This page covers configuration steps for Exim deployments. Exim 4.99.1 introduces several new configuration options and security enhancements.
Exim supports two main configuration layouts:
/etc/exim4/exim4.conf.template (Debian/Ubuntu)/etc/exim4/conf.d/main/ - Main configuration optionsacl/ - Access control listsrouter/ - Mail routing rulestransport/ - Delivery methodsauth/ - Authentication mechanismsretry/ - Retry rulesrewrite/ - Address rewriting rulesconf.d/main/)# Basic server identification
primary_hostname = your.domain.com
# TLS settings
MAIN_TLS_ENABLE = yes
tls_certificate = /etc/ssl/certs/exim.crt
tls_privatekey = /etc/ssl/private/exim.key
# Security settings
split_spool_directory = true
domainlist local_domains = @ : localhost : your.domain.com
domainlist relay_to_domains =
hostlist relay_from_hosts = 127.0.0.1 : ::1
# Queue settings
queue_run_max = 1
conf.d/acl/)# ACL for incoming messages
begin acl
acl_check_rcpt:
# Deny unless from local hosts or authenticated
deny senders_domains = +local_domains
!hosts = +relay_from_hosts
!authenticated = *
message = relay not permitted
accept
conf.d/router/)# Local delivery router
localuser:
driver = accept
domains = +local_domains
check_local_user
transport = local_delivery
cannot_route_message = "Unknown user"
no_more
conf.d/transport/)# Local delivery transport
local_delivery:
driver = appendfile
directory = "/var/mail/$local_part"
mode = 0660
group = mail
return_path_add
envelope_to_add
bcc_return_path_add
# Prevent privilege escalation
deliver_drop_privilege = true
# Secure spool directory
spool_directory = /var/spool/exim4
# Limit connections per IP
smtp_accept_max_per_host = 10
# Limit message rate
warn_message = "Rate limit exceeded"
# Use DNS block lists to reject known spam sources
dnslists = zen.spamhaus.org : bl.spamcop.net
After making configuration changes:
# Validate configuration syntax
sudo exim -bV
# Update configuration (Debian/Ubuntu)
sudo update-exim4.conf
# Restart service
sudo systemctl restart exim4
# Or reload configuration (if supported)
sudo exim -qR
# Check configuration syntax
sudo exim -bV
# Check specific configuration file
sudo exim -C /path/to/config -bV
# Test routing of an address
sudo exim -bt test@yourdomain.com
# Test delivery without sending
sudo exim -bt -d-all -v test@yourdomain.com
/var/log/exim4/mainlog for delivery logsWith the upgrade to Exim 4.99.1, consider these new options: