Provided by: exim4-config_4.96-3ubuntu1_all bug

NAME

       exim4-config_files - Files in use by the Debian exim4 packages

SYNOPSIS

       /etc/aliases
       /etc/email-addresses
       /etc/exim4/local_host_blacklist
       /etc/exim4/host_local_deny_exceptions
       /etc/exim4/local_sender_blacklist
       /etc/exim4/sender_local_deny_exceptions
       /etc/exim4/local_sender_callout
       /etc/exim4/local_rcpt_callout
       /etc/exim4/local_domain_dnsbl_whitelist
       /etc/exim4/hubbed_hosts
       /etc/exim4/passwd
       /etc/exim4/passwd.client
       /etc/exim4/exim.crt
       /etc/exim4/exim.key

DESCRIPTION

       This  manual  page  describes  the  files that are in use by the Debian exim4 packages and
       which are not part of an exim installation done from source.

/etc/aliases

       is a table providing a mechanism to redirect mail for local recipients. /etc/aliases is  a
       text  file which is roughly compatible with Sendmail. The file should contain lines of the
       form
       name: address, address, ...
       The name is a local address without domain part. All local domains  are  handled  equally.
       For  more  detailed  documentation, please refer to /usr/share/doc/exim4-base/spec.txt.gz,
       chapter 22, and to /usr/share/doc/exim4-base/README.Debian.gz. Please note that it is  not
       possible  to  use delivery to arbitrary files, directories and to pipes. This is forbidden
       in Debian's exim4 default configuration.

       You should at least set up an alias for postmaster in the /etc/aliases file.

/etc/email-addresses

       is used to rewrite the email addresses of users. This is particularly useful for users who
       use their ISP's domain for email.

       The file should contain lines of the form

       user: someone@isp.com
       otheruser: someoneelse@anotherisp.com

       This  way  emails  from  user will appear to be from someone@isp.com to the outside world.
       Technically, the from, reply-to, and sender addresses, along with the envelope sender, are
       rewritten for users that appear to be in the local domain.

/etc/exim4/local_host_blacklist

       [exim  host list] is an optional file containing a list of IP addresses, networks and host
       names whose messages will be denied with the error message "locally blacklisted". This  is
       a  full  exim  4 host list, and all available features can be used. This includes negative
       items, and so it is possible to exclude addresses from being blacklisted. For convenience,
       as  an  additional method to whitelist addresses from being blocked, an explicit whitelist
       is read in from /etc/exim4/host_local_deny_exceptions. Entries in the  whitelist  override
       corresponding blacklist entries.

       In the blacklist, the trick is to read a line break as "or" if it follows a positive item,
       and as "and" if it follows a negative item.

       For example, a /etc/exim4/local_host_blacklist

       192.168.10.0/24
       !172.16.10.128/26
       172.16.10.0/24
       10.0.0.0/8

       Exim just evaluates left to right (or up-down in the file listing context), so  you  don't
       get the same kind of operator binding as in a programming language.

/etc/exim4/host_local_deny_exceptions

       [exim  host  list] contains a list of IP addresses, networks and host names whose messages
       will be accepted despite the address is also  listed  in  /etc/exim4/local_host_blacklist,
       overriding a blacklisting.

/etc/exim4/local_sender_blacklist

       [exim  address  list]  is  an  optional  files containing a list of envelope senders whose
       messages will be denied with the error message "locally blacklisted".  This is a full exim
       4  address list, and all available features can be used. This includes negative items, and
       so it is possible to exclude addresses from being  blacklisted.  For  convenience,  as  an
       additional method to whitelist addresses from being blocked, an explicit whitelist is read
       in  from  /etc/exim4/sender_local_deny_exceptions.  Entries  in  the  whitelist   override
       corresponding blacklist entries.

       In the blacklist, the trick is to read a line break as "or" if it follows a positive item,
       and as "and" if it follows a negative item.

       For example, a /etc/exim4/local_sender_blacklist

       domain1.example
       !local@domain2.example
       domain2.example
       domain3.example

       Exim just evaluates left to right (or up-down in the file listing context), so  you  don't
       get the same kind of operator binding as in a programming language.

/etc/exim4/sender_local_deny_exceptions

       [exim  address  list]  is  an  optional  file  containing a list of envelope senders whose
       messages   will   be   accepted   despite   the   address    being    also    listed    in
       /etc/exim4/local_sender_blacklist, overriding a blacklisting.

/etc/exim4/local_sender_callout

       [exim  address  list]  is  an  optional  file  containing a list of envelope senders whose
       messages are subject to sender verification with a callout. This is a full  exim4  address
       list, and all available features can be used.

/etc/exim4/local_rcpt_callout

       [exim address list] is an optional file containing a list of envelope recipients for which
       incoming messages are subject to recipient verification with a callout.  This  is  a  full
       exim4 address list, and all available features can be used.

/etc/exim4/local_domain_dnsbl_whitelist

       [exim  address  list]  is  an  optional  file  containing a list of envelope senders whose
       messages are exempt from blacklisting via a domain-based  DNSBL.  This  is  a  full  exim4
       address list, and all available features can be used.  This feature is intended to be used
       in case of a domain-based DNSBL being too heavy handed, for example  listing  entire  top-
       level domains for their registry policies.

/etc/exim4/hubbed_hosts

       [exim  domain  list] is an optional file containing a list of route_data records which can
       be used to override or augment MX information from the DNS. This  is  particularly  useful
       for  mail  hubs  which  are  highest-priority MX for a domain in the DNS but are not final
       destination of the messages, passing them on to a host which is not publicly reachable, or
       to temporarily fix mail routing in case of broken DNS setups.

       The file should contain key-value pairs of domain pattern and route data of the form

       domain: host-list options
       dict.ref.example:  mail-1.ref.example:mail-2.ref.example
       foo.example: internal.mail.example.com
       bar.example: 192.168.183.3

       which  will  cause  mail  for foo.example to be sent to the host internal.mail.example (IP
       address derived from A record only), and mail to bar.example to be sent to 192.168.183.3.

       See spec.txt chapter 20.3 through 20.7 for a more detailed explanation of host list format
       and available options.

/etc/exim4/passwd

       contains  account  and  password  data for SMTP authentication when the local exim is SMTP
       server and clients authenticate to the local exim.

       The file should contain lines of the form

       username:crypted-password:clear-password

       crypted-password is the crypt(3)-created hash of your password. You can, for example,  use
       the  mkpasswd  program  from  the  whois  package  to  create  a  crypted  password. It is
       recommended to use a modern hash algorithm, see mkpasswd --method=help. Consider not using
       crypt or MD5.

       clear-password  is  only  necessary  if  you want to offer CRAM-MD5 authentication. If you
       don't plan on doing so, the third column can be omitted completely.

       This file must be readable for the Debian-exim user and should not be readable for others.
       Recommended file mode is root:Debian-exim 640.

/etc/exim4/passwd.client

       contains  account and password data for SMTP authentication when exim is authenticating as
       a client to some remote server.

       The file should contain lines of the form

       target.mail.server.example:login-user-name:password

       which will cause exim to use login-user-name and  password  when  sending  messages  to  a
       server  with  the  canonical  host name target.mail.server.example.  Please note that this
       does not configure the mail server to send to (this is determined in  Debconf),  but  only
       creates the correlation between host name and authentication credentials to avoid exposing
       passwords to the wrong host.

       Please note that target.mail.server.example is currently the value that exim can read from
       reverse  DNS:  It  first  follows  the host name of the target system until it finds an IP
       address, and then looks up the reverse DNS for that IP address to use the outcome of  this
       query   (or   the   IP   address   itself   should   the   query   fail)   as  index  into
       /etc/exim4/passwd.client.

       This goes inevitably wrong if the host name of the mail server is a CNAME (a  DNS  alias),
       or the reverse lookup does not fit the forward one.

       Currently,  you  need  to  manually lookup all reverse DNS names for all IP addresses that
       your SMTP server host name points to, for example by using the host command.  If the  SMTP
       smarthost  alias  expands  to  multiple  IPs,  you need to have multiple lines for all the
       hosts.  When your ISP changes the alias, you will need to manually fix that.

       You may minimize this trouble by using a wild card  entry  or  regular  expressions,  thus
       reducing  the  risk  of divulging the password to the wrong SMTP server while reducing the
       number of necessary lines.  For a deeper discussion, see the Debian BTS #244724.

       password is your SMTP password in clear text. If you do not know about your SMTP password,
       you can try using your POP3 password as a first guess.

       This file must be readable for the Debian-exim user and should not be readable for others.
       Recommended file mode is root:Debian-exim 640.

       # example for CONFDIR/passwd.client
       # this will only match if the server's generic name matches exactly
       mail.server.example:user:password
       # this will deliver the password to any server
       *:username:password
       # this will deliver the password to servers whose generic name ends in
       # mail.server.example
       *.mail.server.example:user:password
       # this will deliver the password to servers whose generic name matches
       # the regular expression
       ^smtp[0-9]*\.mail\.server\.example:user:password

/etc/exim4/exim.crt

       contains the certificate that exim uses to  initiate  TLS  connections.   This  is  public
       information  and  can  be world readable.  /usr/share/doc/exim4-base/examples/exim-gencert
       can be used to generate a private key and self-signed certificate.

/etc/exim4/exim.key

       contains the private key belonging to the certificate in exim.crt.  This  file's  contents
       must     be    kept    secret    and    should    have    mode    root:Debian-exim    640.
       /usr/share/doc/exim4-base/examples/exim-gencert can be used to generate a private key  and
       self-signed certificate.

BUGS

       Plenty. Please report them through the Debian BTS

       This  manual  page  needs  a major re-work. If somebody knows better groff than us and has
       more experience in writing manual pages, any patches would be greatly appreciated.

NOTES

   Unresolvable items in host lists
       Adding or keeping items in the abovementioned host lists which are not resolvable  by  DNS
       has severe consequences.

       e.g.  if  resolving  a  hostname  in  local_host_blacklist  returns a temporary error (DNS
       timeout) exim will not be able to check whether a connecting host is  part  of  the  list.
       Exim will therefore return a temporary SMTP error for every connecting host.

       On  the other hand if there is a permanent error in resolving a name in the host list (the
       record was removed from DNS) exim behaves as if the host does not match the list.  e.g.  a
       local_host_blacklist consisting of

       notresolvable.example.com:rejectme.example.com

       is equivalent to an empty one. - Exim tries to match the IP-address of the connecting host
       to notresolvable.example.com, resolving this IP by DNS  fails,  exim  behaves  as  if  the
       connecting host does not match the list. List processing stops at this point!

       Starting  the  list  with  the special pattern +ignore_unknown as a safeguard against this
       behavior is strongly recommended if hostnames are used in hostlists.

       See Exim specification Chapter Domain, host, address,  and  local  part  lists  ,  section
       Behaviour      when     an     IP     address     or     name     cannot     be     found.
       <http://www.exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html>

SEE ALSO

       exim(8),
       update-exim4.conf(8),
       /usr/share/doc/exim4-base/,
       and    for    general    notes    and    details    about    interaction    with   debconf
       /usr/share/doc/exim4-base/README.Debian.gz

AUTHOR

       Marc Haber <mh+debian-packages@zugschlus.de> with help from Ross Boylan.