InsightServer35Manual

User Manual InsightServer™ 3.5.
Copyright © 2002 Bynari Inc., All rights reserved.
No part of this publication may be reproduced

or transmitted in any form or by any means, electronic
or mechanical, including photocopy, recording, or
any information storage and retrieval system, without
permission in writing from the publisher.
Page 1 of 1
Table of Contents
CHAPTER 1 GETTING STARTED .......................................................................................................... 4
BYNARI SOFTWARE CONFIGURATION......................................................................................................... 4
Cyrus IMAP (Internet Message Access Protocol)................................................................................. 5
Exim MTA (Message Transfer Agent)................................................................................................... 5
OpenLDAP (Lightweight Directory Access Protocol) .......................................................................... 5
Additional Open Source components .................................................................................................... 5
Bynari directories ................................................................................................................................. 5
CHAPTER 2 INSTALLING BYNARI INSIGHTSERVER..................................................................... 7
2.1 REQUIRED INFORMATION BEFORE INSTALLATION ................................................................................ 7
2.2 GETTING INSIGHTSERVER CODE ON THE SYSTEM ................................................................................. 7
2.3 INSTALLING THE CODE.......................................................................................................................... 7
Unpacking the code............................................................................................................................... 7
Disabling ports needed by InsightServer .............................................................................................. 8
Running install code ............................................................................................................................. 8
2.4 AUTOMATICALLY STARTING AND STOPPING INSIGHT ........................................................................ 10
Command to Determine if InsightServer is Running .......................................................................... 10
2.5 COMPLETING INSTALLATION .............................................................................................................. 10
CHAPTER 3 CONFIGURING BYNARI INSIGHTSERVER............................................................... 11
3.1 LOGGING ONTO THE WEB INTERFACE ................................................................................................ 11
3.2 CONFIGURING COMMUNICATION ........................................................................................................ 12
Using IP addresses in Host_Accept_Relay field ................................................................................. 13
3.3 THE LDIF AND TCL FILES AND THEIR USES ..................................................................................... 13
Search OpenLDAP for Current Information....................................................................................... 13
Example of ldapsearch........................................................................................................................ 14
The LDIF File ..................................................................................................................................... 14
Organization Example ........................................................................................................................ 15
Group Example ................................................................................................................................... 15
example of the ldapmodify and ldapadd commands ........................................................................... 15
The TCL file ........................................................................................................................................ 16
3.4 CREATING NEW ORGANIZATIONS AND GROUPS .................................................................................. 16
Using the Web Interface...................................................................................................................... 16
Importing Groups Using LDIF File.................................................................................................... 18
3.5 CREATING NEW BYNARI USERS ......................................................................................................... 18
Using the Web Interface...................................................................................................................... 18
Adding New Users through LDIF and CYRADM ............................................................................... 20
Loading LDIF and TCL files into OpenLDAP and Cyrus................................................................... 21
3.6 MIGRATING USER-IDS INTO BYNARI FROM EXCHANGE ...................................................................... 21
Notes to remember about current migration processes ...................................................................... 21
Exporting User Information from Exchange 5.5................................................................................. 22
Description of Process ........................................................................................................................ 22
Step-by-Step Instruction...................................................................................................................... 23
Exporting User Information from Exchange 2000.............................................................................. 24
Description of Process ........................................................................................................................ 24
Step-by-Step Instructions .................................................................................................................... 25
CHAPTER 4 CONFIGURING CLIENTS TO USE INSIGHTSERVER ............................................. 28
4.1 INSTALLING CLIENT CODE ................................................................................................................. 28
Installing InsightConnector ................................................................................................................ 28
Installing Web Publishing Wizard ...................................................................................................... 29
Page 2 of 2
4.2 MIGRATING FROM EXCHANGE TO INSIGHTSERVER ............................................................................ 29
Adding IMAP, POP3, and LDAP Access to Bynari ............................................................................ 30
Publishing and Retrieving Free/Busy Time ........................................................................................ 35
4.3 OTHER END-USER TASKS AND SETUP ................................................................................................ 36
Password Administration.................................................................................................................... 36
Bynari InsightServer Password Administration.................................................................................. 36
Outlook password for end-user folder access ..................................................................................... 37
Synchronization, and other Folder Options........................................................................................ 37
CHAPTER 5 EXIM MTA CONFIGURATION...................................................................................... 39
5.1 CONFIGURATION OPTIONS .................................................................................................................. 39
Basic Configuration ............................................................................................................................ 39
Advanced Configuration ..................................................................................................................... 40
Logging Configuration........................................................................................................................ 41
RBL Configuration.............................................................................................................................. 42
Filter Configuration............................................................................................................................ 42
SMTP Configuration........................................................................................................................... 43
Message Processing Configuration .................................................................................................... 44
5.2 QUEUE MANAGEMENT ....................................................................................................................... 45
View Queue ......................................................................................................................................... 45
View Message ..................................................................................................................................... 45
Delete Frozen Messages ..................................................................................................................... 46
Run Queue........................................................................................................................................... 46
5.3 SERVER MANAGEMENT ...................................................................................................................... 46
CHAPTER 6 RAV CONFIGURATION .................................................................................................. 47
6.1 REGULAR EXPRESSION EDITING ......................................................................................................... 47
Modifying regular expressions............................................................................................................ 48
Creating new regular expressions ...................................................................................................... 48
6.2 ACTION EDITING ................................................................................................................................ 49
Modifying actions................................................................................................................................ 50
Creating new actions .......................................................................................................................... 50
6.3 GROUP EDITING.................................................................................................................................. 50
Current groups.................................................................................................................................... 51
Current Filering Rules........................................................................................................................ 52
Create New Filtering Rule .................................................................................................................. 52
Creating new groups........................................................................................................................... 52
6.4 RESTARTING RAV.............................................................................................................................. 54
APPENDIX A – TROUBLESHOOTING ................................................................................................ 55
DISABLING TCP/IP PORTS ........................................................................................................................ 55
INTERNAL SERVER ERROR IN BROWSER ................................................................................................... 55
USER GETS NO TRANSPORT PROVIDER AVAILABLE ................................................................................. 56
APPENDIX B - ADDITIONAL MATERIAL.......................................................................................... 58
WEB SITES ................................................................................................................................................ 58
BOOKS AND PERFORM GUIDES ................................................................................................................. 58
APPENDIX C - SAMPLES ....................................................................................................................... 60
SAMPLE NOTE TO BE SENT TO CLIENTS: CLIENT EMAIL 1 ......................................................................... 60
SAMPLE OF LDIF FILE 1 ........................................................................................................................... 60
SAMPLE OF TCL FILE ............................................................................................................................... 62
APPENDIX D – MTA CONFIGURATION OPTIONS.......................................................................... 63
Page 3 of 3
Chapter 1 Getting Started
This guide describes procedures and techniques to install and configure Bynari
InsightServer for Linux and InsightConnector. Bynari’s InsightServer provides a
centralized messaging and collaboration system running on Linux. It allows users to
migrate from installed and running Exchange servers to an open source, RFC compliant
model. With this program installed on a Linux server, combined with the Bynari
InsightConnector installed on client workstations, users will be able to continue to use
their existing Outlook interface with very few changes.
Bynari Software Configuration
This guide focuses on Bynari Insight Server version 3.5. Prior to version 2.6, Bynari
InsightServer was known as Bynari TradeServer. Bynari InsightServer is installed on the
Linux host. It is made up of three primary open source components: Cyrus IMAP server,
Exim MTA, and OpenLDAP, as well as other open source packages to provide full
functionality. On top of the open source environment, Bynari provides proprietary code
to handle the management console, mapped LDAP attributes, concurrency abilities, as
well as handling security.
The Bynari InsightConnector is an optional program, which is installed on the users'

Windows workstations to aid in the migration from Microsoft Exchange Server to Bynari
Insight Server, as well as using the IMAP abilities of InsightServer for messaging. It is
possible to use InsightServer as a POP3 host for mail, and to publish free/busy time
information using Microsoft Outlook without the InsightConnector code, however
migration from Microsoft Exchange is much more difficult without it. The following
diagram depicts the open source components which Bynari uses:
Page 4 of 4
Cyrus IMAP (Internet Message Access Protocol)
Bynari uses the open source Cyrus program for its IMAP server. The IMAP server allows
users to access mail on a server as if they were local files, as opposed to having to
synchronize POP3 mailboxes.
The Cyrus IMAP server controls and stores the mailbox database. This includes all user
inboxes and shared folders. You will sometimes see this function referred to as a Mail
Delivery Agent or MDA.
Exim MTA (Message Transfer Agent)
Bynari uses the open source Exim code as its message transfer agent. This code is fully
documented at www.exim.org.
One must configure Exim to accept incoming messages, and send outgoing messages.
Bynari’s web interface allows for configuration of the exim queue, which includes
allowable relay domains, error reporting options, and performance options.
For the purposes of your installation, knowledge of network administration will allow
email to be sent outside and into the company from allowable hosts.
OpenLDAP (Lightweight Directory Access Protocol)
OpenLDAP allows for the storing and sharing user information in programs such as a
global address book. The version of OpenLDAP used on our Bynari system was
OpenLDAP 2.0, which contains support for the LDAPv3 specifications.
Additional Open Source components
Bynari Insight Server also uses the following open source programs which come with
SuSE and Red Hat distributions: Apache HTTP web server, the Berkeley Database
(Berkeley DB), GNU database routines, Professional FTP Daemon (proftpd).
Documentation for these components can be found on Red Hat’s and SuSE’s website, as
well as other previously published Linux documentation.
Bynari directories
For Ver 3.5.1
Page 5 of 5
The directories below are where Bynari code is installed. These include all of the open
source code as well as Bynari proprietary code.
/usr/exim
/usr/apache
/var/spool/cyrus
/var/lib/cyrus
/usr/var/openldap-ldbm
/usr/etc/openldap
/etc/openldap
/usr/insight
/home/ftp
These directories must be deleted if you wish to uninstall InsightServer.
For Ver 3.5.2 and 3.5.3

These versions have been complied for a “chroot”ed directory install. Meaning wherever
you choose to install your server the directories will be rooted from there:
If default install was used the directories will be:
/usr/local/insight/usr/exim
/usr/local/insight /usr/apache
/usr/local/insight /var/spool/cyrus
/usr/local/insight /var/lib/cyrus
/usr/local/insight /usr/var/openldap-ldbm
/usr/local/insight /usr/etc/openldap
/usr/local/insight /etc/openldap
/usr/local/insight /usr/insight
/usr/local/insight /home/ftp
Page 6 of 6
Chapter 2 Installing Bynari InsightServer
This chapter describes the installation of the core part of Bynari, known as Bynari
InsightServer. Also it presents the method to automatically start InsightServer.
2.1 Required information before Installation
Following is a checklist of information that you will need when installing the source code
on the system. Some of this information you will need from the system administrators,
others you will need to get from the network administrators.
TCP/IP address of mail server

Hostname of mail server
Domain in which server will reside
2.2 Getting InsightServer code on the system
The first step needed to install InsightServer is to get the code into a directory on your
Linux system. If you are going to install on a large number of servers, you might wish to
put the install code on an outside ftp server so that you can download the code to multiple
servers from one site. It does not matter in which directory the tar.gz file is placed. The
installation program will run from anywhere and create the proper directories. It is
assumed that you have the required skills needed to ftp the code to your server.
2.3 Installing the code
In this section we explain how to install Bynari InsightServer.
Unpacking the code
Once the code is on your system, you will need to unzip and untar the installation
package.
tar -xzvf insightserver3.5-x.tar.gz
Sample Output:
insightserver3.5-x/
insightserver3.5-x/setup
insightserver3.5-x/README
insightserver3.5-x/manual/
Page 7 of 7
insightserver3.5-x/manual/InsightServer.doc
insightserver3.5-x/data/
insightserver3.5-x/data/setup.bin
insightserver3.5-x/data/setup.dat
insightserver3.5-x/data/EULA
insightserver3.5-x/data/src.tar
As seen above, the tar command will create a directory under the current directory called
‘insightserver3.5-x’ which contains the setup files as well as documentation you might
want to read before proceeding. Specifically the README file contains information
about the TCP/IP ports that need to be disabled in order for the install to run successfully.
Disabling ports needed by InsightServer
Again, it is assumed you installed a "SuSE Network" system, which should already have
FTP and SMTP servers running. These will need to be disabled in order for the
installation to work. It is possible to just kill the processes that are currently running, but
the configuration files need to changed so that on a restart of Linux, the InsightServer can
restart properly.
Edit the inetd.conf file to disable the currently used FTP ports
pico /etc/inetd.conf
Make sure all lines that start with ftp have a # in the first column
Edit the rc.config file to disable the SMTP ports
pico /etc/rc.config
Make sure the line SMTP= is set to SMTP=”no”
Make sure the line START_HTTPD= is set to START_HTTPD=no
Once these are done, it is recommended that you shut down and restart Linux to make
sure the new configurations are correct.
Running install code
In 3.3.1, you can see where running the tar command created a setup file. Change
directory to the one created by the tar command and run the setup file
cd insightserver3.5-x
./setup
Page 8 of 8
Note: If you get an error saying that the configuration is aborted due to certain TCP/IP
ports still in use, then see “Appendix A - Troubleshooting - Disabling TCP/IP ports”.
When installation works you should see the following:
Bynari InsightServer 3 - General Linux (2.4 Kernel)
Scanning needed ports.. please wait..
All ports are free.. proceeding with installation..
Please review the license agreement thoroughly before proceeding!
Please press enter to read the End User License Agreement
At this point you will have to read and agree to the End User License Agreement. Hit the
‘enter’ key to begin reading it. If you wish, you can read the whole thing, otherwise press
the ‘q’ key to quit reading. Type ‘ok’ to agree to the license and continue with
installation.
After the agreement, you will be asked a series of questions to configure administrator
access.
You will see the following text and be asked to enter the 7 parameters. User responses are
in bold:
If no value is entered, the default will be taken. Hit

Control-C(^C) now to abort the post-installation configure.
If you continue, your directory data may be overwritten.
Username [manager]: manager
Password [password]: password
IP Address [192.168.3.98]: 192.168.3.98
Full Domain Name [mail.bynari.net]: mail.bynari.net
Virtual Domain [bynari.net]: bynari.net
LDAP Search base [c=US]: c=US
Note: You MUST supply a value for the ‘Full Domain Name’ and the ‘Virtual Domain’
fields. If you accept defaults here then you will NOT be able to properly configure
Insight Server to do such things as adding users, groups, etc. Once you have input your
values you will get a confirmation that will look something like below:
Using these values:
"manager" for insight server admin account
"password" for insight server admin password
"192.168.3.98" for ip address
"mail.bynari.net" for fully qualified domain name
"bynari.net" for virtual domain
"c=US" for the ldap search base
If this is not correct, press ^C to exit, else press enter to continue...
If these values are correct, press the ‘enter’ key and you should see the following
messages:
Getting ready...
Bynari InsightServer: Installing....
Bynari InsightServer: Starting ........start command processed.
Insight is running normally...
Adding password for user manager
Done.
Page 9 of 9
Access the administrative interface at: http://192.168.3.98/
If you see the above messages, then you have completed the initial installation of Bynari
InsightServer!
2.4 Automatically Starting and Stopping Insight
InsightServer will modify either /etc/init.d/boot.local or /etc/rc.d/rc.local to make

InsightServer automatically start.
Command to Determine if InsightServer is Running
The main command to remember when checking on your Bynari system is

"InsightServer". It can be run from anywhere, and it is used to start, stop, restart, and
check the status of the Bynari Insight Server.
# insightserver start
# insightserver stop
# insightserver restart
# insightserver status
2.5 Completing Installation

Once you have completed the steps above, the installation has been completed. The
customer should have gotten a license key from Bynari. This will be input the frist time
someone logs on to the web interface with the manager id.
Open a web browser, go to http://your.ip.address
Click on ‘User Administration’
The first time through, this will bring up a screen to input the License Key
Input the key from Bynari, click on ‘submit’.
Page 10 of 10
Chapter 3 Configuring Bynari InsightServer
This chapter describes the necessary steps to configure Bynari InsightServer.
These steps include for example adding and migrating user-ids from MS Exchange to
Bynari InsightServer.
3.1 Logging onto the Web Interface

Bynari provides a web interface in where you can accomplish most configuration tasks,
and even basic migration tasks if you are migrating from Exchange 5.5 This can be found
by pointing a web browser to the IP address or the domain name of the server (i.e.
192.168.3.80 or mail.bynari.net).
In the above figure:
User Administration is where the manager would add/delete/configure users and groups.
Shared folders are where the manager could add/delete/configure shared folders. MTA
Configuration contains communication and message handling configurations of the
Bynari server. Lastly, under the Users section is where individual users could log on to
change their password.
The manager can log on from any web interface that has access to the Bynari server.
Whichever action the manager wants to take, they will be asked for a user-id and
password. This will be the same user-id and password given during the installation
process.
In our setup, these were:

Username [manager]: manager
Page 11 of 11
Password [password]: password
3.2 Configuring Communication
Communication from and to the outside world from your Bynari system is handled by the
Exim MTA open source code. The Exim configuration is stored in the following
configuration file:
/usr/exim/configure
Log on to the web interface and select MTA Setup. The picture below is a screen shot of
the primary configuration options needed to be configured to send and receive messages
to other hosts and domains.
Exim provides an extremely large array of configuration options not covered in the web
interface. Configurations done both with the web interface, and by editing the
configuration file directly. It is strongly recommended you work with your network
administrator about what options should be set, as setting the wrong parameters could
cause Bynari to not allow you to send email to certain domains, receive from other
domains, not allow email to be sent out of the image, allow remote and unknown users to
use the local host to forward email, etc.
Page 12 of 12
Using IP addresses in Host_Accept_Relay field
In our configuration we found that the client PCs were not automatically configured to be
a part of any recognized domain. Therefore, an IP address range had to be entered into
the ‘Host_Accept_Relay’ field. This might be easiest for your configuration.
If you have a class A type network, then all of the servers and clients will have the same
starting number for IP Address. You would treat that the following way:
10.0.0.0/8
However, a class B or C network uses a smaller set of IP Addresses. The examples below
show a class B and a class C example respectively
192.168.0.0/16
192.168.3.0/24
Entering the IP address range could be simpler if you are dealing with a large network
and are unsure if every client desktop has been properly configured to be a part of the
same domain as the Bynari server. Configuring the Bynari server will need to be done in
conjunction with any Routers and DNS.
3.3 The LDIF and TCL Files and Their Uses
Because Bynari uses OpenLDAP and Cyrus to handle addressing and handling of mail, it
is possible to manipulate the information without going through the Bynari interfaces.
The process of importing LDIF and TCL files described at the end of this section are the
final steps in importing user and group information from Microsoft Exchange. Below is a
little information about the types of files used by OpenLDAP and Cyrus for inputting
information.
Search OpenLDAP for Current Information
To search the current database for users or groups or organizations on the Bynari server,
you can run the ldapsearch command from a telnet session. One reason you may want to
use these commands is to store the current LDAP directory to an LDIF file so that it can
be backed up.
Page 13 of 13
Example of ldapsearch
ldapsearch -L -D “cn=manager, c=US” -b “c=US” -w password “cn=*” >
ldapsearch.out
The above example would search the current LDAP directory for all users, the “cn=*”
parameter. The command logs on as manager, whose password is still ‘password’ to get
this information. The -L parameter puts the output in proper LDIF format, whose format
is described below. If desired, you can use this file for input later. Lastly, this will save
the output to the file ldapsearch.out.
If you want to search for organizations or groups, change the “cn=*” parameter to “o=*”
for organizations, or “ou=*” to search for groups.
The LDIF File
LDIF stands for LDAP Directory Information File. It is a simple text file formatted for
use in ldapadd or ldapmodify commands to add groups of information into LDAP The
format of this file is simple. It is the information heading followed by a colon and then
the data for that heading.
To import information such as organizations and users into OpenLDAP, you will need to
create an LDIF file with the proper information which will be read by the OpenLDAP
server used by Bynari. This can be done either for migration of current customer
information, or if you have a large amount of new data to import and do not want to go
through the web interface to add all new users and groups. An example of an LDIF file in
the proper format for OpenLDAP used by Bynari is below, this list contains information
for all fields used by InsightServer:
dn: cn=Firstname Lastname, ou=BynariGroup, o=Bynari, c=US

cn: Firstname Lastname
display-name: Firstname Lastname
givenName: Firstname
objectClass: organizationalPerson
objectclass: person
objectclass: Top
mail: Firstname@bynari.net
homepostaladdress: address
l: city
st: state
postalcode: zip
c: country
homephone: telephone
mobile: mobile
pager: pager
o: company
postaladdress: address
telephonenumber: telephone
facsimiletelephonenumber: fax number
url: web page
title: title
department: department
physicaldeliveryofficename: office
otherfacsimiletelehphone number: other fax
Page 14 of 14
otherphone: other phone
comment: notes
uname: Firstname
password: password
sn: Lastname
Not all of these fields are necessary for an entry to be able to be read by InsightServer.
The fields highlighted in bold represent the fields that would be returned if you entered
only the minimum information required to create a new user. The above list shows
information if all fields are filled in from the web interface available in InsightServer.
Because LDAP is not platform specific, the names used to mark each field are not
standard across all platforms. For example, ‘uid’ from an LDIF file on some platforms
would need to be changed to ‘uname’ to be read by InsightServer on Linux. Every user id
in Bynari must be part of an organization or group. The lists below show an example
LDIF entry for both an organization and a group.
Organization Example
dn: o=Bynari, c=US
changetype: add
objectclass: organization
objectclass: Top
o: Bynari
Group Example
dn: ou=development, o=Bynari, c=US
changetype: add
objectclass: Top
ou: development
Once you have the information in the files, you will need to issue either the ldapmodify
or the ldapadd commands. You will use the ldapmodify command if you have the
‘changetype: add’ as the second line of each profile, otherwise you will use the ldapadd
command.
Example of the ldapmodify and ldapadd commands
ldapmodify -cv -D "cn=manager, c=US" -w password -f file.ldf

ldapadd -cv -D "cn=manager, c=US" -w password -f file.ldf
The parameter ‘-cv’ has two meanings. The c means to continue with new entries, even if
the current entry contains an error, and the v means verbose processing, which means the
system will output many more messages telling you what it is doing. We found these
options desirable in case we had a syntax error in one entry. In that case we could see
what entry had an error, but the system would continue to load the other groups listed
Page 15 of 15
after the one that encountered an error. Examples of when to use the commands are in the
following sections.
The TCL file
Once users have been created through the ldapmodify command, a mailbox will need to
be created for each user. This can be accomplished one at a time through the cyradm
command, or large groups of folders can be created along with the proper access control
list through the use of a tcl file. The proper format to create a mailbox for user tom is
below:
eval cyradm connect c 192.168.3.80
eval c authenticate -pwcommand {{
set hostname “192.168.3.80”
set adminid “manager”
set adminpw “password”
list $adminid $adminpw }
c createmailbox “user.tom”
c deleteaclmailbox “user.tom” anyone
c setaclmailbox “user.tom” “manager” “lrswipcda”
c setaclmailbox “user.tom” “tom” “lrswipcda” }
If the above text were saved in a file called ‘tom.tcl’ in the /tmp directory, then the
mailbox could be created using the following command
mail:/usr/cyrus/bin # ./cyradm -file /tmp/tom.tcl
The example above is to add one mailbox for user tom with the standard access control
lists for that user and the manager. If you were to add 2 or more mailboxes, you would
need to repeat the last four lines of the file for each user mailbox you were adding.
3.4 Creating new Organizations and Groups
Before any new users can be added to the system, a set of organizations and groups must
be added to the system.
Using the Web Interface
To manually add individual organizations and groups, follow the steps below:
Through a web browser, log on to the Bynari InsightServer home page for the system
you want to configure
Page 16 of 16
Click on ‘User Administration’, log on as the manager user.
Click on ‘New Organization’.
Only information necessary is organization name, however you can input all fields the
customer wants stored on the server.
Click ‘Submit’ at the bottom of the screen, this will take you back to the user
administration screen.
Now click on the ‘New Group’ icon.
Only the group name is necessary, again you can enter whatever information is required
by the customer.
Click ‘Submit’ at the bottom of the screen.
Page 17 of 17
You will now have the minimum configuration necessary to begin adding users. You can
add multiple groups and organizations, up to however many the customer feels are
necessary.
Importing Groups Using LDIF File
If you have a large number of organizations or groups to add to a system, it might be

desirable to create an LDIF file with all the new organizations and groups contained
inside. An example of the file is as follows:
dn: o=company, c=US
changetype: add
objectclass: Top
o: company
dn: ou=development, o=company, c=US
changetype: add
objectclass: organizationalUnit
objectclass: Top
ou: development
dn: ou=finance, o=company, c=US
changetype: add
objectclass: organizationalUnit
objectclass: Top
ou: finance
Once this file is created, you would run the ldapmodify command on the Linux system to
add the new organizations and groups as follows:
mail:/tmp # ldapmodify -cv –D "cn=manager, c=US" -w password -f input.ldf
3.5 Creating New Bynari Users
In this section we describe steps necessary to create new user-id’s on InsightServer. This
would be the addition of new users not being imported from an Exchange system. As
with the creation of organization and groups, there are two methods to do this, either
through the web interface, or through creation of an LDIF file. Creation of users using the
LDIF file also requires manually adding the Inbox folders for the users created, whereas
the web interface accomplishes both tasks at once.
Using the Web Interface
The simplest method for adding new users is by the Bynari Web interface. It allows you
to input all necessary parameters.
Page 18 of 18
Note: It is required to choose an organization, input a username, password, display name,
firstname, and lastname for new users. Bynari will return with an error and without
adding the user if at least these pieces of information have not been supplied.
Use the following steps to add a new user using the web interface:
Through a web browser, log on to the Bynari InsightServer home page for the system you
want to configure.
Click on ‘User Administration’, log on as the manager user.
Click on ‘New User’, you will see a screen like the one below:
Choose an organization or group, and input all information provided.
Click on the ‘Submit’ button at the bottom when you are done.
Page 19 of 19
If the user was properly added, you will be returned to the user admin page with a
message at the top of the screen saying
Success adding user
Using the web interface to add a user will add the user information to both the LDAP
directory, as well as add the user’s Inbox folder.
Adding New Users through LDIF and CYRADM

This section describes the process of adding users by using ldif and TCL files. This will
be the final step in any migration process, all migration processes are geared towards
creating ldif and TCL files. Once those files are created, you can use the procedures
‘Loading LDIF and TCL files into OpenLDAP and Cyrus’ below.
Also, when adding a large number of users, you might find it easier to create an LDIF file
with the user information required, then use the ldapmodify command in Linux to import
the file. The would be especially true if all the users to be added are in the same
organization or group and you would be entering the same business address or any other
similar information. As stated before, using LDIF to create users will not create the Inbox
files, this is done by creating a TCL file for use with the ‘cyradm’ command.
To add a large number of users, we found it easiest to create the files using any word
processing program to create the file, save the file as a .txt format, and then upload the
files to the Linux server using ftp or scp. The steps to follow are as below:
Using word processor, create a new document.
Enter the desired information for each user, using the copy/paste functions for any
duplicate fields (such as all three ‘objectclass’ lines).
Save the file as a text file and an extension of ldf, we will use test1.ldf.
Open a new document for use as a tcl file. We will call it test1.tcl.
Input the necessary information.
Upload the files to the Linux server by using ftp or scp

open command prompt to the directory of the saved files.
At the command prompt, ftp to the ip-address of your Linux server.
Logon as a previously defined user to the Linux system.
Put the file to the default directory of that user.
Page 20 of 20
Loading LDIF and TCL files into OpenLDAP and Cyrus
On your Linux telnet session, run the following commands from the directory where you
uploaded the ldf and tcl files.
mail:/home/tom # ldapmodify -c -D "cn=manager, c=US" -w

password -f tom.ldf
or if you have not put a changetype: add parameter in your ldif file:
mail:/home/tom # ldapadd -c -D "cn=manager, c=US" –w

password -f tom.ldf
mail:/home/tom # cyradm -file tom.tcl
Now you should be able to go back to your web interface, click on user admin icon, and
see all the new users you added from the ldf file. You should also be able to click on the
shared folders icon to see the new inbox folders for your user. Each user should have
access to a folder with their username, such as user.tom.
3.6 Migrating User-ids into Bynari from Exchange
The process of migrating user data will differ depending on which version of Exchange
and Windows the customer is using. The migration process from an Exchange 2000
running on Windows 2000 system will need to be run from the Windows 2000 console.
This is necessary to run the ‘ldifde’ command to export the users. Exchange 5.5
migration process can be done from any Linux system with access to the same network as
the Exchange 5.5 servers. The following facts must be kept in mind when migrating from
Exchange as they relate to what version of Exchange the customer is currently running:
Notes to remember about current migration processes
Currently, a firm in Taiwan has developed a migration tool to export passwords from any
version of Exchange. Otherwise, no known way exists. Bynari is working on this issue,
but the current recommendation is to give all users a default password and have them
change this once it is set up.
The ldifde command documented below is only recognized in Windows 2000. Below
there are two main sections, one for exporting data from Exchange 5.5, and one for
exporting from Exchange 2000.
Page 21 of 21
Exporting User Information from Exchange 5.5
Description of Process
To get the current Exchange users off of Exchange 5.5, you must first make sure that
your Linux system is on the same network as, and can access, the Exchange server. This
can be done by pinging the Exchange server from the Linux server. Secondly, the LDAP
protocol must be enabled on the Exchange servers. You will have to communicate with
the current Exchange administrator to make sure this is enabled. Not only does the
protocol need to be enabled, but ‘allow anonymous login’ should be checked. Once these
settings are done, then you will be able to run an ldapsearch command against the
Exchange server to get the current user information. Once the Exchange servers have
been set up, you should now be able to run a simple ldapsearch against each server. The
basic form of the command is as below:
mail:/home/tom # ldapsearch -h 192.168.3.95 "uid=*"

> exchange1.ldf
This command runs a search against the server with an IP address of 192.168.3.95,
returns all information that has a uid, and returns the results in the file exchange.ldf. The
format of the file will look something like this:
cn=TomA,cn=Recipients,ou=BYNARI.NET,o=Bynari
objectClass=organizationalPerson
objectClass=person
objectClass=Top
rdn=TomA
cn=Tom AdelsteinAdelstein
distinguishedName=cn=TomA,cn=Recipients,ou=BYNARI.NET,o=Bynari
rfc822Mailbox=TomA@BYNARI.NET
mail=TomA@BYNARI.NET
This is just to verify that the search will run, and that we are getting the desired
information. Once you have run that search, run the search again, except this time with
the -L parameter to return the results in proper ldif format, as such:
mail:/home/tom # ldapsearch -L -h 192.168.3.95 "uid=*" >

exchange.ldf
This will put the output in the following format:

dn: cn=TomA,cn=Recipients,ou=BYNARI.NET,o=Bynari
objectClass: organizationalPerson
objectClass: person
objectClass: Top
rdn: TomA
cn: Tom Adelstein
distinguishedName: cn=TomA,cn=Recipients,ou=BYNARI.NET,o=Bynari
rfc822Mailbox: TomA@BYNARI.NET
mail: TomA@BYNARI.NET
Page 22 of 22
As you can see, this is much closer to the output we want. From this output, you will
need to determine exactly what fields you want to keep, and which are not necessary for
the Bynari fields. For example, we do not need the rfc822Mailbox information. One thing
you have to remember is that some fields may not be named the same, but they are
necessary for Bynari input. For example Exchange outputs a field with a name of ‘uid:’
which will be needed in Bynari, but needs to be renamed to ‘uname:’ at a later time. Be
sure to keep all fields that will be necessary, but their format or name name changed
somewhat for proper formatting later. Once you have determined what fields you want to
keep, put those fields into the ldapsearch command. An example of this is below:
mail:/home/tom # ldapsearch -L -h 192.168.3.95 "uid=*" dn

objectclass cn rdn Company uid givenName mail >
exchlimit.ldf
The above search is only for reference. You will probably want to keep much more
information than in our example. Other information you will want to keep could be such
things as telephone number, address, business unit, etc. Also, your system will have
group information, this should be the same group information that will be input into
InsightServer, and such the fields should be modified to fit that of inputting a new Group
or Organization in the OpenLDAP fields.
Once you have run the search you want and gotten the file for your exchange server, you
will need to edit the field names, and possible some of the fields, so that they match the
formatting needed to input them into OpenLDAP for Bynari. The easiest method we
found was to download the file to our PC, and use a word processor to edit the file. This
allowed us to do search/replace options to do such things as replace all ‘uid’ to ‘uname’,
and to change the information in the dn: line to match the groups and organizations you
have already set up on your InsightServer system.
Once the LDIF file has been created, you will need to create a TCL file for use with
Cyrus to create the user mailboxes. You can then import the ldif file and the tcl file as
documented at the end of section 4.4.2
Step-by-Step Instruction
Import Exchange users into ldif file.

Open telnet session to Linux session, logon as root create new directory for Exchange ldif
data.
mail:/ # mkdir exchangedata
Go to the new directory.
Run ldapsearch against Exchange server, using IP address of Exchange server.
Page 23 of 23
mail:/exchangedata # ldapsearch -L -h 192.168.3.95 "uid=*"
> exchange1.ldf
Use text editor to check output of search.
Change dn: line of each entry for proper formatting of input into Bynari.
Change other field entries to match proper format (ie. uid changed to uname).
After all entries are in proper format, run ldapadd (or ldapmodifi if second line of each
entry contains ‘changetype: add’) command to add users to Bynari system.
mail:/exchangedata # ldapadd -cv -D "cn=manager, c=US" -w

password -f exchange1.ldf
Create new user mailboxes.
Create new TCL file.
mail:/exchangedata # pico exchange1.tcl
Use example in section 4.4.2, or “Appendix C - Samples” for proper TCL formatting.
Once TCL file is complete, run cyradm with that file to add mailboxes.
mail:/home/tom # cyradm -file user.tcl
Repeat above steps for each Exchange 5.5 server.
Exporting User Information from Exchange 2000
Microsoft uses it’s own proprietary format to store data from Exchange 2000. However,
in Windows 2000 using Active Directory they do have support for ldif file export. To
export the data you must run the ‘ldifde’ command from a command prompt. If you wish
you may look at the help file on Windows 2000 help file for an in depth look at all the
options associated with this command.
Description of Process
The basic command to run is as follows:
c:\ldifde -f dataset.ldf
However, this will get all information possible from the Exchange server, including
administration profiles, security group profiles, etc. Also, the command will export
information that only relates to the Exchange server, and will cause the user to be
Page 24 of 24
unrecognizable to the InsightServer in OpenLDAP. An example of a user profile listing if
exported with all options is below:
dn: CN=Tom Adelstein,CN=Users,DC=itso,DC=bynari,DC=net
changetype: add
homeMDB:
CN=Mailbox Store (IBM-ITSO),CN=First Storage
Group,CN=InformationStore,CN=Bynari-
ITSO,CN=Servers,CN=First Administrative Group,CN=Administrative
Groups,CN=ITSO
-Bynari,CN=Microsoft
Exchange,CN=Services,CN=Configuration,DC=itso,DC=bynari,DC=net
publicDelegatesBL: CN=tom4 tom4,CN=Users,DC=itso,DC=bynari,DC=net
accountExpires: 9223372036854775807
badPasswordTime: 0
badPwdCount: 0
codePage: 0
cn: Tom Adelstein
countryCode: 0
displayName: Tom Adelstein...
As you can see, this is much more information than Bynari will use, most of which will
not be used in OpenLDAP on Linux. The command we ran would limit the amount of
information returned to the file, and only return defined users and not groups and other
types of defined information we did not want. The command we ran is input below, with
an example of user output from that command:
c:\ldifde -m -n -r “(&(objectclass=user))” -l “cn, displayname, objectclass,
givenname, sn, mail, name” -f tom9.ldf
Example Output:
dn: CN=Tom Adelstein,CN=Users,DC=itso,DC=bynari,DC=net

changetype: add
cn: Tom Adelstein
displayName: Tom Adelstein
givenName: Tom
mail: tom@bynari.net
name: Tom Adelstein
objectClass: user
sn: Adelstein
As you can see, much less information is returned. The -r parameter specifies the search
criteria, and since we only wanted users we searched for objectclass=user. Also, we only
wanted a limited set of information returned, and the -l parameter limits which fields are
returned by the ldifde command. You can see from the example above, the output returns
a file that is similar, but now exactly like the ldif file we need to input into OpenLDAP.
You will need to edit the field headers to match what is needed by InsightServer. Once
the fields are marked correctly, you can upload the file to your Linux system, and do an
ldapadd command to add users and groups to your system. Follow the procedures as
outlined in section 4.4.2. Also, you will need to create a TCL file that will create an
INBOX for each of the new users with the proper access control list. Again, follow the
instructions in section 4.4.2 to create this list, and upload it to the system.
Step-by-Step Instructions
Import Exchange 2000 users into ldif file
Page 25 of 25
Go to the console of Exchange 2000
Open a command prompt
Run ldifde command to export user data
c:\temp\ldifde -m -n -r “(&(objectclass=user))” –f
exch1.ldf
Examine output of file determine which fields needed to be input into Bynari’s
OpenLDAP
Re-run ldifde command with -l parameter for only the fields you want. The command
below is an example of the fields we chose to keep. Yours will most likely be different.
Example
c:\ldifde -m -n -r “(&(objectclass=user))” -l “cn, displayname,

objectclass, givenname, sn, mail, name” -f exch1.ldf
Using text editor or word processor on a local desktop, open and check output of search.
Using Lotus WordPro, our output looked like this:
Change ldif file so that field names and attributes match those necessary for OpenLDAP
and Bynari, for example displayName should be display-name Change the dn: line of
each entry so that the user will be put into the proper groups and organization. For our
example, we had created an organization of Bynari and a group of ITSO on our Bynari
system, so we did the following:
Select Edit, Find&Replace

We did a change all of ‘CN=Users,DC=itso,DC=bynari,DC=net’ to ‘ou=ITSO, o=Bynari,
c=US’
Change other field entries to match proper format (ie. uid changed to uname, and the
correct objectclass fields as well as a default password field), refer to “Appendix C -
Samples” for a properly formatted file.
In text editor we did a change all of the objectClass: user line to be four lines:
objectclass: organizationalPerson
objectclass: person
objectclass: Top
userpassword: password
For Lotus WordPro, in the replace field you can separate entries with a ^r for a new line
between entries. In Microsoft Word you can put a ^p for a new line between entries. This
saves you from having to type all four entries into each user. Therefore in Lotus WordPro
your replace field would look like this:
objectclass: organizationalPerson^robjectclass: person^robjectclass: Top^ruserpassword:

password
Page 26 of 26
After all entries are in proper format, upload the file to the Linux server and run ldapadd
(or ldapmodify if second line of each entry still contains ‘changetype: add’) command to
add users to OpenLDAP system.
mail:/exchangedata # ldapadd -cv -D "cn=manager, c=US" -w password -f

exch1.ldf
Create new user mailboxes.
Create new TCL file.
mail:/exchangedata # pico exchange1.tcl
Use example in section 4.4.2, or “Appendix C - Samples” for proper TCL formatting.
In the TCL file, be sure to have a mailbox created for each user loaded in the ldif file.
Also, be sure that the mailbox name is all lower case, ie. user.tom and not user.Tom
Once TCL file is complete, run cyradm with that file to add mailboxes.
Mail:/home/tom # cyradm -file user.tcl
Repeat above steps for each Exchange 2000 server.
Page 27 of 27
Chapter 4 Configuring Clients to Use InsightServer
This chapter describes the necessary steps to configure email clients to use InsightServer.
4.1 Installing Client Code
Important Note: These steps must be executed for each end user! At the time of the
writing of this guide, the InsightConnector tool only provided the support for connecting
to the Bynari server. The process of creating the new folders and moving Exchange
folder contents to Bynari required the steps below by each user. Be sure to check the
Bynari website and documentation for the latest migration tools and procedures.
Installing InsightConnector
The InsightConnector code is the migration package which should automatically copy all
of the data from the users Exchange mail account to the newly installed InsightServer.
The install program loads two new .dll files onto the customer machine which will add
new functionality and a new toolbar to the client’s Outlook program.
The installation of InsightConnector is straightforward, but it is the configuration and use

of the program is where difficulties can occur. We will discuss configuration later.
One way to distribute the client code is by way of an attachment in an email sent to all
users to be migrated that day. It must be noted in the email that the user should detach the
file, then close Outlook, and then run the installation program. Otherwise, a reboot of the
client machine will be necessary. See "Appendix C - Samples" for a sample note which
could be sent to each client being migrated. Be sure to include in the note the license key
for the Connector product, every user will be asked to enter this information during the
installation process.
Note that the sample email also includes the Microsoft Web publishing Wizard. If this
code is already installed on the users workstations it does not need to be installed again.
Tailor the sample email to your situation as appropriate. In the picture below you see that
a third toolbar has been added to the other two original Outlook toolbars after the
InsightConnector code is installed on the user's workstation.
Page 28 of 28
Installing Web Publishing Wizard
If you plan to have users publish their free/busy time to allow other users to schedule
meetings, Outlook requires a free program from Microsoft called the Web Publishing
Wizard. Follow the directions on the Microsoft website to install this program (called
wpie415-x86.exe). You may decide to send this code in the same note where you send
the InsightConnector code. See "Appendix C -Samples".
The wizard is available from Microsoft's website:
http://www.microsoft.com/downloads/release.asp?ReleaseID=22658&area=search&ordin
al=2
4.2 Migrating From Exchange to InsightServer
There are multiple steps involved in getting the client data completely migrated from
their Exchange Servers to using the Bynari InsightServer. As a reminder, we documented
the following steps as necessary from our machine. We were using Microsoft Outlook
2000. Many items could be slightly different if you are using Office 97, or Office XP.
However, even if the path varies, the options we describe setting below are still necessary
in any version of Outlook.
One word of warning: Outlook must be set up to run in Corporate/Workgroup mode if the
customer intends to access the Bynari server using IMAP protocols and the
InsightConnector tool. For most installations this should not be a problem. If it is
determined that a customer is not running Outlook in that mode, then it is possible that
Outlook will require additional files from the Microsoft installation CD. We have
documented a procedure here that takes the following assumptions:
Personal end user data, such as address books, calendars, and any personal folders, will
be moved by the user themselves.
End users will follow a documented set of procedures to move their data.
Page 29 of 29
User ID’s and passwords have already been set up. Please remember that these steps
should be followed exactly! If the steps are followed out of order, then the process could
become much longer through the fact that Outlook likes to add new folders at certain
times, and this could add confusion to the user.
Adding IMAP, POP3, and LDAP Access to Bynari
The first step is for the user to get access to their new server. They will need to add
access to three new services.
The IMAP service is needed to get general access to their Bynari folders. The POP3
access is necessary in order to send email, and the LDAP service is necessary to be able
to look up the global address book, and to publish and look up free/busy time for their
calendars. Once they have added these services, they will then need to shutdown and
restart their Outlook program. The users should add the three services in the following
order:
The following steps are for adding the IMAP mailboxes.
Click on the ‘IMAP Mailboxes’ icon added by the InsightConnector code.
On the ‘Insight Connector Options’ window, click on ‘Add’.

This will bring up a window asking for a location and name of the local file. It is possible
to change the information, but recommended to accept the default.
Click the ‘OK’ button.

You should now be back at the original ‘Insight Connector Options’ window.
Click on the ‘Options’ button.

You should now have an ‘Insight Connector Host information’ window.
Under Hostname, put either the IP address or the Domain Name of the user’s Bynari
server.
Leave the port number as the default given.
Under username and password, enter the information for the user information on the
Insight Server.
Click on the Ping Server button, you should receive a message saying “Successfully
Connected to the Server”. If you do not, then either the Hostname is incorrect, or the
login id/password is incorrect.
Click ‘OK’ to close the Host Information window.
Page 30 of 30
Click ‘OK’ to close the Insight Connector Options Window.
At this point you should see a new ‘Insight Server Mailbox’ at the top of the folder
section. Do not click on this folder yet. If you do, Outlook will attempt to add default
icons under the folder, and we do not want them yet!
The next steps are to add the POP3 service and LDAP service to the ID.
Under the Tools menu at the top, click on the ‘Services’ option. You will see the current
services used by the user id.
Click on the ‘Add’ button to add a new service.
To add the POP3 service, click on the ‘Internet Email’ option, then click ‘OK’, this will
bring up the ‘Mail Account Properties window.
Under the ‘General’ tab, enter the user name, and email address of the user.
Page 31 of 31
Under the ‘Servers’ tab, enter the IP address of the users server for both Incoming and
Outgoing messages.
Enter the username and password, and leave the ‘Remember Password’ option selected.
Under the ‘Connection’ tab, make sure the LAN option is selected.
Under the ‘Advanced’ tab, make sure the ‘Leave copy of messages on server’ option is
selected. Otherwise messages will be automatically deleted off the server.
Click ‘OK’.
You should get a message saying the new information will not be used until you have
restarted Outlook. Click ‘OK’, but do not restart Outlook yet.
You should be back to the Services window, click ‘Add’ to add another service.
This time, select ‘Microsoft LDAP directory’ and click ‘OK’.
For Directory Service Account, use a name recognizable to the user.
The ‘Server Hostname’ should be the IP address of the user's mailbox server.
Take defaults for all other information, make sure User name and password are left
blank!
Click ‘OK’. You should again get a message saying the new information will not be used
until you have restarted Outlook. Click ‘OK’, but do not restart Outlook yet.
You should again be back at the Services window.
Under the ‘Delivery’ tab, change the "Deliver new mail to the following location" to be
the Insight Server Mailbox.
Then click ‘OK to close the Services window.
Now close Outlook so that the next time Outlook is loaded it will load the new options.
You have now added the services necessary to access and send mail using the Bynari
server. However, the following steps are needed to migrate user data, and to configure
Outlook to properly use the Bynari server, and stop using the Exchange Server:
Restart Outlook using the same user id as before.
You may see a warning message saying user profile information has changed, and would
you like Outlook to recreate your shortcuts. Click ‘Yes’
Page 32 of 32
Our version of Outlook would automatically create new Calendar, Contacts, and other
folders under the "Outlook Today - InsightServer Mailbox". But sometimes it also
created another set under the Inbox which is under the InsightServer Mailbox. We could
never determine why this happened or if this was a bug, but in order to get the user data
migrated correctly, it was necessary to delete the second set of folders created under the
new Inbox which is under the "Outlook Today - InsightServer Mailbox". The easiest way
is to right click on each of these folders, then click the ‘Delete’ option.
The next step is to copy all the contents from the current Exchange folders (these will be
the folders under the heading "Mailbox - <user name>") to the similar folders under the
"Outlook Today - InsightServer Mailbox".
Select the Exchange Calendar folder, the one under "Mailbox - <user name>".
Change the View to be able to see all appointments in a list (the "Active Appointments"
view).
Under the ‘Edit’ menu, click on ‘Select all’.
Right click on the appointments, then drag them to the ‘Calendar’ folder on the
InsightServer, then let go. Select the ‘Copy’ option. Selecting Copy will allow you to do
the process over at a later date in case information is somehow corrupted through the
migration process.
Repeat the above steps for every Exchange folder, except for the Inbox, and any
Group/Shared/Public folders.
Page 33 of 33
Now click on the ‘Outlook Today - Insight Server Mailbox’ at the top of the Folder List
(this should also have the title of ‘Outlook Today’).
Clicking on this option will cause the folder to synchronize with the server. At this point
you will receive a message saying ‘IMAP synch could not create a remote folder called
X’ where X is the name of the current folder IMAP is trying to create. It will ask you if
you would like to create this folder underneath the Inbox folder. Select ‘Yes’ for every
folder.
Now, all of the folders should have been moved under the InsightServer Inbox with all of
their information.
Now you can remove the Microsoft Exchange Service, and begin receiving and sending
email over Bynari, using the following steps.
Go back to the Services window by clicking ‘Tools’ then ‘Services’ again. Click on
"Microsoft Exchange Server" and then click the ‘Remove’ button.
Click ‘Yes’ for the ‘Are you Sure’ message. Then click ‘OK’ to close the Services
window.
The next steps are to make sure Outlook is properly handling InsightServer mail.
Under the Tools menu, click ‘Options’.
Page 34 of 34
Select the "Mail Services" tab, and uncheck all services in the ‘Check for new mail on:’
window.
Select the 'Internet E-mail’ tab, and make sure the ‘Check my local network
connection(s) for new email’ option is not selected .
Click ‘OK’.
Publishing and Retrieving Free/Busy Time
The last step is to configure the clients to publish their free/busy calendar information to
the Bynari server.
Select Tools/Options, then click the ‘Calendar Options’ button.
Click the Free/Busy Options button at the bottom.
Check the ‘Publish Free/Busy’ checkbox and input the following information into the
publish and search URLs (specifying the IP address of your Bynari server where we have
192.168.3.98).
Publish at this URL:
ftp://192.168.3.98/freebusy/%NAME%.vcf
Search at this URL:
http://192.168.3.98/freebusy/%NAME%.vcf
Click the OK buttons until all 3 windows are closed.
Page 35 of 35
Now you will need to close down and restart Outlook to get the new changes to be
implemented. Upon restarting Outlook you should see the InsightConnector
Synchronization message window.
In our test case, we had to restart Outlook a couple of times to get Outlook to use our
InsightServer to send email instead of Exchange. To check to see which server Outlook is
using, go back to the Tools/Options menu, and under the ‘Mail Services’ tab, the only
option should be Internet E-mail, which should still be unchecked.
If you still see a Microsoft Exchange Server option, shut down and restart Outlook again.
Finally, go to the Tools menu, select 'Send/Receive' and then 'Free/Busy information' and
verify that the information was successfully sent. Now all the steps have been completed
for migrating user information, and changing Outlook to use the Bynari Server.
One final option may be to add the InsightServer LDAP service to other clients who have
not yet been migrated off of Exchange. This is to allow current Exchange users to access
the Bynari address book, and see Bynari users' busy/free time information.
4.3 Other End-User Tasks and Setup
The following options are tasks or options that the user can select in order to customize or
change settings for their user-id.
Password Administration
There are two different passwords that will be discussed below. The first is the Bynari
InsightServer password. This is the password saved on the server, and is associated with
the user-id whenever any communication occurs between the client and the server.
The second password is one that can be set by Outlook to access a particular set of
folders. In our case we can set a password the must be used in order for Outlook to open
the InsightServer folders to start. Both of these user-ids are INDEPENDENT from one
another. If both are to be used, or managed by the user, great care must be taken to
remember which is which if they are not kept the same.
Bynari InsightServer Password Administration
The user has the ability to change their own password using the same web interface as the
system manger. Once the password has been changed on the system, then they will have
to change it on their Outlook client as well.
Page 36 of 36
The following steps are for changing the password on the Bynari server.
Open a web browser, opening web page of the Bynari server for that user, for example:
http://mail.bynari.net
Click on the ‘Change password’ link.
Log in using current user-id and password.
Type in new password twice in spaces provided, then click the ‘update’ button.
The page should reset, with a message at the top saying ‘success modifying user’, if there
is any other message then the password has not been changed.
The following steps are required to change the Outlook client to use the new password.
This is only necessary if the previous password has been saved on the system.
Once Outlook is running, click on the ‘Mailbox’ icon that is a part of the Bynari
Connector toolbar.
In the password field, change the password to match the one entered on the web tool.
Outlook password for end-user folder access
The following procedure is to change the password used by Outlook to access a particular
set of folders.
Under the tools menu, select services.
Click on the InsightServer Mailbox, then click properties.
In the new window, click the change password button.
Enter the old (if a previous one was entered here) and new password.
Click ‘OK’ in the windows to accept and close the windows.
Synchronization, and other Folder Options
During the migration process, we have set up Outlook to use IMAP protocols to access
user folders on the server. By default, the selected folder will attempt to synchronize
every time it is selected.
Page 37 of 37
This can be changed by clicking the ‘Folder’ icon on the Bynari Connector tool bar. This
will bring up the configuration window for the currently selected folder. From here you
can change how often the folder synchronizes, as well as who has permission to see and
manipulate the folder, as well as other properties. The choices will have to be set for each
folder individually.
Page 38 of 38
Chapter 5 Exim MTA Configuration
5.1 Configuration Options
This chapter provides an overview and explanation of the most commonly used options
for the MTA configuration. For a complete list and description of each item, please see
Appendix D.
Basic Configuration
These are basic options that you might want to configure in Exim. These options control
message size, who can and can’t use the server to relay, and more.
Page 39 of 39
The Basic Options that you are able to configure include the mail system’s primary
hostname and local domains. The local domains are domains that the mail server is
configured to accept mail for. You can also configure relay domains (domains to relay
mail for) and relay access. To add relay access, or access to use InsightServer to send
outgoing mail, you may need to configure the “Host Accept Relay” option, which is a list
of hostnames and IP addresses.
You can also configure options dealing with message freezing, error handling, and
performance options such as the message size limit, which allows you to limit the size of
messages, incoming and outgoing.
Advanced Configuration
Some of the options available to configure in the Advanced Configuration section include
lists of hosts to reject mail from, hosts to allow access without doing DNS queries, error
and warning messages, and more queue options, such as a list of domains to hold mail in
the queue, for manually delivering mail.
Page 40 of 40
Logging Configuration
This page controls the logging options you can enable or disable in Exim. Exercise
caution while turning on these options, since logging everything can drastically increase
your log size.
Page 41 of 41
RBL Configuration
This section allows you to configure the Realtime Blackhole List inherent in Exim. The
RBL (and several similar lists) attempt to curtail SPAM by maintaining lists of mail
server that participate in poor e-mail practices. The RBL, operated by MAPS, is a service
you must subscribe to for a reasonable cost. To set this up correctly, contact MAPS to
activate your subscriptions, and they will tell you what domains to put in RBL Domains.
For more information on the RBL, see http://mail-abuse.org.
Filter Configuration
These advanced options control Exim’s built in filter. Changing these options is
recommended for only the most advanced Exim administrators.
Page 42 of 42
The “Message Filter” option is where RAV is enabled, as the screenshot above displays.
To disable the RAV filter, you would simply clear out this text field, and click the Set
Options button at the bottom of the page.
SMTP Configuration
This page controls the various SMTP related options that you can configure with Exim.
These are advanced options, and only experienced Exim administrators should change
these.
Page 43 of 43
Message Processing Configuration
These options control various things concerning messages and message processing. Here
you can decide how messages will look, when to reject and receive messages, and options
such as the maximum number of recipients for messages.
Page 44 of 44
5.2 Queue Management
View Queue
Here the current mail queue is listed on screen, showing total time in the queue, message
size, message ID, sender recipients, and the current status.
View Message
1
Page 45 of 45
This screen shows you the message and gives you three options: Freeze Message,
Thaw Message, and Delete Message. Each action will have a confirmation page.
Delete Frozen Messages
After confirming, this will remove all of the frozen messages currently in the queue.
Run Queue
Use this to “run” the queue. Running the Queue means to re-attempt delivery of all
unfrozen messages currently in the queue. A confirmation page will ask you to confirm
running the queue.
5.3 Server Management
In this section, you are able to Restart, Stop, and Start the server. A confirmation page
will ask you to confirm the requested action.
Page 46 of 46
Chapter 6 RAV Configuration
RAV provides integrated solutions to meet the security goals of small to medium size
businesses (SMB) as well as large global enterprises, Application Service Providers
(ASPs) and ISPs. Bynari’s InsightServer 3.5 comes with RAV Anti-Virus for Mail
Servers to allow administrators to protect critical data against malwares and unauthorized
data delivery. RAV Anti-Virus for Mail Servers also includes advanced group
management and content filtering features which interoperates with our Mail Transfer
Agent (Exim) through our administrative console.
RAV Anti-Virus for Mail Servers comes enabled in the default mode providing a 60-day
trial. Bynari recommends leaving RAV’s features enabled through the trial.
Administrators can disable the RAV features through the MTA configuration console.
6.1 Regular Expression Editing
In RAV, regular expressions are patterns that can be used to look for specific strings in
parts of the mail message. Here you can define your own regular expressions for later
use in scanning e-mails.
All defined regular expressions are listed here. You can set them up for use under the
Group Editing section.
Page 47 of 47
Modifying regular expressions
To change a regular expression, edit the text entry field, and then select the corresponding
Change button. To delete a regular expression, select Delete. A confirmation page will
ask you to confirm deletion.
Creating new regular expressions
To create a new regular expression, put a value for the Name, and then enter the desired
regular expression in for the Value. Select Create to add the regular expression to your
current list.
Listed below are some examples of regular expressions for use with RAV:
# Match the string "I love you" in the e-mail subject.

subj_regexp = (I love you)
# Catch e-mails containing company secrets.

body_regexp = secret
# Some possible infected files:

regexp_attachment = .*\.exe
file_regexp =
.*\.((vbs)|(vbe)|(js)|(exe)|(com)|(pif)|(lnk)|(scr)|(bat)|(shs)|(sh))
# Catch image files:

img_regexp = .*\.((jpg)|(jpeg)|(gif)|(tiff)|(png)|(bmp)|(ico)|(wmf))
# the body of some well known viruses (Hybris, Sircam, Klez)
Page 48 of 48
body_wn_regexp = (Snowhite was turning 18)|(NO more than $5500)
# the filename of some well known viruses (Nimbda, Aliz, Anset)

file_wn_regexp = (readme.exe)|(whatever.exe)|(ants3set.exe)
More information about regular expressions can be found in the regexp man page.
6.2 Action Editing
Actions are called to handle e-mails that match regular expressions or contain malware.
The following actions are executed by RAV on the file reported as infected or suspicious,
or matched with a content filtering rule:
• Clean – Clean the infected file.
• Move – Move the file to the quarantine (equivalent to copy and delete actions).
• Copy – Copy the file to quarantine.
• Delete – Delete the file and replace it with a new file automatically generated by
RAV. The file will be the same size as the one it replaced.
• Rename – The file will be renamed using the rename_ext extension specified in
the configuration.
• Ignore – The file is ignored, no action isi taken and the e-mail is delivered.
• Reject – The e-mail is rejected, it will not be delivered to any of its recipients.
Depending on scanning status the following valid actions are supported:

• For infected file: clean, move, copy, delete, rename, ignore, reject
• For suspicious files: move, copy, delete, rename, ignore, reject
• For e-mail files matching the subject filter: copy, ignore, reject
• For files matching the attachment filter: move, copy, delete, rename, ignore, reject
• For e-mail files matching the content filter: move, copy, delete, ignore, reject
The currently defined actions are listed. You have the option to modify or delete them.
Page 49 of 49
Modifying actions
To modify an existing action, change the Value in the text entry field, then select the
corresponding Change button. To delete the action, select it’s corresponding ‘Delete’
button. You will be presented with a confirmation page.
Creating new actions
To create a new action, go to the bottom of the page, and enter a value for Name to
represent the action. Then enter a value (such as “reject”) in the Value text entry field.
Finally, select Create to create the new action.
6.3 Group Editing
Groups are a way of organizing how RAV handles incoming mail messages. If you want
RAV to handle e-mail from or to a certain domain or sender different than the default,
you can create a group for them. For instance, if you don’t want RAV to scan any e-mail
coming from yahoo.com, create a group called “Yahoo” or whatever, set the “From Host”
to “yahoo.com”, and check the “do not scan” option.
The groups are listed, with the options to Edit, Delete and change Advanced Content for
each. You can’t delete the “global” group.
Page 50 of 50
Current groups
To edit a listed group, select it’s corresponding ‘Edit’ button. You can modify Group
Members (only for groups other than “global”), General Options, and Scanning Options.
To setup filtering rules using your regular expressions and actions, select Advanced
Content.
Page 51 of 51
Current Filtering Rules
The active rules are listed here. You can change the rule by selecting a different Regular
Expression and/or Action, then selecting Change. You can delete the corresponding rule
by selecting the Delete button.
Create New Filtering Rule
To create a new rule, first select the Component, which is Subject, Body, or Attachment.
Then select a Regular Expression and an Action from the lists. Finally, select Create to
create the new rule.
Please be aware that some Actions may not work with the chosen Component. For
example, when creating a new rule for the Component “Subject”, it’s better to use
subj_action, rather than file_action. If you find that your new rules are not working,
please take a look at /var/log. RAV will log as “ravmd” in the logfile. If there are errors
with configuration, you can see it here.
Creating new groups
To create a new group, go to the bottom of the page and enter the desired group name in
the text entry field under “Create New Group”, and then select Create. You will then be
taken to the Edit page for this group. You will need to fill out at least one item for Group
Members, but the rest of the options are optional.
Page 52 of 52
Group Members
The options available here are Sender, Receiver, From Host, and To Host. Configuring
these options enables the new group to know when to be active. For example, if you
wanted all incoming mail destined for bynari.net to be scanned with the specified setup,
but not all other domains configured on InsightServer, set To Host to “bynari.net”. If you
wanted all mail from user@domain.com to be scannd with the specified setup, set Sender
to user@domain.com. You can have more than one domain or address configured by
separating with commas for the four configurable options.
General Options
Here you configure general options such as what action to take for infected and
suspicious mails, whether or not to warn the sender, recipients, or the administrator, and
even whether or not to scan for this group.
If you wanted all mail from trusted-domain.com to not be scanned at all, you can create a
new group, setting the From Host to “trusted-domain.com”, and checking “Do not scan”
here.
Scanning Options
Here you can tell RAV to save infected and suspicious mails in the Quarantine Directory,
which, if left undefined, defaults to /var/spool/rav/quarantine on InsightServer. You can
also tell RAV to scan archives, such as .zip, .sit, and .tar.gz files.
Page 53 of 53
RAV E-Mail Address
Here you can specify warning mails sender e-mail address. The default values work in
most cases. Define these fields only if no warning mails are sent when a virus is found or
if you want to use a different account instead of ravms. Specify smtp_server IP address
only if that machine is behind a firewall and ravmd can't get its DNS name.
Note: The defaults are already set for new groups. You can set a text entry value back to
the default value by clearing out the text field.
6.4 Restarting RAV
To restart the RAV service, select Restart RAV. The service will restart while the current
page is reloaded. This is needed after changing any of the RAV settings. If RAV finds
an error in the current configuration, it will load the previous working configuration file
automatically. If your changes don’t appear to be working, look in /var/log for a file
containing output from ravmd. Here you will be able to find out what exactly is causing
the error.
Page 54 of 54
Appendix A – Troubleshooting
Disabling TCP/IP ports
This is an example of the error messages you might see if you execute the InsightServer
setup file without having turned off the necessary ports.
Example:
mail:/home/tom/insightserver3.5-1 # ./setup
Bynari InsightServer 3 - General Linux (2.4 Kernel)
Scanning needed ports.. please wait..
FTP port is currently in use.. Insight Server pre-install configuration aborted.
SMTP port is currently in use.. Insight Server pre-install configuration
aborted.
In the /etc/inetd.conf file make sure that all references to ftp, imap-4, and pop-3 are
commented out.
In the /etc/rc.config file make sure SMTP is set to SMTP=no and START_HTTPD is set
to START_HTTPD=no.
After any of these changes, shutdown and restart your linux system, then go back to the
./setup step in Chapter 2.
Internal Server Error in Browser
After bringing up the main Bynari web page you are given options such as “User
Administration”. Selecting any of the options for the first time will prompt you for the
Bynari manager’s id and password. If after logging onto the manager you see the
following screen then one of the possible causes is described below. One possible reason
for this error is that the Bynari cgi script is assuming a particular level of libstdc++ was
installed. You will need to determine which level the Bynari code is expecting and which
you have installed, and then create a symbolic link. We identified the cgi’s name by
looking at the URL location in our browser.
In our case it was:

http://192.168.3.98/cgi-bin/isadmin/index.cgi
You will need to go to the /usr/apache/cgi-bin/isadmin directory and run the index.cgi
script as follows:
cd /usr/apache/cgi-bin/isadmin
./index.cgi
Page 55 of 55
Example:
linux1:/usr/lib # cd /usr/apache/cgi-bin/isadmin
linux1:/usr/apache/cgi-bin/isadmin # ./index.cgi
./index.cgi: error while loading shared libraries:
libstdc++-libc6.1-2.so.3: can not load shared object file: No such file or
directory
We discovered which libsdc++ was installed by using the find command:
find / -name 'libstd*'

Example:
linux1:/usr/apache/cgi-bin/isadmin # find / -name 'libstd*'
/usr/lib/libstdc++-3-libc6.2-2-2.10.0.a
/usr/lib/libstdc++-3-libc6.2-2-2.10.0.so
/usr/lib/libstdc++-libc6.2-2.a.3
/usr/lib/libstdc++-libc6.2-2.so.3
/usr/lib/gcc-lib/s390-suse-linux/2.95.3/libstdc++.a
/usr/lib/gcc-lib/s390-suse-linux/2.95.3/libstdc++.so
Looking at the error message above, the cgi our Bynari system was looking for
libstdc++-libc6.1-2.so.3
but what we had a newer version
libstdc++-3-libc6.2-2-2.10.0.so
which happens to have a symbolic link called libstdc++-libc6.2-2.so.3 so

what we did was create a new symbolic link with the name the cgi script required in the
/usr/lib directory with the following commands:
cd /usr/lib
ln -s libstdc++-3-libc6.2-2-2.10.0.so
libstdc++-libc6.1-2.so.3
Example:
linux1:/usr/apache/cgi-bin/isadmin # cd /usr/lib linux1:/usr/lib # ln -s
libstdc++-3-libc6.2-2-2.10.0.so libstdc++-libc6.1-2.so.3
You should then go back to the cgi-bin directory and run the index.cgi script as before to
make sure you do not get the same error message.
At this point you should go back to your browser and “Reload” the page.
User Gets No Transport Provider Available
When a user attempts to send an email, they may get the email back with an error
message saying ‘No transport provider was available for delivery to this recipient’. This
Page 56 of 56
occurs when the Bynari server receives a message to transmit which comes from a
domain or IP address not defined to it. This means that one of three things is incorrect:
the Exim/MTA configuration is wrong,
the user is not a part of one of the defined domains represented in the
‘Host_Accept_Relay’ parameter,
either the DNS servers or the user PCs are not configured properly so that the Bynari
server can recognize the domain of the end user Proper configuration of the DNS is
required, but achieving that is beyond the scope of this book.
The virtual domain in which the user's Outlook machine resides must be included in the
definitions in the MTA configuration. Re-read section 4.2 "Configuring Communication"
in this book, as well as the Exim documentation at http://www.exim.org.
Page 57 of 57
Appendix B - Additional material
Web sites
Bynari, Inc.
http://www.bynari.net/
Bynari Inc. Knowledge Base (good source of technical questions and answers)
http://www.bynari.net/faq/
Cyrus IMAP (Internet Message Access Protocol)

http://asg.web.cmu.edu/cyrus/
Additional Cyrus Information:

http://www.ncsu.edu/imap/admin/cyrus/index.html
Exim MTA (Message Transfer Agent)

http://www.exim.org/
OpenLDAP (Lightweight Directory Access Protocol)

http://www.openldap.org/
SuSE Linux homepage

http://www.suse.com/
TurboLinux homepage
http://www.turbolinux.com/
Red Hat Linux homepage

http://www.redhat.com/
Linux MAN pages online

http://linux.ctyme.com/man/man1042.htm
Web search
http://www.google.com/
Search usenet (newsgroup)

http://deja.com/
GNU
http://www.gnu.org/
Books and Perform Guides
Linux system administration handbook, SR23-8905
Page 58 of 58
Linux configuration and installation, SR23-8928
Running Linux, 3rd Edition, SR23-9269
Linux unleashed, SR23-9387
Linux programming bible SR23-9518
Linux in a nutshell, 3rd Edition, SR23-9725
Linux networks administrators guide, SR23-9732
Linux internals, SR23-9952
Page 59 of 59
Appendix C - Samples
Sample note to be sent to clients: Client Email 1
To all end users: Your email server is going to be upgraded, you must follow these
instructions to prepare to access the new server.
1. Detach the following attachments to your Desktop: wpie415-x86.exe Microsoft Web

publishing Wizard InsightConnector.exe Bynari InsightConnector Attachment File Name
Code Package
2. Print this note for reference. You will need to shut down your Outlook program before
you can install these programs.
3. Shut down Outlook (File - Exit and Log Off)
4. Go to your Desktop and launch the InsightConnector.exe by double clicking the icon.
The InstallShield Wizard will start. Follow the prompts:
Select the ‘Next’ button.
Answer ‘Yes’ for the license agreement.
Enter the product key: xxxxx-xxxxx-xxxxx and click the Next button.
Accept the default folder name by clicking the ‘Next’ button.
Click the ‘Finish’ button.
5. Launch the wpie415-x86.exe by double clicking the icon.

Answer ‘Yes’ for the license agreement.
You will see several windows flash by indicating that files are being copied, but you will
not be asked any further questions.
6. Restart your Outlook program. You should see the following additional menu bar
indicating the InsightConnector code was properly installed: You will be receiving
another note shortly explaining more about the migration of your data to the new server.
Do not use the new tools until then.
Sample of LDIF file 1
The following is the result of an ldapsearch command with the -L parameter and only one
user defined. The user has been defined with minimum information necessary for
definition in InsightServer.
The command used to get this file was:
mail:/exchange # ldapsearch -L -D "cn=manager, c=US" -b "c=US" -w
password "cn=*" > ldapsearch.out
Page 60 of 60
dn: cn=manager, c=US
objectclass: person
objectclass: Top
cn: manager
uname: manager
dn: cn=Firstname Lastname, ou=New Group, o=New Organization, c=US
objectclass: person
objectclass: Top
givenname: Firstname
sn: Lastname
uname: Firstname
The following is an ldapsearch looking for organizations on the Bynari Server

mail:/exchange # ldapsearch -L -D "cn=manager, c=US" -b "c=US"
-w password "on=*" > ldapsearch.out
dn: o=New Organizatoin, c=US

objectclass: Top
o: New Organizatoin
objectclass: person
objectclass: Top
sn: Lastname
uname: Firstname
The following is the result of an ldapsearch on a user with all fields having had
information put in through the web interface.

objectclass: person
objectclass: Top
initials: Middlename
sn: Lastname
Page 61 of 61
homepostaladdress: home address
l: city
st: state
postalcode: zip
c: country
homephone: hometelephone
mobile: mobile
pager: pager
o: companyname
postaladdress: compaddress
telephonenumber: compphone
facsimiletelephonenumber: compfax
url: compwebpage
title: title
department: department
physicaldeliveryofficename: office
otherfacsimiletelephonenumber: otherfax
otherphone: otherphone
conferenceinformation: confinfo
ipphone: ipphone
uname: Firstname
Sample of TCL file
The following is a sample TCL file used to create Inboxes for three users:
eval cyradm connect c 192.168.3.80

eval c authenticate -pwcommand {{
set hostname “192.168.3.80”
set adminid “manager”
set adminpw “password”
list $adminid $adminpw }
c createmailbox “user.test1”
c deleteaclmailbox “user.test1” anyone
c setaclmailbox “user.test1” “manager” “lrswipcda”
c setaclmailbox “user.test1” “test1” “lrswipcda”
Page 62 of 62
Appendix D – MTA Configuration Options
The following information about the configuration options for Exim was taken from the
Exim Specifications file, available at http://www.exim.org/. It is strongly encouraged that
the postmaster read this and other Exim documentation as time permits.
Allow MX To IP
Type: boolean
Default: false
It appears that more and more DNS zones are breaking the rules and putting IP addresses
on the right hand side of MX records. Exim follows the rules and rejects this, giving an
error message that explains the mis-configuration. However, some other MTAs support
this practice, so to avoid `Why can't Exim do this?' complaints, allow_mx_to_ip exists, in
order to enable this heinous activity. It is not recommended, except when you have no
other choice.
Auth Hosts
Type: host list
Default: unset
Any hosts in this list that connect to an Exim server as clients are required to authenticate
themselves using the SMTP AUTH command before any commands other than HELO,
EHLO, HELP, AUTH, NOOP, RSET, or QUIT are accepted. See chapter 35 for details
of SMTP authentication.
Auto Thaw
Type: time
Default: 0s
If this option is set to a time greater than zero, a queue runner will try a new delivery
attempt on any frozen message if this much time has passed since it was frozen. This may
result in the message being re-frozen if nothing has changed since the last attempt. It is a
way of saying `keep on trying, even though there are big problems'. See also
timeout_frozen_after, ignore_errmsg_errors, and ignore_errmsg_errors_after.
Check Spool Space

Type: integer
Page 63 of 63
Default: 0
The Check Spool Space options allow for checking of disc resources before a message is
accepted: Check Spool Space checks the spool partition if the value is greater than zero,
for example:
Check Spool Space = 10M
If there is less space than requested, Exim refuses to accept incoming mail. In the case of
SMTP input this is done by giving a 452 temporary error response to the MAIL
command. If ESMTP is in use and there was a SIZE parameter on the MAIL command,
its value is added to the Check Spool Space value, and the check is performed even if
Check Spool Space is zero.
For non-SMTP input and for batched SMTP input, the test is done at start-up; on failure a
message is written to stderr and Exim exits with a non-zero code, as it obviously cannot
send an error message of any kind.
Delay Warning
Type: time list
Default: 24h
When a message is delayed, Exim sends a warning message to the sender at intervals
specified by this option. If it is set to a zero, no warnings are sent. The data is a colon-
separated list of times after which to send warning messages. Up to 10 times may be
given. If a message has been on the queue for longer than the last time, the last interval
between the times is used to compute subsequent warning times. For example, with
delay_warning = 4h:8h:24h
the first message is sent after 4 hours, the second after 8 hours, and subsequent ones
every 16 hours thereafter. To stop warnings after a given time, set a huge subsequent
time.
Deliver Load Max

Type: fixed-point
Default: unset
When this option is set, no message deliveries are ever done if the system load average is
greater than its value, except for deliveries forced with the -M option. If Deliver Queue
Page 64 of 64
Load Max is not set and the load gets this high during a queue run, the run is abandoned.
There are some operating systems for which Exim cannot determine the load average (see
chapter 1); for these this option has no effect.
Deliver Queue Load Max

Type: fixed-point
Default: unset
If this option is set, its value is used to determine whether to abandon a queue run, instead
of the value of deliver_load_max.
Errmsg Text
Type: string
Default: unset
If errmsg_text is set, its contents are included in the default error message immediately
after `This message was created automatically by mail delivery software.' It is not used if
errmsg_file is set.
Errmsg File
Type: string
Default: unset
This option defines a template file containing paragraphs of text to be used for
constructing the message which is sent by Exim in the case of a delivery failure. Details
of the file's contents are given in chapter 39. See also warnmsg_file.
Errors Address
Type: string
Default: "postmaster"
The mail address to which Exim will send certain error reports to. As the default is
specified without a domain, it will be sent to the domain specified by the
qualify_recipient option. If this address is specified with a domain, it must be a fully
qualified domain. There are actually only a few situations where this address is used:
* When Alert Postmaster When Freezing Messages is set, and a message that is not
a failing, locally generated bounce message is frozen. However, if the Errors Address is
one of the recipients of the frozen message, nothing is sent, in order to avoid potential
loops.
Page 65 of 65
* Delivery failed, and there is no other address to which a bounce message can be
sent, except for bounce messages that are timing out (they are just discarded).
* -Mg was used to cancel delivery, and there is no other address to which to send a
message.
Errors Copy
Type: string list, expanded
Default: unset
Setting this option causes Exim to send bcc copies of delivery failure reports that it
generates to other addresses. The value is a colon-separated list of items; each item
consists of a pattern and an address list, separated by white space. If the pattern matches
the recipient of the delivery error report, the message is copied to the addresses on the
list. The items are scanned in order, and once a matching one is found, no further items
are examined. For example:
errors_copy = spqr@mydomain postmaster@mydomain :\

rqps@mydomain mailmaster@mydomain,\
postmaster@mydomain
Each pattern can be a single regular expression, indicated by starting it with a circumflex;
alternatively, either portion (local part, domain) can start with an asterisk, or the domain
can be in any format that is acceptable as an item in a domain list, including a file lookup.
A regular expression is matched against the entire (fully qualified) recipient; non-regular
expressions must contain both a local part and domain, separated by @.
The address list is a string which is expanded, and must end up as a comma-separated list
of addresses. It is used to construct a Bcc: header which is added to the error message.
The expansion variables $local_part and $domain are set from the original recipient of
the error message, and if there was any wildcard matching, the expansion variables $0,
$1, etc. are set in the normal way.
Errors Reply-To
Type: string
Default: unset
Exim's delivery error messages contain the header
Page 66 of 66
From: Mail Delivery System <Mailer-Daemon@${qualify_domain}>
(where string expansion notation is used to show a variable substitution). Experience

shows that a large number of people reply to such messages. If the Errors Reply To
option is set, a Reply-To: header is added. The option must specify the complete header
body.
Alert Postmaster When Freezing Messages

Type: boolean
Default: false
On encountering certain errors, Exim freezes a message, which means that no further
delivery attempts take place until an administrator thaws it. If this option is set, a message
is sent to Errors Address every time a message is frozen, unless the message is itself a
delivery error message. (Without this exception there is the possibility of looping.) If
several of the message's addresses cause freezing, only a single message is sent to the
mail administrator. The reason(s) for freezing will be found in the message log.
Headers Check Syntax

Type: boolean
Default: false
This option causes Exim to check the syntax of all headers that can contain lists of
addresses (Sender:, From:, Reply-To:, To:, Cc:, and Bcc:) on all incoming messages
(both local and SMTP). This is a syntax check only, to catch real junk such as
To: user@
Like the headers_sender_verify options, the rejection happens after the end of the data,
but it is also controlled by headers_checks_fail; if that is unset, the message is accepted
and a warning is written to the reject log.
If the message contains any headers starting with `Resent-' then it is that set of
headers which is checked.
Headers Checks Fail

Type: boolean
Default: true
Page 67 of 67
If this option is true, failure of any header check (see below) causes the message to be
rejected. If it is false, a warning message is written to the reject log.
Headers Sender Verify

Type: boolean
Default: false
If this option is set with sender_verify, and the sending host matches sender_verify_hosts,
Exim insists on there being at least one verifyable address in one of the Sender:, Reply-
To:, or From: headers (which are checked in that order) on all incoming SMTP messages.
If one cannot be found, the message is rejected, unless headers_checks_fail is unset, in
which case a warning entry is written to the reject log.
If there are any headers whose names start with `Resent-', it is that set of headers
which is checked. If there is more than one instance of a particular header, all of them are
checked.
Unfortunately, because it has to read the message before doing this check, the rejection
happens after the end of the data, and it is known that some mailers do not treat hard
(5xx) errors correctly at this point -- they keep the message on their spools and try again
later, but that is their problem, though it does waste some resources.
Headers Sender Verify Errmsg

Type: boolean
Default: false
This option acts like headers_sender_verify, except that it applies only to messages
whose envelope sender is `<>', that is, delivery error messages whose sender cannot be
verified at the time the SMTP MAIL command is received.
HELO Accept Junk Hosts

Type: host list
Default: unset
Exim checks the syntax of HELO and EHLO commands for incoming SMTP mail, and
gives an error response for invalid data. Unfortunately, there are some SMTP clients that
send syntactic junk. They can be accommodated by setting this option.
HELO Strict Syntax

Type: boolean
Page 68 of 68
Default: false
Because so many systems have been found to use underscores in the names they send in
the SMTP HELO command, Exim by default permits them, though it is not in fact legal
to use underscores in domain names in SMTP. If helo_strict_syntax is set, underscores
are not permitted in HELO or EHLO commands.
HELO Verify
Type: host list
Default: unset
The RFCs mandate that a server must not reject a message because it doesn't like the
HELO or EHLO command. However, some sites like to be stricter. If helo_verify is set,
Exim checks each incoming call from any host that matches it, and accepts the call only
if:
* A HELO or EHLO command is received;
and
* The host name given in that command either:

1. is an IP literal matching the calling address of the host (the RFCs specifically
allow this), or
2. matches the host name that Exim obtains by doing a reverse lookup of the calling
host address, or
3. when looked up using gethostbyname() yields the calling host address.
If no HELO or EHLO is given, MAIL commands are rejected; if a bad HELO or EHLO
is given, it is rejected with a 550 error. Rejections are logged in the main and reject logs.
Hold Domains
Type: domain list
Default: unset
This option allows mail for particular domains to be held on the queue manually. The
option is overridden if a message delivery is forced with the -M, -qf, -Rf or -Sf options.
Otherwise, if a domain matches an item in hold_domains, no routing or delivery for that
address is done, and it is deferred every time the message is looked at.
This option is intended as a temporary operational measure for delaying the delivery of
mail while some problem is being sorted out, or some new configuration tested. It does
not override Exim's message clearing away code, which removes messages from the
Page 69 of 69
queue if they have been there longer than the longest retry time in any retry rule. If you
want to hold messages for longer than the normal retry times, insert a dummy retry rule
with a long retry time.
Host Accept Relay

Type: host list
Default: unset
This option provides a list of hosts that are permitted to relay via the local host to any
arbitrary domains. Section 46.4 contains a discussion of relay control.
Host Auth Accept Relay

Type: host list
Default: unset
This option provides a list of hosts that are permitted to relay via the local host to any
arbitrary domains, provided the calling host has authenticated itself. Section 46.4 contains
a discussion of relay control, and chapter 35 discusses authentication.
Host Lookup
Type: host list
Default: unset
Exim does not look up the name of a calling host from its IP address unless it is required
to compare against some host list, or helo_verify is set, or the address matches this option
(which normally contains IP addresses rather than host names, since the presence of
names in itself implies a DNS lookup). The default configuration file contains
host_lookup = *
which causes a lookup to happen for all hosts. If the expense of these lookups is felt to be
too great, the setting can be changed or removed. However, Exim always does a lookup if
the domain name quoted in a HELO or EHLO command is the local host's own name or
any of its local mail domains.
Host Reject
Type: host list
Default: unset
Page 70 of 70
If this option is set, incoming SMTP calls from the hosts listed (possibly also qualified by
an RFC 1413 identification) are rejectedas soon as the connection is made. See chapter
46 for more details.
Host Reject Recipients

Type: host list
Default: unset
If this option is set, all recipients in incoming SMTP calls from the hosts listed, possibly
also qualified by an RFC 1413 identification, are rejected. Chapter 46 contains details of
this facility, which differs from host_reject only in the point in the SMTP dialogue at
which the rejection occurs.
Hosts Treat as Local

Type: domain list
Default: unset
If this option is set, any host names that match the domain list are treated as if they were
the local host when Exim is scanning host lists obtained from MX records, and also at
other times when it is checking whether a host to which a message has been routed is the
local host. If it is required that the matching host names also be treated as local domains
for mail delivery, they must appear in Local Domains as well as in this option.
See also the Allow Localhost option in the smtp transport. Both these options are needed
in a setup with different hosts for incoming and outgoing mail if the resulting system is
used for MX backup.
Ignore Errmsg Errors

Type: boolean
Default: false
If this option is set, failed addresses in error reports (that is, bounce messages, whose
senders are `<>') are discarded (with a log entry). The default action is to freeze such
messages for human attention.
Ignore Errmsg Errors After

Type: time
Default: 0s
This option, if it is set to a non-zero time, acts as a delayed version of

ignore_errmsg_errors, which must be unset for this option to take effect. When an error
Page 71 of 71
message that was frozen because of delivery failure has been on the queue for more than
the given time, it is unfrozen at the next queue run, and a further delivery is attempted. If
delivery fails again, the error message is discarded. This makes it possible to keep failed
error messages around for a shorter time than the normal maximum retry time for frozen
messages. For example,
ignore_errmsg_errors_after = 12h
retries failed error message deliveries after 12 hours, discarding any further failures. For
ways of automatically dealing with other kinds of frozen message, see auto_thaw and
timeout_frozen_after.
Keep Malformed
Type: time
Default: 4d
This option specifies the length of time to keep messages whose spool files have been
corrupted in some way. This should, of course, never happen. At the next attempt to
deliver such a message, it gets removed. The incident is logged.
LDAP Default Servers

Type: string list
Default: unset
This option provides a list of LDAP servers which are tried in turn when an LDAP query
does not contain a server. See section 6.11. The option is available only when Exim has
been built with LDAP support.
Local Domains
Type: domain list
Default: see below
This specifies a list of domains which are recognized as `local', that is, their delivery is
handled in a special way by this MTA using directors rather than routers. If this option is
not set, it defaults to the value of qualify_recipient.
The name of the local host is not by default recognized as a local mail domain; it must be
included in Local Domains. If you want to accept mail addressed to your host in RFC 822
domain literal format, Local Domains must also include the appropriate `domains',
consisting of IP addresses enclosed in square brackets.
Page 72 of 72
It is possible to specify no local domains by specifying no data for this option, for
example,
local_domains =
If there are very many local domains, they can be stored in a file and looked up whenever
this string is searched. See the discussion of domain lists in section 7.12.
Local Interfaces
Type: string list
Default: unset
The string must contain a list of IP addresses, in dotted-quad format for IPv4 addresses,
or in colon-separated format (with colons doubled) for IPv6 addresses. These are used for
two different purposes:
* When a daemon is started to listen for incoming SMTP calls, it listens only on the
interfaces identified here, that is, it calls bind() for these interfaces only. An error occurs
if it is unable to bind a listening socket to any interface.
* Only the IP addresses listed here are taken as the local host's addresses when
routing mail and checking for mail loops.
If Local Interfaces is unset, the daemon issues a generic listen() that accepts incoming
calls from any interface, and it also gets a complete list of available interfaces and treats
them all as local when routing mail. On most systems the default action is what is
wanted. However, some systems set up large numbers of virtual interfaces in order to
provide many different virtual web servers. In these cases Local Interfaces can be used to
restrict SMTP traffic to one or two interfaces only. See also Hosts Treat as Local.
Localhost Number
Type: string
Default: unset
Exim's message ids are normally unique only within the local host. If uniqueness among
a set of hosts is required, each host must set a different value for the localhost_number
option. The string is expanded immediately after reading the configuration file (so that a
number can be computed from the host name, for example) and the result of the
expansion must be a number in the range 0--255. This is available in subsequent string
expansions via the variable $localhost_number. The final two characters of the message
id, instead of just being a sequence count of the number of messages received by one
process in one second, are the base 62 encoding of
Page 73 of 73
<sequence count> * 256 + <local host number>
This reduces the possible range of the sequence count to 0--14. If the count ever reaches
14 in a receiving process, a delay of one second is imposed to allow the clock to tick,
thereby allowing the count to be reset to zero.
Locally Caseless
Type: boolean
Default: true
Domains in mail addresses are specified as being case-independent, but this it not true of
local parts. For most Unix systems, however, it is desirable that local parts of local mail
addresses be treated in a case-independent manner, since most users expect that mail to
OBailey and obailey, for example, will end up in the same mailbox. By default, when it is
processing an address whose domain is local, Exim lower cases the local part at the start
of processing, on the assumption that account names in the password file are in lower-
case.
For installations that want to draw case distinctions, this option is provided. When turned
off, local local parts are handled verbatim during delivery. If there are names containing
upper case letters in the password file, the most convenient way to provide for caseless
mail delivery is to set up a smartuser director as the first director, and to make it do a
lowercased lookup of the local part, in order to translate it to the correctly cased version,
using the new_address option.
Log All Parents

Type: boolean
Default: false
This option applies to deliveries of local addresses, where the original envelope address
may be converted by (for example) an alias file into a `child' address which might itself
be an alias. Thus in general there can be a chain of several addresses between the original
one and the address to which the actual delivery is made. By default Exim logs the final
address, followed by the original address in angle bracket.
Turning Log All Parents on causes all intermediate addresses between the original
envelope address and the final delivery address to be included in delivery log lines in
parentheses after the first address. Without this, intermediate addresses are not included,
except that if the final delivery is to a pipe or file or auto-reply, the immediately
preceding parent address is listed.
Page 74 of 74
Log Arguments
Type: boolean
Default: false
Setting this option causes Exim to write the arguments with which it was called to the
main log. This is a debugging feature, added to make it easy to find out with what
arguments certain MUAs call /usr/lib/sendmail. The logging does not happen if Exim has
given up root privilege because it was called with the -C or -D options. This facility
cannot log illegal arguments, because the arguments are checked before the configuration
file is read. The only way to log such cases is to interpose a script such as util/logargs.sh
between the caller and Exim.
Log Level
Type: integer
Default: 5
This controls the amount of data written to the main log and to the individual message
logs (see section 51.10). The higher the number, the more is written. At present a value of
6 or higher causes all possible messages to appear.
Log Queue Run Level

Type: integer
Default: 0
This option specifies the log level for the messages `start queue run' and ènd queue run'.
Setting it higher than the value of Log Level causes them to be suppressed.
Log Received Recipients

Type: boolean
Default: false
When this option is set, the recipients of a message are listed in the main log as soon as
the message is received. The list appears at the end of the log line that is written when a
message is received, preceded by the word `for'. The addresses are listed after they have
been qualified, but before any rewriting has taken place.
Page 75 of 75
Log Received Sender
Type: boolean
Default: false
If this option is set, the unrewritten original sender of a message is added to the end of the
log line that records the message's arrival, after the word `from' (before the recipients if
Log Received Recipients is also set).
Log Refused Recipients

Type: boolean
Default: false
If this option is set, an entry is written in the main and reject logs for each recipient that is
refused for policy reasons. Otherwise cases where all recipients are to be refused just
cause a single log entry for the message.
Log Rewrites
Type: boolean
Default: false
This option causes all address rewriting to get logged, as an aid to debugging rewriting
rules.
Log Sender On Delivery

Type: boolean
Default: false
Setting Log Sender On Delivery causes Exim to add an `F=<sender>' item to

delivery and bounce log lines (F is for ènvelope from' -- the same letter as is used in
rewriting rules). By default, the sender is not shown on these lines.
Log SMTP Confirmation

Type: boolean
Default: false
Page 76 of 76
This option causes the response to the final `.' in the SMTP dialog for outgoing messages
to be added to delivery log lines in the form `C="<text>"'. A number of MTAs (including
Exim from release 1.60) return an identifying string in this response, so logging this
information allows messages to be tracked more easily. This global option applies to all
SMTP transports.
Log SMTP Connections

Type: boolean
Default: false
This option turns on more verbose logging of incoming SMTP connections, at log level 4.
This does not apply to batch SMTP, but it does apply to SMTP connections from local
processes that use the -bs option, including incoming calls using inetd. A log line is
written whenever a connection is established or closed. If a connection is dropped in the
middle of a message, a log line is always written, but otherwise nothing is written at the
start and end of connections unless Log SMTP Connections is set.
Log SMTP Syntax Errors

Type: boolean
Default: false
If this option is set, syntax errors in incoming SMTP commands are logged at level 4. An
unrecognized command is treated as a syntax error. For an external connection, the host
identity is given; for an internal connection using -bs the sender identification (normally
the calling user) is given.
Log Subject
Type: boolean
Default: false
This option causes a message's subject to be included in the arrival log line, in the form
`T="<subject text>"'. T stands for `topic' (S is already used for `size').
Lookup Open Maximum

Type: integer
Default: 25
Page 77 of 77
This option limits the number of simultaneously open lookup files. Exim normally keeps
files open during directing and routing, since often the same file is required several times.
This limit applies only to those lookup types which use regular files, namely lsearch,
dbm, and cdb. If the limit is reached, Exim closes the least recently used file. Note that if
you are using the NDBM library, it actually opens two files for each logical DBM
database, though it still counts as one for the purposes of lookup_open_max. If you are
getting `too many open files' errors with NDBM, you need to reduce the value of
lookup_open_max.
Message Body Visible

Type: integer
Default: 500
This option specifies how much of a message's body is to be included in the

message_body expansion variable.
Message Filter
Type: string
Default: unset
This option specifies a filter file, which is applied to all messages before any routing, or
directing is done. This is called the `system message filter'. If the filter generates any
deliveries to files or pipes, or any new mail messages, the appropriate
message_filter_..._transport option(s) must be set, to define which transports are to be
used. Details of this facility are given in chapter 47.
Message Filter Directory Transport

Type: string
Default: unset
This sets the name of the transport driver that is to be used when the save command in a
system message filter specifies a path ending in `/', implying delivery of each message
into a separate file in some directory.
Message Filter Directory2 Transport

Type: string
Default: unset
system message filter specifies a path ending in `//'. The reason for having both
Page 78 of 78
message_filter_directory and message_filter_directory2 is to allow for the rare
circumstance in which both maildir and non-maildir format delivery is required.
Message Filter File Transport

Type: string
Default: unset
system message filter specifies a path not ending in `/'.
Message Filter Group

Type: string
Default: unset
This option sets the gid under which the system message filter is run. The seteuid() or
setresuid() function must be available in the operating system for a temporary change to
be possible. If the filter generates any pipe, file, or reply addresses, the gid under which
the filter is run is used when delivering to them. Unless the string consists entirely of
digits, it is looked up using getgrnam(), and failure causes a configuration error. If the
option is not set, and either message_filter_user is unset or consists entirely of digits, the
gid is not changed when running the filter. Otherwise the group is taken from the result of
getpwnam().
Message Filter Pipe Transport

Type: string
Default: unset 7
This sets the name of the transport driver that is to be used when a pipe command is used
in a system message filter.
Message Filter Reply Transport

Type: string
Default: unset
This sets the name of the transport driver that is to be used when a mail command is used
in a system message filter.
Message Filter User

Type: string
Default: unset
Page 79 of 79
This option sets the uid under which the system message filter is run. The seteuid() or
setresuid() function must be available in the operating system for a temporary change to
be possible. If the filter generates any pipe, file, or reply addresses, the uid under which
the filter is run is used when delivering to them. Unless it consists entirely of digits, the
string is looked up using getpwnam(), and failure causes a configuration error. If the
option is not set, the uid is not changed from the Exim user (or root if there is no Exim
user) when running the system filter.
Message ID Header Text

Type: string, expanded
Default: unset
If this variable is set, the string is expanded and used to augment the text of the Message-
id: header that Exim creates if an incoming message does not have one. The text of this
header is required by RFC 822 to take the form of an address. By default, Exim uses its
internal message id as the local part, and the primary host name as the domain. If this
option is set, it is expanded and provided the expansion does not yield an empty string, is
is inserted into the header immediately before the @, separated from the internal message
id by a dot. Any characters that are illegal in an address are automatically converted into
hyphens. This means that constructions like ${tod_log} can be used, as the spaces and
colons will become hyphens.
Message Size Limit

Type: integer
Default: 0
This option limits the maximum size of message that Exim will process. Zero means no
limit. It should be set somewhat larger than return_size_limit if the latter is non-zero.
Incoming SMTP messages are failed with a 552 error if the limit is exceeded; locally
generated messages either get a stderr message or a delivery failure message to the
sender, depending on the -oe setting, in the normal way. Rejection of an oversized
message is logged in both the main and the reject logs. See also the generic transport
option Message Size Limit, which limits the size of message that an individual transport
can process.
Message Size Limit Count Recipients

Type: boolean
Default: false
If this option is set, the value of Message Size Limit is a maximum for the size of a
message times the number of envelope recipients it has. For example, if Message Size
Page 80 of 80
Limit is set to 10M, a message with 4 recipients can be no bigger than 2.5M, and a
message with 100 recipients is limited to around 100K.
Never Users
Type: string list
Default: unset
Local mail deliveries are run in processes that are setuid to the recipient. However, it is
usually desirable to lock out root from this, as a safety precaution. If a message is to be
delivered locally as any of the users on the never_users list, the process is run as `nobody'
instead (see nobody_user below). A common example is
never_users = root:daemon:bin:exim
This option overrides the pipe_as_creator option of the pipe transport driver. If Exim is
unable to find a uid for `nobody', it panics.
Percent Hack Domains

Type: domain list
Default: unset
The `percent hack' is the convention whereby a local part containing a percent sign is re-
interpreted as a remote address, with the percent replaced by @. This is sometimes called
`source routing', though that term is also applied to RFC 822 addresses that begin with an
@ character. If this option is set, Exim implements the percent facility for those local
domains listed, but no others. The option can be set to `*' to allow the percent hack for all
local domains.
If options are set to control message relaying from incoming SMTP envelopes, they are
also applied to relaying that is requested via the `percent hack'. See section 46.4.
Print Top Bit Characters

Type: boolean
Default: false
By default, Exim considers only those characters whose codes lie in the range 32--126 to
be printing characters. In a number of circumstances (for example, when writing log
entries) non-printing characters are converted into escape sequences, primarily to avoid
messing up the layout. If print_topbitchars is set, code values of 128 and above are also
considered to be printing characters.
Page 81 of 81
Prohibition Message
Default: unset
This option adds a site-specific message to the error response that is sent when an SMTP
command fails for policy reasons, for example if the sending host is in a host reject list.
Details of this facility are given in chapter 46.
Primary Hostname
Type: string
Default: see below
This specifies the name of the current host. This is used in the HELO command for
outgoing SMTP messages, and as the default for qualify_domain. If it is not set, Exim
calls uname() to find it. If this fails, Exim panics and dies. If the name returned by
uname() contains only one component, Exim passes it to gethostbyname() in order to
obtain the fully qualified version.
Qualify Domain
Type: string
Default: see below
This specifies the domain name that is added to any sender addresses that do not have a
domain qualification. It also applies to recipient addresses if qualify_recipient is not set.
Such addresses are accepted by default only for locally generated messages -- messages
from external sources must always contain fully qualified addresses, unless the sending
host matches one of the receiver_unqualified or sender_unqualified options. If
qualify_domain is not set, it defaults to the primary_hostname value.
Qualify Recipient
Type: string
Default: see below
This specifies the domain name that is added to any recipient addresses that do not have a
domain qualification. Such addresses are accepted by default only for locally generated
messages -- messages from external sources must always contain fully qualified
addresses, unless the sending host matches one of the receiver_unqualified or
sender_unqualified options (see below). If qualify_recipient is not set, it defaults to the
qualify_domain value.
Page 82 of 82
Queue Only
Type: boolean
Default: false
If queue_only is set (which is equivalent to the -odq command line option), a delivery
process is not automatically started whenever a message has been received. Instead, the
message waits on the queue for the next queue run. Even if queue_only is false, incoming
SMTP messages may not get delivered immediately if a lot of them arrive at once -- see
the queue_only_load and smtp_accept_queue options.
Queue Only File

Type: string
Default: unset
This option can be set to a colon-separated list of absolute path names, each one
optionally preceded by `remote' or `smtp'. When it is receiving a message, Exim tests for
the existence of each listed path using a call to stat(), and if this succeeds, the
corresponding queuing option is set. If there is no prefix to the path, queue_only is set;
`remote' corresponds to queue_remote_domains and `smtp' to queue_smtp_domains. So,
for example,
queue_only_file = remote/some/file
causes Exim to behave as if queue_remote_domains were set to `*' whenever /some/file

exists.
Queue Only Load

Type: fixed-point
Default: unset
If the system load average is higher than this value, all incoming messages are queued,
and no automatic deliveries are started. If this happens during local or remote SMTP
input, all subsequent messages on the same connection are queued. Deliveries will
subsequently be performed by queue running processes, unless the load is higher than
Deliver Load Max. There are some operating systems for which Exim cannot determine
the load average (see chapter 1); for these this option has no effect.
Queue Remote Domains

Type: domain list
Page 83 of 83
Default: unset
This option lists domains for which local delivery is not immediately required. It is
checked against the domains supplied in the incoming addresses, before any widening is
done (because that is part of routing). The -odqr option is equivalent to setting
queue_remote_domains to `*'. A delivery process is started whenever a message is
received, but only local addresses are handled, and only local deliveries take place. All
remote deliveries wait until the next queue run. See also queue_smtp_domains, which is
subtly different.
Queue Run In Order

Type: boolean
Default: false
If this option is set, queue runs happen in order of message arrival instead of in an
arbitrary order. In order for this to happen, a complete list of the entire queue must be set
up before the deliveries start. When the queue is all in a single directory (the default), this
happens anyway, but if split_spool_directory is set it does not -- for delivery in random
order, the sub-directories are processed one at a time (in random order), to avoid setting
up one huge list. Thus, setting queue_run_in_order with split_spool_directory may
degrade performance when the queue is large. In most situations, queue_run_in_order
should not be set.
Queue Run Max

Type: integer
Default: 5
This controls the maximum number of queue-running processes that an Exim daemon
will run simultaneously. This does not mean that it starts them all at once, but rather that
if the maximum numbers are still running when the time comes to start another one, it
refrains from starting it. This can happen with very large queues and/or very sluggish
deliveries. This option does not, however, interlock with other processes, so additional
queue-runners can be started by other means, or by killing and restarting the daemon.
Queue SMTP Domains

Type: domain list
Default: unset
When this option is set, a delivery process is started whenever a message is received,
directing and routing is performed, and local deliveries take place. However, if any
SMTP deliveries are required for domains that match queue_smtp_domains, they are not
immediately delivered, but instead the message waits on the queue for the next queue run.
Page 84 of 84
Since routing of the message has taken place, Exim knows to which remote hosts it must
be delivered, and so when the queue run happens, multiple messages for the same host
are delivered over a single SMTP connection. This option is checked against the domains
supplied in the incoming addresses, before any widening is done (because that is part of
routing). The -odqs command line option causes all SMTP deliveries to be queued in this
way, and is equivalent to setting queue_smtp_domains to `*'. See also
queue_remote_domains, which is subtly different.
RBL Domains
Type: string list
Default: unset
This option is part of the support for Realtime Blackhole Lists (RBL). It can be set to a
colon-separated list of DNS domains in which to look up the IP address of a calling host.
A full description of how this is used is given in section 46.1.
RBL Hosts
Type: host list
Default: *
This option specifies the set of hosts for which RBL checking is to be performed when
RBL Domains is set. The default matches all hosts. The normal usage of this option is to
specify exceptions to RBL checking by means of negated items in the host list.
RBL Log Headers

Type: boolean
Default: false
When this option is set, the headers of each message received from a host that matches an
RBL domain are written to the reject log. This can occur only if the recipients of the
message are not rejected, that is, if the RBL check is configured to warn only.
RBL Log Recipient Count

Type: boolean
Default: false
Page 85 of 85
When this option is set and RBL Reject Recipients is false, the number of RCPT
commands for each message received from a host that is in the RBL is written to the
reject log. This may be greater than the number of valid recipients in the message.
RBL Reject Recipients

Type: boolean
Default: true
This option controls the action taken when a remote host is found in an RBL domain that
has neither `/warn' nor `/reject' following it. The default value specifies rejection.
RBL Warn Header

Type: boolean
Default: true
When this option is set and a message from an RBL-matching host is not rejected, an X-
RBL-Warning: header is added. The header contains the contents of the DNS TXT
record, if one was found. Scanning of further RBL domains continues, which means that
more than one X-RBL-Warning: header may be added to a message.
Relay Domains
Type: domain list
Default: unset
This option lists domains for which the local host is prepared to relay. See section 46.4
for details of relay control.
Relay Domains Include Local MX

Type: boolean
Default: false
This option permits any host to relay to any domain that has an MX record pointing at the
local host. It causes any domain with an MX record pointing at the local host to be treated
as if it were in Relay Domains. See section 46.4 for details of relay control.
Max Remote Parallel
Page 86 of 86
Type: integer
Default: 1
This option controls parallel delivery to remote sites. If the value is less than 2, parallel
delivery is disabled, and Exim does all the remote deliveries for a message one by one,
from a single delivery process. Otherwise, if a message has to be delivered to more than
one remote host, or if several copies have to be sent to the same remote host, then up to
Max Remote Parallel deliveries are done simultaneously, each in a separate process. If
more than Max Remote Parallel deliveries are required, the maximum numbers of
processes are started, and as each one finishes, another is begun. The order of starting
processes is the same as if sequential deliveries were being done, and can be controlled
by the remote_sort option. If parallel delivery takes place while running with debugging
turned on, the debugging output from each delivery process is tagged with its process id.
The overhead in doing this is a fork to set up a separate process for each delivery, and the
associated management of the sub-process (including getting back the result of the
delivery attempt). As well as the process overhead, there may be a small additional
penalty paid for parallel delivery. If a host is found to be down, this fact cannot be
communicated to any deliveries that are running in parallel, though it will be passed on to
any that start afterwards. This is no worse than if there were two separate messages being
delivered simultaneously.
The option controls only the maximum number of parallel deliveries from one Exim
process. Since Exim has no central queue manager, there is no way of controlling the
total number of simultaneous deliveries if the configuration allows a delivery attempt as
soon as a message is received. If you want to control the total number of deliveries on the
system, you need to set the queue_only option, which ensures that all incoming messages
are simply added to the queue. Then set up an Exim daemon to start queue runner
processes at appropriate intervals (probably fairly often, for example, every minute), and
limit the total number of queue runners by setting the queue_run_max parameter.
Because each queue runner delivers only one message at a time, the maximum number of
deliveries that can then take place at once is queue_run_max multiplied by Max Remote
Parallel.
If it is purely remote deliveries you want to control, use queue_smtp instead of

queue_only. This has the added benefit of doing the SMTP routing before queuing, so
that several messages for the same host will eventually get delivered down the same
connection.
Received Header Text

Default: see below
Page 87 of 87
This string defines the contents of the Received: message header that is added to each
message, except for the timestamp, which is automatically added on at the end, preceded
by a semicolon. The string is expanded each time it is used, and the default is:
received_header_text = "Received: \
${if def:sender_rcvhost {from ${sender_rcvhost}\n\t}\
{${if def:sender_ident {from ${sender_ident} }}\
${if def:sender_helo_name {(helo=${sender_helo_name})\n\t}}}}\
by ${primary_hostname} \
${if def:received_protocol {with ${received_protocol}}} \
${if def:tls_cipher {($tls_cipher)\n\t}}\
(Exim ${version_number} #${compile_number})\n\t\
id ${message_id}\
${if def:received_for {\n\tfor $received_for}}"
Note the use of quotes, to allow the sequences `\n' and `\t' to be used for new lines
and tabs, respectively. The reference to the TLS cipher is omitted when Exim is built
without TLS support. The use of conditional expansions ensures that this works for both
locally generated messages and messages received from remote hosts, giving header lines
such as the following:
Received: from scrooge.carol.book ([240.1.12.25] ident=root)

by marley.carol.book with smtp (Exim 3.30 #1)
id E0tS3Ga-0005C5-00
for cratchit@dickens.book; Mon, 25 Dec 2000 14:43:44 +0000
Received: by scrooge.carol.book with local (Exim 3.30 #1)
id E0tS3GW-0005C2-00; Mon, 25 Dec 2000 14:43:41 +0000
Note the automatic addition of the date and time in the required format.
Received Headers Max

Type: integer
Default: 30
When a message is to be delivered, the number of Received: headers are counted, and if it
is greater than this parameter, a mail loop is assumed to have occurred, the delivery is
abandoned, and an error message is generated. This applies to both local and remote
deliveries. Earlier versions of Exim did this test only for remote deliveries, but because
local deliveries (as Exim sees them) may in fact still cause a message to be transported to
a remote host, it was changed.
Receiver Try Verify
Page 88 of 88
Type: boolean
Default: false
See receiver_verify.
Receiver Unqualified Hosts

Type: host list
Default: unset
This option lists those hosts from which Exim is prepared to accept unqualified receiver
addresses in message envelopes. The addresses are made fully qualified by the addition
of the qualify_recipient value. Typically the hosts are local ones, but if you want to
imitate the behavior of mailers that accept unqualified addresses from anywhere, specify
receiver_unqualified_hosts = *
This option also affects message header lines. Exim does not reject unqualified receiver
addresses in headers, but qualifies them only if the message came from a host that
matches receiver_unqualified_hosts.
Receiver Verify
Type: boolean
Default: false
When this option is set, the addresses of recipients received from a remote host are
verified as they are received, provided the sending host matches receiver_verify_hosts,
the incoming address matches receiver_verify_addresses, and the sender address matches
receiver_verify_senders, if either of the last two are set.
If an address is invalid, an incoming SMTP call gets an error response to the RCPT
command. If an address cannot immediately be verified, a temporary error code is given.
The receiver_try_verify option is less severe: it operates in the same way, except that an
address is accepted if it cannot immediately be verified. Verification failures are logged.
Receiver Verify Addresses

Type: address list
Default: unset
If set, this option restricts receiver verification to those addresses it matches. The option
is inspected only if receiver_verify or receiver_try_verify is set.
Page 89 of 89
Receiver Verify Hosts
Type: host list
Default: *
See receiver_verify above.
Receiver Verify Senders

Type: address list
Default: unset
This option, if set, allows receiver verification to be conditional upon the sender. It is
inspected only if receiver_verify or receiver_try_verify is set.
If the null sender is required in the list of addresses, it must not be the last item, as a null
last item in a list is ignored. It is best placed at the start of the list. For example, to restrict
receiver verification to messages with null senders and senders in the .com and .org
domains, you could have
receiver_verify
receiver_verify_senders = :*.com:*.org
If the null sender is the only entry required, the list should consist of a single colon.
Recipients Max
Type: integer
Default: 0
If this is set greater than zero, it specifies the maximum number of recipients for any
message. This applies to the original list of recipients supplied with the message. SMTP
messages get a 452 response for all recipients over the limit; earlier recipients are
delivered as normal. Non-SMTP messages with too many recipients are failed, and no
deliveries are done. Note that the RFCs specify that an SMTP server should accept at
least 100 RCPT commands in a single message.
Recipients Max Reject

Type: boolean
Default: false
Page 90 of 90
If this option is set true, Exim rejects SMTP messages containing too many recipients by
giving 552 errors to the surplus RCPT commands, and a 554 error to the eventual DATA
command. Otherwise (the default) it gives a 452 error to the surplus RCPT commands
and accepts the message on behalf of the initial set of recipients. The remote server
should then re-send the message for the remaining recipients at a later time.
Recipients Reject Except

Type: address list
Default: unset
This option lists recipient addresses which are exceptions to any policy for recipient
rejection, that is, as a result of sender_reject_recipients, etc. This option is entirely
independent of any checks for unwanted message relaying. However, it does interact with
the RBL options.
Recipients Reject Except Senders

Type: address list
Default: unset
This option lists sender addresses for which recipients are excepted from any policy
rejections. That is, if a message comes from any of these senders, all its recipients are
excepted from policy rejections.
Remote Sort
Type: domain list
Default: unset
When there are a number of remote deliveries for a message, they are sorted by domain
into the order given by this list. For example,
remote_sort = *.cam.ac.uk:*.uk
would attempt to deliver to all addresses in the cam.ac.uk domain first, then to those in
the uk domain, then to any others.
Retry Data Expire

Type: time
Default: 7d
Page 91 of 91
This option sets a ùse before' time on retry information in Exim's hints database. Any
older retry data is ignored. This means that, for example, once a host has not been tried
for 7 days, Exim behaves as if it has no knowledge of past failures.
Retry Interval Max

Type: time
Default: 24h
Chapter 33 describes Exim's mechanisms for controlling the intervals between delivery
attempts for messages that cannot be delivered straight away. This option sets an overall
limit to the length of time between retries.
Return Path Remove

Type: boolean
Default: true
RFC 822 states that the Return-path: header is àdded by the final transport system that
delivers the message to its recipient' (section 4.3.1), which implies that this header should
not be present in an incoming message, where the return path is carried in the envelope. If
this option is true, any existing Return-path: headers are removed from messages as they
are read. Exim's transports have options for adding Return-path: headers at the time of
delivery. They are normally used only for final local deliveries.
Return Size Limit

Type: integer
Default: 100K
This option sets a limit in bytes on the size of messages that are returned to senders. If it
is set to zero there is no limit. If the body of any message that is to be included in an error
report is greater than the limit, it is truncated, and a comment pointing this out is added at
the top. The actual cutoff may be greater than the value given, owing to the use of
buffering for transferring the message in chunks. The idea is just to save bandwidth on
those undeliverable 15-megabyte messages. If either the global or generic transport
message_size_limit is set, the value of return_size_limit should be somewhat smaller.
RFC1413 Hosts
Type: host list
Default: *
RFC 1413 identification calls are made to any host which matches an item in the list. The
items in the host list should not themselves contain ident data.
Page 92 of 92
RFC1413 Query Timeout
Type: time
Default: 30s
This sets the timeout on RFC 1413 identification calls. If it is set to zero, no RFC 1413
calls are ever made.
Sender Address Relay

Type: address list
Default: unset
This option specifies a set of address patterns, one of which the sender of a message must
match in order for the message to be accepted for outgoing relaying, that is, relaying from
specified hosts to arbitrary domains. The check does not operate for incoming relaying,
that is, for addresses that match relay_domains.
If this option is not set, all sender addresses are permitted. By default, the check operates
in addition to any relaying checks on the sending host (see host_accept_relay above).
However, if relay_match_host_or_sender is set, either a host match or a sender match is
sufficient to allow the relaying to proceed. For this reason, sender_address_relay is
required to be set if relay_match_host_or_sender is set.
Warning: Sender addresses can be trivially forged. For this reason, setting
relay_match_host_or_sender is strongly discouraged.
The rewrite flag X (see section 34.9) provides a special-purpose facility we have a use for
in Cambridge. It adds additional checking to sender_address_relay. Whenever a sender
address passes the check, if there are any rewriting rules with the X flag set, the address
is rewritten using those rules, and if this makes any change to the address, the new
address must verify successfully for the relaying to be permitted.
Sender Address Relay Hosts

Type: host list
Default: *
The hosts to which sender_address_relay is applied can be controlled by this option. This
is useful in a cluster where one host is delegated as a fallback to hold all the delayed
deliveries. It needs to be able to relay from the other hosts without sender checking (for
example, for messages forwarded by local users) but might want to check senders in
messages relayed from other hosts.
Page 93 of 93
Sender Reject
Type: address list
Default: unset
This option can be set in order to reject mail from certain senders. The check is done on
the sender's address as given in the MAIL command in SMTP, but not for local senders
where the logged-in user's address is going to override anyway.
The check is not done for batch SMTP input. If the check fails, a 550 return code is given
to MAIL. This doesn't always stop remote mailers from trying again. See
sender_reject_recipients for an alternative. Typical examples of the use of this option
might be:
sender_reject = spamuser@some.domain:spam.domain
sender_reject = partial-dbm;/etc/mail/blocked/senders
Note that this check operates on sender address domains independently of the sending
host; host_reject can be used to block all mail from particular hosts, while
host_accept_relay, and sender_address_relay can be used to prevent unwanted relaying.
Sender Reject Recipients

Type: address list
Default: unset
This operates in exactly the same way as sender_reject except that the rejection is given
in the form of a 550 error code to every RCPT command instead of rejecting MAIL. This
seems to be the only way of saying `no' to some mailers. Note that this is not an option
for rejecting specific recipients. The way to do that is to set receiver_verify and arrange
for those recipients to fail verification.
SMTP Accept Keepalive

Type: boolean
Default: true
This option controls the setting of the SO_KEEPALIVE option on incoming TCP/IP
socket connections. This causes the kernel periodically to send some OOB (out-of-band)
data on idle connections. The reason for doing this is that it has the beneficial effect of
freeing up certain types of connection that can get stuck when the remote host is
disconnected without tidying up the TCP/IP call properly.
Page 94 of 94
SMTP Accept Max
Type: integer
Default: 20
This specifies the maximum number of simultaneous incoming SMTP calls that Exim
will accept. It applies only to the listening daemon; there is no control (in Exim) when
incoming SMTP is being handled by inetd. If the value is set to zero, no limit is applied.
However, it is required to be non-zero if smtp_accept_max_per_host or
smtp_accept_queue is set.
SMTP Accept Max Per Host

Type: integer
Default: 0
This option restricts the number of simultaneous IP connections from a single host
(strictly, from a single IP address) to the Exim daemon. Once the limit is reached,
additional connection attempts are rejected with error code 421. The default value of zero
imposes no limit. If this option is not zero, it is required that smtp_accept_max also be
non-zero.
SMTP Accept Queue

Type: integer
Default: 0
If the number of simultaneous incoming SMTP calls handled via the listening daemon
exceeds this value, messages received are simply placed on the queue, and no delivery
processes are started automatically. A value of zero implies no limit, and clearly any non-
zero value is useful only if it is less than the smtp_accept_max value (unless that is zero).
See also queue_only, queue_only_load, queue_smtp_domains, and the various -od
command line options.
SMTP Accept Queue Per Connection

Type: integer
Default: 10
This option limits the number of delivery processes that Exim starts automatically when
receiving messages via SMTP, whether via the daemon or by the use of -bs or -bS. If the
value of the option is greater than zero, and the number of messages received in a single
SMTP session exceeds this number, subsequent messages are placed on the spool, but no
delivery process is started. This helps to limit the number of Exim processes when a
server restarts after downtime and there is a lot of mail waiting for it on other systems.
Page 95 of 95
On large systems the default should probably be increased, while on dial-in client
systems it should probably be set to zero (that is, disabled).
SMTP Accept Reserve

Type: integer
Default: 0
When smtp_accept_max is set greater than zero, this option specifies a number of SMTP
connections that are reserved for connections from the hosts that are specified in
smtp_reserve_hosts. The value set in smtp_accept_max includes this reserve pool. For
example, if smtp_accept_max is set to 50 and smtp_accept_reserve is set to 5, once there
are 45 active connections, new ones are accepted only from hosts listed in
smtp_reserve_hosts.
SMTP Banner
Default: see below
This string, which is expanded every time it is used, is output as the initial positive
response to an SMTP connection. The default setting is:
smtp_banner = $primary_hostname ESMTP Exim

$version_number \
#$compile_number $tod_full
Failure to expand the string causes a panic error. If you want to create a multiline
response to the initial SMTP connection, use `\n' in the string at appropriate points, but
not at the end. Note that the 220 code is not included in this string. Exim adds it
automatically (several times in the case of a multiline response).
SMTP Check Spool Space

Type: boolean
Default: true
When this option is set, if an incoming SMTP session encounters the SIZE option on a
MAIL command, it checks that there is enough space in the spool directory's partition to
accept a message of that size, while still leaving free the amount specified by
check_spool_space (even if that value is zero). If there isn't enough space, a temporary
error code is returned.
Page 96 of 96
SMTP Connect Backlog
Type: integer
Default: 5
This specifies a maximum number of waiting SMTP connections. Exim passes this value
to the TCP/IP system when it sets up its listener. Once these numbers of connections are
waiting for the daemon's attention, subsequent connection attempts are refused at the
TCP/IP level. At least, that is what the manuals say. In Solaris 2.4 such connection
attempts have been observed to time out. The default value of 5 is a conservative one,
suitable for older and smaller systems. For large systems is it probably a good idea to
increase this, possibly substantially (to 50, say). It also gives some protection against
denial-of-service attacks by SYN flooding.
SMTP EXPN Hosts

Type: host list
Default: unset
The SMTP EXPN command is supported only if the calling host matches
smtp_expn_hosts. You must add `localhost' explicitly if you want calls to 127.0.0.1 to be
able to use it. A single-level expansion of the address is done, as if the address were
being tested using the -bt option. If an unqualified local part is given, it is qualified with
qualify_domain. There is a generic option for directors which permits them to be skipped
when processing an EXPN command (compare with verification).
SMTP Load Reserve

Type: fixed-point
Default: unset
If the system load average ever gets higher than this, incoming SMTP calls are accepted
only from those hosts that match an entry in smtp_reserve_hosts. If smtp_reserve_hosts is
not set, no incoming SMTP calls are accepted when the load is over the limit. There are
some operating systems for which Exim cannot determine the load average (see chapter
1); for these this option has no effect.
SMTP Receive Timeout

Type: time
Default: 5m
This sets a timeout value for SMTP reception. If a line of input (either an SMTP
command or a data line) is not received within this time, the SMTP connection is dropped
Page 97 of 97
and the message is abandoned. For non-SMTP input, the reception timeout is controlled
by accept_timeout.
SMTP Reserve Hosts

Type: host list
Default: unset
This option defines hosts for which SMTP connections are reserved; see
smtp_accept_reserve and SMTP_load_reserve above.
SMTP Verify
Type: boolean
Default: false
If this option is true, the SMTP command VRFY is supported on incoming SMTP
connections; otherwise it is not.
Split Spool Directory

Type: boolean
Default: false
If this option is set, it causes Exim to split its input directory into 62 subdirectories, each
with a single alphanumeric character as its name. The sixth character of the message id is
used to allocate messages to subdirectories; this is the least significant base-62 digit of
the time of arrival of the message.
Splitting up the spool in this way may provide better performance on systems where there
are long mail queues, by reducing the number of files in any one directory. The msglog
directory is also split up in a similar way to the input directory; however, if
preserve_message_logs is set, all old msglog files are still placed in the single directory
msglog.OLD.
It is not necessary to take any special action for existing messages when changing
split_spool_directory. Exim notices messages that are in the `wrong' place, and continues
to process them. If the option is turned off after a period of being on, the subdirectories
will eventually empty and be automatically deleted.
When split_spool_directory is set, the behavior of queue runner processes changes.

Instead of creating a list of all messages in the queue, and then trying to deliver each one
in turn, it constructs a list of those in one sub-directory and tries to deliver them, before
moving on to the next sub-directory. The sub-directories are processed in a random order.
This spreads out the scanning of the input directories, and is beneficial when there are
Page 98 of 98
lots of messages on the queue. However, if queue_run_in_order is set, none of this new
processing happens. The entire queue is scanned and sorted before any deliveries start.
Strip Excess Angle Brackets

Type: boolean
Default: false
If this option is set, redundant pairs of angle brackets round `route-addr' items in
addresses are stripped. For example, <<xxx@a.b.c.d>> is treated as <xxx@a.b.c.d>. If
this is in the envelope and the message is passed on to another MTA, the excess angle
brackets are not passed on. If this option is not set, multiple pairs of angle brackets cause
a syntax error.
Strip Trailing Dot

Type: boolean
Default: false
If this option is set, a trailing dot at the end of a domain in an address is ignored. If this is
in the envelope and the message is passed on to another MTA, the dot is not passed on. If
this option is not set, a dot at the end of a domain causes a syntax error.
Syslog Timestamp
Type: boolean
Default: true
If syslog_timestamp is set false, the timestamps on Exim's log lines are omitted when
these lines are sent to syslog. See chapter 51 for details of Exim's logging.
Timeout Frozen After

Type: time
Default: 0s
If Timeout Frozen After is set to a time greater than zero, a frozen message of any
description that has been on the queue for longer than the given time is automatically
cancelled at the next queue run. If it is a bounce message, it is just discarded; otherwise, a
bounce is sent to the sender, in a similar manner to cancellation by the -Mg command line
option.
Timestamps UTC
Page 99 of 99
Type: boolean
Default: false
If Timestamps UTC is set, all timestamps generated by Exim (for example, in log entries
and Received: header lines) are in UTC (aka GMT) rather than in local wall-clock time.
Timezone
Type: string
Default: unset
When Timestamps UTC is not set, the value of timezone is used to set the environment
variable TZ while running Exim (if it is different on entry). This ensures that all
timestamps created by Exim are in the required timezone. The default value is taken from
TIMEZONE_DEFAULT in `Local/Makefile', or, if that is not set, from the
value of the TZ environment variable when Exim is built. If Timezone is set to the empty
string, either at build or run time, then any existing TZ variable is removed from the
environment when Exim runs. This is appropriate behavior for obtaining wall-clock time
on some, but unfortunately not all, operating systems.
Warnmsg File
Type: string
Default: unset
This option defines a template file containing paragraphs of text to be used for
constructing the warning message which is sent by Exim when a message has been on the
queue for a specified amount of time, as specified by delay_warning. Details of the file's
contents are given in chapter 39. See also errmsg_file.
Page 100 of 100

Index
Host Accept Relay ........................................... 71
A
Host Auth Accept Relay .................................. 71
Alert Postmaster When Freezing Messages .....68 Host Lookup .................................................... 71
Allow MX To IP...............................................64 Host Reject ...................................................... 71
Anti-Virus.........................................................48 Host Reject Recipients..................................... 72
Apache................................................................5 Hosts Treat as Local ........................................ 72
Auth Hosts........................................................64
I
Auto Thaw........................................................64
Ignore Errmsg Errors ....................................... 72
B
Ignore Errmsg Errors After.............................. 72
boot.local ..........................................................10 IMAP ..................................... 4, 5, 30, 31, 35, 38
InsightConnector ................. 4, 29, 30, 31, 37, 61
C InstallShield Wizard ........................................ 61
Check Spool Space ...........................................64 Internal Server Error........................................ 56
cyradm..............................16, 20, 21, 24, 27, 63 IP Address ............................................. 9, 13
CYRADM ........................................................20
K
Cyrus IMAP .............................................4, 5, 59
Keep Malformed.............................................. 73
D Knowledge Base .............................................. 59
Delay Warning .................................................65
L
Delete Frozen Messages ...................................47
Deliver Load Max ............................................65 LDAP Default Servers..................................... 73
Deliver Queue Load Max .................................66 LDAP Search base..................................... 9
Disabling ports ...................................................8 ldapadd .............................. 14, 15, 21, 24, 26, 27
Disabling TCP/IP ports.................................9, 56 ldapmodify................... 14, 15, 16, 18, 20, 21, 27
DNS queries .....................................................41 ldapsearch .................... 13, 14, 22, 23, 24, 61, 62
LDIF ................ 13, 14, 15, 18, 20, 21, 24, 61, 62
E libsdc++ ........................................................... 57
Errmsg File .......................................................66 License Key ..................................................... 10
Errmsg Text......................................................66 limit the size of messages ................................ 41
error handling ...................................................41 Local Domains................................................. 73
Errors Address..................................................66 Local Interfaces ............................................... 74
Errors Copy ......................................................67 Localhost Number ........................................... 74
Errors Reply-To................................................67 Locally Caseless .............................................. 75
examples...............................................13, 49, 95 Log All Parents................................................ 75
Exchange4, 11, 13, 18, 21, 22, 23, 24, 25, 26, 28, Log Arguments ................................................ 76
29, 30, 33, 34, 35, 37 Log Level......................................................... 76
Exim MTA ...................................4, 5, 12, 40, 59 Log Received Recipients ................................. 76
Log Received Sender....................................... 77
F Log Refused Recipients................................... 77
Free/Busy ...................................................36, 37 Log Rewrites ................................................... 77
Full Domain Name......................................9 Log Sender On Delivery.................................. 77
Log SMTP Confirmation................................. 77
H Log SMTP Connections .................................. 78
Headers Check Syntax......................................68 Log SMTP Syntax Errors ................................ 78
Headers Checks Fail .........................................68 Log Subject...................................................... 78
Headers Sender Verify .....................................69 Lookup Open Maximum ................................. 78
Headers Sender Verify Errmsg.........................69 M
HELO Accept Junk Hosts ................................69
HELO Strict Syntax..........................................69 MAN pages online........................................... 59
HELO Verify....................................................70 MAPS .............................................................. 43
Hold Domains...................................................70 Max Remote Parallel ....................................... 87
Page 101 of 101

maximum number of recipients..................45, 91 Received Header Text ..................................... 88
Message Body Visible......................................79 Received Headers Max .................................... 89
Message Filter ..................................................79 Receiver Try Verify......................................... 89
Message Filter Directory Transport..................79 Receiver Unqualified Hosts............................. 90
Message Filter Directory2 Transport................79 Receiver Verify................................................ 90
Message Filter File Transport...........................80 Receiver Verify Addresses .............................. 90
Message Filter Group .......................................80 Receiver Verify Hosts ..................................... 91
Message Filter Pipe Transport..........................80 Receiver Verify Senders .................................. 91
Message Filter Reply Transport .......................80 Recipients Max ................................................ 91
Message Filter User ..........................................80 Recipients Max Reject..................................... 91
message freezing ..............................................41 Recipients Reject Except ................................. 92
Message ID Header Text ..................................81 Recipients Reject Except Senders ................... 92
Message Size Limit ..........................................81 relay access ...................................................... 41
Message Size Limit Count Recipients..............81 Relay Domains ................................................ 87
Microsoft LDAP directory ...............................33 Relay Domains Include Local MX .................. 87
Microsoft Web publishing Wizard .............29, 61 Remote Sort ..................................................... 92
Retry Data Expire ............................................ 92
N
Retry Interval Max........................................... 93
Never Users ......................................................82 Return Path Remove ........................................ 93
New User..........................................................19 Return Size Limit............................................. 93
RFC ............................... 4, 72, 73, 81, 82, 93, 94
O RFC1413 Hosts ............................................... 93
OpenLDAP4, 5, 13, 14, 20, 21, 23, 25, 26, 27, 59 RFC1413 Query Timeout ................................ 94
outgoing mail..............................................41, 72
S
Outlook Today............................................34, 35
Samples.................................... 24, 27, 29, 30, 61
P Sender Address Relay...................................... 94
Password.......................................9, 12, 33, 37 Sender Address Relay Hosts............................ 94
Percent Hack Domains .....................................82 Sender Reject................................................... 95
Ping Server .......................................................31 Sender Reject Recipients ................................. 95
POP3...................................................4, 5, 31, 32 Shared folders .................................................. 11
Primary Hostname ............................................83 SMTP Accept Keepalive ................................. 95
Print Top Bit Characters...................................82 SMTP Accept Max .......................................... 96
Prohibition Message .........................................83 SMTP Accept Max Per Host ........................... 96
SMTP Accept Queue ....................................... 96
Q SMTP Accept Queue Per Connection ............. 96
Qualify Domain ................................................83 SMTP Accept Reserve..................................... 97
Queue Only.......................................................84 SMTP Banner .................................................. 97
Queue Only File ...............................................84 SMTP Check Spool Space............................... 97
Queue Only Load .............................................84 SMTP Connect Backlog .................................. 98
Queue Remote Domains...................................84 SMTP EXPN Hosts ......................................... 98
Queue Run In Order .........................................85 SMTP Load Reserve........................................ 98
Queue Run Max................................................85 SMTP Receive Timeout .................................. 98
Queue SMTP Domains.....................................85 SMTP Reserve Hosts....................................... 99
SMTP Verify ................................................... 99
R SPAM .............................................................. 43
RAV .......................44, 48, 49, 50, 51, 53, 54, 55 Split Spool Directory ....................................... 99
RBL ................................................43, 86, 87, 92 Strip Excess Angle Brackets.......................... 100
RBL Domains...................................................86 Strip Trailing Dot........................................... 100
RBL Hosts ........................................................86 Synchronization ......................................... 37, 38
RBL Log Headers.............................................86 Syslog Timestamp ......................................... 100
RBL Log Recipient Count................................86 T
RBL Reject Recipients .....................................87
RBL Warn Header............................................87 TCL ....................... 13, 16, 20, 21, 24, 26, 27, 63
rc.local ..............................................................10 Timeout Frozen After .................................... 100
Realtime Blackhole List ...................................43 Timestamps UTC........................................... 100
Page 102 of 102

Timezone ........................................................101 V
TradeServer ........................................................4
Virtual Domain.......................................... 9
Transport Provider............................................58
Troubleshooting............................................9, 56 W
U Warnmsg File ................................................ 101
Web Publishing Wizard................................... 30
uninstall ..............................................................6
User Administration .............................10, 11, 56
Username...................................................9, 11
Page 103 of 103

This page is intentionally left blank.
Page 104 of 104

InsightServer35Manual

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

InsightServer35Manual

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

InsightServer35Manual

Uploaded by

Copyright:

Available Formats

User Manual InsightServer™ 3.5.

Copyright © 2002 Bynari Inc., All rights reserved.

No part of this publication may be reproduced

Bynari Software Configuration

The Bynari InsightConnector is an optional program, which is installed on the users'

Exim MTA (Message Transfer Agent)

OpenLDAP (Lightweight Directory Access Protocol)

Additional Open Source components

These directories must be deleted if you wish to uninstall InsightServer.

For Ver 3.5.2 and 3.5.3

2.1 Required information before Installation

TCP/IP address of mail server

2.2 Getting InsightServer code on the system

2.3 Installing the code

In this section we explain how to install Bynari InsightServer.

Unpacking the code

tar -xzvf insightserver3.5-x.tar.gz

Disabling ports needed by InsightServer

Make sure the line SMTP= is set to SMTP=”no”

Make sure the line START_HTTPD= is set to START_HTTPD=no

Running install code

If no value is entered, the default will be taken. Hit

2.4 Automatically Starting and Stopping Insight

InsightServer will modify either /etc/init.d/boot.local or /etc/rc.d/rc.local to make

Command to Determine if InsightServer is Running

The main command to remember when checking on your Bynari system is

2.5 Completing Installation

Open a web browser, go to http://your.ip.address

Click on ‘User Administration’

Input the key from Bynari, click on ‘submit’.

3.1 Logging onto the Web Interface

In the above figure:

In our setup, these were:

3.2 Configuring Communication

3.3 The LDIF and TCL Files and Their Uses

Search OpenLDAP for Current Information

The LDIF File

dn: cn=Firstname Lastname, ou=BynariGroup, o=Bynari, c=US

Example of the ldapmodify and ldapadd commands

ldapmodify -cv -D "cn=manager, c=US" -w password -f file.ldf

The TCL file

mail:/usr/cyrus/bin # ./cyradm -file /tmp/tom.tcl

3.4 Creating new Organizations and Groups

Using the Web Interface

Click on ‘New Organization’.

Now click on the ‘New Group’ icon.

Click ‘Submit’ at the bottom of the screen.

Importing Groups Using LDIF File

If you have a large number of organizations or groups to add to a system, it might be

3.5 Creating New Bynari Users

Using the Web Interface

Click on ‘User Administration’, log on as the manager user.

Choose an organization or group, and input all information provided.

Adding New Users through LDIF and CYRADM

Using word processor, create a new document.

Input the necessary information.

Upload the files to the Linux server by using ftp or scp

At the command prompt, ftp to the ip-address of your Linux server.