Exim
Exim is a mail transfer agent (MTA) used on Unix-like operating systems. Exim is a free software distributed under the terms of the GNU General Public License, and it aims to be a general and flexible mailer with extensive facilities for checking incoming e-mail.
Original author(s) | Philip Hazel |
---|---|
Developer(s) | The Exim Maintainers |
Initial release | 1995 |
Stable release | 4.96.1[1]
/ 6 October 2023 |
Repository | |
Written in | C |
Operating system | Unix-like |
Platform | Cross-platform |
Type | Mail transfer agent |
License | GPL-2.0-or-later[2] |
Website | www |
Exim has been ported to most Unix-like systems, as well as to Microsoft Windows using the Cygwin emulation layer. Exim 4 is currently the default MTA on Debian Linux systems.[3]
Many Exim installations exist, especially within Internet service providers[4] and universities in the United Kingdom. Exim is also widely used with the GNU Mailman mailing list manager, and cPanel.
In March 2023 a study performed by E-Soft, Inc.,[5] approximated that 59% of the publicly reachable mail-servers on the Internet ran Exim.
Origin
The first version of Exim was written in 1995 by Philip Hazel for use in the University of Cambridge Computing Service’s e-mail systems. The name initially stood for EXperimental Internet Mailer.[6] It was originally based on an older MTA, Smail-3, but it has since diverged from Smail-3 in its design and philosophy.[7][8]
Design model
Exim, like Smail, still follows the Sendmail design model, where a single binary controls all the facilities of the MTA. Exim has well-defined stages during which it gains or loses privileges.[9]
Exim's security has had a number of serious security problems diagnosed over the years.[10] Since the redesigned version 4 was released there have been four remote code execution flaws and one conceptual flaw concerning how much trust it is appropriate to place in the run-time user; the latter was fixed in a security lockdown in revision 4.73, one of the very rare occasions when Exim has broken backwards compatibility with working configurations.
Configuration
Exim is highly configurable and therefore has features that are lacking in other MTAs. It has always had substantial facilities for mail policy controls, providing facilities for the administrator to control who may send or relay mail through the system. In version 4.x this has matured to an Access Control List based system allowing very detailed and flexible controls. The integration of a framework for content scanning, which allowed for easier integration of anti-virus and anti-spam measures, happened in the 4.x releases. This made Exim very suitable for enforcing diverse mail policies.
The configuration is done through a (typically single) configuration file, which must include the main section with generic settings and variables, as well as the following optional sections:
- the access control list (ACL) section which defines behaviour during the SMTP sessions,
- the routers section which includes a number of processing elements which operate on addresses (the delivery logic), each tried in turn,
- the transports section which includes processing elements which transmit actual messages to destinations,
- the retry section where policy on retrying messages that fail to get delivered at the first attempt is defined,
- the rewrite section, defining if and how the mail system will rewrite addresses on incoming e-mails
- the authenticators' section with settings for SMTP AUTH, a rule per auth mechanism.
The configuration file permits inclusion of other files, which leads to two different configuration styles.
Configuration styles
There are two main schools of configuration style for Exim. The native school keeps the Exim configuration in one file and external files are only used as data sources; this is strongly influenced by Philip Hazel's preferences and notes on performance as the configuration file is re-read at every exec, which happens post-fork for receiving inbound connections and at delivery.
The second commonly encountered style is the Debian style which is designed to make it easier to have an installed application automatically provide mail integration support without having the administrator edit configuration files. There are a couple of variants of this and Debian provide documentation of their approach as part of the packages. In these approaches, a debconf configuration file is used to build the Exim configuration file, together with templates and directories with configuration fragments. The meta-config is tuned with macros which have names starting DC_. When the supervisor for exim is invoked it re-processes the configuration files producing a single-file configuration that the exim binary uses.
Because the Debian approach diverges significantly from the Exim one it is common to find a lack of support for the Debian approach on the regular Exim mailing-lists, with people advised [11][12] to ask Debian questions on the Debian-managed mailing-list. The Ubuntu packaging [13] still advises users to use the Debian mailing-list.
Documentation
Exim has extensive and exhaustive documentation; if a feature or some behaviour is not documented then this is classed as a bug. The documentation consists of The Exim Specification and two ancillary files: the experimental specification for features that might disappear and "NewStuff", which tracks very recent changes that might not have been fully integrated into the main specification. The Exim Specification is available in multiple formats, including online in HTML and in plain-text for fast searching. The document preparation system ensures that the plain-text format is highly usable.
Performance
Exim has been deployed in busy environments, often handling thousands of emails per hour efficiently. Exim is designed to deliver email immediately, without queueing. However, its queue processing performance is comparatively poor when queues are large (which happens rarely on typical low-traffic sites but can happen regularly on high-traffic sites).
Unlike qmail, Postfix, and ZMailer, Exim does not have a central queue manager (i.e. an equivalent of qmail-send, qmgr, or scheduler). There is thus no centralized load balancing of queue processing (leading to disproportionate amounts of time being spent on processing the same queue entries repeatedly). System-wide remote transport concurrency is unlimited by default (leading to a "thundering herd problem" when multiple messages addressed to a single domain are submitted at once) but can be limited by the configuration. In Philip Hazel's own words:[14]
- "The bottom line is that Exim does not perform particularly well in environments where the queue regularly gets very large. It was never designed for this; deliveries from the queue were always intended to be 'exceptions' rather than the norm."
In 1997, Hazel replaced Exim's POSIX regular expression library written by Henry Spencer with a new library he developed called PCRE (Perl Compatible Regular Expressions). Perl regular expressions are much more powerful than POSIX and other common regular expressions, and PCRE has become popular in applications other than Exim. In 2021 (after the 4.95 release) Exim transitioned to PCRE2.
Updates
Historically, Exim used a peculiar version numbering scheme where the first decimal digit is updated only whenever the main documentation is fully up to date; until that time, changes were accumulated in the file NewStuff. For this reason, a 0.01 version change can signify important changes, not necessarily fully documented.[15] In 2005, changes to Exim's version numbering were on the table of discussion.[16]
In more recent times, the document preparation system for Exim has been overhauled and changes are much more likely to just go immediately into The Exim Specification. The 4.70 release just followed on naturally from 4.69 and the 4.6x releases had up-to-date documentation.
Philip Hazel retired from the University of Cambridge in 2007 and maintenance of Exim transitioned to a team of maintainers. Exim continues to be maintained actively, with frequent releases.
References
- Heiko Schlittermann (6 October 2023). "[exim-announce] Exim security release 4.96.1". Retrieved 17 October 2023.
- "NOTICE". GitHub.
- Adelstein, Tom; Lubanovic, Bill (2007-03-27). Linux System Administration. "O'Reilly Media, Inc.". ISBN 978-0-596-00952-6.
- Golanski, Y (2000) The Exim Mail Transfer Agent in a Large Scale Deployment
- "E-Soft MX survey". securityspace.com. E-Soft Inc. 1 March 2023. Retrieved 20 March 2023.
- Philip Hazel The Exim SMTP Mail Server (Preface) Archived 2008-12-30 at the Wayback Machine
- "Philip Hazel's original thoughts on implementing a future MTA based on Smail". cam.ac.uk. Archived from the original on 2008-12-15.
- "The Smail-3 MTA". weird.com.
- "Security considerations". exim.org.
- "EximSecurity". GitHub.
- "DebianExim4". GitHub.
- "The Exim FAQ". exim.org.
- "Ubuntu – Details of package exim4 in lucid". ubuntu.com.
- posting by Philip Hazel
- [Exim] Exim 4.21 released
- "Exim Development - From The Cathedral Towards The Bizarre". Archived from the original on 14 October 2007. Retrieved 25 February 2015.
Bibliography
- Hazel, Philip (April 1, 2007). The Exim SMTP Mail Server: Official Guide for Release 4 (Second ed.). UIT Cambridge Ltd. p. 640. ISBN 978-0-9544529-7-1. Archived from the original on 2010-11-07. Retrieved 2010-12-13.