<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html401/loose.dtd">
<html>
<!-- Created on September, 10 2009 by texi2html 1.78 -->
<!--
Written by: Lionel Cons <Lionel.Cons@cern.ch> (original author)
Karl Berry <karl@freefriends.org>
Olaf Bachmann <obachman@mathematik.uni-kl.de>
and many others.
Maintained by: Many creative people.
Send bugs and suggestions to <texi2html-bug@nongnu.org>
-->
<head>
<title>Specification of the Exim Mail Transfer Agent: 11. String expansions</title>
<meta name="description" content="Specification of the Exim Mail Transfer Agent: 11. String expansions">
<meta name="keywords" content="Specification of the Exim Mail Transfer Agent: 11. String expansions">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="texi2html 1.78">
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
pre.display {font-family: serif}
pre.format {font-family: serif}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: serif; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: serif; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.roman {font-family:serif; font-weight:normal;}
span.sansserif {font-family:sans-serif; font-weight:normal;}
ul.toc {list-style: none}
-->
</style>
</head>
<body lang="en" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#800080" alink="#FF0000">
<a name="String-expansions"></a>
<a name="SEC137"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="spec_10.html#SEC136" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC138" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec_10.html#SEC115" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h1 class="chapter"> 11. String expansions </h1>
<p>Many strings in Exim's run time configuration are expanded before use. Some of
them are expanded every time they are used; others are expanded only once.
</p>
<p>When a string is being expanded it is copied verbatim from left to right except
when a dollar or backslash character is encountered. A dollar specifies the
start of a portion of the string that is interpreted and replaced as described
below in section <a href="#SEC142">Expansion items</a> onwards. Backslash is used as an
escape character, as described in the following section.
</p>
<table class="menu" border="0" cellspacing="0">
<tr><td align="left" valign="top"><a href="#SEC138">11.1 Literal text in expanded strings</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC139">11.2 Character escape sequences in expanded strings</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC140">11.3 Testing string expansions</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC141">11.4 Forced expansion failure</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC142">11.5 Expansion items</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC143">11.6 Expansion operators</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC144">11.7 Expansion conditions</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC145">11.8 Combining expansion conditions</a></td><td> </td><td align="left" valign="top">
</td></tr>
<tr><td align="left" valign="top"><a href="#SEC146">11.9 Expansion variables</a></td><td> </td><td align="left" valign="top">
</td></tr>
</table>
<hr size="6">
<a name="Literal-text-in-expanded-strings"></a>
<a name="SEC138"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC137" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC139" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.1 Literal text in expanded strings </h2>
<p>An uninterpreted dollar can be included in an expanded string by putting a
backslash in front of it. A backslash can be used to prevent any special
character being treated specially in an expansion, including backslash itself.
If the string appears in quotes in the configuration file, two backslashes are
required because the quotes themselves cause interpretation of backslashes when
the string is read in (see section <a href="spec_6.html#SEC72">String values</a>).
</p>
<a name="IDX628"></a>
<p>A portion of the string can specified as non-expandable by placing it between
two occurrences of ‘<samp>\N</samp>’. This is particularly useful for protecting regular
expressions, which often contain backslashes and dollar signs. For example:
</p>
<table><tr><td> </td><td><pre class="example">deny senders = \N^\d{8}[a-z]@some\.site\.example$\N
</pre></td></tr></table>
<p>On encountering the first ‘<samp>\N</samp>’, the expander copies subsequent characters
without interpretation until it reaches the next ‘<samp>\N</samp>’ or the end of the
string.
</p>
<hr size="6">
<a name="Character-escape-sequences-in-expanded-strings"></a>
<a name="SEC139"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC138" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC140" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.2 Character escape sequences in expanded strings </h2>
<p>A backslash followed by one of the letters "n", "r", or "t" in an
expanded string is recognized as an escape sequence for the character newline,
carriage return, or tab, respectively. A backslash followed by up to three
octal digits is recognized as an octal encoding for a single character, and a
backslash followed by "x" and up to two hexadecimal digits is a hexadecimal
encoding.
</p>
<p>These escape sequences are also recognized in quoted strings when they are read
in. Their interpretation in expansions as well is useful for unquoted strings,
and for other cases such as looked-up strings that are then expanded.
</p>
<hr size="6">
<a name="Testing-string-expansions"></a>
<a name="SEC140"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC139" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC141" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.3 Testing string expansions </h2>
<p>Many expansions can be tested by calling Exim with the <code>-be</code> option. This
takes the command arguments, or lines from the standard input if there are no
arguments, runs them through the string expansion code, and writes the results
to the standard output. Variables based on configuration values are set up, but
since no message is being processed, variables such as <code>$local_part</code> have no
value. Nevertheless the <code>-be</code> option can be useful for checking out file and
database lookups, and the use of expansion operators such as <code>sg</code>, <code>substr</code>
and <code>nhash</code>.
</p>
<p>Exim gives up its root privilege when it is called with the <code>-be</code> option, and
instead runs under the uid and gid it was called with, to prevent users from
using <code>-be</code> for reading files to which they do not have access.
</p>
<a name="IDX629"></a>
<p>If you want to test expansions that include variables whose values are taken
from a message, there are two other options that can be used. The <code>-bem</code>
option is like <code>-be</code> except that it is followed by a file name. The file is
read as a message before doing the test expansions. For example:
</p>
<table><tr><td> </td><td><pre class="example">exim -bem /tmp/test.message '$h_subject:'
</pre></td></tr></table>
<p>The <code>-Mset</code> option is used in conjunction with <code>-be</code> and is followed by an
Exim message identifier. For example:
</p>
<table><tr><td> </td><td><pre class="example">exim -be -Mset 1GrA8W-0004WS-LQ '$recipients'
</pre></td></tr></table>
<p>This loads the message from Exim's spool before doing the test expansions, and
is therefore restricted to admin users.
</p>
<hr size="6">
<a name="Forced-expansion-failure"></a>
<a name="SEC141"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC140" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC142" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.4 Forced expansion failure </h2>
<p>A number of expansions that are described in the following section have
alternative "true" and "false" substrings, enclosed in brace characters
(which are sometimes called "curly brackets"). Which of the two strings is
used depends on some condition that is evaluated as part of the expansion. If,
instead of a "false" substring, the word "fail" is used (not in braces),
the entire string expansion fails in a way that can be detected by the code
that requested the expansion. This is called "forced expansion failure", and
its consequences depend on the circumstances. In some cases it is no different
from any other expansion failure, but in others a different action may be
taken. Such variations are mentioned in the documentation of the option that is
being expanded.
</p>
<hr size="6">
<a name="Expansion-items"></a>
<a name="SEC142"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC141" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC143" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.5 Expansion items </h2>
<p>The following items are recognized in expanded strings. White space may be used
between sub-items that are keywords or substrings enclosed in braces inside an
outer set of braces, to improve readability. <strong>Warning</strong>: Within braces,
white space is significant.
</p>
<dl compact="compact">
<dt> <strong>$</strong><<em>variablename</em>>or<strong>${</strong><<em>variablename</em>><strong>}</strong></dt>
<dd><a name="IDX630"></a>
<p>Substitute the contents of the named variable, for example:
</p>
<table><tr><td> </td><td><pre class="example">$local_part
${domain}
</pre></td></tr></table>
<p>The second form can be used to separate the name from subsequent alphanumeric
characters. This form (using braces) is available only for variables; it does
<em>not</em> apply to message headers. The names of the variables are given in
section <a href="#SEC146">Expansion variables</a> below. If the name of a non-existent variable is
given, the expansion fails.
</p>
</dd>
<dt> <strong>${</strong><<em>op</em>><strong>:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX631"></a>
<p>The string is first itself expanded, and then the operation specified by
<<em>op</em>> is applied to it. For example:
</p>
<table><tr><td> </td><td><pre class="example">${lc:$local_part}
</pre></td></tr></table>
<p>The string starts with the first character after the colon, which may be
leading white space. A list of operators is given in section <a href="#SEC143">Expansion operators</a>
below. The operator notation is used for simple expansion items that have just
one argument, because it reduces the number of braces and therefore makes the
string easier to understand.
</p>
</dd>
<dt> <strong>$bheader_</strong><<em>headername</em>><strong>:</strong>or<strong>$bh_</strong><<em>headername</em>><strong>:</strong></dt>
<dd><p>This item inserts "basic" header lines. It is described with the <code>header</code>
expansion item below.
</p>
</dd>
<dt> <strong>${dlfunc{</strong><<em>file</em>><strong>}{</strong><<em>function</em>><strong>}{</strong><<em>arg</em>><strong>}{</strong><<em>arg</em>><strong>}...}</strong></dt>
<dd><a name="IDX632"></a>
<p>This expansion dynamically loads and then calls a locally-written C function.
This functionality is available only if Exim is compiled with
</p>
<table><tr><td> </td><td><pre class="example">EXPAND_DLFUNC=yes
</pre></td></tr></table>
<p>set in ‘<tt>Local/Makefile</tt>’. Once loaded, Exim remembers the dynamically loaded
object so that it doesn't reload the same object file in the same Exim process
(but of course Exim does start new processes frequently).
</p>
<p>There may be from zero to eight arguments to the function. When compiling
a local function that is to be called in this way, ‘<tt>local_scan.h</tt>’ should be
included. The Exim variables and functions that are defined by that API
are also available for dynamically loaded functions. The function itself
must have the following type:
</p>
<table><tr><td> </td><td><pre class="example">int dlfunction(uschar **yield, int argc, uschar *argv[])
</pre></td></tr></table>
<p>Where ‘<samp>uschar</samp>’ is a typedef for ‘<samp>unsigned char</samp>’ in ‘<tt>local_scan.h</tt>’. The
function should return one of the following values:
</p>
<p>‘<samp>OK</samp>’: Success. The string that is placed in the variable <em>yield</em> is put
into the expanded string that is being built.
</p>
<p>‘<samp>FAIL</samp>’: A non-forced expansion failure occurs, with the error message taken
from <em>yield</em>, if it is set.
</p>
<p>‘<samp>FAIL_FORCED</samp>’: A forced expansion failure occurs, with the error message
taken from <em>yield</em> if it is set.
</p>
<p>‘<samp>ERROR</samp>’: Same as ‘<samp>FAIL</samp>’, except that a panic log entry is written.
</p>
<p>When compiling a function that is to be used in this way with gcc,
you need to add <code>-shared</code> to the gcc command. Also, in the Exim build-time
configuration, you must add <code>-export-dynamic</code> to EXTRALIBS.
</p>
</dd>
<dt> <strong>${extract{</strong><<em>key</em>><strong>}{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}{</strong><<em>string3</em>><strong>}}</strong></dt>
<dd><a name="IDX633"></a>
<a name="IDX634"></a>
<p>The key and <<em>string1</em>> are first expanded separately. Leading and trailing
white space is removed from the key (but not from any of the strings). The key
must not consist entirely of digits. The expanded <<em>string1</em>> must be of the
form:
</p>
<table><tr><td> </td><td><pre class="display"><key1> = <value1> <key2> = <value2> ...
</pre></td></tr></table>
<a name="IDX635"></a>
<p>where the equals signs and spaces (but not both) are optional. If any of the
values contain white space, they must be enclosed in double quotes, and any
values that are enclosed in double quotes are subject to escape processing as
described in section <a href="spec_6.html#SEC72">String values</a>. The expanded <<em>string1</em>> is searched
for the value that corresponds to the key. The search is case-insensitive. If
the key is found, <<em>string2</em>> is expanded, and replaces the whole item;
otherwise <<em>string3</em>> is used. During the expansion of <<em>string2</em>> the
variable <code>$value</code> contains the value that has been extracted. Afterwards, it
is restored to any previous value it might have had.
</p>
<p>If {<<em>string3</em>>} is omitted, the item is replaced by an empty string if the
key is not found. If {<<em>string2</em>>} is also omitted, the value that was
extracted is used. Thus, for example, these two expansions are identical, and
yield "2001":
</p>
<table><tr><td> </td><td><pre class="example">${extract{gid}{uid=1984 gid=2001}}
${extract{gid}{uid=1984 gid=2001}{$value}}
</pre></td></tr></table>
<p>Instead of {<<em>string3</em>>} the word "fail" (not in curly brackets) can
appear, for example:
</p>
<table><tr><td> </td><td><pre class="example">${extract{Z}{A=... B=...}{$value} fail }
</pre></td></tr></table>
<p>This forces an expansion failure (see section <a href="#SEC141">Forced expansion failure</a>);
{<<em>string2</em>>} must be present for "fail" to be recognized.
</p>
</dd>
<dt> <strong>${extract{</strong><<em>number</em>><strong>}{</strong><<em>separators</em>><strong>}{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}{</strong><<em>string3</em>><strong>}}</strong></dt>
<dd><a name="IDX636"></a>
<a name="IDX637"></a>
<p>The <<em>number</em>> argument must consist entirely of decimal digits,
apart from leading and trailing white space, which is ignored.
This is what distinguishes this form of <code>extract</code> from the previous kind. It
behaves in the same way, except that, instead of extracting a named field, it
extracts from <<em>string1</em>> the field whose number is given as the first
argument. You can use <code>$value</code> in <<em>string2</em>> or ‘<samp>fail</samp>’ instead of
<<em>string3</em>> as before.
</p>
<p>The fields in the string are separated by any one of the characters in the
separator string. These may include space or tab characters.
The first field is numbered one. If the number is negative, the fields are
counted from the end of the string, with the rightmost one numbered -1. If the
number given is zero, the entire string is returned. If the modulus of the
number is greater than the number of fields in the string, the result is the
expansion of <<em>string3</em>>, or the empty string if <<em>string3</em>> is not
provided. For example:
</p>
<table><tr><td> </td><td><pre class="example">${extract{2}{:}{x:42:99:& Mailer::/bin/bash}}
</pre></td></tr></table>
<p>yields "42", and
</p>
<table><tr><td> </td><td><pre class="example">${extract{-4}{:}{x:42:99:& Mailer::/bin/bash}}
</pre></td></tr></table>
<p>yields "99". Two successive separators mean that the field between them is
empty (for example, the fifth field above).
</p>
</dd>
<dt> <strong>${filter{</strong><<em>string</em>><strong>}{</strong><<em>condition</em>><strong>}}</strong></dt>
<dd><a name="IDX638"></a>
<a name="IDX639"></a>
<a name="IDX640"></a>
<p>After expansion, <<em>string</em>> is interpreted as a list, colon-separated by
default, but the separator can be changed in the usual way. For each item
in this list, its value is place in <code>$item</code>, and then the condition is
evaluated. If the condition is true, <code>$item</code> is added to the output as an
item in a new list; if the condition is false, the item is discarded. The
separator used for the output list is the same as the one used for the
input, but a separator setting is not included in the output. For example:
</p>
<table><tr><td> </td><td><pre class="example">${filter{a:b:c}{!eq{$item}{b}}
</pre></td></tr></table>
<p>yields ‘<samp>a:c</samp>’. At the end of the expansion, the value of <code>$item</code> is restored
to what it was before. See also the <strong>map</strong> and <strong>reduce</strong> expansion items.
</p>
</dd>
<dt> <strong>${hash{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}{</strong><<em>string3</em>><strong>}}</strong></dt>
<dd><a name="IDX641"></a>
<a name="IDX642"></a>
<p>This is a textual hashing function, and was the first to be implemented in
early versions of Exim. In current releases, there are other hashing functions
(numeric, MD5, and SHA-1), which are described below.
</p>
<p>The first two strings, after expansion, must be numbers. Call them <<em>m</em>> and
<<em>n</em>>. If you are using fixed values for these numbers, that is, if
<<em>string1</em>> and <<em>string2</em>> do not change when they are expanded, you can
use the simpler operator notation that avoids some of the braces:
</p>
<table><tr><td> </td><td><pre class="example">${hash_<n>_<m>:<string>}
</pre></td></tr></table>
<p>The second number is optional (in both notations). If <<em>n</em>> is greater than
or equal to the length of the string, the expansion item returns the string.
Otherwise it computes a new string of length <<em>n</em>> by applying a hashing
function to the string. The new string consists of characters taken from the
first <<em>m</em>> characters of the string
</p>
<table><tr><td> </td><td><pre class="example">abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQWRSTUVWXYZ0123456789
</pre></td></tr></table>
<p>If <<em>m</em>> is not present the value 26 is used, so that only lower case
letters appear. For example:
</p>
<table><tr><td> </td><td><pre class="display">$hash{3}{monty}} yields jmg
$hash{5}{monty}} yields monty
$hash{4}{62}{monty python}} yields fbWx
</pre></td></tr></table>
</dd>
<dt> <strong>$header_</strong><<em>headername</em>><strong>:</strong>or<strong>$h_</strong><<em>headername</em>><strong>:</strong></dt>
<dt> <strong>$bheader_</strong><<em>headername</em>><strong>:</strong>or<strong>$bh_</strong><<em>headername</em>><strong>:</strong></dt>
<dt> <strong>$rheader_</strong><<em>headername</em>><strong>:</strong>or<strong>$rh_</strong><<em>headername</em>><strong>:</strong></dt>
<dd><a name="IDX643"></a>
<a name="IDX644"></a>
<a name="IDX645"></a>
<a name="IDX646"></a>
<a name="IDX647"></a>
<a name="IDX648"></a>
<a name="IDX649"></a>
<p>Substitute the contents of the named message header line, for example
</p>
<table><tr><td> </td><td><pre class="example">$header_reply-to:
</pre></td></tr></table>
<p>The newline that terminates a header line is not included in the expansion, but
internal newlines (caused by splitting the header line over several physical
lines) may be present.
</p>
<p>The difference between <code>rheader</code>, <code>bheader</code>, and <code>header</code> is in the way
the data in the header line is interpreted.
</p>
<ul class="toc">
<li>
<a name="IDX650"></a>
<code>rheader</code> gives the original "raw" content of the header line, with no
processing at all, and without the removal of leading and trailing white space.
</li><li>
<a name="IDX651"></a>
<code>bheader</code> removes leading and trailing white space, and then decodes base64
or quoted-printable MIME "words" within the header text, but does no
character set translation. If decoding of what looks superficially like a MIME
"word" fails, the raw string is returned. If decoding
<a name="IDX652"></a>
produces a binary zero character, it is replaced by a question mark - this is
what Exim does for binary zeros that are actually received in header lines.
</li><li>
<code>header</code> tries to translate the string as decoded by <code>bheader</code> to a
standard character set. This is an attempt to produce the same string as would
be displayed on a user's MUA. If translation fails, the <code>bheader</code> string is
returned. Translation is attempted only on operating systems that support the
<code>iconv()</code> function. This is indicated by the compile-time macro HAVE_ICONV in
a system Makefile or in ‘<tt>Local/Makefile</tt>’.
</li></ul>
<p>In a filter file, the target character set for <code>header</code> can be specified by a
command of the following form:
</p>
<table><tr><td> </td><td><pre class="example">headers charset "UTF-8"
</pre></td></tr></table>
<p>This command affects all references to <code>$h_</code> (or <code>$header_</code>) expansions in
subsequently obeyed filter commands. In the absence of this command, the target
character set in a filter is taken from the setting of the <code>headers_charset</code>
option in the runtime configuration. The value of this option defaults to the
value of HEADERS_CHARSET in ‘<tt>Local/Makefile</tt>’. The ultimate default is
ISO-8859-1.
</p>
<p>Header names follow the syntax of RFC 2822, which states that they may contain
any printing characters except space and colon. Consequently, curly brackets
<em>do not</em> terminate header names, and should not be used to enclose them as
if they were variables. Attempting to do so causes a syntax error.
</p>
<p>Only header lines that are common to all copies of a message are visible to
this mechanism. These are the original header lines that are received with the
message, and any that are added by an ACL statement or by a system
filter. Header lines that are added to a particular copy of a message by a
router or transport are not accessible.
</p>
<p>For incoming SMTP messages, no header lines are visible in ACLs that are obeyed
before the DATA ACL, because the header structure is not set up until the
message is received. Header lines that are added in a RCPT ACL (for example)
are saved until the message's incoming header lines are available, at which
point they are added. When a DATA ACL is running, however, header lines added
by earlier ACLs are visible.
</p>
<p>Upper case and lower case letters are synonymous in header names. If the
following character is white space, the terminating colon may be omitted, but
this is not recommended, because you may then forget it when it is needed. When
white space terminates the header name, it is included in the expanded string.
If the message does not contain the given header, the expansion item is
replaced by an empty string. (See the <code>def</code> condition in section
<a href="#SEC144">Expansion conditions</a> for a means of testing for the existence of a header.)
</p>
<p>If there is more than one header with the same name, they are all concatenated
to form the substitution string, up to a maximum length of 64K. Unless
<code>rheader</code> is being used, leading and trailing white space is removed from
each header before concatenation, and a completely empty header is ignored. A
newline character is then inserted between non-empty headers, but there is no
newline at the very end. For the <code>header</code> and <code>bheader</code> expansion, for
those headers that contain lists of addresses, a comma is also inserted at the
junctions between headers. This does not happen for the <code>rheader</code> expansion.
</p>
</dd>
<dt> <strong>${hmac{</strong><<em>hashname</em>><strong>}{</strong><<em>secret</em>><strong>}{</strong><<em>string</em>><strong>}}</strong></dt>
<dd><a name="IDX653"></a>
<a name="IDX654"></a>
<p>This function uses cryptographic hashing (either MD5 or SHA-1) to convert a
shared secret and some text into a message authentication code, as specified in
RFC 2104. This differs from ‘<samp>${md5:secret_text...}</samp>’ or
‘<samp>${sha1:secret_text...}</samp>’ in that the hmac step adds a signature to the
cryptographic hash, allowing for authentication that is not possible with MD5
or SHA-1 alone. The hash name must expand to either ‘<samp>md5</samp>’ or ‘<samp>sha1</samp>’ at
present. For example:
</p>
<table><tr><td> </td><td><pre class="example">${hmac{md5}{somesecret}{$primary_hostname $tod_log}}
</pre></td></tr></table>
<p>For the hostname <em>mail.example.com</em> and time 2002-10-17 11:30:59, this
produces:
</p>
<table><tr><td> </td><td><pre class="example">dd97e3ba5d1a61b5006108f8c8252953
</pre></td></tr></table>
<p>As an example of how this might be used, you might put in the main part of
an Exim configuration:
</p>
<table><tr><td> </td><td><pre class="example">SPAMSCAN_SECRET=cohgheeLei2thahw
</pre></td></tr></table>
<p>In a router or a transport you could then have:
</p>
<table><tr><td> </td><td><pre class="example">headers_add = \
X-Spam-Scanned: ${primary_hostname} ${message_exim_id} \
${hmac{md5}{SPAMSCAN_SECRET}\
{${primary_hostname},${message_exim_id},$h_message-id:}}
</pre></td></tr></table>
<p>Then given a message, you can check where it was scanned by looking at the
<em>X-Spam-Scanned:</em> header line. If you know the secret, you can check that
this header line is authentic by recomputing the authentication code from the
host name, message ID and the <em>Message-id:</em> header line. This can be done
using Exim's <code>-be</code> option, or by other means, for example by using the
<em>hmac_md5_hex()</em> function in Perl.
</p>
</dd>
<dt> <strong>${if</strong><<em>condition</em>><strong>{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}}</strong></dt>
<dd><a name="IDX655"></a>
<a name="IDX656"></a>
<p>If <<em>condition</em>> is true, <<em>string1</em>> is expanded and replaces the whole
item; otherwise <<em>string2</em>> is used. The available conditions are described
in section <a href="#SEC144">Expansion conditions</a> below. For example:
</p>
<table><tr><td> </td><td><pre class="example">${if eq {$local_part}{postmaster} {yes}{no} }
</pre></td></tr></table>
<p>The second string need not be present; if it is not and the condition is not
true, the item is replaced with nothing. Alternatively, the word "fail" may
be present instead of the second string (without any curly brackets). In this
case, the expansion is forced to fail if the condition is not true (see section
<a href="#SEC141">Forced expansion failure</a>).
</p>
<p>If both strings are omitted, the result is the string ‘<samp>true</samp>’ if the condition
is true, and the empty string if the condition is false. This makes it less
cumbersome to write custom ACL and router conditions. For example, instead of
</p>
<table><tr><td> </td><td><pre class="example">condition = ${if >{$acl_m4}{3}{true}{false}}
</pre></td></tr></table>
<p>you can use
</p>
<table><tr><td> </td><td><pre class="example">condition = ${if >{$acl_m4}{3}}
</pre></td></tr></table>
</dd>
<dt> <strong>${length{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}}</strong></dt>
<dd><a name="IDX657"></a>
<a name="IDX658"></a>
<p>The <code>length</code> item is used to extract the initial portion of a string. Both
strings are expanded, and the first one must yield a number, <<em>n</em>>, say. If
you are using a fixed value for the number, that is, if <<em>string1</em>> does not
change when expanded, you can use the simpler operator notation that avoids
some of the braces:
</p>
<table><tr><td> </td><td><pre class="example">${length_<n>:<string>}
</pre></td></tr></table>
<p>The result of this item is either the first <<em>n</em>> characters or the whole
of <<em>string2</em>>, whichever is the shorter. Do not confuse <code>length</code> with
<code>strlen</code>, which gives the length of a string.
</p>
</dd>
<dt> <strong>${lookup{</strong><<em>key</em>><strong>}</strong><<em>searchtype</em>><strong>{</strong><<em>file</em>><strong>}{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}}</strong></dt>
<dd><p>This is the first of one of two different types of lookup item, which are both
described in the next item.
</p>
</dd>
<dt> <strong>${lookup</strong><<em>searchtype</em>><strong>{</strong><<em>query</em>><strong>}{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}}</strong></dt>
<dd><a name="IDX659"></a>
<a name="IDX660"></a>
<a name="IDX661"></a>
<p>The two forms of lookup item specify data lookups in files and databases, as
discussed in chapter <a href="spec_9.html#SEC89">File and database lookups</a>. The first form is used for single-key
lookups, and the second is used for query-style lookups. The <<em>key</em>>,
<<em>file</em>>, and <<em>query</em>> strings are expanded before use.
</p>
<p>If there is any white space in a lookup item which is part of a filter command,
a retry or rewrite rule, a routing rule for the <code>manualroute</code> router, or any
other place where white space is significant, the lookup item must be enclosed
in double quotes. The use of data lookups in users' filter files may be locked
out by the system administrator.
</p>
<a name="IDX662"></a>
<p>If the lookup succeeds, <<em>string1</em>> is expanded and replaces the entire item.
During its expansion, the variable <code>$value</code> contains the data returned by the
lookup. Afterwards it reverts to the value it had previously (at the outer
level it is empty). If the lookup fails, <<em>string2</em>> is expanded and replaces
the entire item. If {<<em>string2</em>>} is omitted, the replacement is the empty
string on failure. If <<em>string2</em>> is provided, it can itself be a nested
lookup, thus providing a mechanism for looking up a default value when the
original lookup fails.
</p>
<p>If a nested lookup is used as part of <<em>string1</em>>, <code>$value</code> contains the
data for the outer lookup while the parameters of the second lookup are
expanded, and also while <<em>string2</em>> of the second lookup is expanded, should
the second lookup fail. Instead of {<<em>string2</em>>} the word "fail" can
appear, and in this case, if the lookup fails, the entire expansion is forced
to fail (see section <a href="#SEC141">Forced expansion failure</a>). If both {<<em>string1</em>>} and
{<<em>string2</em>>} are omitted, the result is the looked up value in the case of a
successful lookup, and nothing in the case of failure.
</p>
<p>For single-key lookups, the string "partial" is permitted to precede the
search type in order to do partial matching, and * or *@ may follow a search
type to request default lookups if the key does not match (see sections
<a href="spec_9.html#SEC95">Default values in single-key lookups</a> and <a href="spec_9.html#SEC96">Partial matching in single-key lookups</a> for details).
</p>
<a name="IDX663"></a>
<p>If a partial search is used, the variables <code>$1</code> and <code>$2</code> contain the wild
and non-wild parts of the key during the expansion of the replacement text.
They return to their previous values at the end of the lookup item.
</p>
<p>This example looks up the postmaster alias in the conventional alias file:
</p>
<table><tr><td> </td><td><pre class="example">${lookup {postmaster} lsearch {/etc/aliases} {$value}}
</pre></td></tr></table>
<p>This example uses NIS+ to look up the full name of the user corresponding to
the local part of an address, forcing the expansion to fail if it is not found:
</p>
<table><tr><td> </td><td><pre class="example">${lookup nisplus {[name=$local_part],passwd.org_dir:gcos} \
{$value}fail}
</pre></td></tr></table>
</dd>
<dt> <strong>${map{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}}</strong></dt>
<dd><a name="IDX664"></a>
<a name="IDX665"></a>
<p>After expansion, <<em>string1</em>> is interpreted as a list, colon-separated by
default, but the separator can be changed in the usual way. For each item
in this list, its value is place in <code>$item</code>, and then <<em>string2</em>> is
expanded and added to the output as an item in a new list. The separator used
for the output list is the same as the one used for the input, but a separator
setting is not included in the output. For example:
</p>
<table><tr><td> </td><td><pre class="example">${map{a:b:c}{[$item]}} ${map{<- x-y-z}{($item)}}
</pre></td></tr></table>
<p>expands to ‘<samp>[a]:[b]:[c] (x)-(y)-(z)</samp>’. At the end of the expansion, the
value of <code>$item</code> is restored to what it was before. See also the <strong>filter</strong>
and <strong>reduce</strong> expansion items.
</p>
</dd>
<dt> <strong>${nhash{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}{</strong><<em>string3</em>><strong>}}</strong></dt>
<dd><a name="IDX666"></a>
<a name="IDX667"></a>
<p>The three strings are expanded; the first two must yield numbers. Call them
<<em>n</em>> and <<em>m</em>>. If you are using fixed values for these numbers, that is,
if <<em>string1</em>> and <<em>string2</em>> do not change when they are expanded, you
can use the simpler operator notation that avoids some of the braces:
</p>
<table><tr><td> </td><td><pre class="example">${nhash_<n>_<m>:<string>}
</pre></td></tr></table>
<p>The second number is optional (in both notations). If there is only one number,
the result is a number in the range 0-<<em>n</em>>-1. Otherwise, the string is
processed by a div/mod hash function that returns two numbers, separated by a
slash, in the ranges 0 to <<em>n</em>>-1 and 0 to <<em>m</em>>-1, respectively. For
example,
</p>
<table><tr><td> </td><td><pre class="example">${nhash{8}{64}{supercalifragilisticexpialidocious}}
</pre></td></tr></table>
<p>returns the string "6/33".
</p>
</dd>
<dt> <strong>${perl{</strong><<em>subroutine</em>><strong>}{</strong><<em>arg</em>><strong>}{</strong><<em>arg</em>><strong>}...}</strong></dt>
<dd><a name="IDX668"></a>
<a name="IDX669"></a>
<p>This item is available only if Exim has been built to include an embedded Perl
interpreter. The subroutine name and the arguments are first separately
expanded, and then the Perl subroutine is called with those arguments. No
additional arguments need be given; the maximum number permitted, including the
name of the subroutine, is nine.
</p>
<p>The return value of the subroutine is inserted into the expanded string, unless
the return value is <code>undef</code>. In that case, the expansion fails in the same
way as an explicit "fail" on a lookup item. The return value is a scalar.
Whatever you return is evaluated in a scalar context. For example, if you
return the name of a Perl vector, the return value is the size of the vector,
not its contents.
</p>
<p>If the subroutine exits by calling Perl's <code>die</code> function, the expansion fails
with the error message that was passed to <code>die</code>. More details of the embedded
Perl facility are given in chapter <a href="spec_12.html#SEC147">Embedded Perl</a>.
</p>
<p>The <code>redirect</code> router has an option called <code>forbid_filter_perl</code> which locks
out the use of this expansion item in filter files.
</p>
</dd>
<dt> <strong>${prvs{</strong><<em>address</em>><strong>}{</strong><<em>secret</em>><strong>}{</strong><<em>keynumber</em>><strong>}}</strong></dt>
<dd><a name="IDX670"></a>
<p>The first argument is a complete email address and the second is secret
keystring. The third argument, specifying a key number, is optional. If absent,
it defaults to 0. The result of the expansion is a prvs-signed email address,
to be typically used with the <code>return_path</code> option on an <code>smtp</code> transport
as part of a bounce address tag validation (BATV) scheme. For more discussion
and an example, see section <a href="spec_40.html#SEC355">Bounce address tag validation</a>.
</p>
</dd>
<dt> <strong>${prvscheck{</strong><<em>address</em>><strong>}{</strong><<em>secret</em>><strong>}{</strong><<em>string</em>><strong>}}</strong></dt>
<dd><a name="IDX671"></a>
<p>This expansion item is the complement of the <code>prvs</code> item. It is used for
checking prvs-signed addresses. If the expansion of the first argument does not
yield a syntactically valid prvs-signed address, the whole item expands to the
empty string. When the first argument does expand to a syntactically valid
prvs-signed address, the second argument is expanded, with the prvs-decoded
version of the address and the key number extracted from the address in the
variables <code>$prvscheck_address</code> and <code>$prvscheck_keynum</code>, respectively.
</p>
<p>These two variables can be used in the expansion of the second argument to
retrieve the secret. The validity of the prvs-signed address is then checked
against the secret. The result is stored in the variable <code>$prvscheck_result</code>,
which is empty for failure or "1" for success.
</p>
<p>The third argument is optional; if it is missing, it defaults to an empty
string. This argument is now expanded. If the result is an empty string, the
result of the expansion is the decoded version of the address. This is the case
whether or not the signature was valid. Otherwise, the result of the expansion
is the expansion of the third argument.
</p>
<p>All three variables can be used in the expansion of the third argument.
However, once the expansion is complete, only <code>$prvscheck_result</code> remains set.
For more discussion and an example, see section <a href="spec_40.html#SEC355">Bounce address tag validation</a>.
</p>
</dd>
<dt> <strong>${readfile{</strong><<em>filename</em>><strong>}{</strong><<em>eolstring</em>><strong>}}</strong></dt>
<dd><a name="IDX672"></a>
<a name="IDX673"></a>
<a name="IDX674"></a>
<p>The file name and end-of-line string are first expanded separately. The file is
then read, and its contents replace the entire item. All newline characters in
the file are replaced by the end-of-line string if it is present. Otherwise,
newlines are left in the string.
String expansion is not applied to the contents of the file. If you want this,
you must wrap the item in an <code>expand</code> operator. If the file cannot be read,
the string expansion fails.
</p>
<p>The <code>redirect</code> router has an option called <code>forbid_filter_readfile</code> which
locks out the use of this expansion item in filter files.
</p>
</dd>
<dt> <strong>${readsocket{</strong><<em>name</em>><strong>}{</strong><<em>request</em>><strong>}{</strong><<em>timeout</em>><strong>}{</strong><<em>eolstring</em>><strong>}{</strong><<em>failstring</em>><strong>}}</strong></dt>
<dd><a name="IDX675"></a>
<a name="IDX676"></a>
<a name="IDX677"></a>
<p>This item inserts data from a Unix domain or Internet socket into the expanded
string. The minimal way of using it uses just two arguments, as in these
examples:
</p>
<table><tr><td> </td><td><pre class="example">${readsocket{/socket/name}{request string}}
${readsocket{inet:some.host:1234}{request string}}
</pre></td></tr></table>
<p>For a Unix domain socket, the first substring must be the path to the socket.
For an Internet socket, the first substring must contain ‘<samp>inet:</samp>’ followed by
a host name or IP address, followed by a colon and a port, which can be a
number or the name of a TCP port in ‘<tt>/etc/services</tt>’. An IP address may
optionally be enclosed in square brackets. This is best for IPv6 addresses. For
example:
</p>
<table><tr><td> </td><td><pre class="example">${readsocket{inet:[::1]:1234}{request string}}
</pre></td></tr></table>
<p>Only a single host name may be given, but if looking it up yields more than
one IP address, they are each tried in turn until a connection is made. For
both kinds of socket, Exim makes a connection, writes the request string
(unless it is an empty string) and reads from the socket until an end-of-file
is read. A timeout of 5 seconds is applied. Additional, optional arguments
extend what can be done. Firstly, you can vary the timeout. For example:
</p>
<table><tr><td> </td><td><pre class="example">${readsocket{/socket/name}{request string}{3s}}
</pre></td></tr></table>
<p>A fourth argument allows you to change any newlines that are in the data
that is read, in the same way as for <code>readfile</code> (see above). This example
turns them into spaces:
</p>
<table><tr><td> </td><td><pre class="example">${readsocket{inet:127.0.0.1:3294}{request string}{3s}{ }}
</pre></td></tr></table>
<p>As with all expansions, the substrings are expanded before the processing
happens. Errors in these sub-expansions cause the expansion to fail. In
addition, the following errors can occur:
</p>
<ul class="toc">
<li>
Failure to create a socket file descriptor;
</li><li>
Failure to connect the socket;
</li><li>
Failure to write the request string;
</li><li>
Timeout on reading from the socket.
</li></ul>
<p>By default, any of these errors causes the expansion to fail. However, if
you supply a fifth substring, it is expanded and used when any of the above
errors occurs. For example:
</p>
<table><tr><td> </td><td><pre class="example">${readsocket{/socket/name}{request string}{3s}{\n}\
{socket failure}}
</pre></td></tr></table>
<p>You can test for the existence of a Unix domain socket by wrapping this
expansion in ‘<samp>${if exists</samp>’, but there is a race condition between that test
and the actual opening of the socket, so it is safer to use the fifth argument
if you want to be absolutely sure of avoiding an expansion error for a
non-existent Unix domain socket, or a failure to connect to an Internet socket.
</p>
<p>The <code>redirect</code> router has an option called <code>forbid_filter_readsocket</code> which
locks out the use of this expansion item in filter files.
</p>
</dd>
<dt> <strong>${reduce{</strong><<em>string1</em>>}{<<em>string2</em>><strong>}{</strong><<em>string3</em>><strong>}}</strong></dt>
<dd><a name="IDX678"></a>
<a name="IDX679"></a>
<a name="IDX680"></a>
<a name="IDX681"></a>
<p>This operation reduces a list to a single, scalar string. After expansion,
<<em>string1</em>> is interpreted as a list, colon-separated by default, but the
separator can be changed in the usual way. Then <<em>string2</em>> is expanded and
assigned to the <code>$value</code> variable. After this, each item in the <<em>string1</em>>
list is assigned to <code>$item</code> in turn, and <<em>string3</em>> is expanded for each of
them. The result of that expansion is assigned to <code>$value</code> before the next
iteration. When the end of the list is reached, the final value of <code>$value</code> is
added to the expansion output. The <strong>reduce</strong> expansion item can be used in a
number of ways. For example, to add up a list of numbers:
</p>
<table><tr><td> </td><td><pre class="example">${reduce {<, 1,2,3}{0}{${eval:$value+$item}}}
</pre></td></tr></table>
<p>The result of that expansion would be ‘<samp>6</samp>’. The maximum of a list of numbers
can be found:
</p>
<table><tr><td> </td><td><pre class="example">${reduce {3:0:9:4:6}{0}{${if >{$item}{$value}{$item}{$value}}}}
</pre></td></tr></table>
<p>At the end of a <strong>reduce</strong> expansion, the values of <code>$item</code> and <code>$value</code> are
restored to what they were before. See also the <strong>filter</strong> and <strong>map</strong>
expansion items.
</p>
</dd>
<dt> <strong>$rheader_</strong><<em>headername</em>><strong>:</strong>or<strong>$rh_</strong><<em>headername</em>><strong>:</strong></dt>
<dd><p>This item inserts "raw" header lines. It is described with the <code>header</code>
expansion item above.
</p>
</dd>
<dt> <strong>${run{</strong><<em>command</em>><strong></strong><<em>args</em>><strong>}{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}}</strong></dt>
<dd><a name="IDX682"></a>
<a name="IDX683"></a>
<p>The command and its arguments are first expanded separately, and then the
command is run in a separate process, but under the same uid and gid. As in
other command executions from Exim, a shell is not used by default. If you want
a shell, you must explicitly code it.
</p>
<p>The standard input for the command exists, but is empty. The standard output
and standard error are set to the same file descriptor.
<a name="IDX684"></a>
<a name="IDX685"></a>
If the command succeeds (gives a zero return code) <<em>string1</em>> is expanded
and replaces the entire item; during this expansion, the standard output/error
from the command is in the variable <code>$value</code>. If the command fails,
<<em>string2</em>>, if present, is expanded and used. Once again, during the
expansion, the standard output/error from the command is in the variable
<code>$value</code>.
</p>
<p>If <<em>string2</em>> is absent, the result is empty. Alternatively, <<em>string2</em>>
can be the word "fail" (not in braces) to force expansion failure if the
command does not succeed. If both strings are omitted, the result is contents
of the standard output/error on success, and nothing on failure.
</p>
<a name="IDX686"></a>
<p>The return code from the command is put in the variable <code>$runrc</code>, and this
remains set afterwards, so in a filter file you can do things like this:
</p>
<table><tr><td> </td><td><pre class="example">if "${run{x y z}{}}$runrc" is 1 then ...
elif $runrc is 2 then ...
...
endif
</pre></td></tr></table>
<p>If execution of the command fails (for example, the command does not exist),
the return code is 127 - the same code that shells use for non-existent
commands.
</p>
<p><strong>Warning</strong>: In a router or transport, you cannot assume the order in which
option values are expanded, except for those preconditions whose order of
testing is documented. Therefore, you cannot reliably expect to set <code>$runrc</code>
by the expansion of one option, and use it in another.
</p>
<p>The <code>redirect</code> router has an option called <code>forbid_filter_run</code> which locks
out the use of this expansion item in filter files.
</p>
</dd>
<dt> <strong>${sg{</strong><<em>subject</em>><strong>}{</strong><<em>regex</em>><strong>}{</strong><<em>replacement</em>><strong>}}</strong></dt>
<dd><a name="IDX687"></a>
<a name="IDX688"></a>
<p>This item works like Perl's substitution operator (s) with the global (/g)
option; hence its name. However, unlike the Perl equivalent, Exim does not
modify the subject string; instead it returns the modified string for insertion
into the overall expansion. The item takes three arguments: the subject string,
a regular expression, and a substitution string. For example:
</p>
<table><tr><td> </td><td><pre class="example">${sg{abcdefabcdef}{abc}{xyz}}
</pre></td></tr></table>
<p>yields "xyzdefxyzdef". Because all three arguments are expanded before use,
if any $ or \ characters are required in the regular expression or in the
substitution string, they have to be escaped. For example:
</p>
<table><tr><td> </td><td><pre class="example">${sg{abcdef}{^(...)(...)\$}{\$2\$1}}
</pre></td></tr></table>
<p>yields "defabc", and
</p>
<table><tr><td> </td><td><pre class="example">${sg{1=A 4=D 3=C}{\N(\d+)=\N}{K\$1=}}
</pre></td></tr></table>
<p>yields "K1=A K4=D K3=C". Note the use of ‘<samp>\N</samp>’ to protect the contents of
the regular expression from string expansion.
</p>
</dd>
<dt> <strong>${substr{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}{</strong><<em>string3</em>><strong>}}</strong></dt>
<dd><a name="IDX689"></a>
<a name="IDX690"></a>
<a name="IDX691"></a>
<p>The three strings are expanded; the first two must yield numbers. Call them
<<em>n</em>> and <<em>m</em>>. If you are using fixed values for these numbers, that is,
if <<em>string1</em>> and <<em>string2</em>> do not change when they are expanded, you
can use the simpler operator notation that avoids some of the braces:
</p>
<table><tr><td> </td><td><pre class="example">${substr_<n>_<m>:<string>}
</pre></td></tr></table>
<p>The second number is optional (in both notations).
If it is absent in the simpler format, the preceding underscore must also be
omitted.
</p>
<p>The <code>substr</code> item can be used to extract more general substrings than
<code>length</code>. The first number, <<em>n</em>>, is a starting offset, and <<em>m</em>> is the
length required. For example
</p>
<table><tr><td> </td><td><pre class="example">${substr{3}{2}{$local_part}}
</pre></td></tr></table>
<p>If the starting offset is greater than the string length the result is the
null string; if the length plus starting offset is greater than the string
length, the result is the right-hand part of the string, starting from the
given offset. The first character in the string has offset zero.
</p>
<p>The <code>substr</code> expansion item can take negative offset values to count
from the right-hand end of its operand. The last character is offset -1, the
second-last is offset -2, and so on. Thus, for example,
</p>
<table><tr><td> </td><td><pre class="example">${substr{-5}{2}{1234567}}
</pre></td></tr></table>
<p>yields "34". If the absolute value of a negative offset is greater than the
length of the string, the substring starts at the beginning of the string, and
the length is reduced by the amount of overshoot. Thus, for example,
</p>
<table><tr><td> </td><td><pre class="example">${substr{-5}{2}{12}}
</pre></td></tr></table>
<p>yields an empty string, but
</p>
<table><tr><td> </td><td><pre class="example">${substr{-3}{2}{12}}
</pre></td></tr></table>
<p>yields "1".
</p>
<p>When the second number is omitted from <code>substr</code>, the remainder of the string
is taken if the offset is positive. If it is negative, all characters in the
string preceding the offset point are taken. For example, an offset of -1 and
no length, as in these semantically identical examples:
</p>
<table><tr><td> </td><td><pre class="example">${substr_-1:abcde}
${substr{-1}{abcde}}
</pre></td></tr></table>
<p>yields all but the last character of the string, that is, "abcd".
</p>
</dd>
<dt> <strong>${tr{</strong><<em>subject</em>><strong>}{</strong><<em>characters</em>><strong>}{</strong><<em>replacements</em>><strong>}}</strong></dt>
<dd><a name="IDX692"></a>
<a name="IDX693"></a>
<p>This item does single-character translation on its subject string. The second
argument is a list of characters to be translated in the subject string. Each
matching character is replaced by the corresponding character from the
replacement list. For example
</p>
<table><tr><td> </td><td><pre class="example">${tr{abcdea}{ac}{13}}
</pre></td></tr></table>
<p>yields ‘<samp>1b3de1</samp>’. If there are duplicates in the second character string, the
last occurrence is used. If the third string is shorter than the second, its
last character is replicated. However, if it is empty, no translation takes
place.
</p></dd>
</dl>
<hr size="6">
<a name="Expansion-operators"></a>
<a name="SEC143"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC142" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC144" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.6 Expansion operators </h2>
<p>For expansion items that perform transformations on a single argument string,
the "operator" notation is used because it is simpler and uses fewer braces.
The substring is first expanded before the operation is applied to it. The
following operations can be performed:
</p>
<dl compact="compact">
<dt> <strong>${address:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX694"></a>
<a name="IDX695"></a>
<p>The string is interpreted as an RFC 2822 address, as it might appear in a
header line, and the effective address is extracted from it. If the string does
not parse successfully, the result is empty.
</p>
</dd>
<dt> <strong>${addresses:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX696"></a>
<a name="IDX697"></a>
<p>The string (after expansion) is interpreted as a list of addresses in RFC
2822 format, such as can be found in a <em>To:</em> or <em>Cc:</em> header line. The
operative address (<em>local-part@domain</em>) is extracted from each item, and the
result of the expansion is a colon-separated list, with appropriate
doubling of colons should any happen to be present in the email addresses.
Syntactically invalid RFC2822 address items are omitted from the output.
</p>
<p>It is possible to specify a character other than colon for the output
separator by starting the string with > followed by the new separator
character. For example:
</p>
<table><tr><td> </td><td><pre class="example">${addresses:>& Chief <ceo@up.stairs>, sec@base.ment (dogsbody)}
</pre></td></tr></table>
<p>expands to ‘<samp>ceo@up.stairs&sec@base.ment</samp>’. Compare the <strong>address</strong> (singular)
expansion item, which extracts the working address from a single RFC2822
address. See the <strong>filter</strong>, <strong>map</strong>, and <strong>reduce</strong> items for ways of
processing lists.
</p>
</dd>
<dt> <strong>${base62:</strong><<em>digits</em>><strong>}</strong></dt>
<dd><a name="IDX698"></a>
<a name="IDX699"></a>
<p>The string must consist entirely of decimal digits. The number is converted to
base 62 and output as a string of six characters, including leading zeros. In
the few operating environments where Exim uses base 36 instead of base 62 for
its message identifiers (because those systems do not have case-sensitive file
names), base 36 is used by this operator, despite its name. <strong>Note</strong>: Just to
be absolutely clear: this is <em>not</em> base64 encoding.
</p>
</dd>
<dt> <strong>${base62d:</strong><<em>base-62digits</em>><strong>}</strong></dt>
<dd><a name="IDX700"></a>
<a name="IDX701"></a>
<p>The string must consist entirely of base-62 digits, or, in operating
environments where Exim uses base 36 instead of base 62 for its message
identifiers, base-36 digits. The number is converted to decimal and output as a
string.
</p>
</dd>
<dt> <strong>${domain:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX702"></a>
<a name="IDX703"></a>
<p>The string is interpreted as an RFC 2822 address and the domain is extracted
from it. If the string does not parse successfully, the result is empty.
</p>
</dd>
<dt> <strong>${escape:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX704"></a>
<a name="IDX705"></a>
<p>If the string contains any non-printing characters, they are converted to
escape sequences starting with a backslash. Whether characters with the most
significant bit set (so-called "8-bit characters") count as printing or not
is controlled by the <code>print_topbitchars</code> option.
</p>
</dd>
<dt> <strong>${eval:</strong><<em>string</em>><strong>}</strong>and<strong>${eval10:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX706"></a>
<a name="IDX707"></a>
<a name="IDX708"></a>
<p>These items supports simple arithmetic and bitwise logical operations in
expansion strings. The string (after expansion) must be a conventional
arithmetic expression, but it is limited to basic arithmetic operators, bitwise
logical operators, and parentheses. All operations are carried out using
integer arithmetic. The operator priorities are as follows (the same as in the
C programming language):
</p>
<table>
<tr><td>
<p><em>highest:</em></p></td><td><p> not (~), negate (-)
</p></td></tr>
<tr><td>
</td><td><p> multiply (*), divide (/), remainder (%)
</p></td></tr>
<tr><td>
</td><td><p> plus (+), minus (-)
</p></td></tr>
<tr><td>
</td><td><p> shift-left (<<), shift-right (>>)
</p></td></tr>
<tr><td>
</td><td><p> and (&)
</p></td></tr>
<tr><td>
</td><td><p> xor (^)
</p></td></tr>
<tr><td>
<p><em>lowest:</em></p></td><td><p> or (|)
</p></td></tr>
</table>
<p>Binary operators with the same priority are evaluated from left to right. White
space is permitted before or after operators.
</p>
<p>For <code>eval</code>, numbers may be decimal, octal (starting with "0") or
hexadecimal (starting with "0x"). For <code>eval10</code>, all numbers are taken as
decimal, even if they start with a leading zero; hexadecimal numbers are not
permitted. This can be useful when processing numbers extracted from dates or
times, which often do have leading zeros.
</p>
<p>A number may be followed by "K" or "M" to multiply it by 1024 or 1024*1024,
respectively. Negative numbers are supported. The result of the computation is
a decimal representation of the answer (without "K" or "M"). For example:
</p>
<table><tr><td> </td><td><pre class="display">${eval:1+1} yields 2
${eval:1+2*3} yields 7
${eval:(1+2)*3} yields 9
${eval:2+42%5} yields 4
${eval:0xc&5} yields 4
${eval:0xc|5} yields 13
${eval:0xc^5} yields 9
${eval:0xc>>1} yields 6
${eval:0xc<<1} yields 24
${eval:~255&0x1234} yields 4608
${eval:-(~255&0x1234)} yields -4608
</pre></td></tr></table>
<p>As a more realistic example, in an ACL you might have
</p>
<table><tr><td> </td><td><pre class="example">deny message = Too many bad recipients
condition = \
${if and { \
{>{$rcpt_count}{10}} \
{ \
< \
{$recipients_count} \
{${eval:$rcpt_count/2}} \
} \
}{yes}{no}}
</pre></td></tr></table>
<p>The condition is true if there have been more than 10 RCPT commands and
fewer than half of them have resulted in a valid recipient.
</p>
</dd>
<dt> <strong>${expand:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX709"></a>
<p>The <code>expand</code> operator causes a string to be expanded for a second time. For
example,
</p>
<table><tr><td> </td><td><pre class="example">${expand:${lookup{$domain}dbm{/some/file}{$value}}}
</pre></td></tr></table>
<p>first looks up a string in a file while expanding the operand for <code>expand</code>,
and then re-expands what it has found.
</p>
</dd>
<dt> <strong>${from_utf8:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX710"></a>
<a name="IDX711"></a>
<a name="IDX712"></a>
<a name="IDX713"></a>
<p>The world is slowly moving towards Unicode, although there are no standards for
email yet. However, other applications (including some databases) are starting
to store data in Unicode, using UTF-8 encoding. This operator converts from a
UTF-8 string to an ISO-8859-1 string. UTF-8 code values greater than 255 are
converted to underscores. The input must be a valid UTF-8 string. If it is not,
the result is an undefined sequence of bytes.
</p>
<p>Unicode code points with values less than 256 are compatible with ASCII and
ISO-8859-1 (also known as Latin-1).
For example, character 169 is the copyright symbol in both cases, though the
way it is encoded is different. In UTF-8, more than one byte is needed for
characters with code values greater than 127, whereas ISO-8859-1 is a
single-byte encoding (but thereby limited to 256 characters). This makes
translation from UTF-8 to ISO-8859-1 straightforward.
</p>
</dd>
<dt> <strong>${hash_</strong><<em>n</em>><strong>_</strong><<em>m</em>><strong>:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX714"></a>
<a name="IDX715"></a>
<p>The <code>hash</code> operator is a simpler interface to the hashing function that can
be used when the two parameters are fixed numbers (as opposed to strings that
change when expanded). The effect is the same as
</p>
<table><tr><td> </td><td><pre class="example">${hash{<n>}{<m>}{<string>}}
</pre></td></tr></table>
<p>See the description of the general <code>hash</code> item above for details. The
abbreviation <code>h</code> can be used when <code>hash</code> is used as an operator.
</p>
</dd>
<dt> <strong>${hex2b64:</strong><<em>hexstring</em>><strong>}</strong></dt>
<dd><a name="IDX716"></a>
<a name="IDX717"></a>
<a name="IDX718"></a>
<p>This operator converts a hex string into one that is base64 encoded. This can
be useful for processing the output of the MD5 and SHA-1 hashing functions.
</p>
</dd>
<dt> <strong>${lc:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX719"></a>
<a name="IDX720"></a>
<a name="IDX721"></a>
<a name="IDX722"></a>
<a name="IDX723"></a>
<p>This forces the letters in the string into lower-case, for example:
</p>
<table><tr><td> </td><td><pre class="example">${lc:$local_part}
</pre></td></tr></table>
</dd>
<dt> <strong>${length_</strong><<em>number</em>><strong>:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX724"></a>
<a name="IDX725"></a>
<p>The <code>length</code> operator is a simpler interface to the <code>length</code> function that
can be used when the parameter is a fixed number (as opposed to a string that
changes when expanded). The effect is the same as
</p>
<table><tr><td> </td><td><pre class="example">${length{<number>}{<string>}}
</pre></td></tr></table>
<p>See the description of the general <code>length</code> item above for details. Note that
<code>length</code> is not the same as <code>strlen</code>. The abbreviation <code>l</code> can be used
when <code>length</code> is used as an operator.
</p>
</dd>
<dt> <strong>${local_part:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX726"></a>
<a name="IDX727"></a>
<p>The string is interpreted as an RFC 2822 address and the local part is
extracted from it. If the string does not parse successfully, the result is
empty.
</p>
</dd>
<dt> <strong>${mask:</strong><<em>IPaddress</em>><strong>/</strong><<em>bitcount</em>><strong>}</strong></dt>
<dd><a name="IDX728"></a>
<a name="IDX729"></a>
<a name="IDX730"></a>
<a name="IDX731"></a>
<a name="IDX732"></a>
<p>If the form of the string to be operated on is not an IP address followed by a
slash and an integer (that is, a network address in CIDR notation), the
expansion fails. Otherwise, this operator converts the IP address to binary,
masks off the least significant bits according to the bit count, and converts
the result back to text, with mask appended. For example,
</p>
<table><tr><td> </td><td><pre class="example">${mask:10.111.131.206/28}
</pre></td></tr></table>
<p>returns the string "10.111.131.192/28". Since this operation is expected to
be mostly used for looking up masked addresses in files, the result for an IPv6
address uses dots to separate components instead of colons, because colon
terminates a key string in lsearch files. So, for example,
</p>
<table><tr><td> </td><td><pre class="example">${mask:3ffe:ffff:836f:0a00:000a:0800:200a:c031/99}
</pre></td></tr></table>
<p>returns the string
</p>
<table><tr><td> </td><td><pre class="example">3ffe.ffff.836f.0a00.000a.0800.2000.0000/99
</pre></td></tr></table>
<p>Letters in IPv6 addresses are always output in lower case.
</p>
</dd>
<dt> <strong>${md5:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX733"></a>
<a name="IDX734"></a>
<a name="IDX735"></a>
<p>The <code>md5</code> operator computes the MD5 hash value of the string, and returns it
as a 32-digit hexadecimal number, in which any letters are in lower case.
</p>
</dd>
<dt> <strong>${nhash_</strong><<em>n</em>><strong>_</strong><<em>m</em>><strong>:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX736"></a>
<a name="IDX737"></a>
<p>The <code>nhash</code> operator is a simpler interface to the numeric hashing function
that can be used when the two parameters are fixed numbers (as opposed to
strings that change when expanded). The effect is the same as
</p>
<table><tr><td> </td><td><pre class="example">${nhash{<n>}{<m>}{<string>}}
</pre></td></tr></table>
<p>See the description of the general <code>nhash</code> item above for details.
</p>
</dd>
<dt> <strong>${quote:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX738"></a>
<a name="IDX739"></a>
<a name="IDX740"></a>
<p>The <code>quote</code> operator puts its argument into double quotes if it
is an empty string or
contains anything other than letters, digits, underscores, dots, and hyphens.
Any occurrences of double quotes and backslashes are escaped with a backslash.
Newlines and carriage returns are converted to ‘<samp>\n</samp>’ and ‘<samp>\r</samp>’,
respectively For example,
</p>
<table><tr><td> </td><td><pre class="example">${quote:ab"*"cd}
</pre></td></tr></table>
<p>becomes
</p>
<table><tr><td> </td><td><pre class="example">"ab\"*\"cd"
</pre></td></tr></table>
<p>The place where this is useful is when the argument is a substitution from a
variable or a message header.
</p>
</dd>
<dt> <strong>${quote_local_part:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX741"></a>
<p>This operator is like <code>quote</code>, except that it quotes the string only if
required to do so by the rules of RFC 2822 for quoting local parts. For
example, a plus sign would not cause quoting (but it would for <code>quote</code>).
If you are creating a new email address from the contents of <code>$local_part</code>
(or any other unknown data), you should always use this operator.
</p>
</dd>
<dt> <strong>${quote_</strong><<em>lookup-type</em>><strong>:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX742"></a>
<p>This operator applies lookup-specific quoting rules to the string. Each
query-style lookup type has its own quoting rules which are described with
the lookups in chapter <a href="spec_9.html#SEC89">File and database lookups</a>. For example,
</p>
<table><tr><td> </td><td><pre class="example">${quote_ldap:two * two}
</pre></td></tr></table>
<p>returns
</p>
<table><tr><td> </td><td><pre class="example">two%20%5C2A%20two
</pre></td></tr></table>
<p>For single-key lookup types, no quoting is ever necessary and this operator
yields an unchanged string.
</p>
</dd>
<dt> <strong>${rfc2047:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX743"></a>
<a name="IDX744"></a>
<a name="IDX745"></a>
<p>This operator encodes text according to the rules of RFC 2047. This is an
encoding that is used in header lines to encode non-ASCII characters. It is
assumed that the input string is in the encoding specified by the
<code>headers_charset</code> option, which defaults to ISO-8859-1. If the string
contains only characters in the range 33-126, and no instances of the
characters
</p>
<table><tr><td> </td><td><pre class="example">? = ( ) < > @ , ; : \ " . [ ] _
</pre></td></tr></table>
<p>it is not modified. Otherwise, the result is the RFC 2047 encoding of the
string, using as many "encoded words" as necessary to encode all the
characters.
</p>
</dd>
<dt> <strong>${rfc2047d:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX746"></a>
<a name="IDX747"></a>
<a name="IDX748"></a>
<p>This operator decodes strings that are encoded as per RFC 2047. Binary zero
bytes are replaced by question marks. Characters are converted into the
character set defined by <code>headers_charset</code>. Overlong RFC 2047 "words" are
not recognized unless <code>check_rfc2047_length</code> is set false.
</p>
<p><strong>Note</strong>: If you use <code>$header</code>_<em>xxx</em><strong>:</strong> (or <code>$h</code>_<em>xxx</em><strong>:</strong>) to
access a header line, RFC 2047 decoding is done automatically. You do not need
to use this operator as well.
</p>
</dd>
<dt> <strong>${rxquote:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX749"></a>
<a name="IDX750"></a>
<a name="IDX751"></a>
<p>The <code>rxquote</code> operator inserts a backslash before any non-alphanumeric
characters in its argument. This is useful when substituting the values of
variables or headers inside regular expressions.
</p>
</dd>
<dt> <strong>${sha1:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX752"></a>
<a name="IDX753"></a>
<a name="IDX754"></a>
<p>The <code>sha1</code> operator computes the SHA-1 hash value of the string, and returns
it as a 40-digit hexadecimal number, in which any letters are in upper case.
</p>
</dd>
<dt> <strong>${stat:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX755"></a>
<a name="IDX756"></a>
<a name="IDX757"></a>
<p>The string, after expansion, must be a file path. A call to the <code>stat()</code>
function is made for this path. If <code>stat()</code> fails, an error occurs and the
expansion fails. If it succeeds, the data from the stat replaces the item, as a
series of <<em>name</em>>=<<em>value</em>> pairs, where the values are all numerical,
except for the value of "smode". The names are: "mode" (giving the mode as
a 4-digit octal number), "smode" (giving the mode in symbolic format as a
10-character string, as for the <em>ls</em> command), "inode", "device",
"links", "uid", "gid", "size", "atime", "mtime", and "ctime". You
can extract individual fields using the <code>extract</code> expansion item.
</p>
<p>The use of the <code>stat</code> expansion in users' filter files can be locked out by
the system administrator. <strong>Warning</strong>: The file size may be incorrect on 32-bit
systems for files larger than 2GB.
</p>
</dd>
<dt> <strong>${str2b64:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX758"></a>
<a name="IDX759"></a>
<a name="IDX760"></a>
<p>This operator converts a string into one that is base64 encoded.
</p>
</dd>
<dt> <strong>${strlen:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX761"></a>
<a name="IDX762"></a>
<a name="IDX763"></a>
<p>The item is replace by the length of the expanded string, expressed as a
decimal number. <strong>Note</strong>: Do not confuse <code>strlen</code> with <code>length</code>.
</p>
</dd>
<dt> <strong>${substr_</strong><<em>start</em>><strong>_</strong><<em>length</em>><strong>:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX764"></a>
<a name="IDX765"></a>
<a name="IDX766"></a>
<p>The <code>substr</code> operator is a simpler interface to the <code>substr</code> function that
can be used when the two parameters are fixed numbers (as opposed to strings
that change when expanded). The effect is the same as
</p>
<table><tr><td> </td><td><pre class="example">${substr{<start>}{<length>}{<string>}}
</pre></td></tr></table>
<p>See the description of the general <code>substr</code> item above for details. The
abbreviation <code>s</code> can be used when <code>substr</code> is used as an operator.
</p>
</dd>
<dt> <strong>${time_eval:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX767"></a>
<a name="IDX768"></a>
<p>This item converts an Exim time interval such as ‘<samp>2d4h5m</samp>’ into a number of
seconds.
</p>
</dd>
<dt> <strong>${time_interval:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX769"></a>
<a name="IDX770"></a>
<p>The argument (after sub-expansion) must be a sequence of decimal digits that
represents an interval of time as a number of seconds. It is converted into a
number of larger units and output in Exim's normal time format, for example,
‘<samp>1w3d4h2m6s</samp>’.
</p>
</dd>
<dt> <strong>${uc:</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX771"></a>
<a name="IDX772"></a>
<a name="IDX773"></a>
<a name="IDX774"></a>
<a name="IDX775"></a>
<p>This forces the letters in the string into upper-case.
</p></dd>
</dl>
<hr size="6">
<a name="Expansion-conditions"></a>
<a name="SEC144"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC143" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC145" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.7 Expansion conditions </h2>
<p>The following conditions are available for testing by the <code>${if</code> construct
while expanding strings:
</p>
<dl compact="compact">
<dt> <strong>!</strong><<em>condition</em>></dt>
<dd><a name="IDX776"></a>
<a name="IDX777"></a>
<p>Preceding any condition with an exclamation mark negates the result of the
condition.
</p>
</dd>
<dt> <<em>symbolicoperator</em>><strong>{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX778"></a>
<a name="IDX779"></a>
<p>There are a number of symbolic operators for doing numeric comparisons. They
are:
</p>
<table><tr><td> </td><td><pre class="display">= equal
== equal
> greater
>= greater or equal
< less
<= less or equal
</pre></td></tr></table>
<p>For example:
</p>
<table><tr><td> </td><td><pre class="example">${if >{$message_size}{10M} ...
</pre></td></tr></table>
<p>Note that the general negation operator provides for inequality testing. The
two strings must take the form of optionally signed decimal integers,
optionally followed by one of the letters "K" or "M" (in either upper or
lower case), signifying multiplication by 1024 or 1024*1024, respectively.
As a special case, the numerical value of an empty string is taken as
zero.
</p>
</dd>
<dt> <strong>crypteq{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX780"></a>
<a name="IDX781"></a>
<a name="IDX782"></a>
<p>This condition is included in the Exim binary if it is built to support any
authentication mechanisms (see chapter <a href="spec_33.html#SEC272">SMTP authentication</a>). Otherwise, it is
necessary to define SUPPORT_CRYPTEQ in ‘<tt>Local/Makefile</tt>’ to get <code>crypteq</code>
included in the binary.
</p>
<p>The <code>crypteq</code> condition has two arguments. The first is encrypted and
compared against the second, which is already encrypted. The second string may
be in the LDAP form for storing encrypted strings, which starts with the
encryption type in curly brackets, followed by the data. If the second string
does not begin with "{" it is assumed to be encrypted with <code>crypt()</code> or
<code>crypt16()</code> (see below), since such strings cannot begin with "{".
Typically this will be a field from a password file. An example of an encrypted
string in LDAP form is:
</p>
<table><tr><td> </td><td><pre class="example">{md5}CY9rzUYh03PK3k6DJie09g==
</pre></td></tr></table>
<p>If such a string appears directly in an expansion, the curly brackets have to
be quoted, because they are part of the expansion syntax. For example:
</p>
<table><tr><td> </td><td><pre class="example">${if crypteq {test}{\{md5\}CY9rzUYh03PK3k6DJie09g==}{yes}{no}}
</pre></td></tr></table>
<p>The following encryption types (whose names are matched case-independently) are
supported:
</p>
<ul class="toc">
<li>
<a name="IDX783"></a>
<a name="IDX784"></a>
<code>{md5}</code> computes the MD5 digest of the first string, and expresses this as
printable characters to compare with the remainder of the second string. If the
length of the comparison string is 24, Exim assumes that it is base64 encoded
(as in the above example). If the length is 32, Exim assumes that it is a
hexadecimal encoding of the MD5 digest. If the length not 24 or 32, the
comparison fails.
</li><li>
<a name="IDX785"></a>
<code>{sha1}</code> computes the SHA-1 digest of the first string, and expresses this as
printable characters to compare with the remainder of the second string. If the
length of the comparison string is 28, Exim assumes that it is base64 encoded.
If the length is 40, Exim assumes that it is a hexadecimal encoding of the
SHA-1 digest. If the length is not 28 or 40, the comparison fails.
</li><li>
<a name="IDX786"></a>
<code>{crypt}</code> calls the <code>crypt()</code> function, which traditionally used to use
only the first eight characters of the password. However, in modern operating
systems this is no longer true, and in many cases the entire password is used,
whatever its length.
</li><li>
<a name="IDX787"></a>
<code>{crypt16}</code> calls the <code>crypt16()</code> function, which was originally created to
use up to 16 characters of the password in some operating systems. Again, in
modern operating systems, more characters may be used.
</li></ul>
<p>Exim has its own version of <code>crypt16()</code>, which is just a double call to
<code>crypt()</code>. For operating systems that have their own version, setting
HAVE_CRYPT16 in ‘<tt>Local/Makefile</tt>’ when building Exim causes it to use the
operating system version instead of its own. This option is set by default in
the OS-dependent ‘<tt>Makefile</tt>’ for those operating systems that are known to
support <code>crypt16()</code>.
</p>
<p>Some years after Exim's <code>crypt16()</code> was implemented, a user discovered that
it was not using the same algorithm as some operating systems' versions. It
turns out that as well as <code>crypt16()</code> there is a function called
<code>bigcrypt()</code> in some operating systems. This may or may not use the same
algorithm, and both of them may be different to Exim's built-in <code>crypt16()</code>.
</p>
<p>However, since there is now a move away from the traditional <code>crypt()</code>
functions towards using SHA1 and other algorithms, tidying up this area of
Exim is seen as very low priority.
</p>
<p>If you do not put a encryption type (in curly brackets) in a <code>crypteq</code>
comparison, the default is usually either ‘<samp>{crypt}</samp>’ or ‘<samp>{crypt16}</samp>’, as
determined by the setting of DEFAULT_CRYPT in ‘<tt>Local/Makefile</tt>’. The default
default is ‘<samp>{crypt}</samp>’. Whatever the default, you can always use either
function by specifying it explicitly in curly brackets.
</p>
</dd>
<dt> <strong>def:</strong><<em>variablename</em>></dt>
<dd><a name="IDX788"></a>
<a name="IDX789"></a>
<p>The <code>def</code> condition must be followed by the name of one of the expansion
variables defined in section <a href="#SEC146">Expansion variables</a>. The condition is true if the
variable does not contain the empty string. For example:
</p>
<table><tr><td> </td><td><pre class="example">${if def:sender_ident {from $sender_ident}}
</pre></td></tr></table>
<p>Note that the variable name is given without a leading <code>$</code> character. If the
variable does not exist, the expansion fails.
</p>
</dd>
<dt> <strong>def:header_</strong><<em>headername</em>><strong>:</strong>or<strong>def:h_</strong><<em>headername</em>><strong>:</strong></dt>
<dd><a name="IDX790"></a>
<p>This condition is true if a message is being processed and the named header
exists in the message. For example,
</p>
<table><tr><td> </td><td><pre class="example">${if def:header_reply-to:{$h_reply-to:}{$h_from:}}
</pre></td></tr></table>
<p><strong>Note</strong>: No <code>$</code> appears before <code>header_</code> or <code>h_</code> in the condition, and
the header name must be terminated by a colon if white space does not follow.
</p>
</dd>
<dt> <strong>eq{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dt> <strong>eqi{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX791"></a>
<a name="IDX792"></a>
<a name="IDX793"></a>
<a name="IDX794"></a>
<p>The two substrings are first expanded. The condition is true if the two
resulting strings are identical. For <code>eq</code> the comparison includes the case of
letters, whereas for <code>eqi</code> the comparison is case-independent.
</p>
</dd>
<dt> <strong>exists{</strong><<em>filename</em>><strong>}</strong></dt>
<dd><a name="IDX795"></a>
<a name="IDX796"></a>
<a name="IDX797"></a>
<p>The substring is first expanded and then interpreted as an absolute path. The
condition is true if the named file (or directory) exists. The existence test
is done by calling the <code>stat()</code> function. The use of the <code>exists</code> test in
users' filter files may be locked out by the system administrator.
</p>
</dd>
<dt> <strong>first_delivery</strong></dt>
<dd><a name="IDX798"></a>
<a name="IDX799"></a>
<a name="IDX800"></a>
<a name="IDX801"></a>
<p>This condition, which has no data, is true during a message's first delivery
attempt. It is false during any subsequent delivery attempts.
</p>
</dd>
<dt> <strong>forall{</strong><<em>a list</em>><strong>}{</strong><<em>a condition</em>><strong>}</strong></dt>
<dt> <strong>forany{</strong><<em>a list</em>><strong>}{</strong><<em>a condition</em>><strong>}</strong></dt>
<dd><a name="IDX802"></a>
<a name="IDX803"></a>
<a name="IDX804"></a>
<a name="IDX805"></a>
<p>These conditions iterate over a list. The first argument is expanded to form
the list. By default, the list separator is a colon, but it can be changed by
the normal method. The second argument is interpreted as a condition that is to
be applied to each item in the list in turn. During the interpretation of the
condition, the current list item is placed in a variable called <code>$item</code>.
</p>
<ul class="toc">
<li>
For <strong>forany</strong>, interpretation stops if the condition is true for any item, and
the result of the whole condition is true. If the condition is false for all
items in the list, the overall condition is false.
</li><li>
For <strong>forall</strong>, interpretation stops if the condition is false for any item,
and the result of the whole condition is false. If the condition is true for
all items in the list, the overall condition is true.
</li></ul>
<p>Note that negation of <strong>forany</strong> means that the condition must be false for all
items for the overall condition to succeed, and negation of <strong>forall</strong> means
that the condition must be false for at least one item. In this example, the
list separator is changed to a comma:
</p>
<table><tr><td> </td><td><pre class="example">${if forany{<, $recipients}{match{$item}{^user3@}}{yes}{no}}
</pre></td></tr></table>
<p>The value of <code>$item</code> is saved and restored while <strong>forany</strong> or <strong>forall</strong> is
being processed, to enable these expansion items to be nested.
</p>
</dd>
<dt> <strong>ge{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dt> <strong>gei{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX806"></a>
<a name="IDX807"></a>
<a name="IDX808"></a>
<a name="IDX809"></a>
<p>The two substrings are first expanded. The condition is true if the first
string is lexically greater than or equal to the second string. For <code>ge</code> the
comparison includes the case of letters, whereas for <code>gei</code> the comparison is
case-independent.
</p>
</dd>
<dt> <strong>gt{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dt> <strong>gti{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX810"></a>
<a name="IDX811"></a>
<a name="IDX812"></a>
<a name="IDX813"></a>
<p>The two substrings are first expanded. The condition is true if the first
string is lexically greater than the second string. For <code>gt</code> the comparison
includes the case of letters, whereas for <code>gti</code> the comparison is
case-independent.
</p>
</dd>
<dt> <strong>isip{</strong><<em>string</em>><strong>}</strong></dt>
<dt> <strong>isip4{</strong><<em>string</em>><strong>}</strong></dt>
<dt> <strong>isip6{</strong><<em>string</em>><strong>}</strong></dt>
<dd><a name="IDX814"></a>
<a name="IDX815"></a>
<a name="IDX816"></a>
<a name="IDX817"></a>
<a name="IDX818"></a>
<p>The substring is first expanded, and then tested to see if it has the form of
an IP address. Both IPv4 and IPv6 addresses are valid for <code>isip</code>, whereas
<code>isip4</code> and <code>isip6</code> test specifically for IPv4 or IPv6 addresses.
</p>
<p>For an IPv4 address, the test is for four dot-separated components, each of
which consists of from one to three digits. For an IPv6 address, up to eight
colon-separated components are permitted, each containing from one to four
hexadecimal digits. There may be fewer than eight components if an empty
component (adjacent colons) is present. Only one empty component is permitted.
</p>
<p><strong>Note</strong>: The checks are just on the form of the address; actual numerical
values are not considered. Thus, for example, 999.999.999.999 passes the IPv4
check. The main use of these tests is to distinguish between IP addresses and
host names, or between IPv4 and IPv6 addresses. For example, you could use
</p>
<table><tr><td> </td><td><pre class="example">${if isip4{$sender_host_address}...
</pre></td></tr></table>
<p>to test which IP version an incoming SMTP connection is using.
</p>
</dd>
<dt> <strong>ldapauth{</strong><<em>ldapquery</em>><strong>}</strong></dt>
<dd><a name="IDX819"></a>
<a name="IDX820"></a>
<a name="IDX821"></a>
<p>This condition supports user authentication using LDAP. See section
<a href="spec_9.html#SEC102">More about LDAP</a> for details of how to use LDAP in lookups and the syntax of
queries. For this use, the query must contain a user name and password. The
query itself is not used, and can be empty. The condition is true if the
password is not empty, and the user name and password are accepted by the LDAP
server. An empty password is rejected without calling LDAP because LDAP binds
with an empty password are considered anonymous regardless of the username, and
will succeed in most configurations. See chapter <a href="spec_33.html#SEC272">SMTP authentication</a> for details
of SMTP authentication, and chapter <a href="spec_34.html#SEC278">The plaintext authenticator</a> for an example of how
this can be used.
</p>
</dd>
<dt> <strong>le{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dt> <strong>lei{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX822"></a>
<a name="IDX823"></a>
<a name="IDX824"></a>
<a name="IDX825"></a>
<p>The two substrings are first expanded. The condition is true if the first
string is lexically less than or equal to the second string. For <code>le</code> the
comparison includes the case of letters, whereas for <code>lei</code> the comparison is
case-independent.
</p>
</dd>
<dt> <strong>lt{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dt> <strong>lti{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX826"></a>
<a name="IDX827"></a>
<a name="IDX828"></a>
<a name="IDX829"></a>
<p>The two substrings are first expanded. The condition is true if the first
string is lexically less than the second string. For <code>lt</code> the comparison
includes the case of letters, whereas for <code>lti</code> the comparison is
case-independent.
</p>
</dd>
<dt> <strong>match{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX830"></a>
<a name="IDX831"></a>
<a name="IDX832"></a>
<p>The two substrings are first expanded. The second is then treated as a regular
expression and applied to the first. Because of the pre-expansion, if the
regular expression contains dollar, or backslash characters, they must be
escaped. Care must also be taken if the regular expression contains braces
(curly brackets). A closing brace must be escaped so that it is not taken as a
premature termination of <<em>string2</em>>. The easiest approach is to use the
‘<samp>\N</samp>’ feature to disable expansion of the regular expression.
For example,
</p>
<table><tr><td> </td><td><pre class="example">${if match {$local_part}{\N^\d{3}\N} ...
</pre></td></tr></table>
<p>If the whole expansion string is in double quotes, further escaping of
backslashes is also required.
</p>
<p>The condition is true if the regular expression match succeeds.
The regular expression is not required to begin with a circumflex
metacharacter, but if there is no circumflex, the expression is not anchored,
and it may match anywhere in the subject, not just at the start. If you want
the pattern to match at the end of the subject, you must include the ‘<samp>$</samp>’
metacharacter at an appropriate point.
</p>
<a name="IDX833"></a>
<p>At the start of an <code>if</code> expansion the values of the numeric variable
substitutions <code>$1</code> etc. are remembered. Obeying a <code>match</code> condition that
succeeds causes them to be reset to the substrings of that condition and they
will have these values during the expansion of the success string. At the end
of the <code>if</code> expansion, the previous values are restored. After testing a
combination of conditions using <code>or</code>, the subsequent values of the numeric
variables are those of the condition that succeeded.
</p>
</dd>
<dt> <strong>match_address{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX834"></a>
<p>See <strong>match_local_part</strong>.
</p>
</dd>
<dt> <strong>match_domain{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX835"></a>
<p>See <strong>match_local_part</strong>.
</p>
</dd>
<dt> <strong>match_ip{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX836"></a>
<p>This condition matches an IP address to a list of IP address patterns. It must
be followed by two argument strings. The first (after expansion) must be an IP
address or an empty string. The second (after expansion) is a restricted host
list that can match only an IP address, not a host name. For example:
</p>
<table><tr><td> </td><td><pre class="example">${if match_ip{$sender_host_address}{1.2.3.4:5.6.7.8}{...}{...}}
</pre></td></tr></table>
<p>The specific types of host list item that are permitted in the list are:
</p>
<ul class="toc">
<li>
An IP address, optionally with a CIDR mask.
</li><li>
A single asterisk, which matches any IP address.
</li><li>
An empty item, which matches only if the IP address is empty. This could be
useful for testing for a locally submitted message or one from specific hosts
in a single test such as
<table><tr><td> </td><td><pre class="example"> ${if match_ip{$sender_host_address}{:4.3.2.1:...}{...}{...}}
</pre></td></tr></table>
<p>where the first item in the list is the empty string.
</p>
</li><li>
The item @[] matches any of the local host's interface addresses.
</li><li>
Single-key lookups are assumed to be like "net-" style lookups in host lists,
even if ‘<samp>net-</samp>’ is not specified. There is never any attempt to turn the IP
address into a host name. The most common type of linear search for
<strong>match_ip</strong> is likely to be <strong>iplsearch</strong>, in which the file can contain CIDR
masks. For example:
<table><tr><td> </td><td><pre class="example"> ${if match_ip{$sender_host_address}{iplsearch;/some/file}...
</pre></td></tr></table>
<p>It is of course possible to use other kinds of lookup, and in such a case, you
do need to specify the ‘<samp>net-</samp>’ prefix if you want to specify a specific
address mask, for example:
</p>
<table><tr><td> </td><td><pre class="example"> ${if match_ip{$sender_host_address}{net24-dbm;/some/file}...
</pre></td></tr></table>
<p>However, unless you are combining a <code>match_ip</code> condition with others, it is
just as easy to use the fact that a lookup is itself a condition, and write:
</p>
<table><tr><td> </td><td><pre class="example"> ${lookup{${mask:$sender_host_address/24}}dbm{/a/file}...
</pre></td></tr></table>
</li></ul>
<p>Consult section <a href="spec_10.html#SEC126">Host list patterns that match by IP address</a> for further details of these patterns.
</p>
</dd>
<dt> <strong>match_local_part{</strong><<em>string1</em>><strong>}{</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX837"></a>
<a name="IDX838"></a>
<a name="IDX839"></a>
<a name="IDX840"></a>
<p>This condition, together with <code>match_address</code> and <code>match_domain</code>, make it
possible to test domain, address, and local part lists within expansions. Each
condition requires two arguments: an item and a list to match. A trivial
example is:
</p>
<table><tr><td> </td><td><pre class="example">${if match_domain{a.b.c}{x.y.z:a.b.c:p.q.r}{yes}{no}}
</pre></td></tr></table>
<p>In each case, the second argument may contain any of the allowable items for a
list of the appropriate type. Also, because the second argument (after
expansion) is a standard form of list, it is possible to refer to a named list.
Thus, you can use conditions like this:
</p>
<table><tr><td> </td><td><pre class="example">${if match_domain{$domain}{+local_domains}{...
</pre></td></tr></table>
<a name="IDX841"></a>
<p>For address lists, the matching starts off caselessly, but the ‘<samp>+caseful</samp>’
item can be used, as in all address lists, to cause subsequent items to
have their local parts matched casefully. Domains are always matched
caselessly.
</p>
<p><strong>Note</strong>: Host lists are <em>not</em> supported in this way. This is because
hosts have two identities: a name and an IP address, and it is not clear
how to specify cleanly how such a test would work. However, IP addresses can be
matched using <code>match_ip</code>.
</p>
</dd>
<dt> <strong>pam{</strong><<em>string1</em>><strong>:</strong><<em>string2</em>><strong>:...}</strong></dt>
<dd><a name="IDX842"></a>
<a name="IDX843"></a>
<a name="IDX844"></a>
<a name="IDX845"></a>
<a name="IDX846"></a>
<p><em>Pluggable Authentication Modules</em>
(<strong><a href="http://www.kernel.org/pub/linux/libs/pam/">http://www.kernel.org/pub/linux/libs/pam/</a></strong>) are a facility that is
available in the latest releases of Solaris and in some GNU/Linux
distributions. The Exim support, which is intended for use in conjunction with
the SMTP AUTH command, is available only if Exim is compiled with
</p>
<table><tr><td> </td><td><pre class="example">SUPPORT_PAM=yes
</pre></td></tr></table>
<p>in ‘<tt>Local/Makefile</tt>’. You probably need to add <code>-lpam</code> to EXTRALIBS, and
in some releases of GNU/Linux <code>-ldl</code> is also needed.
</p>
<p>The argument string is first expanded, and the result must be a
colon-separated list of strings. Leading and trailing white space is ignored.
The PAM module is initialized with the service name "exim" and the user name
taken from the first item in the colon-separated data string (<<em>string1</em>>).
The remaining items in the data string are passed over in response to requests
from the authentication function. In the simple case there will only be one
request, for a password, so the data consists of just two strings.
</p>
<p>There can be problems if any of the strings are permitted to contain colon
characters. In the usual way, these have to be doubled to avoid being taken as
separators. If the data is being inserted from a variable, the <code>sg</code> expansion
item can be used to double any existing colons. For example, the configuration
of a LOGIN authenticator might contain this setting:
</p>
<table><tr><td> </td><td><pre class="example">server_condition = ${if pam{$auth1:${sg{$auth2}{:}{::}}}}
</pre></td></tr></table>
<p>For a PLAIN authenticator you could use:
</p>
<table><tr><td> </td><td><pre class="example">server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::}}}}
</pre></td></tr></table>
<p>In some operating systems, PAM authentication can be done only from a process
running as root. Since Exim is running as the Exim user when receiving
messages, this means that PAM cannot be used directly in those systems.
A patched version of the <em>pam_unix</em> module that comes with the
Linux PAM package is available from <strong><a href="http://www.e-admin.de/pam_exim/">http://www.e-admin.de/pam_exim/</a></strong>.
The patched module allows one special uid/gid combination, in addition to root,
to authenticate. If you build the patched module to allow the Exim user and
group, PAM can then be used from an Exim authenticator.
</p>
</dd>
<dt> <strong>pwcheck{</strong><<em>string1</em>><strong>:</strong><<em>string2</em>><strong>}</strong></dt>
<dd><a name="IDX847"></a>
<a name="IDX848"></a>
<a name="IDX849"></a>
<a name="IDX850"></a>
<p>This condition supports user authentication using the Cyrus <em>pwcheck</em> daemon.
This is one way of making it possible for passwords to be checked by a process
that is not running as root. <strong>Note</strong>: The use of <em>pwcheck</em> is now
deprecated. Its replacement is <em>saslauthd</em> (see below).
</p>
<p>The pwcheck support is not included in Exim by default. You need to specify
the location of the pwcheck daemon's socket in ‘<tt>Local/Makefile</tt>’ before
building Exim. For example:
</p>
<table><tr><td> </td><td><pre class="example">CYRUS_PWCHECK_SOCKET=/var/pwcheck/pwcheck
</pre></td></tr></table>
<p>You do not need to install the full Cyrus software suite in order to use
the pwcheck daemon. You can compile and install just the daemon alone
from the Cyrus SASL library. Ensure that <em>exim</em> is the only user that has
access to the ‘<tt>/var/pwcheck</tt>’ directory.
</p>
<p>The <code>pwcheck</code> condition takes one argument, which must be the user name and
password, separated by a colon. For example, in a LOGIN authenticator
configuration, you might have this:
</p>
<table><tr><td> </td><td><pre class="example">server_condition = ${if pwcheck{$auth1:$auth2}}
</pre></td></tr></table>
</dd>
<dt> <strong>queue_running</strong></dt>
<dd><a name="IDX851"></a>
<a name="IDX852"></a>
<a name="IDX853"></a>
<p>This condition, which has no data, is true during delivery attempts that are
initiated by queue runner processes, and false otherwise.
</p>
</dd>
<dt> <strong>radius{</strong><<em>authenticationstring</em>><strong>}</strong></dt>
<dd><a name="IDX854"></a>
<a name="IDX855"></a>
<a name="IDX856"></a>
<p>Radius authentication (RFC 2865) is supported in a similar way to PAM. You must
set RADIUS_CONFIG_FILE in ‘<tt>Local/Makefile</tt>’ to specify the location of
the Radius client configuration file in order to build Exim with Radius
support.
</p>
<p>With just that one setting, Exim expects to be linked with the <code>radiusclient</code>
library, using the original API. If you are using release 0.4.0 or later of
this library, you need to set
</p>
<table><tr><td> </td><td><pre class="example">RADIUS_LIB_TYPE=RADIUSCLIENTNEW
</pre></td></tr></table>
<p>in ‘<tt>Local/Makefile</tt>’ when building Exim. You can also link Exim with the
<code>libradius</code> library that comes with FreeBSD. To do this, set
</p>
<table><tr><td> </td><td><pre class="example">RADIUS_LIB_TYPE=RADLIB
</pre></td></tr></table>
<p>in ‘<tt>Local/Makefile</tt>’, in addition to setting RADIUS_CONFIGURE_FILE.
You may also have to supply a suitable setting in EXTRALIBS so that the
Radius library can be found when Exim is linked.
</p>
<p>The string specified by RADIUS_CONFIG_FILE is expanded and passed to the
Radius client library, which calls the Radius server. The condition is true if
the authentication is successful. For example:
</p>
<table><tr><td> </td><td><pre class="example">server_condition = ${if radius{<arguments>}}
</pre></td></tr></table>
</dd>
<dt> <strong>saslauthd{{</strong><<em>user</em>><strong>}{</strong><<em>password</em>><strong>}{</strong><<em>service</em>><strong>}{</strong><<em>realm</em>><strong>}}</strong></dt>
<dd><a name="IDX857"></a>
<a name="IDX858"></a>
<a name="IDX859"></a>
<a name="IDX860"></a>
<p>This condition supports user authentication using the Cyrus <em>saslauthd</em>
daemon. This replaces the older <em>pwcheck</em> daemon, which is now deprecated.
Using this daemon is one way of making it possible for passwords to be checked
by a process that is not running as root.
</p>
<p>The saslauthd support is not included in Exim by default. You need to specify
the location of the saslauthd daemon's socket in ‘<tt>Local/Makefile</tt>’ before
building Exim. For example:
</p>
<table><tr><td> </td><td><pre class="example">CYRUS_SASLAUTHD_SOCKET=/var/state/saslauthd/mux
</pre></td></tr></table>
<p>You do not need to install the full Cyrus software suite in order to use
the saslauthd daemon. You can compile and install just the daemon alone
from the Cyrus SASL library.
</p>
<p>Up to four arguments can be supplied to the <code>saslauthd</code> condition, but only
two are mandatory. For example:
</p>
<table><tr><td> </td><td><pre class="example">server_condition = ${if saslauthd{{$auth1}{$auth2}}}
</pre></td></tr></table>
<p>The service and the realm are optional (which is why the arguments are enclosed
in their own set of braces). For details of the meaning of the service and
realm, and how to run the daemon, consult the Cyrus documentation.
</p></dd>
</dl>
<hr size="6">
<a name="Combining-expansion-conditions"></a>
<a name="SEC145"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC144" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="#SEC146" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.8 Combining expansion conditions </h2>
<p>Several conditions can be tested at once by combining them using the <code>and</code>
and <code>or</code> combination conditions. Note that <code>and</code> and <code>or</code> are complete
conditions on their own, and precede their lists of sub-conditions. Each
sub-condition must be enclosed in braces within the overall braces that contain
the list. No repetition of <code>if</code> is used.
</p>
<dl compact="compact">
<dt> <strong>or{{</strong><<em>cond1</em>><strong>}{</strong><<em>cond2</em>><strong>}...}</strong></dt>
<dd><a name="IDX861"></a>
<a name="IDX862"></a>
<p>The sub-conditions are evaluated from left to right. The condition is true if
any one of the sub-conditions is true.
For example,
</p>
<table><tr><td> </td><td><pre class="example">${if or {{eq{$local_part}{spqr}}{eq{$domain}{testing.com}}}...
</pre></td></tr></table>
<p>When a true sub-condition is found, the following ones are parsed but not
evaluated. If there are several "match" sub-conditions the values of the
numeric variables afterwards are taken from the first one that succeeds.
</p>
</dd>
<dt> <strong>and{{</strong><<em>cond1</em>><strong>}{</strong><<em>cond2</em>><strong>}...}</strong></dt>
<dd><a name="IDX863"></a>
<a name="IDX864"></a>
<p>The sub-conditions are evaluated from left to right. The condition is true if
all of the sub-conditions are true. If there are several "match"
sub-conditions, the values of the numeric variables afterwards are taken from
the last one. When a false sub-condition is found, the following ones are
parsed but not evaluated.
</p></dd>
</dl>
<a name="IDX865"></a>
<hr size="6">
<a name="Expansion-variables"></a>
<a name="SEC146"></a>
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC145" title="Previous section in reading order"> < </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next section in reading order"> > </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="#SEC137" title="Up section"> Up </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<h2 class="section"> 11.9 Expansion variables </h2>
<p>This section contains an alphabetical list of all the expansion variables. Some
of them are available only when Exim is compiled with specific options such as
support for TLS or the content scanning extension.
</p>
<dl compact="compact">
<dt> <code>$0</code>, <code>$1</code>, etc</dt>
<dd><a name="IDX866"></a>
<p>When a <code>match</code> expansion condition succeeds, these variables contain the
captured substrings identified by the regular expression during subsequent
processing of the success string of the containing <code>if</code> expansion item.
However, they do not retain their values afterwards; in fact, their previous
values are restored at the end of processing an <code>if</code> item. The numerical
variables may also be set externally by some other matching process which
precedes the expansion of the string. For example, the commands available in
Exim filter files include an <code>if</code> command with its own regular expression
matching condition.
</p>
</dd>
<dt> <code>$acl_c...</code></dt>
<dd><p>Values can be placed in these variables by the <code>set</code> modifier in an ACL. They
can be given any name that starts with <code>$acl_c</code> and is at least six characters
long, but the sixth character must be either a digit or an underscore. For
example: <code>$acl_c5</code>, <code>$acl_c_mycount</code>. The values of the <code>$acl_c...</code>
variables persist throughout the lifetime of an SMTP connection. They can be
used to pass information between ACLs and between different invocations of the
same ACL. When a message is received, the values of these variables are saved
with the message, and can be accessed by filters, routers, and transports
during subsequent delivery.
</p>
</dd>
<dt> <code>$acl_m...</code></dt>
<dd><p>These variables are like the <code>$acl_c...</code> variables, except that their values
are reset after a message has been received. Thus, if several messages are
received in one SMTP connection, <code>$acl_m...</code> values are not passed on from one
message to the next, as <code>$acl_c...</code> values are. The <code>$acl_m...</code> variables are
also reset by MAIL, RSET, EHLO, HELO, and after starting a TLS session. When a
message is received, the values of these variables are saved with the message,
and can be accessed by filters, routers, and transports during subsequent
delivery.
</p>
</dd>
<dt> <code>$acl_verify_message</code></dt>
<dd><a name="IDX867"></a>
<p>After an address verification has failed, this variable contains the failure
message. It retains its value for use in subsequent modifiers. The message can
be preserved by coding like this:
</p>
<table><tr><td> </td><td><pre class="example">warn !verify = sender
set acl_m0 = $acl_verify_message
</pre></td></tr></table>
<p>You can use <code>$acl_verify_message</code> during the expansion of the <code>message</code> or
<code>log_message</code> modifiers, to include information about the verification
failure.
</p>
</dd>
<dt> <code>$address_data</code></dt>
<dd><a name="IDX868"></a>
<p>This variable is set by means of the <code>address_data</code> option in routers. The
value then remains with the address while it is processed by subsequent routers
and eventually a transport. If the transport is handling multiple addresses,
the value from the first address is used. See chapter <a href="spec_15.html#SEC186">Generic options for routers</a>
for more details. <strong>Note</strong>: The contents of <code>$address_data</code> are visible in
user filter files.
</p>
<p>If <code>$address_data</code> is set when the routers are called from an ACL to verify
a recipient address, the final value is still in the variable for subsequent
conditions and modifiers of the ACL statement. If routing the address caused it
to be redirected to just one address, the child address is also routed as part
of the verification, and in this case the final value of <code>$address_data</code> is
from the child's routing.
</p>
<p>If <code>$address_data</code> is set when the routers are called from an ACL to verify a
sender address, the final value is also preserved, but this time in
<code>$sender_address_data</code>, to distinguish it from data from a recipient
address.
</p>
<p>In both cases (recipient and sender verification), the value does not persist
after the end of the current ACL statement. If you want to preserve
these values for longer, you can save them in ACL variables.
</p>
</dd>
<dt> <code>$address_file</code></dt>
<dd><a name="IDX869"></a>
<p>When, as a result of aliasing, forwarding, or filtering, a message is directed
to a specific file, this variable holds the name of the file when the transport
is running. At other times, the variable is empty. For example, using the
default configuration, if user <code>r2d2</code> has a ‘<tt>.forward</tt>’ file containing
</p>
<table><tr><td> </td><td><pre class="example">/home/r2d2/savemail
</pre></td></tr></table>
<p>then when the <code>address_file</code> transport is running, <code>$address_file</code>
contains the text string ‘<samp>/home/r2d2/savemail</samp>’.
<a name="IDX870"></a>
For Sieve filters, the value may be "inbox" or a relative folder name. It is
then up to the transport configuration to generate an appropriate absolute path
to the relevant file.
</p>
</dd>
<dt> <code>$address_pipe</code></dt>
<dd><a name="IDX871"></a>
<p>When, as a result of aliasing or forwarding, a message is directed to a pipe,
this variable holds the pipe command when the transport is running.
</p>
</dd>
<dt> <code>$auth1</code> - <code>$auth3</code></dt>
<dd><a name="IDX872"></a>
<p>These variables are used in SMTP authenticators (see chapters
<a href="spec_34.html#SEC278">The plaintext authenticator</a>-<a href="spec_38.html#SEC291">The spa authenticator</a>). Elsewhere, they are empty.
</p>
</dd>
<dt> <code>$authenticated_id</code></dt>
<dd><a name="IDX873"></a>
<a name="IDX874"></a>
<p>When a server successfully authenticates a client it may be configured to
preserve some of the authentication information in the variable
<code>$authenticated_id</code> (see chapter <a href="spec_33.html#SEC272">SMTP authentication</a>). For example, a
user/password authenticator configuration might preserve the user name for use
in the routers. Note that this is not the same information that is saved in
<code>$sender_host_authenticated</code>.
When a message is submitted locally (that is, not over a TCP connection)
the value of <code>$authenticated_id</code> is normally the login name of the calling
process. However, a trusted user can override this by means of the <code>-oMai</code>
command line option.
</p>
</dd>
<dt> <code>$authenticated_sender</code></dt>
<dd><a name="IDX875"></a>
<a name="IDX876"></a>
<a name="IDX877"></a>
<a name="IDX878"></a>
<p>When acting as a server, Exim takes note of the AUTH= parameter on an incoming
SMTP MAIL command if it believes the sender is sufficiently trusted, as
described in section <a href="spec_33.html#SEC274">The AUTH parameter on MAIL commands</a>. Unless the data is the string
"<>", it is set as the authenticated sender of the message, and the value is
available during delivery in the <code>$authenticated_sender</code> variable. If the
sender is not trusted, Exim accepts the syntax of AUTH=, but ignores the data.
</p>
<a name="IDX879"></a>
<p>When a message is submitted locally (that is, not over a TCP connection), the
value of <code>$authenticated_sender</code> is an address constructed from the login
name of the calling process and <code>$qualify_domain</code>, except that a trusted user
can override this by means of the <code>-oMas</code> command line option.
</p>
</dd>
<dt> <code>$authentication_failed</code></dt>
<dd><a name="IDX880"></a>
<a name="IDX881"></a>
<p>This variable is set to "1" in an Exim server if a client issues an AUTH
command that does not succeed. Otherwise it is set to "0". This makes it
possible to distinguish between "did not try to authenticate"
(<code>$sender_host_authenticated</code> is empty and <code>$authentication_failed</code> is set to
"0") and "tried to authenticate but failed" (<code>$sender_host_authenticated</code>
is empty and <code>$authentication_failed</code> is set to "1"). Failure includes any
negative response to an AUTH command, including (for example) an attempt to use
an undefined mechanism.
</p>
</dd>
<dt> <code>$body_linecount</code></dt>
<dd><a name="IDX882"></a>
<a name="IDX883"></a>
<a name="IDX884"></a>
<p>When a message is being received or delivered, this variable contains the
number of lines in the message's body. See also <code>$message_linecount</code>.
</p>
</dd>
<dt> <code>$body_zerocount</code></dt>
<dd><a name="IDX885"></a>
<a name="IDX886"></a>
<a name="IDX887"></a>
<a name="IDX888"></a>
<p>When a message is being received or delivered, this variable contains the
number of binary zero bytes in the message's body.
</p>
</dd>
<dt> <code>$bounce_recipient</code></dt>
<dd><a name="IDX889"></a>
<p>This is set to the recipient address of a bounce message while Exim is creating
it. It is useful if a customized bounce message text file is in use (see
chapter <a href="spec_46.html#SEC417">Customizing bounce and warning messages</a>).
</p>
</dd>
<dt> <code>$bounce_return_size_limit</code></dt>
<dd><a name="IDX890"></a>
<p>This contains the value set in the <code>bounce_return_size_limit</code> option, rounded
up to a multiple of 1000. It is useful when a customized error message text
file is in use (see chapter <a href="spec_46.html#SEC417">Customizing bounce and warning messages</a>).
</p>
</dd>
<dt> <code>$caller_gid</code></dt>
<dd><a name="IDX891"></a>
<a name="IDX892"></a>
<p>The real group id under which the process that called Exim was running. This is
not the same as the group id of the originator of a message (see
<code>$originator_gid</code>). If Exim re-execs itself, this variable in the new
incarnation normally contains the Exim gid.
</p>
</dd>
<dt> <code>$caller_uid</code></dt>
<dd><a name="IDX893"></a>
<a name="IDX894"></a>
<p>The real user id under which the process that called Exim was running. This is
not the same as the user id of the originator of a message (see
<code>$originator_uid</code>). If Exim re-execs itself, this variable in the new
incarnation normally contains the Exim uid.
</p>
</dd>
<dt> <code>$compile_date</code></dt>
<dd><a name="IDX895"></a>
<p>The date on which the Exim binary was compiled.
</p>
</dd>
<dt> <code>$compile_number</code></dt>
<dd><a name="IDX896"></a>
<p>The building process for Exim keeps a count of the number
of times it has been compiled. This serves to distinguish different
compilations of the same version of the program.
</p>
</dd>
<dt> <code>$demime_errorlevel</code></dt>
<dd><a name="IDX897"></a>
<p>This variable is available when Exim is compiled with
the content-scanning extension and the obsolete <code>demime</code> condition. For
details, see section <a href="spec_41.html#SEC364">The demime condition</a>.
</p>
</dd>
<dt> <code>$demime_reason</code></dt>
<dd><a name="IDX898"></a>
<p>This variable is available when Exim is compiled with the
content-scanning extension and the obsolete <code>demime</code> condition. For details,
see section <a href="spec_41.html#SEC364">The demime condition</a>.
</p>
</dd>
<dt> <code>$dnslist_domain</code></dt>
<dt> <code>$dnslist_matched</code></dt>
<dt> <code>$dnslist_text</code></dt>
<dt> <code>$dnslist_value</code></dt>
<dd><a name="IDX899"></a>
<a name="IDX900"></a>
<a name="IDX901"></a>
<a name="IDX902"></a>
<a name="IDX903"></a>
<p>When a DNS (black) list lookup succeeds, these variables are set to contain
the following data from the lookup: the list's domain name, the key that was
looked up, the contents of any associated TXT record, and the value from the
main A record. See section <a href="spec_40.html#SEC337">Variables set from DNS lists</a> for more details.
</p>
</dd>
<dt> <code>$domain</code></dt>
<dd><a name="IDX904"></a>
<p>When an address is being routed, or delivered on its own, this variable
contains the domain. Uppercase letters in the domain are converted into lower
case for <code>$domain</code>.
</p>
<p>Global address rewriting happens when a message is received, so the value of
<code>$domain</code> during routing and delivery is the value after rewriting. <code>$domain</code>
is set during user filtering, but not during system filtering, because a
message may have many recipients and the system filter is called just once.
</p>
<p>When more than one address is being delivered at once (for example, several
RCPT commands in one SMTP delivery), <code>$domain</code> is set only if they all
have the same domain. Transports can be restricted to handling only one domain
at a time if the value of <code>$domain</code> is required at transport time - this is
the default for local transports. For further details of the environment in
which local transports are run, see chapter <a href="spec_23.html#SEC215">Environment for running local transports</a>.
</p>
<a name="IDX905"></a>
<p>At the end of a delivery, if all deferred addresses have the same domain, it is
set in <code>$domain</code> during the expansion of <code>delay_warning_condition</code>.
</p>
<p>The <code>$domain</code> variable is also used in some other circumstances:
</p>
<ul class="toc">
<li>
When an ACL is running for a RCPT command, <code>$domain</code> contains the domain of
the recipient address. The domain of the <em>sender</em> address is in
<code>$sender_address_domain</code> at both MAIL time and at RCPT time. <code>$domain</code> is not
normally set during the running of the MAIL ACL. However, if the sender address
is verified with a callout during the MAIL ACL, the sender domain is placed in
<code>$domain</code> during the expansions of <code>hosts</code>, <code>interface</code>, and <code>port</code> in
the <code>smtp</code> transport.
</li><li>
When a rewrite item is being processed (see chapter <a href="spec_31.html#SEC248">Address rewriting</a>),
<code>$domain</code> contains the domain portion of the address that is being rewritten;
it can be used in the expansion of the replacement address, for example, to
rewrite domains by file lookup.
</li><li>
With one important exception, whenever a domain list is being scanned,
<code>$domain</code> contains the subject domain. <strong>Exception</strong>: When a domain list in
a <code>sender_domains</code> condition in an ACL is being processed, the subject domain
is in <code>$sender_address_domain</code> and not in <code>$domain</code>. It works this way so
that, in a RCPT ACL, the sender domain list can be dependent on the
recipient domain (which is what is in <code>$domain</code> at this time).
</li><li>
<a name="IDX906"></a>
<a name="IDX907"></a>
When the <code>smtp_etrn_command</code> option is being expanded, <code>$domain</code> contains
the complete argument of the ETRN command (see section <a href="spec_45.html#SEC413">The ETRN command</a>).
</li></ul>
</dd>
<dt> <code>$domain_data</code></dt>
<dd><a name="IDX908"></a>
<p>When the <code>domains</code> option on a router matches a domain by
means of a lookup, the data read by the lookup is available during the running
of the router as <code>$domain_data</code>. In addition, if the driver routes the
address to a transport, the value is available in that transport. If the
transport is handling multiple addresses, the value from the first address is
used.
</p>
<p><code>$domain_data</code> is also set when the <code>domains</code> condition in an ACL matches a
domain by means of a lookup. The data read by the lookup is available during
the rest of the ACL statement. In all other situations, this variable expands
to nothing.
</p>
</dd>
<dt> <code>$exim_gid</code></dt>
<dd><a name="IDX909"></a>
<p>This variable contains the numerical value of the Exim group id.
</p>
</dd>
<dt> <code>$exim_path</code></dt>
<dd><a name="IDX910"></a>
<p>This variable contains the path to the Exim binary.
</p>
</dd>
<dt> <code>$exim_uid</code></dt>
<dd><a name="IDX911"></a>
<p>This variable contains the numerical value of the Exim user id.
</p>
</dd>
<dt> <code>$found_extension</code></dt>
<dd><a name="IDX912"></a>
<p>This variable is available when Exim is compiled with the
content-scanning extension and the obsolete <code>demime</code> condition. For details,
see section <a href="spec_41.html#SEC364">The demime condition</a>.
</p>
</dd>
<dt> <code>$header_</code><<em>name</em>></dt>
<dd><p>This is not strictly an expansion variable. It is expansion syntax for
inserting the message header line with the given name. Note that the name must
be terminated by colon or white space, because it may contain a wide variety of
characters. Note also that braces must <em>not</em> be used.
</p>
</dd>
<dt> <code>$home</code></dt>
<dd><a name="IDX913"></a>
<p>When the <code>check_local_user</code> option is set for a router, the user's home
directory is placed in <code>$home</code> when the check succeeds. In particular, this
means it is set during the running of users' filter files. A router may also
explicitly set a home directory for use by a transport; this can be overridden
by a setting on the transport itself.
</p>
<p>When running a filter test via the <code>-bf</code> option, <code>$home</code> is set to the value
of the environment variable HOME.
</p>
</dd>
<dt> <code>$host</code></dt>
<dd><a name="IDX914"></a>
<p>If a router assigns an address to a transport (any transport), and passes a
list of hosts with the address, the value of <code>$host</code> when the transport starts
to run is the name of the first host on the list. Note that this applies both
to local and remote transports.
</p>
<a name="IDX915"></a>
<a name="IDX916"></a>
<p>For the <code>smtp</code> transport, if there is more than one host, the value of
<code>$host</code> changes as the transport works its way through the list. In
particular, when the <code>smtp</code> transport is expanding its options for encryption
using TLS, or for specifying a transport filter (see chapter
<a href="spec_24.html#SEC220">Generic options for transports</a>), <code>$host</code> contains the name of the host to which it
is connected.
</p>
<p>When used in the client part of an authenticator configuration (see chapter
<a href="spec_33.html#SEC272">SMTP authentication</a>), <code>$host</code> contains the name of the server to which the
client is connected.
</p>
</dd>
<dt> <code>$host_address</code></dt>
<dd><a name="IDX917"></a>
<p>This variable is set to the remote host's IP address whenever <code>$host</code> is set
for a remote connection. It is also set to the IP address that is being checked
when the <code>ignore_target_hosts</code> option is being processed.
</p>
</dd>
<dt> <code>$host_data</code></dt>
<dd><a name="IDX918"></a>
<p>If a <code>hosts</code> condition in an ACL is satisfied by means of a lookup, the
result of the lookup is made available in the <code>$host_data</code> variable. This
allows you, for example, to do things like this:
</p>
<table><tr><td> </td><td><pre class="example">deny hosts = net-lsearch;/some/file
message = $host_data
</pre></td></tr></table>
</dd>
<dt> <code>$host_lookup_deferred</code></dt>
<dd><a name="IDX919"></a>
<a name="IDX920"></a>
<p>This variable normally contains "0", as does <code>$host_lookup_failed</code>. When a
message comes from a remote host and there is an attempt to look up the host's
name from its IP address, and the attempt is not successful, one of these
variables is set to "1".
</p>
<ul class="toc">
<li>
If the lookup receives a definite negative response (for example, a DNS lookup
succeeded, but no records were found), <code>$host_lookup_failed</code> is set to "1".
</li><li>
If there is any kind of problem during the lookup, such that Exim cannot
tell whether or not the host name is defined (for example, a timeout for a DNS
lookup), <code>$host_lookup_deferred</code> is set to "1".
</li></ul>
<p>Looking up a host's name from its IP address consists of more than just a
single reverse lookup. Exim checks that a forward lookup of at least one of the
names it receives from a reverse lookup yields the original IP address. If this
is not the case, Exim does not accept the looked up name(s), and
<code>$host_lookup_failed</code> is set to "1". Thus, being able to find a name from an
IP address (for example, the existence of a PTR record in the DNS) is not
sufficient on its own for the success of a host name lookup. If the reverse
lookup succeeds, but there is a lookup problem such as a timeout when checking
the result, the name is not accepted, and <code>$host_lookup_deferred</code> is set to
"1". See also <code>$sender_host_name</code>.
</p>
</dd>
<dt> <code>$host_lookup_failed</code></dt>
<dd><a name="IDX921"></a>
<p>See <code>$host_lookup_deferred</code>.
</p>
</dd>
<dt> <code>$inode</code></dt>
<dd><a name="IDX922"></a>
<p>The only time this variable is set is while expanding the <code>directory_file</code>
option in the <code>appendfile</code> transport. The variable contains the inode number
of the temporary file which is about to be renamed. It can be used to construct
a unique name for the file.
</p>
</dd>
<dt> <code>$interface_address</code></dt>
<dd><a name="IDX923"></a>
<p>This is an obsolete name for <code>$received_ip_address</code>.
</p>
</dd>
<dt> <code>$interface_port</code></dt>
<dd><a name="IDX924"></a>
<p>This is an obsolete name for <code>$received_port</code>.
</p>
</dd>
<dt> <code>$item</code></dt>
<dd><a name="IDX925"></a>
<p>This variable is used during the expansion of <strong>forall</strong> and <strong>forany</strong>
conditions (see section <a href="#SEC144">Expansion conditions</a>), and <strong>filter</strong>, <strong>man</strong>, and
<strong>reduce</strong> items (see section <a href="#SEC144">Expansion conditions</a>). In other circumstances, it is
empty.
</p>
</dd>
<dt> <code>$ldap_dn</code></dt>
<dd><a name="IDX926"></a>
<p>This variable, which is available only when Exim is compiled with LDAP support,
contains the DN from the last entry in the most recently successful LDAP
lookup.
</p>
</dd>
<dt> <code>$load_average</code></dt>
<dd><a name="IDX927"></a>
<p>This variable contains the system load average, multiplied by 1000 so that it
is an integer. For example, if the load average is 0.21, the value of the
variable is 210. The value is recomputed every time the variable is referenced.
</p>
</dd>
<dt> <code>$local_part</code></dt>
<dd><a name="IDX928"></a>
<p>When an address is being routed, or delivered on its own, this
variable contains the local part. When a number of addresses are being
delivered together (for example, multiple RCPT commands in an SMTP
session), <code>$local_part</code> is not set.
</p>
<p>Global address rewriting happens when a message is received, so the value of
<code>$local_part</code> during routing and delivery is the value after rewriting.
<code>$local_part</code> is set during user filtering, but not during system filtering,
because a message may have many recipients and the system filter is called just
once.
</p>
<a name="IDX929"></a>
<a name="IDX930"></a>
<p>If a local part prefix or suffix has been recognized, it is not included in the
value of <code>$local_part</code> during routing and subsequent delivery. The values of
any prefix or suffix are in <code>$local_part_prefix</code> and
<code>$local_part_suffix</code>, respectively.
</p>
<p>When a message is being delivered to a file, pipe, or autoreply transport as a
result of aliasing or forwarding, <code>$local_part</code> is set to the local part of
the parent address, not to the file name or command (see <code>$address_file</code> and
<code>$address_pipe</code>).
</p>
<p>When an ACL is running for a RCPT command, <code>$local_part</code> contains the
local part of the recipient address.
</p>
<p>When a rewrite item is being processed (see chapter <a href="spec_31.html#SEC248">Address rewriting</a>),
<code>$local_part</code> contains the local part of the address that is being rewritten;
it can be used in the expansion of the replacement address, for example.
</p>
<p>In all cases, all quoting is removed from the local part. For example, for both
the addresses
</p>
<table><tr><td> </td><td><pre class="example">"abc:xyz"@test.example
abc\:xyz@test.example
</pre></td></tr></table>
<p>the value of <code>$local_part</code> is
</p>
<table><tr><td> </td><td><pre class="example">abc:xyz
</pre></td></tr></table>
<p>If you use <code>$local_part</code> to create another address, you should always wrap it
inside a quoting operator. For example, in a <code>redirect</code> router you could
have:
</p>
<table><tr><td> </td><td><pre class="example">data = ${quote_local_part:$local_part}@new.domain.example
</pre></td></tr></table>
<p><strong>Note</strong>: The value of <code>$local_part</code> is normally lower cased. If you want
to process local parts in a case-dependent manner in a router, you can set the
<code>caseful_local_part</code> option (see chapter <a href="spec_15.html#SEC186">Generic options for routers</a>).
</p>
</dd>
<dt> <code>$local_part_data</code></dt>
<dd><a name="IDX931"></a>
<p>When the <code>local_parts</code> option on a router matches a local part by means of a
lookup, the data read by the lookup is available during the running of the
router as <code>$local_part_data</code>. In addition, if the driver routes the address
to a transport, the value is available in that transport. If the transport is
handling multiple addresses, the value from the first address is used.
</p>
<p><code>$local_part_data</code> is also set when the <code>local_parts</code> condition in an ACL
matches a local part by means of a lookup. The data read by the lookup is
available during the rest of the ACL statement. In all other situations, this
variable expands to nothing.
</p>
</dd>
<dt> <code>$local_part_prefix</code></dt>
<dd><a name="IDX932"></a>
<p>When an address is being routed or delivered, and a
specific prefix for the local part was recognized, it is available in this
variable, having been removed from <code>$local_part</code>.
</p>
</dd>
<dt> <code>$local_part_suffix</code></dt>
<dd><a name="IDX933"></a>
<p>When an address is being routed or delivered, and a
specific suffix for the local part was recognized, it is available in this
variable, having been removed from <code>$local_part</code>.
</p>
</dd>
<dt> <code>$local_scan_data</code></dt>
<dd><a name="IDX934"></a>
<p>This variable contains the text returned by the <code>local_scan()</code> function when
a message is received. See chapter <a href="spec_42.html#SEC365">Adding a local scan function to Exim</a> for more details.
</p>
</dd>
<dt> <code>$local_user_gid</code></dt>
<dd><a name="IDX935"></a>
<p>See <code>$local_user_uid</code>.
</p>
</dd>
<dt> <code>$local_user_uid</code></dt>
<dd><a name="IDX936"></a>
<p>This variable and <code>$local_user_gid</code> are set to the uid and gid after the
<code>check_local_user</code> router precondition succeeds. This means that their values
are available for the remaining preconditions (<code>senders</code>, <code>require_files</code>,
and <code>condition</code>), for the <code>address_data</code> expansion, and for any
router-specific expansions. At all other times, the values in these variables
are ‘<samp>(uid_t)(-1)</samp>’ and ‘<samp>(gid_t)(-1)</samp>’, respectively.
</p>
</dd>
<dt> <code>$localhost_number</code></dt>
<dd><a name="IDX937"></a>
<p>This contains the expanded value of the
<code>localhost_number</code> option. The expansion happens after the main options have
been read.
</p>
</dd>
<dt> <code>$log_inodes</code></dt>
<dd><a name="IDX938"></a>
<p>The number of free inodes in the disk partition where Exim's
log files are being written. The value is recalculated whenever the variable is
referenced. If the relevant file system does not have the concept of inodes,
the value of is -1. See also the <code>check_log_inodes</code> option.
</p>
</dd>
<dt> <code>$log_space</code></dt>
<dd><a name="IDX939"></a>
<p>The amount of free space (as a number of kilobytes) in the disk
partition where Exim's log files are being written. The value is recalculated
whenever the variable is referenced. If the operating system does not have the
ability to find the amount of free space (only true for experimental systems),
the space value is -1. See also the <code>check_log_space</code> option.
</p>
</dd>
<dt> <code>$mailstore_basename</code></dt>
<dd><a name="IDX940"></a>
<p>This variable is set only when doing deliveries in "mailstore" format in the
<code>appendfile</code> transport. During the expansion of the <code>mailstore_prefix</code>,
<code>mailstore_suffix</code>, <code>message_prefix</code>, and <code>message_suffix</code> options, it
contains the basename of the files that are being written, that is, the name
without the ".tmp", ".env", or ".msg" suffix. At all other times, this
variable is empty.
</p>
</dd>
<dt> <code>$malware_name</code></dt>
<dd><a name="IDX941"></a>
<p>This variable is available when Exim is compiled with the
content-scanning extension. It is set to the name of the virus that was found
when the ACL <code>malware</code> condition is true (see section <a href="spec_41.html#SEC359">Scanning for viruses</a>).
</p>
</dd>
<dt> <code>$max_received_linelength</code></dt>
<dd><a name="IDX942"></a>
<a name="IDX943"></a>
<a name="IDX944"></a>
<p>This variable contains the number of bytes in the longest line that was
received as part of the message, not counting the line termination
character(s).
</p>
</dd>
<dt> <code>$message_age</code></dt>
<dd><a name="IDX945"></a>
<a name="IDX946"></a>
<p>This variable is set at the start of a delivery attempt to contain the number
of seconds since the message was received. It does not change during a single
delivery attempt.
</p>
</dd>
<dt> <code>$message_body</code></dt>
<dd><a name="IDX947"></a>
<a name="IDX948"></a>
<a name="IDX949"></a>
<a name="IDX950"></a>
<a name="IDX951"></a>
<p>This variable contains the initial portion of a message's body while it is
being delivered, and is intended mainly for use in filter files. The maximum
number of characters of the body that are put into the variable is set by the
<code>message_body_visible</code> configuration option; the default is 500.
</p>
<a name="IDX952"></a>
<p>By default, newlines are converted into spaces in <code>$message_body</code>, to make it
easier to search for phrases that might be split over a line break. However,
this can be disabled by setting <code>message_body_newlines</code> to be true. Binary
zeros are always converted into spaces.
</p>
</dd>
<dt> <code>$message_body_end</code></dt>
<dd><a name="IDX953"></a>
<a name="IDX954"></a>
<a name="IDX955"></a>
<p>This variable contains the final portion of a message's
body while it is being delivered. The format and maximum size are as for
<code>$message_body</code>.
</p>
</dd>
<dt> <code>$message_body_size</code></dt>
<dd><a name="IDX956"></a>
<a name="IDX957"></a>
<a name="IDX958"></a>
<p>When a message is being delivered, this variable contains the size of the body
in bytes. The count starts from the character after the blank line that
separates the body from the header. Newlines are included in the count. See
also <code>$message_size</code>, <code>$body_linecount</code>, and <code>$body_zerocount</code>.
</p>
</dd>
<dt> <code>$message_exim_id</code></dt>
<dd><a name="IDX959"></a>
<p>When a message is being received or delivered, this variable contains the
unique message id that is generated and used by Exim to identify the message.
An id is not created for a message until after its header has been successfully
received. <strong>Note</strong>: This is <em>not</em> the contents of the <em>Message-ID:</em> header
line; it is the local id that Exim assigns to the message, for example:
‘<samp>1BXTIK-0001yO-VA</samp>’.
</p>
</dd>
<dt> <code>$message_headers</code></dt>
<dd><a name="IDX960"></a>
<p>This variable contains a concatenation of all the header lines when a message
is being processed, except for lines added by routers or transports. The header
lines are separated by newline characters. Their contents are decoded in the
same way as a header line that is inserted by <code>bheader</code>.
</p>
</dd>
<dt> <code>$message_headers_raw</code></dt>
<dd><a name="IDX961"></a>
<p>This variable is like <code>$message_headers</code> except that no processing of the
contents of header lines is done.
</p>
</dd>
<dt> <code>$message_id</code></dt>
<dd><p>This is an old name for <code>$message_exim_id</code>, which is now deprecated.
</p>
</dd>
<dt> <code>$message_linecount</code></dt>
<dd><a name="IDX962"></a>
<p>This variable contains the total number of lines in the header and body of the
message. Compare <code>$body_linecount</code>, which is the count for the body only.
During the DATA and content-scanning ACLs, <code>$message_linecount</code> contains the
number of lines received. Before delivery happens (that is, before filters,
routers, and transports run) the count is increased to include the
<em>Received:</em> header line that Exim standardly adds, and also any other header
lines that are added by ACLs. The blank line that separates the message header
from the body is not counted. Here is an example of the use of this variable in
a DATA ACL:
</p>
<table><tr><td> </td><td><pre class="example">deny message = Too many lines in message header
condition = \
${if <{250}{${eval:$message_linecount - $body_linecount}}}
</pre></td></tr></table>
<p>In the MAIL and RCPT ACLs, the value is zero because at that stage the
message has not yet been received.
</p>
</dd>
<dt> <code>$message_size</code></dt>
<dd><a name="IDX963"></a>
<a name="IDX964"></a>
<a name="IDX965"></a>
<p>When a message is being processed, this variable contains its size in bytes. In
most cases, the size includes those headers that were received with the
message, but not those (such as <em>Envelope-to:</em>) that are added to individual
deliveries as they are written. However, there is one special case: during the
expansion of the <code>maildir_tag</code> option in the <code>appendfile</code> transport while
doing a delivery in maildir format, the value of <code>$message_size</code> is the
precise size of the file that has been written. See also
<code>$message_body_size</code>, <code>$body_linecount</code>, and <code>$body_zerocount</code>.
</p>
<a name="IDX966"></a>
<p>While running an ACL at the time of an SMTP RCPT command, <code>$message_size</code>
contains the size supplied on the MAIL command, or -1 if no size was given. The
value may not, of course, be truthful.
</p>
</dd>
<dt> <code>$mime_</code><em>xxx</em></dt>
<dd><p>A number of variables whose names start with <code>$mime</code> are
available when Exim is compiled with the content-scanning extension. For
details, see section <a href="spec_41.html#SEC362">Scanning MIME parts</a>.
</p>
</dd>
<dt> <code>$n0</code> - <code>$n9</code></dt>
<dd><p>These variables are counters that can be incremented by means
of the <code>add</code> command in filter files.
</p>
</dd>
<dt> <code>$original_domain</code></dt>
<dd><a name="IDX967"></a>
<a name="IDX968"></a>
<p>When a top-level address is being processed for delivery, this contains the
same value as <code>$domain</code>. However, if a "child" address (for example,
generated by an alias, forward, or filter file) is being processed, this
variable contains the domain of the original address (lower cased). This
differs from <code>$parent_domain</code> only when there is more than one level of
aliasing or forwarding. When more than one address is being delivered in a
single transport run, <code>$original_domain</code> is not set.
</p>
<p>If a new address is created by means of a <code>deliver</code> command in a system
filter, it is set up with an artificial "parent" address. This has the local
part <em>system-filter</em> and the default qualify domain.
</p>
</dd>
<dt> <code>$original_local_part</code></dt>
<dd><a name="IDX969"></a>
<a name="IDX970"></a>
<p>When a top-level address is being processed for delivery, this contains the
same value as <code>$local_part</code>, unless a prefix or suffix was removed from the
local part, because <code>$original_local_part</code> always contains the full local
part. When a "child" address (for example, generated by an alias, forward, or
filter file) is being processed, this variable contains the full local part of
the original address.
</p>
<p>If the router that did the redirection processed the local part
case-insensitively, the value in <code>$original_local_part</code> is in lower case.
This variable differs from <code>$parent_local_part</code> only when there is more than
one level of aliasing or forwarding. When more than one address is being
delivered in a single transport run, <code>$original_local_part</code> is not set.
</p>
<p>If a new address is created by means of a <code>deliver</code> command in a system
filter, it is set up with an artificial "parent" address. This has the local
part <em>system-filter</em> and the default qualify domain.
</p>
</dd>
<dt> <code>$originator_gid</code></dt>
<dd><a name="IDX971"></a>
<a name="IDX972"></a>
<a name="IDX973"></a>
<a name="IDX974"></a>
<p>This variable contains the value of <code>$caller_gid</code> that was set when the
message was received. For messages received via the command line, this is the
gid of the sending user. For messages received by SMTP over TCP/IP, this is
normally the gid of the Exim user.
</p>
</dd>
<dt> <code>$originator_uid</code></dt>
<dd><a name="IDX975"></a>
<a name="IDX976"></a>
<a name="IDX977"></a>
<a name="IDX978"></a>
<p>The value of <code>$caller_uid</code> that was set when the message was received. For
messages received via the command line, this is the uid of the sending user.
For messages received by SMTP over TCP/IP, this is normally the uid of the Exim
user.
</p>
</dd>
<dt> <code>$parent_domain</code></dt>
<dd><a name="IDX979"></a>
<p>This variable is similar to <code>$original_domain</code> (see
above), except that it refers to the immediately preceding parent address.
</p>
</dd>
<dt> <code>$parent_local_part</code></dt>
<dd><a name="IDX980"></a>
<p>This variable is similar to <code>$original_local_part</code>
(see above), except that it refers to the immediately preceding parent address.
</p>
</dd>
<dt> <code>$pid</code></dt>
<dd><a name="IDX981"></a>
<a name="IDX982"></a>
<p>This variable contains the current process id.
</p>
</dd>
<dt> <code>$pipe_addresses</code></dt>
<dd><a name="IDX983"></a>
<a name="IDX984"></a>
<a name="IDX985"></a>
<p>This is not an expansion variable, but is mentioned here because the string
‘<samp>$pipe_addresses</samp>’ is handled specially in the command specification for the
<code>pipe</code> transport (chapter <a href="spec_29.html#SEC235">The pipe transport</a>) and in transport filters
(described under <code>transport_filter</code> in chapter <a href="spec_24.html#SEC220">Generic options for transports</a>).
It cannot be used in general expansion strings, and provokes an "unknown
variable" error if encountered.
</p>
</dd>
<dt> <code>$primary_hostname</code></dt>
<dd><a name="IDX986"></a>
<p>This variable contains the value set by <code>primary_hostname</code> in the
configuration file, or read by the <code>uname()</code> function. If <code>uname()</code> returns
a single-component name, Exim calls <code>gethostbyname()</code> (or
<code>getipnodebyname()</code> where available) in an attempt to acquire a fully
qualified host name. See also <code>$smtp_active_hostname</code>.
</p>
</dd>
<dt> <code>$prvscheck_address</code></dt>
<dd><p>This variable is used in conjunction with the <code>prvscheck</code> expansion item,
which is described in sections <a href="#SEC142">Expansion items</a> and
<a href="spec_40.html#SEC355">Bounce address tag validation</a>.
</p>
</dd>
<dt> <code>$prvscheck_keynum</code></dt>
<dd><p>This variable is used in conjunction with the <code>prvscheck</code> expansion item,
which is described in sections <a href="#SEC142">Expansion items</a> and
<a href="spec_40.html#SEC355">Bounce address tag validation</a>.
</p>
</dd>
<dt> <code>$prvscheck_result</code></dt>
<dd><p>This variable is used in conjunction with the <code>prvscheck</code> expansion item,
which is described in sections <a href="#SEC142">Expansion items</a> and
<a href="spec_40.html#SEC355">Bounce address tag validation</a>.
</p>
</dd>
<dt> <code>$qualify_domain</code></dt>
<dd><a name="IDX987"></a>
<p>The value set for the <code>qualify_domain</code> option in the configuration file.
</p>
</dd>
<dt> <code>$qualify_recipient</code></dt>
<dd><a name="IDX988"></a>
<p>The value set for the <code>qualify_recipient</code> option in the configuration file,
or if not set, the value of <code>$qualify_domain</code>.
</p>
</dd>
<dt> <code>$rcpt_count</code></dt>
<dd><a name="IDX989"></a>
<p>When a message is being received by SMTP, this variable contains the number of
RCPT commands received for the current message. If this variable is used in a
RCPT ACL, its value includes the current command.
</p>
</dd>
<dt> <code>$rcpt_defer_count</code></dt>
<dd><a name="IDX990"></a>
<a name="IDX991"></a>
<p>When a message is being received by SMTP, this variable contains the number of
RCPT commands in the current message that have previously been rejected with a
temporary (4<em>xx</em>) response.
</p>
</dd>
<dt> <code>$rcpt_fail_count</code></dt>
<dd><a name="IDX992"></a>
<p>When a message is being received by SMTP, this variable contains the number of
RCPT commands in the current message that have previously been rejected with a
permanent (5<em>xx</em>) response.
</p>
</dd>
<dt> <code>$received_count</code></dt>
<dd><a name="IDX993"></a>
<p>This variable contains the number of <em>Received:</em> header lines in the message,
including the one added by Exim (so its value is always greater than zero). It
is available in the DATA ACL, the non-SMTP ACL, and while routing and
delivering.
</p>
</dd>
<dt> <code>$received_for</code></dt>
<dd><a name="IDX994"></a>
<p>If there is only a single recipient address in an incoming message, this
variable contains that address when the <em>Received:</em> header line is being
built. The value is copied after recipient rewriting has happened, but before
the <code>local_scan()</code> function is run.
</p>
</dd>
<dt> <code>$received_ip_address</code></dt>
<dd><a name="IDX995"></a>
<p>As soon as an Exim server starts processing an incoming TCP/IP connection, this
variable is set to the address of the local IP interface, and <code>$received_port</code>
is set to the local port number. (The remote IP address and port are in
<code>$sender_host_address</code> and <code>$sender_host_port</code>.) When testing with <code>-bh</code>,
the port value is -1 unless it has been set using the <code>-oMi</code> command line
option.
</p>
<p>As well as being useful in ACLs (including the "connect" ACL), these variable
could be used, for example, to make the file name for a TLS certificate depend
on which interface and/or port is being used for the incoming connection. The
values of <code>$received_ip_address</code> and <code>$received_port</code> are saved with any
messages that are received, thus making these variables available at delivery
time.
</p>
<p><strong>Note:</strong> There are no equivalent variables for outgoing connections, because
the values are unknown (unless they are explicitly set by options of the
<code>smtp</code> transport).
</p>
</dd>
<dt> <code>$received_port</code></dt>
<dd><a name="IDX996"></a>
<p>See <code>$received_ip_address</code>.
</p>
</dd>
<dt> <code>$received_protocol</code></dt>
<dd><a name="IDX997"></a>
<p>When a message is being processed, this variable contains the name of the
protocol by which it was received. Most of the names used by Exim are defined
by RFCs 821, 2821, and 3848. They start with "smtp" (the client used HELO) or
"esmtp" (the client used EHLO). This can be followed by "s" for secure
(encrypted) and/or "a" for authenticated. Thus, for example, if the protocol
is set to "esmtpsa", the message was received over an encrypted SMTP
connection and the client was successfully authenticated.
</p>
<p>Exim uses the protocol name "smtps" for the case when encryption is
automatically set up on connection without the use of STARTTLS (see
<code>tls_on_connect_ports</code>), and the client uses HELO to initiate the
encrypted SMTP session. The name "smtps" is also used for the rare situation
where the client initially uses EHLO, sets up an encrypted connection using
STARTTLS, and then uses HELO afterwards.
</p>
<p>The <code>-oMr</code> option provides a way of specifying a custom protocol name for
messages that are injected locally by trusted callers. This is commonly used to
identify messages that are being re-injected after some kind of scanning.
</p>
</dd>
<dt> <code>$received_time</code></dt>
<dd><a name="IDX998"></a>
<p>This variable contains the date and time when the current message was received,
as a number of seconds since the start of the Unix epoch.
</p>
</dd>
<dt> <code>$recipient_data</code></dt>
<dd><a name="IDX999"></a>
<p>This variable is set after an indexing lookup success in an ACL <code>recipients</code>
condition. It contains the data from the lookup, and the value remains set
until the next <code>recipients</code> test. Thus, you can do things like this:
</p>
<table><tr><td> </td><td><pre class="display">require recipients = cdb*@;/some/file
deny some further test involving $recipient_data
</pre></td></tr></table>
<p><strong>Warning</strong>: This variable is set only when a lookup is used as an indexing
method in the address list, using the semicolon syntax as in the example above.
The variable is not set for a lookup that is used as part of the string
expansion that all such lists undergo before being interpreted.
</p>
</dd>
<dt> <code>$recipient_verify_failure</code></dt>
<dd><a name="IDX1000"></a>
<p>In an ACL, when a recipient verification fails, this variable contains
information about the failure. It is set to one of the following words:
</p>
<ul class="toc">
<li>
"qualify": The address was unqualified (no domain), and the message
was neither local nor came from an exempted host.
</li><li>
"route": Routing failed.
</li><li>
"mail": Routing succeeded, and a callout was attempted; rejection occurred at
or before the MAIL command (that is, on initial connection, HELO, or
MAIL).
</li><li>
"recipient": The RCPT command in a callout was rejected.
</li><li>
"postmaster": The postmaster check in a callout was rejected.
</li></ul>
<p>The main use of this variable is expected to be to distinguish between
rejections of MAIL and rejections of RCPT.
</p>
</dd>
<dt> <code>$recipients</code></dt>
<dd><a name="IDX1001"></a>
<p>This variable contains a list of envelope recipients for a message. A comma and
a space separate the addresses in the replacement text. However, the variable
is not generally available, to prevent exposure of Bcc recipients in
unprivileged users' filter files. You can use <code>$recipients</code> only in these
cases:
</p>
<ol>
<li>
In a system filter file.
</li><li>
In the ACLs associated with the DATA command and with non-SMTP messages, that
is, the ACLs defined by <code>acl_smtp_predata</code>, <code>acl_smtp_data</code>,
<code>acl_smtp_mime</code>, <code>acl_not_smtp_start</code>, <code>acl_not_smtp</code>, and
<code>acl_not_smtp_mime</code>.
</li><li>
From within a <code>local_scan()</code> function.
</li></ol>
</dd>
<dt> <code>$recipients_count</code></dt>
<dd><a name="IDX1002"></a>
<p>When a message is being processed, this variable contains the number of
envelope recipients that came with the message. Duplicates are not excluded
from the count. While a message is being received over SMTP, the number
increases for each accepted recipient. It can be referenced in an ACL.
</p>
</dd>
<dt> <code>$regex_match_string</code></dt>
<dd><a name="IDX1003"></a>
<p>This variable is set to contain the matching regular expression after a
<code>regex</code> ACL condition has matched (see section <a href="spec_41.html#SEC363">Scanning with regular expressions</a>).
</p>
</dd>
<dt> <code>$reply_address</code></dt>
<dd><a name="IDX1004"></a>
<p>When a message is being processed, this variable contains the contents of the
<em>Reply-To:</em> header line if one exists and it is not empty, or otherwise the
contents of the <em>From:</em> header line. Apart from the removal of leading
white space, the value is not processed in any way. In particular, no RFC 2047
decoding or character code translation takes place.
</p>
</dd>
<dt> <code>$return_path</code></dt>
<dd><a name="IDX1005"></a>
<p>When a message is being delivered, this variable contains the return path -
the sender field that will be sent as part of the envelope. It is not enclosed
in <> characters. At the start of routing an address, <code>$return_path</code> has the
same value as <code>$sender_address</code>, but if, for example, an incoming message to a
mailing list has been expanded by a router which specifies a different address
for bounce messages, <code>$return_path</code> subsequently contains the new bounce
address, whereas <code>$sender_address</code> always contains the original sender address
that was received with the message. In other words, <code>$sender_address</code> contains
the incoming envelope sender, and <code>$return_path</code> contains the outgoing
envelope sender.
</p>
</dd>
<dt> <code>$return_size_limit</code></dt>
<dd><a name="IDX1006"></a>
<p>This is an obsolete name for <code>$bounce_return_size_limit</code>.
</p>
</dd>
<dt> <code>$runrc</code></dt>
<dd><a name="IDX1007"></a>
<a name="IDX1008"></a>
<p>This variable contains the return code from a command that is run by the
<code>${run...}</code> expansion item. <strong>Warning</strong>: In a router or transport, you cannot
assume the order in which option values are expanded, except for those
preconditions whose order of testing is documented. Therefore, you cannot
reliably expect to set <code>$runrc</code> by the expansion of one option, and use it in
another.
</p>
</dd>
<dt> <code>$self_hostname</code></dt>
<dd><a name="IDX1009"></a>
<a name="IDX1010"></a>
<p>When an address is routed to a supposedly remote host that turns out to be the
local host, what happens is controlled by the <code>self</code> generic router option.
One of its values causes the address to be passed to another router. When this
happens, <code>$self_hostname</code> is set to the name of the local host that the
original router encountered. In other circumstances its contents are null.
</p>
</dd>
<dt> <code>$sender_address</code></dt>
<dd><a name="IDX1011"></a>
<p>When a message is being processed, this variable contains the sender's address
that was received in the message's envelope. The case of letters in the address
is retained, in both the local part and the domain. For bounce messages, the
value of this variable is the empty string. See also <code>$return_path</code>.
</p>
</dd>
<dt> <code>$sender_address_data</code></dt>
<dd><a name="IDX1012"></a>
<a name="IDX1013"></a>
<p>If <code>$address_data</code> is set when the routers are called from an ACL to verify a
sender address, the final value is preserved in <code>$sender_address_data</code>, to
distinguish it from data from a recipient address. The value does not persist
after the end of the current ACL statement. If you want to preserve it for
longer, you can save it in an ACL variable.
</p>
</dd>
<dt> <code>$sender_address_domain</code></dt>
<dd><a name="IDX1014"></a>
<p>The domain portion of <code>$sender_address</code>.
</p>
</dd>
<dt> <code>$sender_address_local_part</code></dt>
<dd><a name="IDX1015"></a>
<p>The local part portion of <code>$sender_address</code>.
</p>
</dd>
<dt> <code>$sender_data</code></dt>
<dd><a name="IDX1016"></a>
<p>This variable is set after a lookup success in an ACL <code>senders</code> condition or
in a router <code>senders</code> option. It contains the data from the lookup, and the
value remains set until the next <code>senders</code> test. Thus, you can do things like
this:
</p>
<table><tr><td> </td><td><pre class="display">require senders = cdb*@;/some/file
deny some further test involving $sender_data
</pre></td></tr></table>
<p><strong>Warning</strong>: This variable is set only when a lookup is used as an indexing
method in the address list, using the semicolon syntax as in the example above.
The variable is not set for a lookup that is used as part of the string
expansion that all such lists undergo before being interpreted.
</p>
</dd>
<dt> <code>$sender_fullhost</code></dt>
<dd><a name="IDX1017"></a>
<p>When a message is received from a remote host, this variable contains the host
name and IP address in a single string. It ends with the IP address in square
brackets, followed by a colon and a port number if the logging of ports is
enabled. The format of the rest of the string depends on whether the host
issued a HELO or EHLO SMTP command, and whether the host name was verified by
looking up its IP address. (Looking up the IP address can be forced by the
<code>host_lookup</code> option, independent of verification.) A plain host name at the
start of the string is a verified host name; if this is not present,
verification either failed or was not requested. A host name in parentheses is
the argument of a HELO or EHLO command. This is omitted if it is identical to
the verified host name or to the host's IP address in square brackets.
</p>
</dd>
<dt> <code>$sender_helo_name</code></dt>
<dd><a name="IDX1018"></a>
<p>When a message is received from a remote host that has issued a HELO or EHLO
command, the argument of that command is placed in this variable. It is also
set if HELO or EHLO is used when a message is received using SMTP locally via
the <code>-bs</code> or <code>-bS</code> options.
</p>
</dd>
<dt> <code>$sender_host_address</code></dt>
<dd><a name="IDX1019"></a>
<p>When a message is received from a remote host, this variable contains that
host's IP address. For locally submitted messages, it is empty.
</p>
</dd>
<dt> <code>$sender_host_authenticated</code></dt>
<dd><a name="IDX1020"></a>
<p>This variable contains the name (not the public name) of the authenticator
driver that successfully authenticated the client from which the message was
received. It is empty if there was no successful authentication. See also
<code>$authenticated_id</code>.
</p>
</dd>
<dt> <code>$sender_host_name</code></dt>
<dd><a name="IDX1021"></a>
<p>When a message is received from a remote host, this variable contains the
host's name as obtained by looking up its IP address. For messages received by
other means, this variable is empty.
</p>
<a name="IDX1022"></a>
<p>If the host name has not previously been looked up, a reference to
<code>$sender_host_name</code> triggers a lookup (for messages from remote hosts).
A looked up name is accepted only if it leads back to the original IP address
via a forward lookup. If either the reverse or the forward lookup fails to find
any data, or if the forward lookup does not yield the original IP address,
<code>$sender_host_name</code> remains empty, and <code>$host_lookup_failed</code> is set to "1".
</p>
<a name="IDX1023"></a>
<p>However, if either of the lookups cannot be completed (for example, there is a
DNS timeout), <code>$host_lookup_deferred</code> is set to "1", and
<code>$host_lookup_failed</code> remains set to "0".
</p>
<p>Once <code>$host_lookup_failed</code> is set to "1", Exim does not try to look up the
host name again if there is a subsequent reference to <code>$sender_host_name</code>
in the same Exim process, but it does try again if <code>$host_lookup_deferred</code>
is set to "1".
</p>
<p>Exim does not automatically look up every calling host's name. If you want
maximum efficiency, you should arrange your configuration so that it avoids
these lookups altogether. The lookup happens only if one or more of the
following are true:
</p>
<ul class="toc">
<li>
A string containing <code>$sender_host_name</code> is expanded.
</li><li>
The calling host matches the list in <code>host_lookup</code>. In the default
configuration, this option is set to *, so it must be changed if lookups are
to be avoided. (In the code, the default for <code>host_lookup</code> is unset.)
</li><li>
Exim needs the host name in order to test an item in a host list. The items
that require this are described in sections <a href="spec_10.html#SEC128">Host list patterns that match by host name</a> and
<a href="spec_10.html#SEC131">Host list patterns for single-key lookups by host name</a>.
</li><li>
The calling host matches <code>helo_try_verify_hosts</code> or <code>helo_verify_hosts</code>.
In this case, the host name is required to compare with the name quoted in any
EHLO or HELO commands that the client issues.
</li><li>
The remote host issues a EHLO or HELO command that quotes one of the
domains in <code>helo_lookup_domains</code>. The default value of this option is
<table><tr><td> </td><td><pre class="example"> helo_lookup_domains = @ : @[]
</pre></td></tr></table>
<p>which causes a lookup if a remote host (incorrectly) gives the server's name or
IP address in an EHLO or HELO command.
</p></li></ul>
</dd>
<dt> <code>$sender_host_port</code></dt>
<dd><a name="IDX1024"></a>
<p>When a message is received from a remote host, this variable contains the port
number that was used on the remote host.
</p>
</dd>
<dt> <code>$sender_ident</code></dt>
<dd><a name="IDX1025"></a>
<p>When a message is received from a remote host, this variable contains the
identification received in response to an RFC 1413 request. When a message has
been received locally, this variable contains the login name of the user that
called Exim.
</p>
</dd>
<dt> <code>$sender_rate_</code><em>xxx</em></dt>
<dd><p>A number of variables whose names begin <code>$sender_rate_</code> are set as part of the
<code>ratelimit</code> ACL condition. Details are given in section
<a href="spec_40.html#SEC343">Rate limiting incoming messages</a>.
</p>
</dd>
<dt> <code>$sender_rcvhost</code></dt>
<dd><a name="IDX1026"></a>
<a name="IDX1027"></a>
<a name="IDX1028"></a>
<p>This is provided specifically for use in <em>Received:</em> headers. It starts with
either the verified host name (as obtained from a reverse DNS lookup) or, if
there is no verified host name, the IP address in square brackets. After that
there may be text in parentheses. When the first item is a verified host name,
the first thing in the parentheses is the IP address in square brackets,
followed by a colon and a port number if port logging is enabled. When the
first item is an IP address, the port is recorded as "port=<em>xxxx</em>" inside
the parentheses.
</p>
<p>There may also be items of the form "helo=<em>xxxx</em>" if HELO or EHLO
was used and its argument was not identical to the real host name or IP
address, and "ident=<em>xxxx</em>" if an RFC 1413 ident string is available. If
all three items are present in the parentheses, a newline and tab are inserted
into the string, to improve the formatting of the <em>Received:</em> header.
</p>
</dd>
<dt> <code>$sender_verify_failure</code></dt>
<dd><a name="IDX1029"></a>
<p>In an ACL, when a sender verification fails, this variable contains information
about the failure. The details are the same as for
<code>$recipient_verify_failure</code>.
</p>
</dd>
<dt> <code>$sending_ip_address</code></dt>
<dd><a name="IDX1030"></a>
<p>This variable is set whenever an outgoing SMTP connection to another host has
been set up. It contains the IP address of the local interface that is being
used. This is useful if a host that has more than one IP address wants to take
on different personalities depending on which one is being used. For incoming
connections, see <code>$received_ip_address</code>.
</p>
</dd>
<dt> <code>$sending_port</code></dt>
<dd><a name="IDX1031"></a>
<p>This variable is set whenever an outgoing SMTP connection to another host has
been set up. It contains the local port that is being used. For incoming
connections, see <code>$received_port</code>.
</p>
</dd>
<dt> <code>$smtp_active_hostname</code></dt>
<dd><a name="IDX1032"></a>
<p>During an incoming SMTP session, this variable contains the value of the active
host name, as specified by the <code>smtp_active_hostname</code> option. The value of
<code>$smtp_active_hostname</code> is saved with any message that is received, so its
value can be consulted during routing and delivery.
</p>
</dd>
<dt> <code>$smtp_command</code></dt>
<dd><a name="IDX1033"></a>
<p>During the processing of an incoming SMTP command, this variable contains the
entire command. This makes it possible to distinguish between HELO and EHLO in
the HELO ACL, and also to distinguish between commands such as these:
</p>
<table><tr><td> </td><td><pre class="example">MAIL FROM:<>
MAIL FROM: <>
</pre></td></tr></table>
<p>For a MAIL command, extra parameters such as SIZE can be inspected. For a RCPT
command, the address in <code>$smtp_command</code> is the original address before any
rewriting, whereas the values in <code>$local_part</code> and <code>$domain</code> are taken from
the address after SMTP-time rewriting.
</p>
</dd>
<dt> <code>$smtp_command_argument</code></dt>
<dd><a name="IDX1034"></a>
<a name="IDX1035"></a>
<p>While an ACL is running to check an SMTP command, this variable contains the
argument, that is, the text that follows the command name, with leading white
space removed. Following the introduction of <code>$smtp_command</code>, this variable is
somewhat redundant, but is retained for backwards compatibility.
</p>
</dd>
<dt> <code>$smtp_count_at_connection_start</code></dt>
<dd><a name="IDX1036"></a>
<p>This variable is set greater than zero only in processes spawned by the Exim
daemon for handling incoming SMTP connections. The name is deliberately long,
in order to emphasize what the contents are. When the daemon accepts a new
connection, it increments this variable. A copy of the variable is passed to
the child process that handles the connection, but its value is fixed, and
never changes. It is only an approximation of how many incoming connections
there actually are, because many other connections may come and go while a
single connection is being processed. When a child process terminates, the
daemon decrements its copy of the variable.
</p>
</dd>
<dt> <code>$sn0</code> - <code>$sn9</code></dt>
<dd><p>These variables are copies of the values of the <code>$n0</code> - <code>$n9</code> accumulators
that were current at the end of the system filter file. This allows a system
filter file to set values that can be tested in users' filter files. For
example, a system filter could set a value indicating how likely it is that a
message is junk mail.
</p>
</dd>
<dt> <code>$spam_</code><em>xxx</em></dt>
<dd><p>A number of variables whose names start with <code>$spam</code> are available when Exim
is compiled with the content-scanning extension. For details, see section
<a href="spec_41.html#SEC360">Scanning with SpamAssassin</a>.
</p>
</dd>
<dt> <code>$spool_directory</code></dt>
<dd><a name="IDX1037"></a>
<p>The name of Exim's spool directory.
</p>
</dd>
<dt> <code>$spool_inodes</code></dt>
<dd><a name="IDX1038"></a>
<p>The number of free inodes in the disk partition where Exim's spool files are
being written. The value is recalculated whenever the variable is referenced.
If the relevant file system does not have the concept of inodes, the value of
is -1. See also the <code>check_spool_inodes</code> option.
</p>
</dd>
<dt> <code>$spool_space</code></dt>
<dd><a name="IDX1039"></a>
<p>The amount of free space (as a number of kilobytes) in the disk partition where
Exim's spool files are being written. The value is recalculated whenever the
variable is referenced. If the operating system does not have the ability to
find the amount of free space (only true for experimental systems), the space
value is -1. For example, to check in an ACL that there is at least 50
megabytes free on the spool, you could write:
</p>
<table><tr><td> </td><td><pre class="example">condition = ${if > {$spool_space}{50000}}
</pre></td></tr></table>
<p>See also the <code>check_spool_space</code> option.
</p>
</dd>
<dt> <code>$thisaddress</code></dt>
<dd><a name="IDX1040"></a>
<p>This variable is set only during the processing of the <code>foranyaddress</code>
command in a filter file. Its use is explained in the description of that
command, which can be found in the separate document entitled <em>Exim's
interfaces to mail filtering</em>.
</p>
</dd>
<dt> <code>$tls_certificate_verified</code></dt>
<dd><a name="IDX1041"></a>
<p>This variable is set to "1" if a TLS certificate was verified when the
message was received, and "0" otherwise.
</p>
</dd>
<dt> <code>$tls_cipher</code></dt>
<dd><a name="IDX1042"></a>
<p>When a message is received from a remote host over an encrypted SMTP
connection, this variable is set to the cipher suite that was negotiated, for
example DES-CBC3-SHA. In other circumstances, in particular, for message
received over unencrypted connections, the variable is empty. Testing
<code>$tls_cipher</code> for emptiness is one way of distinguishing between encrypted and
non-encrypted connections during ACL processing.
</p>
<p>The <code>$tls_cipher</code> variable retains its value during message delivery, except
when an outward SMTP delivery takes place via the <code>smtp</code> transport. In this
case, <code>$tls_cipher</code> is cleared before any outgoing SMTP connection is made,
and then set to the outgoing cipher suite if one is negotiated. See chapter
<a href="spec_39.html#SEC294">Encrypted SMTP connections using TLS/SSL</a> for details of TLS support and chapter <a href="spec_30.html#SEC242">The smtp transport</a> for
details of the <code>smtp</code> transport.
</p>
</dd>
<dt> <code>$tls_peerdn</code></dt>
<dd><a name="IDX1043"></a>
<p>When a message is received from a remote host over an encrypted SMTP
connection, and Exim is configured to request a certificate from the client,
the value of the Distinguished Name of the certificate is made available in the
<code>$tls_peerdn</code> during subsequent processing. Like <code>$tls_cipher</code>, the
value is retained during message delivery, except during outbound SMTP
deliveries.
</p>
</dd>
<dt> <code>$tod_bsdinbox</code></dt>
<dd><a name="IDX1044"></a>
<p>The time of day and the date, in the format required for BSD-style mailbox
files, for example: Thu Oct 17 17:14:09 1995.
</p>
</dd>
<dt> <code>$tod_epoch</code></dt>
<dd><a name="IDX1045"></a>
<p>The time and date as a number of seconds since the start of the Unix epoch.
</p>
</dd>
<dt> <code>$tod_full</code></dt>
<dd><a name="IDX1046"></a>
<p>A full version of the time and date, for example: Wed, 16 Oct 1995 09:51:40
+0100. The timezone is always given as a numerical offset from UTC, with
positive values used for timezones that are ahead (east) of UTC, and negative
values for those that are behind (west).
</p>
</dd>
<dt> <code>$tod_log</code></dt>
<dd><a name="IDX1047"></a>
<p>The time and date in the format used for writing Exim's log files, for example:
1995-10-12 15:32:29, but without a timezone.
</p>
</dd>
<dt> <code>$tod_logfile</code></dt>
<dd><a name="IDX1048"></a>
<p>This variable contains the date in the format yyyymmdd. This is the format that
is used for datestamping log files when <code>log_file_path</code> contains the ‘<samp>%D</samp>’
flag.
</p>
</dd>
<dt> <code>$tod_zone</code></dt>
<dd><a name="IDX1049"></a>
<p>This variable contains the numerical value of the local timezone, for example:
-0500.
</p>
</dd>
<dt> <code>$tod_zulu</code></dt>
<dd><a name="IDX1050"></a>
<p>This variable contains the UTC date and time in "Zulu" format, as specified
by ISO 8601, for example: 20030221154023Z.
</p>
</dd>
<dt> <code>$value</code></dt>
<dd><a name="IDX1051"></a>
<p>This variable contains the result of an expansion lookup, extraction operation,
or external command, as described above. It is also used during a
<strong>reduce</strong> expansion.
</p>
</dd>
<dt> <code>$version_number</code></dt>
<dd><a name="IDX1052"></a>
<p>The version number of Exim.
</p>
</dd>
<dt> <code>$warn_message_delay</code></dt>
<dd><a name="IDX1053"></a>
<p>This variable is set only during the creation of a message warning about a
delivery delay. Details of its use are explained in section <a href="spec_46.html#SEC419">Customizing warning messages</a>.
</p>
</dd>
<dt> <code>$warn_message_recipients</code></dt>
<dd><a name="IDX1054"></a>
<p>This variable is set only during the creation of a message warning about a
delivery delay. Details of its use are explained in section <a href="spec_46.html#SEC419">Customizing warning messages</a>.
</p></dd>
</dl>
<a name="IDX1055"></a>
<hr size="6">
<table cellpadding="1" cellspacing="1" border="0">
<tr><td valign="middle" align="left">[<a href="#SEC137" title="Beginning of this chapter or previous chapter"> << </a>]</td>
<td valign="middle" align="left">[<a href="spec_12.html#SEC147" title="Next chapter"> >> </a>]</td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left"> </td>
<td valign="middle" align="left">[<a href="spec.html#SEC_Top" title="Cover (top) of document">Top</a>]</td>
<td valign="middle" align="left">[Contents]</td>
<td valign="middle" align="left">[<a href="spec_55.html#SEC493" title="Index">Index</a>]</td>
<td valign="middle" align="left">[<a href="spec_abt.html#SEC_About" title="About (help)"> ? </a>]</td>
</tr></table>
<p>
<font size="-1">
This document was generated on <i>September, 10 2009</i> using <a href="http://www.nongnu.org/texi2html/"><i>texi2html 1.78</i></a>.
</font>
<br>
</p>
</body>
</html>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
a4080654d049ad31b216b761b9173c1f
>
files
>
112
