain_dnsbl_whitelist

       [exim address list] is an optional file containing a list of envelope senders whose messages  are  exempt
       from blacklisting via a domain-based DNSBL. This is a full exim4 address list, and all available features
       can be used.  This feature is intended to be used in case of a domain-based DNSBL being too heavy handed,
       for example listing entire top-level domains for their registry policies.

/etc/exim4/hubbed_hosts

       [exim  domain  list]  is  an  optional  file containing a list of route_data records which can be used to
       override or augment MX information from the DNS. This is particularly useful  for  mail  hubs  which  are
       highest-priority  MX  for a domain in the DNS but are not final destination of the messages, passing them
       on to a host which is not publicly reachable, or to temporarily fix mail routing in case  of  broken  DNS
       setups.

       The file should contain key-value pairs of domain pattern and route data of the form

       domain: host-list options
       dict.ref.example:  mail-1.ref.example:mail-2.ref.example
       foo.example: internal.mail.example.com
       bar.example: 192.168.183.3

       which  will  cause  mail for foo.example to be sent to the host internal.mail.example (IP address derived
       from A record only), and mail to bar.example to be sent to 192.168.183.3.

       See spec.txt chapter 20.3 through 20.7 for a more detailed explanation of host list format and  available
       options.

/etc/exim4/passwd

       contains account and password data for SMTP authentication when the local exim is SMTP server and clients
       authenticate to the local exim.

       The file should contain lines of the form

       username:crypted-password:clear-password

       crypted-password is the crypt(3)-created hash of your password. You can, for example,  use  the  mkpasswd
       program  from  the  whois  package  to  create a crypted password. It is recommended to use a modern hash
       algorithm, see mkpasswd --method=help. Consider not using crypt or MD5.

       clear-password is only necessary if you want to offer CRAM-MD5 authentication. If you don't plan on doing
       so, the third column can be omitted completely.

       This  file  must  be readable for the Debian-exim user and should not be readable for others. Recommended
       file mode is root:Debian-exim 640.

/etc/exim4/passwd.client

       contains account and password data for SMTP authentication when exim is authenticating  as  a  client  to
       some remote server.

       The file should contain lines of the form

       target.mail.server.example:login-user-name:password

       which  will  cause  exim  to  use login-user-name and password when sending messages to a server with the
       canonical host name target.mail.server.example.  Please note that this does not configure the mail server
       to  send  to  (this  is  determined  in  Debconf), but only creates the correlation between host name and
       authentication credentials to avoid exposing passwords to the wrong host.

       Please note that target.mail.server.example is currently the value that exim can read from  reverse  DNS:
       It  first  follows the host name of the target system until it finds an IP address, and then looks up the
       reverse DNS for that IP address to use the outcome of this query (or the IP  address  itself  should  the
       query fail) as index into /etc/exim4/passwd.client.

       This  goes  inevitably wrong if the host name of the mail server is a CNAME (a DNS alias), or the reverse
       lookup does not fit the forward one.

       Currently, you need to manually lookup all reverse DNS names for all IP addresses that your  SMTP  server
       host  name  points  to,  for  example  by using the host command.  If the SMTP smarthost alias expands to
       multiple IPs, you need to have multiple lines for all the hosts.  When your ISP changes  the  alias,  you
       will need to manually fix that.

       You  may  minimize this trouble by using a wild card entry or regular expressions, thus reducing the risk
       of divulging the password to the wrong SMTP server while reducing the number of necessary lines.   For  a
       deeper discussion, see the Debian BTS #244724.

       password  is  your  SMTP password in clear text. If you do not know about your SMTP password, you can try
       using your POP3 password as a first guess.

       This file must be readable for the Debian-exim user and should not be readable  for  others.  Recommended
       file mode is root:Debian-exim 640.

       # example for CONFDIR/passwd.client
       # this will only match if the server's generic name matches exactly
       mail.server.example:user:password
       # this will deliver the password to any server
       *:username:password
       # this will deliver the password to servers whose generic name ends in
       # mail.server.example
       *.mail.server.example:user:password
       # this will deliver the password to servers whose generic name matches
       # the regular expression
       ^smtp[0-9]*\.mail\.server\.example:user:password

/etc/exim4/exim.crt

       contains  the certificate that exim uses to initiate TLS connections.  This is public information and can
       be world readable.  /usr/share/doc/exim4-base/examples/exim-gencert can be used to generate a private key
       and self-signed certificate.

/etc/exim4/exim.key

       contains  the  private  key  belonging to the certificate in exim.crt.  This file's contents must be kept
       secret and should have mode root:Debian-exim 640.  /usr/share/doc/exim4-base/examples/exim-gencert can be
       used to generate a private key and self-signed certificate.

BUGS

       Plenty. Please report them through the Debian BTS

       This manual page needs a major re-work. If somebody knows better groff than us and has more experience in
       writing manual pages, any patches would be greatly appreciated.

NOTES

   Unresolvable items in host lists
       Adding or keeping items in the abovementioned host lists which are  not  resolvable  by  DNS  has  severe
       consequences.

       e.g.  if  resolving  a hostname in local_host_blacklist returns a temporary error (DNS timeout) exim will
       not be able to check whether a connecting host is part  of  the  list.   Exim  will  therefore  return  a
       temporary SMTP error for every connecting host.

       On  the  other  hand  if  there is a permanent error in resolving a name in the host list (the record was
       removed from DNS) exim behaves as if the host does  not  match  the  list.  e.g.  a  local_host_blacklist
       consisting of

       notresolvable.example.com:rejectme.example.com

       is  equivalent  to  an  empty  one.  -  Exim  tries  to  match  the  IP-address of the connecting host to
       notresolvable.example.com, resolving this IP by DNS fails, exim behaves as if the  connecting  host  does
       not match the list. List processing stops at this point!

       Starting  the  list  with  the  special  pattern  +ignore_unknown as a safeguard against this behavior is
       strongly recommended if hostnames are used in hostlists.

       See Exim specification Chapter Domain, host, address, and local part lists , section Behaviour when an IP
       address                or                name                cannot               be               found.
       <http://www.exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html>

SEE ALSO

       exim(8),
       update-exim4.conf(8),
       /usr/share/doc/exim4-base/,
       and      for      general      notes      and      details     about     interaction     with     debconf
       /usr/share/doc/exim4-base/README.Debian.gz

AUTHOR

       Marc Haber <mh+debian-packages@zugschlus.de> with help from Ross Boylan.