Table of Contents

Exim4 - Remove information that Exim writes

If you are concerned of what Exim writes to the world, check out these:

auth_advertise_hosts

If any server authentication mechanisms are configured, Exim advertises them in response to an EHLO command only if the calling host matches this list. Otherwise, Exim does not advertise AUTH.

If you want to advertise the availability of AUTH only when the connection is encrypted using TLS, you can make use of the fact that the value of this option is expanded, with a setting like this:

auth_advertise_hosts = ${if eq{$tls_cipher}{}{}{*}}

If $tls_cipher is empty, the session is not encrypted, and the result of the expansion is empty, thus matching no hosts. Otherwise, the result of the expansion is *, which matches all hosts.

pipelining_advertise_hosts

This option can be used to suppress the advertisement of the SMTP PIPELINING extension to specific hosts. When PIPELINING is not advertised and smtp_enforce_sync is true, an Exim server enforces strict synchronization for each SMTP command and response. When PIPELINING is advertised, Exim assumes that clients will use it; “out of order” commands that are “expected” do not count as protocol errors (see smtp_max_synprot_errors).

server_advertise_condition

When a server is about to advertise an authentication mechanism, the condition is expanded. If it yields the empty string, “0”, “no”, or “false”, the mechanism is not advertised. If the expansion fails, the mechanism is not advertised. If the failure was not forced, and was not caused by a lookup defer, the incident is logged. See section 33.3 below for further discussion.

tls_advertise_hosts

When Exim is built with support for TLS encrypted connections, the availability of the STARTTLS command to set up an encrypted session is advertised in response to EHLO only to those client hosts that match this option. See chapter 37 for details of Exim's support for TLS.

smtp_banner

This string, which is expanded every time it is used, is output as the initial positive response to an SMTP connection. The default setting is:

  smtp_banner = $primary_hostname ESMTP Exim $version_number \
    $tod_full

Failure to expand the string causes a panic error. If you want to create a multiline response to the initial SMTP connection, use “\n” in the string at appropriate points, but not at the end. Note that the 220 code is not included in this string. Exim adds it automatically (several times in the case of a multiline response).

headers_remove

Generic transport option, could be used on external SMTP.

This option is expanded; the result must consist of a colon-separated list of header names, not including the terminating colon, for example:

headers_remove = return-receipt-to:acknowledge-to

Any existing headers matching those names are not included in any message that is transmitted by the transport. If the result of the expansion is an empty string, or if the expansion is forced to fail, no action is taken. Other expansion failures are treated as errors and cause the delivery to be deferred.

If there are multiple instances of a header, they are all removed. However, added headers may have these names. Thus it is possible to replace a header by specifying it in headers_remove and supplying the replacement in headers_add. Headers to be removed can also be specified by routers.