--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/Makefile Wed Jan 14 22:31:56 2015 +0100
@@ -0,0 +1,15 @@
+TXT = abstract.txt
+HTML = out/abstract.html
+
+REVISION = ${shell hg id -tibB}
+DATE = ${shell date -I}
+
+
+.PHONY: all clean
+
+all: ${HTML}
+clean: ; rm -f ${HTML}
+
+out/%.html: %.txt
+ @mkdir -p ${dir $@}
+ asciidoc -a revision="${REVISION}" -a date="${DATE}" -o $@ $<
--- a/abstract Fri Dec 19 11:53:34 2014 +0100
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,999 +0,0 @@
-Konfig im Detail
-----------------
-
-# Welche Konfiguration wird eingelesen?
-
- > exim -bV | tail -n 1
- TODO: exim -be '$configure_file'
-
- > exim -bP configure_file
-
-# Wann wird die Konfiguration eingelesen?
-
- - Klar - beim Start
- - Aber - wann wird gestartet?
- - Start Daemon
- - Signal HUP
- - re-exec for verschiedene Zwecke
- - Achtung:
- - exim4.conf + .include ist "statisch"
- - lists, lookups, … "dynamisch"
- - Config-Parser: nur simple Syntax-Checks
- - trim, "de-comment"
-
-# Syntax der Konfiguration
-
-## Macros und …
- - Macros - Text-Ersatz während des Einlesens,
- ggf. bedingt über .ifdef
- - .include, .include_ifexists
-
- > exim -DFOO=bar -C <(echo primary_hostname = FOO) -bP primary_hostname
-
-## Options
- - statische Namen
- - benamste Listen
- - Instanzen von Routern, Transports, ..
-
-## Values
-
-### bool
- Format: true|yes|false|no
- <option> eg: split_spool_directory
- no_<option> eg: no_split_spool_directory
- not_<option> eg: not_split_spool_directory
-
-
- +---------------------+---------+-------------+--------------+
- |split_spool_directory|Use: main|Type: boolean|Default: false|
- +---------------------+---------+-------------+--------------+
- > exim -C <(echo split_spool_directory = no) -bP split_spool_directory
-
-
-### integer:
- Format: <n>[<suffix>] eg: 27M
- 0<n>[<suffix>] eg: 01000M
- 0x<n>[<suffix>] eg: 0xFFFFK
- suffix: k|m
-
- +-----------------+---------+-------------+----------+
- |check_spool_space|Use: main|Type: integer|Default: 0|
- +-----------------+---------+-------------+----------+
- > exim -C <(echo check_spool_space = 01000M) -bP check_spool_space
-
-### fixed-point
- Format: <i>[.d[d[d]]] eg: 0.234
-
- +----------------------+---------+-----------------+--------------+
- |deliver_queue_load_max|Use: main|Type: fixed-point|Default: unset|
- +----------------------+---------+-----------------+--------------+
- > exim -C <(echo deliver_queue_load_max = 3.3) -bP deliver_queue_load_max
-
-### time intervals
- Format: n<suffix>... eg: 2w3d
- suffix: s|m|h|d|w
-
- +---------+---------+----------+-----------+
- |auto_thaw|Use: main|Type: time|Default: 0s|
- +---------+---------+----------+-----------+
- > exim -C <(echo auto_thaw = 1w7s) -bP auto_thaw
-
-### strings
- Fromat: <string> eg: localhost
- <"string"> eg: " A\x42C"
-
- Quoting für \\, \n, \r, \t, \ddd, \xdd und führende oder baumelnde Spaces
-
- - Vorsicht: Expansion
- - Vorsicht: User/Groups
-
- +----------------+---------+------------+------------------+
- |primary_hostname|Use: main|Type: string|Default: see below|
- +----------------+---------+------------+------------------+
- > exim -C <(echo 'primary_hostname = a\x41b') -bP primary_hostname
- > exim -C <(echo 'primary_hostname = "a\x41b"') -bP primary_hostname
-
- Steuerzeichen werden für die Ausgabe escaped:
- > exim -C <(echo 'primary_hostname = "a\x091b"') -bP primary_hostname
-
-
-### Lists
- Format: <item>:… eg: a:b:c:d vs. a:b::c:d
- eg: : -> ein leeres Element
- [<<sep> <item><sep>…] eg: <, a,b,c
-
- - leere Felder am Ende werden „gestrippt“
- - Whitespace der Felder wird gestrippt
- - leeres Feld in der Mitte: a: :b
- - leeres Felder am Anfang bleibt
- - "Escapen" des Listentrenners durch Verdoppeln
-
- a : b::c : d -> (a) (b:c) (d)
-
- > exim -be '${map{:a:b:c,}{<$item>}}'
- > exim -be '${map{<,,a,b,c,}{<$item>}}'
-
- > exim -C <(echo domainlist local_domains = 'a:b::c:d') -be '${listnamed:local_domains}'
-
-
-### Regexp
- Format ^…
-
- Beginnt mit ^, damit es sich von einem normalen String unterscheidet!
- Achtung, Backslash ggf. vom String-Expander gefressen,
- hauptsächlich in Listen, die RE enthalten dürfen
-
- Ggf. mit \N..\N
-
-## Lookups
-
- - 2 Syntaxen
- - 2 Types
- => 4 Varianten
-
-### Syntax 1: explizit - der Key oder die Frage wird ausdrücklich formuliert
- es ist ein String-Expansion. s.u.
-
- ${lookup{<key>}<type>{file}} eg: ${lookup{$domain}dsearch{/etc/exim4/domains}}
- ${lookup <type> {<query>}} eg: ${lookup ldap {ldap:///o=roka?mail?sub?uid=${quote_ldap:$local_part}}}
-
- Liefert eine Liste zurück, ggf. Listentrenner unorthodox und muss massiert werden
-
-### Syntax 2: implizit - der Key ergibt sich aus dem Kontext
- keine Stringexpansion, sondern ein Element für sich
-
-
- <type>;<file> eg: domains = dsearch;/etc/exim4/domains
- <type>;<query> eg: domains = sqlite;/etc/db.sqlite SELECT … WHERE ${quote_sqlite:$local_part} …
- domains = ldap;ldap:///o=roka?mail?sub?…
-
- - Auffindes des "impliziten" Keys
- - Query: Success der Query ist entscheidend, nicht der Resultat-Wert
- - Achtung: In einer Liste ggf. an den Listentrenner denken!
- domains = ldap;ldap::///o=…
-
-### Style 1: Single Key
-
- ${lookup{<key>}<type>{<file>} eg: ${lookup{$sender_host_address}iplsearch{/etc/exim4/blacklist}}
- <type>;<file> eg: hosts = iplsearch;/etc/exim4/blacklist
-
- <type> ist dann lsearch, dsearch, iplsearch, …
-
-### Style 2: Query Style
-
- ${lookup <type> {<query>}} eg: ${lookup dnsdb{mxh=roka.net}}
- <type>;<query> eg: dnsdb;mxh=roka.net
-
-
- Matrix
-
- style| single key | query style
- syntax \| |
- ---------+--------------------------------+---------------------------
- explicit | ${lookup{<key>}<type>{<file>} | ${lookup <type> {<query>}}
- implizit | <type>;<file> | [ <type>;<query> ]
-
-
- eg. config:
-
- domains = ${lookup{$domain}lsearch{/etc/exim4/local_domains}} # WRONG
- = <\n ${lookup mysql { SELECT domain FROM domains }} # BETTER
- = ${lookup mysql { SELECT DISTINCT(domain) FROM domains WHERE domain = $domain}} # ggf BEST
- vs
- domains = lsearch;/etc/exim4/local_domains # OK
-
-
-## Named Lists
- Format: <listtype> <name>
- <listtype>_cache <name>
- Bezug: +<name>
-
- Typen: domainlist, hostlist, addresslist, localpartlist
- Caching nur wenn die RHS keine '$' enthält, also konstante Ergebnisse zu erwarten sind.
-
- Jeder Listtyp hat seine Eigenarten.
-
- > exim -bP +<name>
-
-### domainlist
-
- domainlist - @, @mx_primary, @mx_secondary, @mx_any, <pattern>, lookup, literal
- hostlist - Namen, Adressen spec(10.11 ff)
-
-
-## String-Expansion
-
- - von links nach rechts: $ und \ wirken als Trigger
-
- > exim -be [<string>]
- > exim -bem <message-file> [<string>]
- > exim -be -Mset <spool-id> [<string>]
-
- eg: exim -be '$primary_hostname'
- exim -be '$tod_full'
- exim -bem <(echo 'Subject: Hi') '$h_subject:'
-
- Expansionen liefern neuen Text zurück oder können „forced expansion failure“
- bewirken
-
-## Expansions-Items
-
-### Variablen
- Format: $<variable> eg: $localhost_number
- ${<variable>}
-
-### Operatoren
- Format: ${<op>:<string>}
- Für einfache Expansionen, lc, uc, hash, …
-
-### Funktionen
- Format ${<function>{string1}...}
-
-# Debugging
-
-## Konfiguration
-
- - > exim -bV
-
-## Routing / Transport
-
- > exim -bt <address>
- > exim -bts <address>
-
- > exim -bv <address>
- > exim -bvs <address>
-
- Routing, Fake-Delivery
- > exim -N < <message-file>
-
- Fake-SMTP-Session
- > exim -bh <sender-ip>
- > swaks --pipe 'exim -bh <sender-ip>' -f <sender> -t <rcpt>
- (note: --tls-cert, --tls-key Optionen sind für SWAKS vorhanden, um ein
- Client-Zertifikat mitzuschicken, aber offenbar erst in neueren Versionen
- von swaks)
-
- - debug_print Option für Router und Transports
-
-
-### Minimalkonfiguration
-
- .-[ m.conf ]-------- {{{
- |exim_user = exim
- |spool_directory = /tmp/exim-spool
- |log_file_path =
- |
- |begin routers
- |
- | default:
- | driver = accept
- | transport = null
- | no_more
- |
- |begin transports
- |
- | null:
- | driver = appendfile
- | file = /dev/null
- `------------- }}}
-
-
-# Routing
-
- - Preconditions
- - Driver und Driver-Options
- Result: - accept -> DONE (transport oder neue Adresse)
- - pass -> pass_router (bzw. nächster Router)
- - decline -> nächster Router (or fail, wenn no_more)
- - fail -> DONE (bounce)
- - defer -> Semi-DONE (re-queue)
- - error -> wie defer
-
-# Hint-Databases
-
- liegen in $spool_directory/db
- - retry
- - wait-<transport>
- - callout
- - ratelimit
- - misc
-
- Sind verzichtbar!
-
-## Wartung
-
-### Ansehen
-
- > exim_dumpdb <spool_dir> <db>
- eg: exim_dumpdb /var/spool/exim4
-
- Je nach DB unterschiedliches Format
-
-### Verändern
-
- Aufräumen
- > exim_tidyb <spool_dir> <db> (Cronjob)
-
- Reparieren
- > exim_fixdb <spool_dir> <db>
-
- … that's it …
-
-### Retry
-
- exinext - Route: Adressproblem
- Transport: Hostproblem
-
-# Acess Control Lists
-
- acl_not_smtp ACL for non-SMTP messages
- acl_not_smtp_mime ACL for non-SMTP MIME parts
- acl_not_smtp_start ACL at start of non-SMTP message
- acl_smtp_auth ACL for AUTH
- acl_smtp_connect ACL for start of SMTP connection
- acl_smtp_data ACL after DATA is complete
- acl_smtp_data_prdr ACL for each recipient, after DATA is complete
- acl_smtp_etrn ACL for ETRN
- acl_smtp_expn ACL for EXPN
- acl_smtp_helo ACL for HELO or EHLO
- acl_smtp_mail ACL for MAIL
- acl_smtp_mailauth ACL for the AUTH parameter of MAIL
- acl_smtp_mime ACL for content-scanning MIME parts
- acl_smtp_notquit ACL for non-QUIT terminations
- acl_smtp_predata ACL at start of DATA command
- acl_smtp_quit ACL for QUIT
- acl_smtp_rcpt ACL for RCPT
- acl_smtp_starttls ACL for STARTTLS
- acl_smtp_vrfy ACL for VRFY
-
- acl_<hook> = <aclverb> | <filename> | <acl-name>
-
- eg: acl_smtp_rcpt = acl_check_rcpt
- acl_smtp_rcpt = acl_check_rcpt_${primary_hostname}
-
-## Policies
-
-### acl_smtp_rcpt
-
- Abweisung einzelner Empfänger, noch kein Content!
-
-### acl_smtp_data
-
- Content-Scan. Nicht mehr für einzelne Empfänger,
- $local_part, $domain steht nicht mehr zur Verfügung,
- aber $recpients, $rcpt_count, …
-
-## Return-Values
-
- - accept
- - defer
- - deny
- - discard
-
- default: "accept", ausser bei acl_smtp_rcpt, dort ist es "deny"
- implizit "deny" am Ende jeder ACL!
-
-
-## Test
-
- > exim -bh <ip> # ohne callouts
- > exim -bhc <ip> # mit callouts
- > swaks --pipe 'exim -bh <ip> -C <config>' -f <sender> -t <rcpt>
-
- exim -N hilft nicht, ist nicht für die SMTP acl
- relevant!
-
-## Format
-
- <aclverb> [<condition>]
- …
- [<modifier]
-
- Bedingungen müssen erfüllt sein, Order matters, Abbruch
- bei nicht erfüllter Bedingung! Modifier sind immer "true"
-
-### Verb
-
- accept, defer, deny, discard, drop, require, warn
-
-### Modifier
-
- message = [code] text
- log_message = text
-
- Immediate:
- logwrite = …
- control = …
- set = …
- add_header = …
- remove_header = …
- delay = …
-
-### Conditions
-
- <condition> = <value>
-
- eg: deny hosts = !192.168.3.8 # neg. Liste
- deny !hosts = 192.168.3.8 # neg. Resultat
-
- vs: deny !verify = recipient # works
- deny verify = !recipient # FALSCH
-
-
- Wert der Condition und von Modifiern wird expandiert.
- Force Failure bedeutet: Condition war nicht anwesend!
-
- Reihenfolge ist wichtig! Short Circuit.
- Position der Modifier ist wichtig!
-
-
-
-# DNS Lookups
-
-## DNSSEC
- dns_dnssec_ok = 1
-
- dnslookup.dnssec_require_domains = # leider noch falsche Syntax
- smtp.dnssec_require_domains = # leider noch falsche Syntax
- dnslookup.dnssec_request_domains = # leider noch falsche Syntax
- smtp.dnssec_request_domains = # leider noch falsche Syntax
-
-# Anhang
-
-## Misc
-
- Spec.txt durchsuchen (less):
- - Option /^.<option> eg: |exim_user|
- - Variable /^\$<variable eg: $localhost_number
- - Operators: /^\$\{<operator>: eg: ${hash:<string>} …
- - Condition: /^<condition> \{ eg: eq {<string1>}{<string2>} …
- - Functions: /^\$\{<function\{ eg: ${map{<string1>}{<string2>}} …
- - ACL conditions /^<condition> = eg: malware = …
-
-// Die folgenden Listen sind durch einfaches Greppen im Spec-File bzw.
-// im spec.xfpt enstanden, also weder vollständig noch zwingend korrekt!
-
-## Liste globaler Optionen {{{
-
- accept_8bitmime
- acl_not_smtp
- acl_not_smtp_mime
- acl_not_smtp_start
- acl_smtp_auth
- acl_smtp_connect
- acl_smtp_data
- acl_smtp_data_prdr
- acl_smtp_etrn
- acl_smtp_expn
- acl_smtp_helo
- acl_smtp_mail
- acl_smtp_mailauth
- acl_smtp_mime
- acl_smtp_predata
- acl_smtp_quit
- acl_smtp_rcpt
- acl_smtp_starttls
- acl_smtp_vrfy
- admin_groups
- allow_domain_literals
- allow_mx_to_ip
- allow_utf8_domains
- auth_advertise_hosts
- auto_thaw
- av_scanner
- bi_command
- bounce_message_file
- bounce_message_text
- bounce_return_body
- bounce_return_message
- bounce_return_size_limit
- bounce_sender_authentication
- callout_domain_negative_expire
- callout_domain_positive_expire
- callout_negative_expire
- callout_positive_expire
- callout_random_local_part
- check_log_inodes
- check_log_space
- check_rfc2047_length
- check_spool_inodes
- check_spool_space
- daemon_smtp_ports
- daemon_startup_retries
- daemon_startup_sleep
- delay_warning
- delay_warning_condition
- deliver_drop_privilege
- deliver_queue_load_max
- delivery_date_remove
- disable_fsync
- disable_ipv6
- dns_again_means_nonexist
- dns_check_names_pattern
- dns_csa_search_limit
- dns_csa_use_reverse
- dns_dnssec_ok
- dns_ipv4_lookup
- dns_retrans
- dns_retry
- dns_use_edns0
- drop_cr
- dsn_from
- envelope_to_remove
- errors_copy
- errors_reply_to
- exim_group
- exim_path
- exim_user
- extra_local_interfaces
- finduser_retries
- freeze_tell
- gecos_name
- gecos_pattern
- gnutls_compat_mode
- header_line_maxsize
- header_maxsize
- headers_charset
- helo_accept_junk_hosts
- helo_allow_chars
- helo_lookup_domains
- helo_try_verify_hosts
- helo_verify_hosts
- hold_domains
- host_lookup
- host_lookup_order
- host_reject_connection
- hosts_connection_nolog
- hosts_treat_as_local
- ibase_servers
- ignore_bounce_errors_after
- ignore_fromline_hosts
- ignore_fromline_local
- keep_malformed
- ldap_ca_cert_dir
- ldap_ca_cert_file
- ldap_cert_file
- ldap_cert_key
- ldap_cipher_suite
- ldap_default_servers
- ldap_require_cert
- ldap_start_tls
- ldap_version
- local_from_check
- local_from_prefix
- local_from_suffix
- local_interfaces
- local_scan_timeout
- local_sender_retain
- localhost_number
- log_file_path
- log_selector
- log_timezone
- lookup_open_max
- max_username_length
- message_body_newlines
- message_body_visible
- message_id_header_domain
- message_id_header_text
- message_logs
- message_size_limit
- move_frozen_messages
- mua_wrapper
- mysql_servers
- never_users
- openssl_options
- oracle_servers
- percent_hack_domains
- perl_at_start
- perl_startup
- pgsql_servers
- pid_file_path
- pipelining_advertise_hosts
- prdr_enable
- preserve_message_logs
- primary_hostname
- print_topbitchars
- process_log_path
- prod_requires_admin
- qualify_domain
- qualify_recipient
- queue_domains
- queue_list_requires_admin
- queue_only
- queue_only_file
- queue_only_load
- queue_only_load_latch
- queue_only_override
- queue_run_in_order
- queue_run_max
- queue_smtp_domains
- receive_timeout
- received_header_text
- received_headers_max
- recipient_unqualified_hosts
- recipients_max
- recipients_max_reject
- remote_max_parallel
- remote_sort_domains
- retry_data_expire
- retry_interval_max
- return_path_remove
- return_size_limit
- rfc1413_hosts
- rfc1413_query_timeout
- sender_unqualified_hosts
- smtp_accept_keepalive
- smtp_accept_max
- smtp_accept_max_nonmail
- smtp_accept_max_nonmail_hosts
- smtp_accept_max_per_connection
- smtp_accept_max_per_host
- smtp_accept_queue
- smtp_accept_queue_per_connection
- smtp_accept_reserve
- smtp_active_hostname
- smtp_banner
- smtp_check_spool_space
- smtp_connect_backlog
- smtp_enforce_sync
- smtp_etrn_command
- smtp_etrn_serialize
- smtp_load_reserve
- smtp_max_synprot_errors
- smtp_max_unknown_commands
- smtp_ratelimit_hosts
- smtp_ratelimit_mail
- smtp_ratelimit_rcpt
- smtp_receive_timeout
- smtp_reserve_hosts
- smtp_return_error_details
- spamd_address
- split_spool_directory
- spool_directory
- sqlite_lock_timeout
- strict_acl_vars
- strip_excess_angle_brackets
- strip_trailing_dot
- syslog_duplication
- syslog_facility
- syslog_processname
- syslog_timestamp
- system_filter
- system_filter_directory_transport
- system_filter_file_transport
- system_filter_group
- system_filter_pipe_transport
- system_filter_reply_transport
- system_filter_user
- tcp_nodelay
- timeout_frozen_after
- timezone
- tls_advertise_hosts
- tls_certificate
- tls_crl
- tls_dh_max_bits
- tls_dhparam
- tls_ocsp_file
- tls_on_connect_ports
- tls_privatekey
- tls_remember_esmtp
- tls_require_ciphers
- tls_try_verify_hosts
- tls_verify_certificates
- tls_verify_hosts
- trusted_groups
- trusted_users
- unknown_login
- unknown_username
- untrusted_set_sender
- uucp_from_pattern
- uucp_from_sender
- warn_message_file
- write_rejectlog
-
-
- }}}
-
-## Liste von Expansionsvariablen {{{
-
- $acl_narg
- $acl_verify_message
- $address_data
- $address_file
- $address_pipe
- $authenticated_fail_id
- $authenticated_id
- $authenticated_sender
- $authentication_failed
- $av_failed
- $body_linecount
- $body_zerocount
- $bounce_recipient
- $bounce_return_size_limit
- $caller_gid
- $caller_uid
- $compile_date
- $compile_number
- $demime_errorlevel
- $demime_errorlevel
- $demime_reason
- $demime_reason
- $dnslist_domain
- $domain
- $domain_data
- $exim_gid
- $exim_path
- $exim_uid
- $found_extension
- $found_extension
- $header_
- $headers_added
- $home
- $host
- $host_address
- $host_data
- $host_lookup_deferred
- $host_lookup_failed
- $host_port
- $inode
- $interface_address
- $interface_port
- $item
- $ldap_dn
- $load_average
- $local_part
- $local_part_data
- $local_part_prefix
- $local_part_suffix
- $local_scan_data
- $local_user_gid
- $local_user_uid
- $localhost_number
- $log_inodes
- $log_space
- $lookup_dnssec_authenticated
- $mailstore_basename
- $malware_name
- $max_received_linelength
- $message_age
- $message_body
- $message_body_end
- $message_body_size
- $message_exim_id
- $message_headers
- $message_headers_raw
- $message_id
- $message_linecount
- $message_size
- $mime_
- $mime_boundary
- $mime_charset
- $mime_content_description
- $mime_content_disposition
- $mime_content_id
- $mime_content_size
- $mime_content_transfer_encoding
- $mime_content_type
- $mime_decoded_filename
- $mime_filename
- $mime_is_coverletter
- $mime_is_multipart
- $mime_is_rfc822
- $mime_part_count
- $original_domain
- $original_local_part
- $originator_gid
- $originator_uid
- $parent_domain
- $parent_local_part
- $pid
- $pipe_addresses
- $primary_hostname
- $prvscheck_address
- $prvscheck_keynum
- $prvscheck_result
- $qualify_domain
- $qualify_recipient
- $rcpt_count
- $rcpt_defer_count
- $rcpt_fail_count
- $received_count
- $received_for
- $received_ip_address
- $received_port
- $received_protocol
- $received_time
- $recipient_data
- $recipient_verify_failure
- $recipients
- $recipients_count
- $regex_match_string
- $reply_address
- $return_path
- $return_size_limit
- $router_name
- $runrc
- $self_hostname
- $sender_address
- $sender_address_data
- $sender_address_domain
- $sender_address_local_part
- $sender_data
- $sender_fullhost
- $sender_helo_name
- $sender_host_address
- $sender_host_authenticated
- $sender_host_dnssec
- $sender_host_name
- $sender_host_port
- $sender_ident
- $sender_rate_
- $sender_rcvhost
- $sender_verify_failure
- $sending_ip_address
- $sending_port
- $smtp_active_hostname
- $smtp_command
- $smtp_command_argument
- $smtp_count_at_connection_start
- $spam_
- $spam_bar
- $spam_report
- $spam_score
- $spam_score_int
- $spool_directory
- $spool_inodes
- $spool_space
- $thisaddress
- $tls_in_bits
- $tls_in_certificate_verified
- $tls_in_cipher
- $tls_in_ocsp
- $tls_in_ourcert
- $tls_in_peercert
- $tls_in_peerdn
- $tls_in_sni
- $tls_out_bits
- $tls_out_certificate_verified
- $tls_out_cipher
- $tls_out_ocsp
- $tls_out_ourcert
- $tls_out_peercert
- $tls_out_peerdn
- $tls_out_sni
- $tod_bsdinbox
- $tod_epoch
- $tod_epoch_l
- $tod_full
- $tod_log
- $tod_logfile
- $tod_zone
- $tod_zulu
- $transport_name
- $value
- $verify_mode
- $version_number
- $warn_message_delay
- $warn_message_recipients
-
- }}}
-
-## Liste von Operatoren {{{
-
- ${address:
- ${addresses:
- ${base62:
- ${base62d:
- ${domain:
- ${escape:
- ${eval:
- ${expand:
- ${from_utf8:
- ${hex2b64:
- ${hexquote:
- ${lc:
- ${listcount:
- ${listnamed:
- ${local_part:
- ${mask:
- ${md5:
- ${quote:
- ${quote_local_part:
- ${randint:
- ${reverse_ip:
- ${rfc2047:
- ${rfc2047d:
- ${rxquote:
- ${sha1:
- ${sha256:
- ${stat:
- ${str2b64:
- ${strlen:
- ${time_eval:
- ${time_interval:
- ${uc:
- ${utf8clean:
-
- }}}
-
-## List of Conditions {{{
-
- acl
- and
- bool
- bool_lax
- crypteq
- eq
- exists
- ge
- gt
- inlist
- isip
- ldapauth
- le
- lt
- match
- match_address
- match_domain
- match_ip
- match_local_part
- or
- pam
- pwcheck
- radius
-
- }}}
-
-## List of Functions {{{
-
- ${acl
- ${certextract
- ${dlfunc
- ${extract
- ${extract
- ${filter
- ${hash
- ${hmac
- ${length
- ${listextract
- ${lookup
- ${map
- ${nhash
- ${perl
- ${prvs
- ${prvscheck
- ${readfile
- ${readsocket
- ${reduce
- ${run
- ${sg
- ${sort
- ${substr
- ${tr
-
- }}}
-
-## Routing Pre-Conditions {{{
-
- address_test
- check_local_user
- condition
- domains
- expn
- local_part_prefix
- local_part_suffix
- local_parts
- require_files
- senders
- verify
- verify_only
- verify_recipient
- verify_sender
-
- }}}
-
-
-Cheat sheet: http://www.datadisk.co.uk/html_docs/exim/exim_cs.htm
-
-# vim:tw=0:et:ts=4:sw=4:fdm=marker:
-
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/abstract.txt Wed Jan 14 22:31:56 2015 +0100
@@ -0,0 +1,1052 @@
+Kurzer Konfigurationsritt
+=========================
+:Author: Heiko Schlittermann
+:Toc:
+:data-uri:
+:icons:
+:numbered:
+
+
+== Konfig im Detail ==
+
+Welche Konfiguration wird eingelesen? Je nach Installation kann das
+ein anderes File sind.
+
+.aktive Konfiguration ermitteln:
+----
+> exim -bV | tail -n 1
+> exim -bP configure_file
+----
+
+.aktive Konfiguration ändern
+----
+> exim -C `pwd`/test.config …
+----
+
+Die Konfiguration öfter gelesen, als vielleicht erwartet:
+
+* Klar - beim Start
+* Aber - wann wird gestartet?
+ ** Start des Daemon
+ ** Signal HUP
+ ** re-exec for verschiedene Zwecke
+* Achtung:
+ ** exim4.conf + .include ist "statisch"
+ ** lists, lookups, … "dynamisch"
+
+Der Config-Parser ist ziemlich einfach.
+
+* einfache Syntax-Checks
+* Erst „de-comment“, dann „trimm“, dann Fortsetzungszeilen mit `\`
+ am Ende
+
+== Syntax der Konfiguration ==
+
+Es gibt Macros.
+
+* Macros - Text-Ersatz während des Einlesens,
+ ggf. bedingt über `.ifdef`
+* `.include`, `.include_ifexists`
+
+.Macro-Ersetzungen
+----
+FOO = foo <1>
+FOO == bar <2>
+primary_hostname = FOO
+----
+<1> Definition
+<2> Re-Definition
+
+Es gibt weitere Elemente:
+
+* Optionsnamen
+* benamste Listen
+* Instanzen von Routern, Transports, …
+
+== Werte ==
+
+Optionen und Listen haben Werte. Es gibt _bool_, _integer_, _fixed-point_, _time_ und _string_.
+
+=== Bool ===
+
+_bool_ sind einfache Schalter.
+
+.Format
+----
+true
+false
+<option>
+no_<option>
+not_<option>
+----
+
+----
+split_spool_directory
+not_split_spool_directory
+split_spool_directory = true
+split_spool_directory = no
+----
+
+.spect.txt
+ +---------------------+---------+-------------+--------------+
+ |split_spool_directory|Use: main|Type: boolean|Default: false|
+ +---------------------+---------+-------------+--------------+
+
+=== Integer ===
+
+Zahlen halt. Ganze Zahlen.
+
+.Format
+----
+ <n>[<suffix>]
+ 0<n>[<suffix>]
+0x<n>[<suffix>]
+ suffix: k|m
+----
+
+----
+check_spool_space = 10M
+----
+
+.spec.txt
+ +-----------------+---------+-------------+----------+
+ |check_spool_space|Use: main|Type: integer|Default: 0|
+ +-----------------+---------+-------------+----------+
+
+
+
+### fixed-point
+ Format: <i>[.d[d[d]]] eg: 0.234
+
+ +----------------------+---------+-----------------+--------------+
+ |deliver_queue_load_max|Use: main|Type: fixed-point|Default: unset|
+ +----------------------+---------+-----------------+--------------+
+ > exim -C <(echo deliver_queue_load_max = 3.3) -bP deliver_queue_load_max
+
+### time intervals
+ Format: n<suffix>... eg: 2w3d
+ suffix: s|m|h|d|w
+
+ +---------+---------+----------+-----------+
+ |auto_thaw|Use: main|Type: time|Default: 0s|
+ +---------+---------+----------+-----------+
+ > exim -C <(echo auto_thaw = 1w7s) -bP auto_thaw
+
+### strings
+ Fromat: <string> eg: localhost
+ <"string"> eg: " A\x42C"
+
+ Quoting für \\, \n, \r, \t, \ddd, \xdd und führende oder baumelnde Spaces
+
+ - Vorsicht: Expansion
+ - Vorsicht: User/Groups
+
+ +----------------+---------+------------+------------------+
+ |primary_hostname|Use: main|Type: string|Default: see below|
+ +----------------+---------+------------+------------------+
+ > exim -C <(echo 'primary_hostname = a\x41b') -bP primary_hostname
+ > exim -C <(echo 'primary_hostname = "a\x41b"') -bP primary_hostname
+
+ Steuerzeichen werden für die Ausgabe escaped:
+ > exim -C <(echo 'primary_hostname = "a\x091b"') -bP primary_hostname
+
+
+### Lists
+ Format: <item>:… eg: a:b:c:d vs. a:b::c:d
+ eg: : -> ein leeres Element
+ [<<sep> <item><sep>…] eg: <, a,b,c
+
+ - leere Felder am Ende werden „gestrippt“
+ - Whitespace der Felder wird gestrippt
+ - leeres Feld in der Mitte: a: :b
+ - leeres Felder am Anfang bleibt
+ - "Escapen" des Listentrenners durch Verdoppeln
+
+ a : b::c : d -> (a) (b:c) (d)
+
+ > exim -be '${map{:a:b:c,}{<$item>}}'
+ > exim -be '${map{<,,a,b,c,}{<$item>}}'
+
+ > exim -C <(echo domainlist local_domains = 'a:b::c:d') -be '${listnamed:local_domains}'
+
+
+### Regexp
+ Format ^…
+
+ Beginnt mit ^, damit es sich von einem normalen String unterscheidet!
+ Achtung, Backslash ggf. vom String-Expander gefressen,
+ hauptsächlich in Listen, die RE enthalten dürfen
+
+ Ggf. mit \N..\N
+
+## Lookups
+
+ - 2 Syntaxen
+ - 2 Types
+ => 4 Varianten
+
+### Syntax 1: explizit - der Key oder die Frage wird ausdrücklich formuliert
+ es ist ein String-Expansion. s.u.
+
+ ${lookup{<key>}<type>{file}} eg: ${lookup{$domain}dsearch{/etc/exim4/domains}}
+ ${lookup <type> {<query>}} eg: ${lookup ldap {ldap:///o=roka?mail?sub?uid=${quote_ldap:$local_part}}}
+
+ Liefert eine Liste zurück, ggf. Listentrenner unorthodox und muss massiert werden
+
+### Syntax 2: implizit - der Key ergibt sich aus dem Kontext
+ keine Stringexpansion, sondern ein Element für sich
+
+
+ <type>;<file> eg: domains = dsearch;/etc/exim4/domains
+ <type>;<query> eg: domains = sqlite;/etc/db.sqlite SELECT … WHERE ${quote_sqlite:$local_part} …
+ domains = ldap;ldap:///o=roka?mail?sub?…
+
+ - Auffindes des "impliziten" Keys
+ - Query: Success der Query ist entscheidend, nicht der Resultat-Wert
+ - Achtung: In einer Liste ggf. an den Listentrenner denken!
+ domains = ldap;ldap::///o=…
+
+### Style 1: Single Key
+
+ ${lookup{<key>}<type>{<file>} eg: ${lookup{$sender_host_address}iplsearch{/etc/exim4/blacklist}}
+ <type>;<file> eg: hosts = iplsearch;/etc/exim4/blacklist
+
+ <type> ist dann lsearch, dsearch, iplsearch, …
+
+### Style 2: Query Style
+
+ ${lookup <type> {<query>}} eg: ${lookup dnsdb{mxh=roka.net}}
+ <type>;<query> eg: dnsdb;mxh=roka.net
+
+
+ Matrix
+
+ style| single key | query style
+ syntax \| |
+ ---------+--------------------------------+---------------------------
+ explicit | ${lookup{<key>}<type>{<file>} | ${lookup <type> {<query>}}
+ implizit | <type>;<file> | [ <type>;<query> ]
+
+
+ eg. config:
+
+ domains = ${lookup{$domain}lsearch{/etc/exim4/local_domains}} # WRONG
+ = <\n ${lookup mysql { SELECT domain FROM domains }} # BETTER
+ = ${lookup mysql { SELECT DISTINCT(domain) FROM domains WHERE domain = $domain}} # ggf BEST
+ vs
+ domains = lsearch;/etc/exim4/local_domains # OK
+
+
+## Named Lists
+ Format: <listtype> <name>
+ <listtype>_cache <name>
+ Bezug: +<name>
+
+ Typen: domainlist, hostlist, addresslist, localpartlist
+ Caching nur wenn die RHS keine '$' enthält, also konstante Ergebnisse zu erwarten sind.
+
+ Jeder Listtyp hat seine Eigenarten.
+
+ > exim -bP +<name>
+
+### domainlist
+
+ domainlist - @, @mx_primary, @mx_secondary, @mx_any, <pattern>, lookup, literal
+ hostlist - Namen, Adressen spec(10.11 ff)
+
+
+## String-Expansion
+
+ - von links nach rechts: $ und \ wirken als Trigger
+
+ > exim -be [<string>]
+ > exim -bem <message-file> [<string>]
+ > exim -be -Mset <spool-id> [<string>]
+
+ eg: exim -be '$primary_hostname'
+ exim -be '$tod_full'
+ exim -bem <(echo 'Subject: Hi') '$h_subject:'
+
+ Expansionen liefern neuen Text zurück oder können „forced expansion failure“
+ bewirken
+
+## Expansions-Items
+
+### Variablen
+ Format: $<variable> eg: $localhost_number
+ ${<variable>}
+
+### Operatoren
+ Format: ${<op>:<string>}
+ Für einfache Expansionen, lc, uc, hash, …
+
+### Funktionen
+ Format ${<function>{string1}...}
+
+# Debugging
+
+## Konfiguration
+
+ - > exim -bV
+
+## Routing / Transport
+
+ > exim -bt <address>
+ > exim -bts <address>
+
+ > exim -bv <address>
+ > exim -bvs <address>
+
+ Routing, Fake-Delivery
+ > exim -N < <message-file>
+
+ Fake-SMTP-Session
+ > exim -bh <sender-ip>
+ > swaks --pipe 'exim -bh <sender-ip>' -f <sender> -t <rcpt>
+ (note: --tls-cert, --tls-key Optionen sind für SWAKS vorhanden, um ein
+ Client-Zertifikat mitzuschicken, aber offenbar erst in neueren Versionen
+ von swaks)
+
+ - debug_print Option für Router und Transports
+
+
+### Minimalkonfiguration
+
+ .-[ m.conf ]-------- {{{
+ |exim_user = exim
+ |spool_directory = /tmp/exim-spool
+ |log_file_path =
+ |
+ |begin routers
+ |
+ | default:
+ | driver = accept
+ | transport = null
+ | no_more
+ |
+ |begin transports
+ |
+ | null:
+ | driver = appendfile
+ | file = /dev/null
+ `------------- }}}
+
+
+# Routing
+
+ - Preconditions
+ - Driver und Driver-Options
+ Result: - accept -> DONE (transport oder neue Adresse)
+ - pass -> pass_router (bzw. nächster Router)
+ - decline -> nächster Router (or fail, wenn no_more)
+ - fail -> DONE (bounce)
+ - defer -> Semi-DONE (re-queue)
+ - error -> wie defer
+
+# Hint-Databases
+
+ liegen in $spool_directory/db
+ - retry
+ - wait-<transport>
+ - callout
+ - ratelimit
+ - misc
+
+ Sind verzichtbar!
+
+## Wartung
+
+### Ansehen
+
+ > exim_dumpdb <spool_dir> <db>
+ eg: exim_dumpdb /var/spool/exim4
+
+ Je nach DB unterschiedliches Format
+
+### Verändern
+
+ Aufräumen
+ > exim_tidyb <spool_dir> <db> (Cronjob)
+
+ Reparieren
+ > exim_fixdb <spool_dir> <db>
+
+ … that's it …
+
+### Retry
+
+ exinext - Route: Adressproblem
+ Transport: Hostproblem
+
+# Acess Control Lists
+
+ acl_not_smtp ACL for non-SMTP messages
+ acl_not_smtp_mime ACL for non-SMTP MIME parts
+ acl_not_smtp_start ACL at start of non-SMTP message
+ acl_smtp_auth ACL for AUTH
+ acl_smtp_connect ACL for start of SMTP connection
+ acl_smtp_data ACL after DATA is complete
+ acl_smtp_data_prdr ACL for each recipient, after DATA is complete
+ acl_smtp_etrn ACL for ETRN
+ acl_smtp_expn ACL for EXPN
+ acl_smtp_helo ACL for HELO or EHLO
+ acl_smtp_mail ACL for MAIL
+ acl_smtp_mailauth ACL for the AUTH parameter of MAIL
+ acl_smtp_mime ACL for content-scanning MIME parts
+ acl_smtp_notquit ACL for non-QUIT terminations
+ acl_smtp_predata ACL at start of DATA command
+ acl_smtp_quit ACL for QUIT
+ acl_smtp_rcpt ACL for RCPT
+ acl_smtp_starttls ACL for STARTTLS
+ acl_smtp_vrfy ACL for VRFY
+
+ acl_<hook> = <aclverb> | <filename> | <acl-name>
+
+ eg: acl_smtp_rcpt = acl_check_rcpt
+ acl_smtp_rcpt = acl_check_rcpt_${primary_hostname}
+
+## Policies
+
+### acl_smtp_rcpt
+
+ Abweisung einzelner Empfänger, noch kein Content!
+
+### acl_smtp_data
+
+ Content-Scan. Nicht mehr für einzelne Empfänger,
+ $local_part, $domain steht nicht mehr zur Verfügung,
+ aber $recpients, $rcpt_count, …
+
+## Return-Values
+
+ - accept
+ - defer
+ - deny
+ - discard
+
+ default: "accept", ausser bei acl_smtp_rcpt, dort ist es "deny"
+ implizit "deny" am Ende jeder ACL!
+
+
+## Test
+
+ > exim -bh <ip> # ohne callouts
+ > exim -bhc <ip> # mit callouts
+ > swaks --pipe 'exim -bh <ip> -C <config>' -f <sender> -t <rcpt>
+
+ exim -N hilft nicht, ist nicht für die SMTP acl
+ relevant!
+
+## Format
+
+ <aclverb> [<condition>]
+ …
+ [<modifier]
+
+ Bedingungen müssen erfüllt sein, Order matters, Abbruch
+ bei nicht erfüllter Bedingung! Modifier sind immer "true"
+
+### Verb
+
+ accept, defer, deny, discard, drop, require, warn
+
+### Modifier
+
+ message = [code] text
+ log_message = text
+
+ Immediate:
+ logwrite = …
+ control = …
+ set = …
+ add_header = …
+ remove_header = …
+ delay = …
+
+### Conditions
+
+ <condition> = <value>
+
+ eg: deny hosts = !192.168.3.8 # neg. Liste
+ deny !hosts = 192.168.3.8 # neg. Resultat
+
+ vs: deny !verify = recipient # works
+ deny verify = !recipient # FALSCH
+
+
+ Wert der Condition und von Modifiern wird expandiert.
+ Force Failure bedeutet: Condition war nicht anwesend!
+
+ Reihenfolge ist wichtig! Short Circuit.
+ Position der Modifier ist wichtig!
+
+
+
+# DNS Lookups
+
+## DNSSEC
+ dns_dnssec_ok = 1
+
+ dnslookup.dnssec_require_domains = # leider noch falsche Syntax
+ smtp.dnssec_require_domains = # leider noch falsche Syntax
+ dnslookup.dnssec_request_domains = # leider noch falsche Syntax
+ smtp.dnssec_request_domains = # leider noch falsche Syntax
+
+# Anhang
+
+## Misc
+
+ Spec.txt durchsuchen (less):
+ - Option /^.<option> eg: |exim_user|
+ - Variable /^\$<variable eg: $localhost_number
+ - Operators: /^\$\{<operator>: eg: ${hash:<string>} …
+ - Condition: /^<condition> \{ eg: eq {<string1>}{<string2>} …
+ - Functions: /^\$\{<function\{ eg: ${map{<string1>}{<string2>}} …
+ - ACL conditions /^<condition> = eg: malware = …
+
+// Die folgenden Listen sind durch einfaches Greppen im Spec-File bzw.
+// im spec.xfpt enstanden, also weder vollständig noch zwingend korrekt!
+
+## Liste globaler Optionen {{{
+
+ accept_8bitmime
+ acl_not_smtp
+ acl_not_smtp_mime
+ acl_not_smtp_start
+ acl_smtp_auth
+ acl_smtp_connect
+ acl_smtp_data
+ acl_smtp_data_prdr
+ acl_smtp_etrn
+ acl_smtp_expn
+ acl_smtp_helo
+ acl_smtp_mail
+ acl_smtp_mailauth
+ acl_smtp_mime
+ acl_smtp_predata
+ acl_smtp_quit
+ acl_smtp_rcpt
+ acl_smtp_starttls
+ acl_smtp_vrfy
+ admin_groups
+ allow_domain_literals
+ allow_mx_to_ip
+ allow_utf8_domains
+ auth_advertise_hosts
+ auto_thaw
+ av_scanner
+ bi_command
+ bounce_message_file
+ bounce_message_text
+ bounce_return_body
+ bounce_return_message
+ bounce_return_size_limit
+ bounce_sender_authentication
+ callout_domain_negative_expire
+ callout_domain_positive_expire
+ callout_negative_expire
+ callout_positive_expire
+ callout_random_local_part
+ check_log_inodes
+ check_log_space
+ check_rfc2047_length
+ check_spool_inodes
+ check_spool_space
+ daemon_smtp_ports
+ daemon_startup_retries
+ daemon_startup_sleep
+ delay_warning
+ delay_warning_condition
+ deliver_drop_privilege
+ deliver_queue_load_max
+ delivery_date_remove
+ disable_fsync
+ disable_ipv6
+ dns_again_means_nonexist
+ dns_check_names_pattern
+ dns_csa_search_limit
+ dns_csa_use_reverse
+ dns_dnssec_ok
+ dns_ipv4_lookup
+ dns_retrans
+ dns_retry
+ dns_use_edns0
+ drop_cr
+ dsn_from
+ envelope_to_remove
+ errors_copy
+ errors_reply_to
+ exim_group
+ exim_path
+ exim_user
+ extra_local_interfaces
+ finduser_retries
+ freeze_tell
+ gecos_name
+ gecos_pattern
+ gnutls_compat_mode
+ header_line_maxsize
+ header_maxsize
+ headers_charset
+ helo_accept_junk_hosts
+ helo_allow_chars
+ helo_lookup_domains
+ helo_try_verify_hosts
+ helo_verify_hosts
+ hold_domains
+ host_lookup
+ host_lookup_order
+ host_reject_connection
+ hosts_connection_nolog
+ hosts_treat_as_local
+ ibase_servers
+ ignore_bounce_errors_after
+ ignore_fromline_hosts
+ ignore_fromline_local
+ keep_malformed
+ ldap_ca_cert_dir
+ ldap_ca_cert_file
+ ldap_cert_file
+ ldap_cert_key
+ ldap_cipher_suite
+ ldap_default_servers
+ ldap_require_cert
+ ldap_start_tls
+ ldap_version
+ local_from_check
+ local_from_prefix
+ local_from_suffix
+ local_interfaces
+ local_scan_timeout
+ local_sender_retain
+ localhost_number
+ log_file_path
+ log_selector
+ log_timezone
+ lookup_open_max
+ max_username_length
+ message_body_newlines
+ message_body_visible
+ message_id_header_domain
+ message_id_header_text
+ message_logs
+ message_size_limit
+ move_frozen_messages
+ mua_wrapper
+ mysql_servers
+ never_users
+ openssl_options
+ oracle_servers
+ percent_hack_domains
+ perl_at_start
+ perl_startup
+ pgsql_servers
+ pid_file_path
+ pipelining_advertise_hosts
+ prdr_enable
+ preserve_message_logs
+ primary_hostname
+ print_topbitchars
+ process_log_path
+ prod_requires_admin
+ qualify_domain
+ qualify_recipient
+ queue_domains
+ queue_list_requires_admin
+ queue_only
+ queue_only_file
+ queue_only_load
+ queue_only_load_latch
+ queue_only_override
+ queue_run_in_order
+ queue_run_max
+ queue_smtp_domains
+ receive_timeout
+ received_header_text
+ received_headers_max
+ recipient_unqualified_hosts
+ recipients_max
+ recipients_max_reject
+ remote_max_parallel
+ remote_sort_domains
+ retry_data_expire
+ retry_interval_max
+ return_path_remove
+ return_size_limit
+ rfc1413_hosts
+ rfc1413_query_timeout
+ sender_unqualified_hosts
+ smtp_accept_keepalive
+ smtp_accept_max
+ smtp_accept_max_nonmail
+ smtp_accept_max_nonmail_hosts
+ smtp_accept_max_per_connection
+ smtp_accept_max_per_host
+ smtp_accept_queue
+ smtp_accept_queue_per_connection
+ smtp_accept_reserve
+ smtp_active_hostname
+ smtp_banner
+ smtp_check_spool_space
+ smtp_connect_backlog
+ smtp_enforce_sync
+ smtp_etrn_command
+ smtp_etrn_serialize
+ smtp_load_reserve
+ smtp_max_synprot_errors
+ smtp_max_unknown_commands
+ smtp_ratelimit_hosts
+ smtp_ratelimit_mail
+ smtp_ratelimit_rcpt
+ smtp_receive_timeout
+ smtp_reserve_hosts
+ smtp_return_error_details
+ spamd_address
+ split_spool_directory
+ spool_directory
+ sqlite_lock_timeout
+ strict_acl_vars
+ strip_excess_angle_brackets
+ strip_trailing_dot
+ syslog_duplication
+ syslog_facility
+ syslog_processname
+ syslog_timestamp
+ system_filter
+ system_filter_directory_transport
+ system_filter_file_transport
+ system_filter_group
+ system_filter_pipe_transport
+ system_filter_reply_transport
+ system_filter_user
+ tcp_nodelay
+ timeout_frozen_after
+ timezone
+ tls_advertise_hosts
+ tls_certificate
+ tls_crl
+ tls_dh_max_bits
+ tls_dhparam
+ tls_ocsp_file
+ tls_on_connect_ports
+ tls_privatekey
+ tls_remember_esmtp
+ tls_require_ciphers
+ tls_try_verify_hosts
+ tls_verify_certificates
+ tls_verify_hosts
+ trusted_groups
+ trusted_users
+ unknown_login
+ unknown_username
+ untrusted_set_sender
+ uucp_from_pattern
+ uucp_from_sender
+ warn_message_file
+ write_rejectlog
+
+
+ }}}
+
+## Liste von Expansionsvariablen {{{
+
+ $acl_narg
+ $acl_verify_message
+ $address_data
+ $address_file
+ $address_pipe
+ $authenticated_fail_id
+ $authenticated_id
+ $authenticated_sender
+ $authentication_failed
+ $av_failed
+ $body_linecount
+ $body_zerocount
+ $bounce_recipient
+ $bounce_return_size_limit
+ $caller_gid
+ $caller_uid
+ $compile_date
+ $compile_number
+ $demime_errorlevel
+ $demime_errorlevel
+ $demime_reason
+ $demime_reason
+ $dnslist_domain
+ $domain
+ $domain_data
+ $exim_gid
+ $exim_path
+ $exim_uid
+ $found_extension
+ $found_extension
+ $header_
+ $headers_added
+ $home
+ $host
+ $host_address
+ $host_data
+ $host_lookup_deferred
+ $host_lookup_failed
+ $host_port
+ $inode
+ $interface_address
+ $interface_port
+ $item
+ $ldap_dn
+ $load_average
+ $local_part
+ $local_part_data
+ $local_part_prefix
+ $local_part_suffix
+ $local_scan_data
+ $local_user_gid
+ $local_user_uid
+ $localhost_number
+ $log_inodes
+ $log_space
+ $lookup_dnssec_authenticated
+ $mailstore_basename
+ $malware_name
+ $max_received_linelength
+ $message_age
+ $message_body
+ $message_body_end
+ $message_body_size
+ $message_exim_id
+ $message_headers
+ $message_headers_raw
+ $message_id
+ $message_linecount
+ $message_size
+ $mime_
+ $mime_boundary
+ $mime_charset
+ $mime_content_description
+ $mime_content_disposition
+ $mime_content_id
+ $mime_content_size
+ $mime_content_transfer_encoding
+ $mime_content_type
+ $mime_decoded_filename
+ $mime_filename
+ $mime_is_coverletter
+ $mime_is_multipart
+ $mime_is_rfc822
+ $mime_part_count
+ $original_domain
+ $original_local_part
+ $originator_gid
+ $originator_uid
+ $parent_domain
+ $parent_local_part
+ $pid
+ $pipe_addresses
+ $primary_hostname
+ $prvscheck_address
+ $prvscheck_keynum
+ $prvscheck_result
+ $qualify_domain
+ $qualify_recipient
+ $rcpt_count
+ $rcpt_defer_count
+ $rcpt_fail_count
+ $received_count
+ $received_for
+ $received_ip_address
+ $received_port
+ $received_protocol
+ $received_time
+ $recipient_data
+ $recipient_verify_failure
+ $recipients
+ $recipients_count
+ $regex_match_string
+ $reply_address
+ $return_path
+ $return_size_limit
+ $router_name
+ $runrc
+ $self_hostname
+ $sender_address
+ $sender_address_data
+ $sender_address_domain
+ $sender_address_local_part
+ $sender_data
+ $sender_fullhost
+ $sender_helo_name
+ $sender_host_address
+ $sender_host_authenticated
+ $sender_host_dnssec
+ $sender_host_name
+ $sender_host_port
+ $sender_ident
+ $sender_rate_
+ $sender_rcvhost
+ $sender_verify_failure
+ $sending_ip_address
+ $sending_port
+ $smtp_active_hostname
+ $smtp_command
+ $smtp_command_argument
+ $smtp_count_at_connection_start
+ $spam_
+ $spam_bar
+ $spam_report
+ $spam_score
+ $spam_score_int
+ $spool_directory
+ $spool_inodes
+ $spool_space
+ $thisaddress
+ $tls_in_bits
+ $tls_in_certificate_verified
+ $tls_in_cipher
+ $tls_in_ocsp
+ $tls_in_ourcert
+ $tls_in_peercert
+ $tls_in_peerdn
+ $tls_in_sni
+ $tls_out_bits
+ $tls_out_certificate_verified
+ $tls_out_cipher
+ $tls_out_ocsp
+ $tls_out_ourcert
+ $tls_out_peercert
+ $tls_out_peerdn
+ $tls_out_sni
+ $tod_bsdinbox
+ $tod_epoch
+ $tod_epoch_l
+ $tod_full
+ $tod_log
+ $tod_logfile
+ $tod_zone
+ $tod_zulu
+ $transport_name
+ $value
+ $verify_mode
+ $version_number
+ $warn_message_delay
+ $warn_message_recipients
+
+ }}}
+
+## Liste von Operatoren {{{
+
+ ${address:
+ ${addresses:
+ ${base62:
+ ${base62d:
+ ${domain:
+ ${escape:
+ ${eval:
+ ${expand:
+ ${from_utf8:
+ ${hex2b64:
+ ${hexquote:
+ ${lc:
+ ${listcount:
+ ${listnamed:
+ ${local_part:
+ ${mask:
+ ${md5:
+ ${quote:
+ ${quote_local_part:
+ ${randint:
+ ${reverse_ip:
+ ${rfc2047:
+ ${rfc2047d:
+ ${rxquote:
+ ${sha1:
+ ${sha256:
+ ${stat:
+ ${str2b64:
+ ${strlen:
+ ${time_eval:
+ ${time_interval:
+ ${uc:
+ ${utf8clean:
+
+ }}}
+
+## List of Conditions {{{
+
+ acl
+ and
+ bool
+ bool_lax
+ crypteq
+ eq
+ exists
+ ge
+ gt
+ inlist
+ isip
+ ldapauth
+ le
+ lt
+ match
+ match_address
+ match_domain
+ match_ip
+ match_local_part
+ or
+ pam
+ pwcheck
+ radius
+
+ }}}
+
+## List of Functions {{{
+
+ ${acl
+ ${certextract
+ ${dlfunc
+ ${extract
+ ${extract
+ ${filter
+ ${hash
+ ${hmac
+ ${length
+ ${listextract
+ ${lookup
+ ${map
+ ${nhash
+ ${perl
+ ${prvs
+ ${prvscheck
+ ${readfile
+ ${readsocket
+ ${reduce
+ ${run
+ ${sg
+ ${sort
+ ${substr
+ ${tr
+
+ }}}
+
+## Routing Pre-Conditions {{{
+
+ address_test
+ check_local_user
+ condition
+ domains
+ expn
+ local_part_prefix
+ local_part_suffix
+ local_parts
+ require_files
+ senders
+ verify
+ verify_only
+ verify_recipient
+ verify_sender
+
+ }}}
+
+
+Cheat sheet: http://www.datadisk.co.uk/html_docs/exim/exim_cs.htm
+
+# vim:tw=0:et:ts=4:sw=4:fdm=marker:ft=asciidoc: