Exim Internet Mailer
See all
Members (99)
Graeme Fowler's profile photo
Ian Eiloart's profile photo
David Woodhouse's profile photo
Nigel Metheringham's profile photo
Exim's profile photo
John Jetmore's profile photo
Todd Lyons's profile photo
Phil Pennock's profile photo
Wolfgang Breyha's profile photo
Brendan Hide's profile photo
IT-Schulungen.com's profile photo
Dariusz Sznajder's profile photo
Philipp Grau's profile photo
Stefan Krüger's profile photo
Ferenc Czirok's profile photo
Maxim Kostikov's profile photo
Iestyn Best's profile photo
Jhon Edison (Webmaster peru)'s profile photo
sankar san's profile photo
Heinrich Strauss's profile photo
hiren patel's profile photo
Patryk Rz.'s profile photo
Toby Bryans's profile photo
Rob Thatcher's profile photo


Join this community to post or comment

Tobias Herkula

Discussion  - 
Hi there, I'm new to Exim and currently trying to build a test enviroment for outbound mail. Am I blind or why I can't bring Exim to the point that it sends multiple mails in the same SMTP transaction?
Phil Pennock's profile photoTobias Herkula's profile photo
sorry for not mentioning that earlier, if I reread my earlier posts I really sound like a bighead sorry for that.
Add a comment...
Hello everyone: 

I have a friend who has a vps and website in wordpress, when your wordpress sends any mail either comment notifications, updates, etc, the mail reaches him "through", that's because my friend has set the parameters: 

hostname: mail.server.com 
user: user@server.com 
pass: ****** 

NOTE: My friend has set up your server so that you can put any mail in the sender field and always Salé "through". 

I've configured everything correctly but the spam email reaches me (despite having dkim and spf), I see the source code and see the problem is WORDPRESS THAT HAS NOT SIGNED AND MAIL WITH DKIM SPF. 

I've been researching and tell me that I have to activate something in the settings on my MTA, exim in this case. To come out of this, as shown in the image. 

I hope you can help me or at least give me some hints on how to set this 

Thank you all in advance for your response.
Add a comment...

Ricardo Brock

Discussion  - 
Hi, does anyone know how I can help me with this misserable issue! I cannot find the source of the problem.

I'm using a Exim server with MailScanner for in-/outbound e-mail with Microsoft Exchange. For outgoing e-mail sometimes e-mails are not delivered. They are rejected with the message "550 Messages should have one or no Subject headers, not 2." But if I deliver the message to the external mail server and local (archive) I can see there is only ONE subject in the header. Strange enough the external mail servers is not one but several, so it's seems a problem on my site.

Anyone, if you could help I would also pay for a the solution.

Kind regards
Phil Pennock's profile photoTodd Lyons's profile photo
Something in your exim system is enforcing the table in section 3.6 of RFC 5322, where one of the items states that there may only be 0 or 1 Subject: headers.  Look in the reject.log like Phil suggested and verify that there is more than 1 subject header in that rejected email.  If there wasn't, then there is a bug in your Subject header counting logic.  If there was, then either fix the sending system (not necessarily in your control), whitelist the sender from that check, or disable the check altogether.  Personally I recommend you hammer whoever is sending you this malformed email.
Add a comment...

Phil Pennock

Discussion  - 
For anyone else who is subscribed to multiple vendor security announce lists, for coverage, and sees Gentoo's recent Exim vulnerability announcement: this is not a new issue.  This is Gentoo finally catching up to the year 2012.

Install Exim 4.82 and be happy.  If you must run something other than the current stable release, run 4.80.1.  If you're running anything older, check with your vendor backported fixes to see what's already been fixed for you.
Add a comment...


Discussion  - 
Two of the exim.org team members, Todd Lyons and Jeremy Harris, shall soon start the work of cutting the Exim 4.82 release and beginning the RC series.
We currently expect that the 4.82 Release Candidates, final Release, and announcement message shall be PGP signed using Todd's key:
This key is in the PGP strong set, although it does not at time of writing include any signatures directly from any other @exim.org UIDs. There is a trust path from my [Phil Pennock's] key to Todd's via a key belonging to Phil Dibowitz, 0x3795E8C5A1E732BB.
For the record: I [pdp] know Mr Dibowitz as a former colleague, he is very security conscious and does not issue PGP signatures without diligent checking.  He's the author of the PGP tutorial documentation available at <http://phildev.net/pgp/> and is one of the few people to whose keys I assign a GnuPG trust ranking of '4'.  Thus I have a high degree of confidence in this trust path.

You can retrieve Todd's key from any of the normal PGP keyservers; for instance:


(click on the keyid in the "pub" line at the top).

This Exim release is long overdue and I'd like to take this opportunity to thank Todd and Jeremy for stepping up to make it happen.

-Phil Pennock
#Exim   #Release   #PGP
Phil Pennock's profile photo
Oversight correction: while the email version of this was signed with my PGP key, letting anyone who actually uses PGP verify the origin of the stated trust path, this G+ post was not so signed; thus I should have actually stated the PGP key that I was referring to as mine: 0x403043153903637F
Add a comment...

Phil Pennock

Discussion  - 
A new version of swaks, 20130209.0, is available for download.  New XCLIENT support, TLS enhancements, and a few bug fixes.

Links and a change summary at http://www.jetmore.org/john/blog/2013/02/swaks-release-20130209-0-available/

New stuff planned for the next release include PRDR support, a rework of the interactive IO system, and a reasonable header encoding system.  If you have a feature you’ve wanted in Swaks, let me know, now's a good time to ask.
Add a comment...


Discussion  - 
Security Space's MX survey for mail-server versions as of January 1st, 2012, has been published freely available (the more recent one costs money).


Exim continues to run a plurality, but not majority, of the mail-servers on the Internet.  43.32%.

Note that the majority of these servers claim to be version 4.69, which strongly suggests that they are Debian installs, with various security fixes applied.  Without Debian, Exim runs around 9% of the mail servers; assuming that the volume would shift to Postfix, Exim would drop to fourth place, behind the various Microsoft MTAs.

There's a reason that I (Phil) have been trying to improve the sometimes fraught relationship between the Exim project and all of our packagers, the Debian ones in particular: the safety of hundreds of thousands of installs depends upon our having a good working relationship and being able to work together to fix problems.

I'd like it if the exim-users list could be a little friendlier towards people with Debian-specific problems.  I think we have improved.  There's still more room to improve further.
Phil Pennock's profile photoGraeme Fowler's profile photo
The biggest problem that I can see (and we see already) is the abject failure of some users to follow their distribution's documentation and/or support systems.

I have no real opinion on the debconf approach, apart from acknowledging that I don't understand it properly. Like +Phil Pennock , I am unlikely to get a chance to invest the time to learn it in any detail - so we need some subscribers who do.
Add a comment...

About this community

Exim is a message transfer agent (MTA) licensed under the GPL. By some measurements, it is the software running a plurality of the mail-servers on the Internet.

Phil Pennock

Discussion  - 
The Exim developers response to POODLE and SSLv3 problems has been posted to the exim-announce mailing-list.  You can find a copy on the web at: https://lists.exim.org/lurker/message/20141017.093614.e5c38176.en.html
POODLE is a new attack on SSLv3 that makes it easy for a man-in-the-middle attacker to decrypt web cookies. For details see https://poodle.io/ The recommended mitigation is to disable SSLv3 and support only TLSv1.x. However this is liable to cause some interoperability problems to roughly ...
Add a comment...

sami alouani

Discussion  - 
Hi all, I am getting the following error in my ssh terminal when my script prompts an email to be sent:

exim abandoned: unknown, malformed, or incomplete option -s

My script is as follows:

void send_alert(const std::string &subject, const std::string &text) {
  start_sql("SELECT * FROM tconfig;");

  std::string sender_addr = decode_str(sql_result("sender_addr"));
  std::string alert_addr = decode_str(sql_result("alert_addr"));


  std::string filename = tmpnam(NULL);
  std::ofstream file(filename.c_str());
  file << text;

  std::string cmd = "mail " + alert_addr + " -s '" + subject + "' < " + filename;


any suggestions?
Phil Pennock's profile photosami alouani's profile photo
Thanks so much!
Add a comment...
If using Exim an intended mailbox not found then how i can insert some thing custom (like a specific routine or .exe) inside it. Thanks!
Phil Pennock's profile photo
To decide what to do with a given email, Exim has a list of Routers, which are tried in order.  The first one to "accept" delivery for a given email address, does so.  The Router specifies which Transport to use, and the Transport says how to deliver and is where you might specify a command.

So to do something special, add a new Router after the "local_user" Router; this assumes that the first Routers handle remote email, then you handle local emails with what's left.

Think carefully about what should cause an email address to Verify, so that it exists when asked.  Putting "no_verify" on a Router might help in some cases.

You probably want an "accept" Router (which does no address processing, it just says "take it", after all the pre-conditions are met) and have that reference a Transport which is "driver = pipe", so called because in Unix, when we handle data with a program, we often 'pipe' the data into a process running that program.

How Exim processes email (explains pre-conditions):

The default configuration file explained:

So on one machine, where I'm running PGP keyserver software, my Exim configuration file has this Router (after "begin routers" and before the next "begin"):

  driver = accept
  local_parts = keysync : pgp-keys : pgp-public-keys
  transport = sks_insert

and this Transport (after "begin transports" and before the next "begin"):

  driver = pipe
  command = /usr/local/bin/sks_add_mail /var/sks
  user = sks
  current_directory = /var/sks
Add a comment...
I need help with this: http://fpaste.org/90498/33447113/

I am trying to make .vacation.msg available but I get a permission denied error.

The permissions for the dir and file are correct. SELinux is not complaining about this.

What else could it be?
Fedora Sticky Notes is a feature-rich, yet lightweight paste utility
Rene Bon Ciric (Renich)'s profile photoPhil Pennock's profile photo
You might want to look at https://github.com/Exim/exim/blob/60f8e1e888f78e559e718c2e23c1ceb0546779a8/configs/config.samples/C006 and http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_autoreply_transport.html to see a working example and the docs.

It looks like you want something similar to the example, but using the "file" option instead of "text", to provide for the reply content coming from a file.

You're not showing the current router you're using, but given that error message, it seems that you're treating the file as a source of Exim Filter rules, instead of a message body for the reply.  Some of the other approaches for vacation auto-reply do this.
Add a comment...

Todd Lyons

Discussion  - 
I have uploaded Exim 4.82 RC1 to

It has been over a year since a regular a release. The number of backwards incompatible fixes totals only one; a hints database doesn't get updated in a specific corner case.

This release contains many bugfixes and enhancements, as well as a couple of new Experimental features (DMARC and PRDR). The bugfixes touch many different functions: new commandline options for better sendmail compatibility, Cyrus SASL, extra logging by default of remote email acceptance, cutthrough delivery, enhanced number suffix, multiple router/transport headers, enhanced ability to call an acl as an expansion item, build enhancements, dns enhancements, authenticator enhancements, retry enhancements, header generation enhnacements, a few new expansion variables, and LDAP and LDAP/TLS enhancements. Please read the ChangeLog and NewStuff documents referenced below for more detail.

The ChangeLog/NewStuff/README.UPDATING can be reviewed at:


The files are signed with the PGP key 0x04D29EBA, which has a uid
"Todd Lyons (Exim Maintainer) <tlyons@exim.org>". Please use your own discretion in assessing what trust paths you might have to this uid.

Checksums below. Detached PGP signatures in .asc files are available
alongside the tarballs.

Please report issues in reply to this email, on exim-users.

Thank you for your testing and feedback,
- -Todd Lyons, pp The Exim Maintainers.
Add a comment...

Michael Seidel

Discussion  - 
If you are using Exim and Dovecot's LDA, you should check your setup.
Note: use_shell is insecure #security  
Phil Pennock's profile photo
This documentation improvement was part of the Exim 4.82 release and so can be seen at:

Add a comment...

Todd Lyons

Discussion  - 
I think we need to do a little work on the Mailman configuration for the Exim mailing lists.  When I send an email to the list, I get nine DMARC failure notifications from Hotmail (so we must have 9 hotmail subscribers).  In this case, both the SPF and DKIM are failing.  SPF is expected to fail because the sender domain is ivenue.com and the exim mail server IP is not in my SPF record.  But DKIM is failing because the list is configured to add a footer to plain text messages, which breaks the DKIM (body) signature.  If the DKIM signature could be made to pass, then DMARC will pass.  I think it would be as simple as configuring mailman to use multipart instead of adding plain text, or maybe Mailman can detect DKIM signature presence and use multipart instead of modifying the text body (I don't know what it's capabilities actually are).  Comments?
Todd Lyons's profile photoPhil Pennock's profile photo
The existing signatures should have a header rename, so they're still intact and can be found, which is a hint (albeit not cryptographically viable) when the original domain normally does sign all email.

BCP 167, DomainKeys Identified Mail (DKIM) and Mailing Lists.  (aka RFC 6377)

We should become a participating DKIM-aware resending MLM.  Section 5.7 and 5.8, but with rename instead of removal.

Information discard is lossy and should be a last resort.  Renaming out of the way is more friendly for diagnosis.
Add a comment...

Phil Pennock

Discussion  - 
We're looking at trying to get Exim 4.82 cut, but the major blocker at the moment is time from any of the volunteers working on Exim.

ChangeLog: http://git.exim.org/exim.git/blob/master:/doc/doc-txt/ChangeLog

NewStuff: http://git.exim.org/exim.git/blob/master:/doc/doc-txt/NewStuff

The cut-through routing and ACL expansion item and condition are particularly neat.  DSCP controls will be helpful in some specialised load-balancer configurations.  The DNSSEC work is only partially complete, but promising.
Add a comment...