Exim
Encyclopedia
Exim is a mail transfer agent
(MTA) used on Unix-like
operating systems. Exim is free software
distributed under the terms of the GNU General Public License
, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail
.
Exim has been ported
to most Unix-like systems, as well as to Microsoft Windows
using the Cygwin
emulation layer. Exim 4 is currently the default MTA on Debian
GNU/Linux
systems.
A large number of Exim installations exist, especially within Internet service provider
s and universities in the UK
. Exim is also widely used with the GNU Mailman
mailing list manager, and cPanel
.
for use in the University of Cambridge Computing Service
’s e-mail systems. The name initially stood for EXperimental Internet Mailer. It was originally based on an older MTA, Smail
-3, but it has since diverged from Smail-3 in its design and philosophy.
, still follows the Sendmail
design model, where a single binary
controls all the facilities of the MTA. This monolithic design is considered by some to be inherently less secure, due to the lack of binary separation between the individual components of the system. Instead, Exim separates the components out in terms of invocation and has well-defined stages during which it gains or loses privileges.
Exim’s security record has been fairly clean, with only a handful of serious security problems diagnosed over the years . Since the redesigned version 4 was released there have been three remote code execution flaws and one conceptual flaw concerning how much trust it is appropriate to place in the run-time user; the latter was fixed in a security lockdown in revision 4.73, one of the very rare occasions when Exim has broken backwards compatibility with working configurations. This issue would not have been prevented by using a non-monolithic design.
This high degree of cleanliness is probably due to having been written from scratch and with security in mind, by an experienced developer (who was not responsible for two of the three remote code execution flaws).
based system allowing very detailed and flexible controls. The integration of a framework for content scanning, which allowed for easier integration of anti-virus and anti-spam measures, happened in the 4.x releases. This made Exim very suitable for enforcing diverse mail policies.
The configuration is done through a (typically single) configuration file, which must include the main section with generic settings and variables, as well as the following optional sections:
The configuration file permits inclusion of other files, which leads to two different configuration styles.
's preferences and notes on performance as the configuration file is re-read at every exec, which involves post-fork for new mails and at delivery. There is no use of knobs with names starting dc_.
The second commonly encountered style is the Debian
style which is designed to make it easier to have an installed application automatically provide mail integration support without having the administrator edit configuration files. There are a couple of variants of this and Debian
provide documentation of their approach as part of the packages. In these approaches, a configuration file is used to build the configuration file, together with templates and directories with configuration fragments. The meta-config is tuned with variables which have names starting dc_.
Because the Debian approach diverges significantly from the Exim one it is common to find a lack of support for the Debian approach on the regular Exim mailing-lists and users are pointed towards the Debian-specific list. This can create some awkward situations for users of distributions derived from Debian.
Unlike qmail
, Postfix
, and ZMailer
, Exim does not have a central queue manager (i.e. an equivalent of qmail-send, qmgr, or scheduler). There is thus no centralized load balancing, either of queue processing (leading to disproportionate amounts of time being spent on processing the same queue entries repeatedly) or of system-wide remote transport concurrency (leading to a "thundering herd" problem when multiple messages addressed to a single domain are submitted at once). In Philip Hazel's own words:
However, the interfaces to the spool system are well defined and various people have written their own spool management daemons to use instead of asking the listening daemon to periodically fork queue runners.
In 1997, Philip Hazel replaced Exim's POSIX
regular expression
library written by Henry Spencer
with a new library he developed called PCRE (Perl
Compatible Regular Expressions).
Perl regular expressions are much more powerful than POSIX and other common regular expressions, and PCRE has become popular in applications other than Exim.
In more recent times, the document preparation system for Exim has been overhauled and changes are much more likely to just go immediately into The Exim Specification. The 4.70 release just followed on naturally from 4.69 and the 4.6x releases had up-to-date documentation.
Philip Hazel
retired from the University of Cambridge in 2007 and maintenance of Exim transitioned to a team of maintainers. The release rate since then has slowed, with some lengthy gaps between releases.
There is also an Exim Wiki, a site for new users and a serverfault tag.
Mail transfer agent
Within Internet message handling services , a message transfer agent or mail transfer agent or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture...
(MTA) used on Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating systems. Exim is free software
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
distributed under the terms of the GNU General Public License
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
.
Exim has been ported
Porting
In computer science, porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed...
to most Unix-like systems, as well as to Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
using the Cygwin
Cygwin
Cygwin is a Unix-like environment and command-line interface for Microsoft Windows. Cygwin provides native integration of Windows-based applications, data, and other system resources with applications, software tools, and data of the Unix-like environment...
emulation layer. Exim 4 is currently the default MTA on Debian
Debian
Debian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
GNU/Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
systems.
A large number of Exim installations exist, especially within Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
s and universities in the UK
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
. Exim is also widely used with the GNU Mailman
GNU Mailman
GNU Mailman is a computer software application from the GNU project for managing electronic mailing lists.Mailman is coded primarily in Python and currently maintained by Barry Warsaw...
mailing list manager, and cPanel
CPanel
cPanel is a Linux based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site...
.
Origin
The first version of Exim was written in 1995 by Philip HazelPhilip Hazel
Philip Hazel is a computer programmer best known for writing the Exim mail transport agent and the PCRE regular expression library. He was employed by the University of Cambridge Computing Service until he retired at the end of September 2007...
for use in the University of Cambridge Computing Service
University of Cambridge Computing Service
The University of Cambridge Computing Service provides computing facilities across the University of Cambridge. It is located primarily on the New Museums Site, Free School Lane, in the centre of Cambridge, England....
’s e-mail systems. The name initially stood for EXperimental Internet Mailer. It was originally based on an older MTA, Smail
Smail
Smail-3 is a mail transfer agent used on Unix-like operating systems. It is freely available but is not a package under the GNU GPL. It aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail...
-3, but it has since diverged from Smail-3 in its design and philosophy.
Design model
Exim, like SmailSmail
Smail-3 is a mail transfer agent used on Unix-like operating systems. It is freely available but is not a package under the GNU GPL. It aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail...
, still follows the Sendmail
Sendmail
Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and -delivery methods, including the Simple Mail Transfer Protocol used for email transport over the Internet....
design model, where a single binary
Executable
In computing, an executable file causes a computer "to perform indicated tasks according to encoded instructions," as opposed to a data file that must be parsed by a program to be meaningful. These instructions are traditionally machine code instructions for a physical CPU...
controls all the facilities of the MTA. This monolithic design is considered by some to be inherently less secure, due to the lack of binary separation between the individual components of the system. Instead, Exim separates the components out in terms of invocation and has well-defined stages during which it gains or loses privileges.
Exim’s security record has been fairly clean, with only a handful of serious security problems diagnosed over the years . Since the redesigned version 4 was released there have been three remote code execution flaws and one conceptual flaw concerning how much trust it is appropriate to place in the run-time user; the latter was fixed in a security lockdown in revision 4.73, one of the very rare occasions when Exim has broken backwards compatibility with working configurations. This issue would not have been prevented by using a non-monolithic design.
This high degree of cleanliness is probably due to having been written from scratch and with security in mind, by an experienced developer (who was not responsible for two of the three remote code execution flaws).
Configuration
Exim is highly configurable, and therefore has features that are lacking in other MTAs. It has always had substantial facilities for mail policy controls, providing facilities for the administrator to control who may send or relay mail through the system. In version 4.x this has matured to an Access Control ListAccess control list
An access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
based system allowing very detailed and flexible controls. The integration of a framework for content scanning, which allowed for easier integration of anti-virus and anti-spam measures, happened in the 4.x releases. This made Exim very suitable for enforcing diverse mail policies.
The configuration is done through a (typically single) configuration file, which must include the main section with generic settings and variables, as well as the following optional sections:
- the access control list (ACL) section which defines behaviour during the SMTP sessions,
- the routers section which includes a number of processing elements which operate on addresses (the delivery logic), each tried in turn,
- the transports section which includes processing elements which transmit actual messages to destinations,
- the retry section where policy on retrying messages that fail to get delivered at the first attempt is defined,
- the rewrite section, defining if and how the mail system will rewrite addresses on incoming e-mails
- the authenticators section with settings for SMTP AUTH, a rule per auth mechanism.
The configuration file permits inclusion of other files, which leads to two different configuration styles.
Configuration styles
There are two main schools of configuration style for Exim. The native school keeps the Exim configuration in one file and external files are only used as data sources; this is strongly influenced by Philip HazelPhilip Hazel
Philip Hazel is a computer programmer best known for writing the Exim mail transport agent and the PCRE regular expression library. He was employed by the University of Cambridge Computing Service until he retired at the end of September 2007...
's preferences and notes on performance as the configuration file is re-read at every exec, which involves post-fork for new mails and at delivery. There is no use of knobs with names starting dc_.
The second commonly encountered style is the Debian
Debian
Debian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
style which is designed to make it easier to have an installed application automatically provide mail integration support without having the administrator edit configuration files. There are a couple of variants of this and Debian
Debian
Debian is a computer operating system composed of software packages released as free and open source software primarily under the GNU General Public License along with other free software licenses. Debian GNU/Linux, which includes the GNU OS tools and Linux kernel, is a popular and influential...
provide documentation of their approach as part of the packages. In these approaches, a configuration file is used to build the configuration file, together with templates and directories with configuration fragments. The meta-config is tuned with variables which have names starting dc_.
Because the Debian approach diverges significantly from the Exim one it is common to find a lack of support for the Debian approach on the regular Exim mailing-lists and users are pointed towards the Debian-specific list. This can create some awkward situations for users of distributions derived from Debian.
Documentation
Exim has extensive and exhaustive documentation; if a feature or some behaviour is not documented then this is classed as a bug. The documentation consists of The Exim Specification and two ancillary files: the experimental specification for features that might disappear and "NewStuff", which tracks very recent changes that might not have been fully integrated into the main specification. The Exim Specification is available in multiple formats, including online in HTML and in plain-text for fast searching. The document preparation system ensures that the plain-text format is highly usable.Performance
Exim has been deployed in busy environments, often handling thousands of emails per hour efficiently. Exim is designed to deliver email immediately, without queueing. However, its queue processing performance is comparatively poor when queues are large (which happens rarely on typical low-traffic sites, but can happen regularly on high-traffic sites).Unlike qmail
Qmail
qmail is a mail transfer agent that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure replacement for the popular Sendmail program...
, Postfix
Postfix (software)
In computing, Postfix is a free and open-source mail transfer agent that routes and delivers electronic mail. It is intended as a fast, easier-to-administer, and secure alternative to the widely-used Sendmail MTA....
, and ZMailer
ZMailer
ZMailer is a mail transfer agent for Linux, BSD and other Unix-like systems.It is intended for gateways or mail servers or other large site environments that have extreme demands on the abilities of the mailer....
, Exim does not have a central queue manager (i.e. an equivalent of qmail-send, qmgr, or scheduler). There is thus no centralized load balancing, either of queue processing (leading to disproportionate amounts of time being spent on processing the same queue entries repeatedly) or of system-wide remote transport concurrency (leading to a "thundering herd" problem when multiple messages addressed to a single domain are submitted at once). In Philip Hazel's own words:
- "The bottom line is that Exim does not perform particularly well in environments where the queue regularly gets very large. It was never designed for this; deliveries from the queue were always intended to be 'exceptions' rather than the norm."
However, the interfaces to the spool system are well defined and various people have written their own spool management daemons to use instead of asking the listening daemon to periodically fork queue runners.
In 1997, Philip Hazel replaced Exim's POSIX
POSIX
POSIX , an acronym for "Portable Operating System Interface", is a family of standards specified by the IEEE for maintaining compatibility between operating systems...
regular expression
Regular expression
In computing, a regular expression provides a concise and flexible means for "matching" strings of text, such as particular characters, words, or patterns of characters. Abbreviations for "regular expression" include "regex" and "regexp"...
library written by Henry Spencer
Henry Spencer
Henry Spencer is a Canadian computer programmer and space enthusiast. He wrote "regex", a widely-used software library for regular expressions, and co-wrote C News, a Usenet server program. He also authored The Ten Commandments for C Programmers. He is coauthor, with David Lawrence, of the book...
with a new library he developed called PCRE (Perl
Perl
Perl is a high-level, general-purpose, interpreted, dynamic programming language. Perl was originally developed by Larry Wall in 1987 as a general-purpose Unix scripting language to make report processing easier. Since then, it has undergone many changes and revisions and become widely popular...
Compatible Regular Expressions).
Perl regular expressions are much more powerful than POSIX and other common regular expressions, and PCRE has become popular in applications other than Exim.
Updates
Historically, Exim used a peculiar version numbering scheme where the first decimal digit is updated only whenever the main documentation is fully up to date; until that time, changes were accumulated in the file NewStuff. For this reason, a 0.01 version change can signify important changes, not necessarily fully documented. In 2005, changes to Exim's version numbering were on the table of discussion.In more recent times, the document preparation system for Exim has been overhauled and changes are much more likely to just go immediately into The Exim Specification. The 4.70 release just followed on naturally from 4.69 and the 4.6x releases had up-to-date documentation.
Philip Hazel
Philip Hazel
Philip Hazel is a computer programmer best known for writing the Exim mail transport agent and the PCRE regular expression library. He was employed by the University of Cambridge Computing Service until he retired at the end of September 2007...
retired from the University of Cambridge in 2007 and maintenance of Exim transitioned to a team of maintainers. The release rate since then has slowed, with some lengthy gaps between releases.
Community
Most discussion about Exim takes place on the Exim mailing-lists; it is, after all, a mail transfer agent.- Exim-Announce is a low-volume list, receiving new release announcements, security advisories and conference details.
- Exim-Users takes the bulk of the discussion
- Pkg-Exim4-Users takes Debian-specific questions
- Exim-Dev takes developer discussion and bug status updates
- Exim-CVS gets commit messages from the central gitGit (software)Git is a distributed revision control system with an emphasis on speed. Git was initially designed and developed by Linus Torvalds for Linux kernel development. Every Git working directory is a full-fledged repository with complete history and full revision tracking capabilities, not dependent on...
repo.
There is also an Exim Wiki, a site for new users and a serverfault tag.