File: spec_24.html

package info (click to toggle)
exim-html 3.20-1
links: PTS
area: main
in suites: etch, etch-m68k, sarge, woody
size: 2,868 kB
ctags: 4,188
sloc: makefile: 40; sh: 19
file content (888 lines) | stat: -rw-r--r-- 28,706 bytes
<HTML>
<HEAD>
<!-- This HTML file has been created by texi2html 1.52
     from spec on 25 November 2000 -->

<TITLE>Exim Specification - 24. The forwardfile director</TITLE>
</HEAD>
<body bgcolor="#FFFFFF" text="#00005A" link="#FF6600" alink="#FF9933" vlink="#990000">
Go to the <A HREF="spec_1.html">first</A>, <A HREF="spec_23.html">previous</A>, <A HREF="spec_25.html">next</A>, <A HREF="spec_59.html">last</A> section, <A HREF="spec_toc.html">table of contents</A>.
<P><HR><P>


<H1><A NAME="SEC647" HREF="spec_toc.html#TOC647">24. The forwardfile director</A></H1>
<P>
<A NAME="IDX1507"></A>
The <EM>forwardfile</EM> director can be used for two different but related
operations. Its effect is to replace a local part with a list of addresses,
file names, or pipe commands, taken from a single file,
<font color=green>
or from an inline string.
</font>
It gets its name from the common case where the file is in a user's home
directory and is called <TT>`.forward'</TT>, but another common use is for expanding
mailing lists, which are discussed in more detail in chapter
42.

</P>
<P>
A standard transport must <EM>not</EM> be specified for this director. That is, the
generic <EM>transport</EM> option must not be set. A configuration error occurs if one
is given. However, the special transports for handling files, pipes, and
autoreplies must be set if needed.

</P>

<P>
<A NAME="IDX1508"></A>
<A NAME="IDX1509"></A>
<A NAME="IDX1510"></A>
When handling a user's <TT>`.forward'</TT> file, a uid, gid, and home directory are
commonly obtained from the password file by calling <EM>getpwnam()</EM>. However,
these may alternatively be specified by options to the director, in which case
<EM>getpwnam()</EM> is not called.

</P>

<P>



<H2><A NAME="SEC648" HREF="spec_toc.html#TOC648">24.1 Forward file items</A></H2>

<P>
<A NAME="IDX1511"></A>
The contents of the file
<font color=green>
or inline string
</font>
are a list of addresses, file names, or pipe commands, separated by commas or
newlines. Items that are empty are ignored. This includes items consisting
solely of RFC 822 address comments. If an item is entirely enclosed in double
quotes, these are removed, but otherwise double quotes are retained, because
some forms of mail address require the use of double quotes, though never
enclosing the whole address.

</P>
<P>
Lines starting with a # character are comments, and are ignored, and # may
also appear following a comma, in which case everything between the # and the
end of the line is ignored. If the file is empty, or contains only blank lines
and comments, the director behaves as if it did not exist.

</P>
<P>
If a message is addressed to two or more different local parts, each of which
results in an expansion that generates an identical file name or pipe command,
different deliveries occur, though of course each delivery process runs with
different values in the LOCAL_PART environment variable, and with
different uids (in the common case). This happens only if the immediate
ancestors of the pipes or files are different local parts. If several different
local parts generate an intermediate alias which in turn generates a pipe or
file delivery, only a single delivery is done, because the duplicate
intermediate addresses are discarded.

</P>


<UL>

<LI>

An address item may safely be the same local part as the one currently under
consideration, because a director is automatically skipped if any ancestor has
the same local part and was processed by that director. Thus a user with login
name <EM>spqr</EM> who wants to preserve a copy of mail and also forward it somewhere
else can set up a file such as

<PRE>
spqr, spqr@st.else.where
</PRE>

<A NAME="IDX1512"></A>
without provoking a loop.
<A NAME="IDX1513"></A>
<A NAME="IDX1514"></A>
A backslash before an unqualified local part is permitted for compatibility
with other mailers, but is not necessary for loop prevention.
The presence or absence of a backslash does, however, make a difference when
there is more than one local domain. Without a backslash, an unqualified local
part is qualified with the contents of <EM>qualify_recipient</EM> unless
<EM>qualify_preserve_domain</EM> is set, but if a backslash is present, the local
part is always qualified with the domain of the incoming address.

Care must be taken if there are alias names for local users. For example if the
system alias file contains

<PRE>
Sam.Reman: spqr
</PRE>

then

<PRE>
Sam.Reman, spqr@reme.else.where
</PRE>

in <EM>spqr</EM>'s forward file fails on an incoming message addressed to <EM>Sam.Reman</EM>,
because the <EM>aliasfile</EM> director does not process <EM>Sam.Reman</EM> the second time
round, having previously done so.
The forward file should really contain

<PRE>
spqr, spqr@reme.else.where
</PRE>

but because this is such a common error, the <EM>check_ancestor</EM> option (see
below) exists to provide a way to get round it.

<LI>

An item is interpreted as a file name if it begins with `/' and does not
parse as a valid RFC 822 address that includes a domain. For example,

<PRE>
/home/world/shadow
</PRE>

is treated as a file name, but

<PRE>
/s=molari/o=babylon/@x400gate.way
</PRE>

is treated as an address.
For a file name, a transport must be specified using the <EM>file_transport</EM>
option. However, if the generated path name ends with a forward slash
character, it is interpreted as a directory name rather than a file name, and
<EM>directory_transport</EM> is used instead. If it ends with two slashes,
<EM>directory2_transport</EM> is required. This makes it possible to support two
different kinds of directory delivery simultaneously.

<A NAME="IDX1515"></A>
If an item is <EM>/dev/null</EM>, delivery to it is bypassed at a high level, and the
log entry shows `**bypassed**' instead of a transport name. This avoids
the need for a user and group, which are necessary for a genuine delivery to a
file. When the file name is not <EM>/dev/null</EM>, either the director or the
transport must specify a user and group under which to run the delivery. If
<EM>check_local_user</EM> is set, the uid and gid from the <EM>passwd</EM> file are used as
defaults for the generic <EM>user</EM> and <EM>group</EM> options.

<LI>

An item is treated as a pipe command if it begins with `|' and does not parse
as a valid RFC 822 address that includes a domain.
A transport for running the command must be specified by the <EM>pipe_transport</EM>
option. Either the director or the transport must specify a user and group
under which to run the delivery.
If <EM>check_local_user</EM> is set, the uid and gid from the <EM>passwd</EM> file are used
as defaults for the generic <EM>user</EM> and <EM>group</EM> options.

Both single and double quotes can be used for enclosing individual arguments to
the pipe command; no interpretation of escapes is done for single quotes. If
the command contains a comma character, it is necessary to put the whole item
in double quotes, for example:

<PRE>
"|/some/command ready,steady,go"
</PRE>

since items are terminated by commas. Do not, however, quote just the command.
An item such as

<PRE>
|"/some/command ready,steady,go"
</PRE>

is interpreted as a pipe with a rather strange command name, and no arguments.

<LI>

<A NAME="IDX1516"></A>
Instead of an address, file name, or pipe command, an item of the form

<PRE>
:include:&#60;<EM>path name</EM>&#62;
</PRE>

may appear, in which case a list of addresses is taken from the given file and
included at that point, unless the <EM>forbid_include</EM> option is set.
<A NAME="IDX1517"></A>
There are some security considerations when such an item is included in a
user's <TT>`.forward'</TT> file:


<OL>

<LI>

<A NAME="IDX1518"></A>
If the <EM>seteuid()</EM> function is being used to read the main file as a specific
user (see <EM>seteuid</EM> below) then the included file is read as the same user.

<LI>

Otherwise Exim is running as root at this point. If <EM>check_local_user</EM> is
set, or if an explicit directory is specified
by <EM>file_directory</EM>,
then any included files must be within the home or given directory, and no
<A NAME="IDX1519"></A>
<A NAME="IDX1520"></A>
symbolic links are permitted below the directory name.

<LI>

If neither <EM>check_local_user</EM> nor
<EM>file_directory</EM>
is set when <EM>seteuid()</EM> is not in use, included files are not permitted.
</OL>

</UL>



<H2><A NAME="SEC649" HREF="spec_toc.html#TOC649">24.2 Repeated forwarding expansion</A></H2>

<P>
<A NAME="IDX1521"></A>
<A NAME="IDX1522"></A>
When a message cannot be delivered to all of its recipients immediately,
leading to two or more delivery attempts, forwarding expansion is carried out
afresh each time for those addresses whose children were not all previously
delivered. If a forward file is being used as a mailing list, this can lead to
new members of the list receiving copies of old messages. The <EM>one_time</EM>
option can be used to avoid this.

</P>


<H2><A NAME="SEC650" HREF="spec_toc.html#TOC650">24.3 Errors in forward files</A></H2>

<P>
If <EM>skip_syntax_errors</EM> is set, a malformed address that causes a parsing
error is skipped, and an entry is written to the main log. This may be useful
for mailing lists that are automatically managed, but note the inherent danger.
The option should never be set for users' <TT>`.forward'</TT> files.
Otherwise, if any error is detected while generating the list of new addresses,
the message is frozen, except for the special case of inability to open an
included file when <EM>no_freeze_missing_include</EM> is set. In this case,
delivery is simply deferred.

</P>


<H2><A NAME="SEC651" HREF="spec_toc.html#TOC651">24.4 Filter files</A></H2>

<P>
<A NAME="IDX1523"></A>
<A NAME="IDX1524"></A>
As an alternative to treating the file as a simple list of addresses, the
<EM>forwardfile</EM> director can be configured, by means of the <EM>filter</EM> option, to
read a file and interpret it as a list of <EM>filtering</EM> instructions if it
conforms to a specific format. The instructions can specify various actions
such as appending the message to certain mail folders, or forwarding it to
other users, predicated on the content of the message. Details of the
syntax and semantics of filter files are described in a separate document
entitled <EM>Exim's interface to mail filtering</EM>; this is intended for use
by end users.
If filters are permitted to generate mail messages (see <EM>forbid_reply</EM>) then
the <EM>reply_transport</EM> option must be set.

</P>


<H2><A NAME="SEC652" HREF="spec_toc.html#TOC652">24.5 The home directory</A></H2>

<P>
<A NAME="IDX1525"></A>
The $<EM>home</EM> expansion variable can be used in a number of local options for
<EM>forwardfile</EM>. Its value depends on the way the options are set up, as follows:

</P>

<UL>

<LI>

If <EM>check_local_user</EM> is set and <EM>file_directory</EM> is unset, $<EM>home</EM> is
set to the user's home directory when expanding the <EM>file</EM> option that
specifies a forward or filter file.

<LI>

If <EM>check_local_user</EM> is unset and <EM>file_directory</EM> is set, $<EM>home</EM> is
set to the expanded value of <EM>file_directory</EM> when expanding the <EM>file</EM>
option. If $<EM>home</EM> appears in <EM>file_directory</EM>, its substitution value is the
empty string.

<LI>

If both <EM>check_local_user</EM> and <EM>file_directory</EM> are set, $<EM>home</EM> contains
the user's home directory when expanding <EM>file_directory</EM>, but subsequently
$<EM>home</EM> contains the value of <EM>file_directory</EM> when expanding the <EM>file</EM>
option.

<LI>

If neither <EM>check_local_user</EM> not <EM>file_directory</EM> are set, $<EM>home</EM> is
empty.
</UL>

<P>
If the generic <EM>require_files</EM> option, or any other expanded option, contains
$<EM>home</EM>, it takes the same value as it does when expanding the <EM>file</EM>
option, and this value is also used for $<EM>home</EM> if encountered in a filter
file, and as the default value to pass with the address when a pipe or file
delivery is generated.

</P>
<P>
Note that the value of the <EM>home_directory</EM> generic option is not used during
directing; it specifies a directory for use at transport time.

</P>



<H2><A NAME="SEC653" HREF="spec_toc.html#TOC653">24.6 Special treatment of home_directory and current_directory</A></H2>

<P>
<A NAME="IDX1526"></A>
<A NAME="IDX1527"></A>
<A NAME="IDX1528"></A>
<A NAME="IDX1529"></A>
The generic options <EM>home_directory</EM> and <EM>current_directory</EM> (specified in
chapter 21) are handled in a special way by the <EM>forwardfile</EM>
director. Neither has any effect during the running of the director; they act
only when it directs an address to a local transport because it specifies a
file name, pipe command, or autoreply -- the values are passed with the address
for use at transport time.

</P>
<P>
If <EM>home_directory</EM> is not set, the directory specified by
<EM>file_directory</EM>, or if that is not set, the home directory obtained from
<EM>check_local_user</EM> is used as the default value.

</P>
<P>
In installations where users' <TT>`.forward'</TT> files are not kept in their home
directories, both <EM>check_local_user</EM> and <EM>file_directory</EM> may be set, which
leads to the <EM>file_directory</EM> value being used as the default, when the actual
home directory may be wanted. It is no good specifying

<PRE>
home_directory = $home
</PRE>

<P>
because the same value is used for $<EM>home</EM>. A special string value is
therefore provided for use in this case. If <EM>home_directory</EM> is set to the
string `check_local_user' it is converted into the user's home directory
path. The same magic string can also be used for <EM>current_directory</EM>.

</P>


<H2><A NAME="SEC654" HREF="spec_toc.html#TOC654">24.7 Forwardfile private options</A></H2>

<P>
<font color=green>
This section lists the private options that <EM>forwardfile</EM> does not have in
common with <EM>aliasfile</EM>. Those that they share are given in chapter
22.
</font>

</P>

<P>

<P>
<A NAME="IDX1530"></A>

</P>
<P>
<A NAME="IDX1531"></A>


<H3><A NAME="SEC655" HREF="spec_toc.html#TOC655">allow_system_actions (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
Setting this option permits the use of <EM>freeze</EM> and <EM>fail</EM> in filter files.
This should <EM>not</EM> be set on the director for users'
<TT>`.forward'</TT> files, but can be useful if you want to run a system-wide filter for
each address, as opposed to the system filter, which runs just once per
message. See chapter 47.

</P>
<P>
<A NAME="IDX1532"></A>


<H3><A NAME="SEC656" HREF="spec_toc.html#TOC656">check_group (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
The group of the file is checked only when this option is set. If
<EM>check_local_user</EM> is set, the user's default group is permitted;
otherwise the group must be one of those listed in the <EM>owngroups</EM> option.

</P>
<P>
<A NAME="IDX1533"></A>


<H3><A NAME="SEC657" HREF="spec_toc.html#TOC657">check_local_user (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: true

</P>
<P>
If this option is true, the local part that is passed to this director is
checked to ensure that it is the login of a local user by calling the
<EM>getpwnam()</EM> function. The director declines to handle the address if it is not.
In addition, when this option is true, the string specified for the <EM>file</EM>
option is taken as relative to the user's home directory if it is not an
absolute path, unless the <EM>file_directory</EM> option is set.

</P>
<P>
When this option is set, the local user is always one of the permitted owners
of the file, and the local user's uid is used when reading the forward file if
the <EM>seteuid</EM> option is set or if the global security setting is not `setuid'.
In addition the uid and gid read from the <EM>passwd</EM> file are used as defaults
for the generic <EM>user</EM> and <EM>group</EM> options.

</P>
<P>
<font color=green>
<A NAME="IDX1534"></A>


<H3><A NAME="SEC658" HREF="spec_toc.html#TOC658">data (forwardfile)</A></H3>

<P>
Type: string, expanded<BR>
Default: unset

</P>
<P>
This option is mutually exclusive with <EM>file</EM>. One or other of them must be
set, but not both. The contents of <EM>data</EM> are expanded, and then used as the
list of forwarding items, or as a set of filtering instructions, just as if
they were the contents of the file. Essentially, <EM>data</EM> allows you to provide
the filtering instructions inline, but because it is expanded, you can, for
example, look them up in a database or indexed file. When filtering
instructions are used, the string must start off with `#Exim filter', and all
comments in the string, including this initial one, must be terminated with
newline characters. For example:

<PRE>
data = "#Exim filter\n\
       if $h_to: contains Exim then save $home/mail/exim endif"
</PRE>

<P>
If you are reading the data from a database where newlines cannot be included,
you can use the $<EM>{sg}</EM> expansion item to turn the escape string of your
choice into a newline.
</font>

</P>
<P>
<A NAME="IDX1535"></A>


<H3><A NAME="SEC659" HREF="spec_toc.html#TOC659">file (forwardfile)</A></H3>

<P>
Type: string, expanded<BR>
Default: unset

</P>
<P>
<font color=green>
This option is mutually exclusive with <EM>data</EM>. One or other of them must be
set, but not both. The contents of <EM>file</EM> are expanded -- see above for a
discussion of the <EM>home</EM> expansion variable. If expansion fails, Exim panics.
The expanded string is interpreted as a file name, and must start with a slash
character unless <EM>check_local_user</EM> is true, or a <EM>file_directory</EM> option is
set. A non-absolute path is interpreted relative to the <EM>file_directory</EM>
setting if it exists; otherwise it is interpreted relative to the user's home
directory. The contents of the file are the list of forwarding items or a set
of filtering instructions.
</font>

</P>
<P>
If a non-absolute path is used, Exim uses the <EM>stat()</EM> function to check the
directory before attempting to open the file therein. If the directory is
inaccessible, the delivery to the current address is deferred. This
distinguishes between the cases of a non-existent file (where the director
cannot handle the address, and must decline) and an unmounted
<A NAME="IDX1536"></A>
NFS directory (where delivery should be deferred). Thus the difference between
the two settings

<PRE>
file = .forward
file = $home/.forward
</PRE>

<P>
is that in the second case the directory is not checked with <EM>stat()</EM>.

</P>
<P>
If the file exists but is empty or contains only blank and comment lines
starting with #, Exim behaves as if it did not exist, and the director
declines to handle the address. Note that this is not the case when the file
contains syntactically valid items that happen to yield empty addresses, for
example, items containing only RFC 822 address comments.

</P>
<P>
<A NAME="IDX1537"></A>


<H3><A NAME="SEC660" HREF="spec_toc.html#TOC660">file_directory (forwardfile)</A></H3>

<P>
Type: string, expanded<BR>
Default: unset

</P>
<P>
The string is expanded before use -- see above for a discussion of the <EM>home</EM>
expansion variable. The option sets a directory path which is used if the
<EM>file</EM> option does not specify an absolute path. This on its own is not very
useful, since the directory string could just as well be prepended to the file
string. However, if a separate directory is given, it is treated like a
directory obtained from <EM>check_local_user</EM>, and its existence is tested before
trying to open the file. If the directory appears not to exist, delivery is
deferred. Thus, a setting such as

<PRE>
file_directory = /usr/forwards
file = ${local_part}.forward
</PRE>

<P>
defers delivery if <EM>/usr/forwards</EM> appears not to exist. This can be useful if
the directory is NFS mounted. If <EM>check_local_user</EM> is also set,
<EM>file_directory</EM> takes precedence in determining the directory name for
non-absolute files.

</P>
<P>
If <EM>forwardfile</EM> sets up a delivery to a file or a pipe command and the
<EM>home_directory</EM> option is not set, the directory specified by
<EM>file_directory</EM>, or if that is not set, the home directory obtained from
<EM>check_local_user</EM> is associated with the address during delivery.

</P>
<P>
<A NAME="IDX1538"></A>


<H3><A NAME="SEC661" HREF="spec_toc.html#TOC661">filter (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
<A NAME="IDX1539"></A>
If this option is set, and the forward file
<font color=green>
or inline forwarding data
</font>
starts with the text `# Exim filter', it is interpreted as a set of filtering
commands instead of a list of forwarding addresses. Details of the syntax and
semantics of filter files are described in a separate document entitled
<EM>Exim's interface to mail filtering</EM>; this is intended for use by end
users.

</P>
<P>
In addition to the commands described therein, there are some extra commands
that are permitted only in system filter files, or if <EM>allow_system_actions</EM>
is set. These are described in chapter 47.

</P>
<P>
Filter files may contain string expansions, but some administrators may not
want to permit those expansion features that involve accessing files. The
options <EM>forbid_filter_existstest</EM>, <EM>forbid_filter_lookup</EM>, and
<EM>forbid_filter_perl</EM> (see below) can be used to lock out these features.

</P>
<P>
The logging facility in filter files is available only if the filter is being
run under some unprivileged uid. The system configuration must specify that
<EM>seteuid()</EM> is available, either <EM>user</EM> or <EM>check_local_user</EM> must be set on
the director, <EM>forbid_filter_log</EM> must not be set, and the global <EM>security</EM>
setting must not be `setuid'. Writing the log takes place while the filter file
is being interpreted, that is, at directing time. It does not queue up for
later like the delivery commands. The reason for this is so that a log file
need be opened only once for several write operations.

</P>
<P>
<A NAME="IDX1540"></A>


<H3><A NAME="SEC662" HREF="spec_toc.html#TOC662">forbid_filter_existstest (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
If this option is true, string expansions in filter files are not allowed to
make use of the <EM>exists</EM> condition.

</P>
<P>
<A NAME="IDX1541"></A>


<H3><A NAME="SEC663" HREF="spec_toc.html#TOC663">forbid_filter_logwrite (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
If this option is true, use of the logging facility in filter files is not
permitted. This is in any case available only if the filter is being run under
some unprivileged uid, which is normally the case for ordinary users' <TT>`.forward'</TT>
files on a system with <EM>seteuid()</EM> available.

</P>
<P>
<A NAME="IDX1542"></A>


<H3><A NAME="SEC664" HREF="spec_toc.html#TOC664">forbid_filter_lookup (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
If this option is true, string expansions in filter files are not allowed to
make use of <EM>lookup</EM> items.

</P>
<P>
<A NAME="IDX1543"></A>


<H3><A NAME="SEC665" HREF="spec_toc.html#TOC665">forbid_filter_perl (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
This option is available only if Exim is built with embedded Perl support. If
it is true, string expansions in filter files are not allowed to make use of
the embedded Perl support.

</P>
<P>
<font color=green>
<A NAME="IDX1544"></A>


<H3><A NAME="SEC666" HREF="spec_toc.html#TOC666">forbid_filter_reply (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
</font>
<A NAME="IDX1545"></A>
If this option is true, this director may not generate an automatic reply
message. If it attempts to do so, a delivery failure occurs. Automatic replies
can be generated only from filter files, not from traditional forward files.

</P>
<P>
<A NAME="IDX1546"></A>


<H3><A NAME="SEC667" HREF="spec_toc.html#TOC667">ignore_eacces (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
<A NAME="IDX1547"></A>
If this option is set and an attempt to open the forward file yields the
EACCES error (permission denied) then <EM>forwardfile</EM> behaves as if the file
did not exist.

</P>
<P>
<A NAME="IDX1548"></A>


<H3><A NAME="SEC668" HREF="spec_toc.html#TOC668">ignore_enotdir (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
<A NAME="IDX1549"></A>
If this option is set and an attempt to open the forward file yields the
ENOTDIR error (something on the path is not a directory) then <EM>forwardfile</EM>
behaves as if the file did not exist.

</P>
<P>
<A NAME="IDX1550"></A>
<A NAME="IDX1551"></A>


<H3><A NAME="SEC669" HREF="spec_toc.html#TOC669">match_directory (forwardfile)</A></H3>

<P>
Type: string, expanded<BR>
Default: unset

</P>
<P>
If this option is set with <EM>check_local_user</EM>, the user's home directory, as
obtained from <EM>getpwnam()</EM>, must match the given string. If it does not, the
director declines to handle the address. The string is expanded before use. If
the expansion fails, Exim panics, unless the failure was explicitly triggered
by a `fail' item in a conditional sub-expression in the expansion, in which
case the director just declines to handle the address.

</P>
<P>
If the expanded string starts with an asterisk, the remainder must match
the end of the home directory name; if it starts with a circumflex, a regular
expression match is performed. In fact, the matching process is the same as is
used for domain list items and may include file lookups.

</P>
<P>
<font color=green>
If the pattern starts with an exclamation mark, the user's home directory must
<EM>not</EM> match the rest of the given string. For example, with

<PRE>
match_directory = !^/group
</PRE>

<P>
the director declines if the user's home directory starts with <EM>/group</EM>.
</font>

</P>
<P>
<A NAME="IDX1552"></A>


<H3><A NAME="SEC670" HREF="spec_toc.html#TOC670">reply_transport (forwardfile)</A></H3>

<P>
Type: string, expanded<BR>
Default: unset

</P>
<P>
A <EM>forwardfile</EM> director sets up a delivery to an <EM>autoreply</EM> transport when a
<EM>mail</EM> or <EM>vacation</EM> command is used in a filter file.
The transport used is specified by this option, which, after expansion, must be
the name of a configured transport.

</P>
<P>
<A NAME="IDX1553"></A>


<H3><A NAME="SEC671" HREF="spec_toc.html#TOC671">seteuid (forwardfile)</A></H3>

<P>
Type: boolean<BR>
Default: false

</P>
<P>
This option may not be set unless the compile-time configuration in the
OS-specific configuration files specifies that the <EM>seteuid()</EM> function is
available in the operating system. In addition, either the <EM>check_local_user</EM>
or the generic <EM>user</EM> and <EM>group</EM> options must be set. A configuration error
occurs if these conditions do not hold.

</P>
<P>
When this option is true, the <EM>seteuid()</EM> and <EM>setegid()</EM> functions are called
to change the effective uid and gid before accessing the home directory and the
file. If both <EM>check_local_user</EM> and <EM>user</EM> are set, the uid is taken from
the latter. If the generic <EM>initgroups</EM> option is set, <EM>initgroups()</EM> is called
to initialise the group list with all the user's groups. The user remains set
during interpretation of a filter file; if it writes log entries the log file
must be accessible to the uid or gid. Changing uid is necessary in two
circumstances:

</P>

<OL>

<LI>

When Exim is configured to change the effective uid from root to the Exim user
(using <EM>seteuid()</EM>) while running the directors. See chapter 55 for
details.

<LI>

<A NAME="IDX1554"></A>
When users' home directories are NFS mounted, and root access is not exported
to the local host, to allow for cases when the files are not world-readable.
</OL>

<P>
The <EM>forwardfile</EM> director can detect the first of these cases, and it always
uses <EM>seteuid()</EM>, regardless of the setting of this option, since it does not
make sense to do otherwise.

</P>
<P>
On a system without the <EM>seteuid()</EM> function, but with NFS home directories
that do not export root, it is necessary for forward files to be
world-readable.

</P>

<P><HR><P>
Go to the <A HREF="spec_1.html">first</A>, <A HREF="spec_23.html">previous</A>, <A HREF="spec_25.html">next</A>, <A HREF="spec_59.html">last</A> section, <A HREF="spec_toc.html">table of contents</A>.
</BODY>
</HTML>