exim4 [options] arguments ... mailq [options] arguments ... rsmtp [options] arguments ... rmail [options] arguments ... runq [options] arguments ... newaliases [options] arguments ...
Exim is a mail transfer agent (MTA) developed at the University of Cambridge. It is a large program with very many facilities. For a full specification, see the reference manual. This man page contains only a description of the command line options. It has been automatically generated from the reference manual source, hopefully without too much mangling.
Like other MTAs, Exim replaces Sendmail, and is normally called by user agents (MUAs) using the path /usr/sbin/sendmail when they submit messages for delivery (some operating systems use /usr/lib/sendmail). This path is normally set up as a symbolic link to the Exim binary. It may also be used by boot scripts to start the Exim daemon. Many of Exim's command line options are compatible with Sendmail so that it can act as a drop-in replacement.
If no options are present that require a specific action (such as starting the daemon or a queue runner, testing an address, receiving a message in a specific format, or listing the queue), and there are no arguments on the command line, Exim outputs a brief message about itself and exits.
However, if there is at least one command line argument, -bm (accept a local message on the standard input, with the arguments specifying the recipients) is assumed. Thus, for example, if Exim is installed in /usr/sbin, you can send a message from the command line like this:
/usr/sbin/exim4 -i <recipient-address(es)>
<message content, including all the header lines>
If an Exim binary is called using one of the names listed in this section (typically via a symbolic link), certain options are assumed.
The -bd option can be used only by an admin user. If either of the -d (debugging) or -v (verifying) options are set, the daemon does not disconnect from the controlling terminal. When running this way, it can be stopped by pressing ctrl-C.
By default, Exim listens for incoming connections to the standard SMTP port on all the host's running interfaces. However, it is possible to listen on other ports, on multiple ports, and only on specific interfaces.
When a listening daemon is started without the use of -oX (that is, without overriding the normal configuration), it writes its process id to a file called /var/run/exim4/exim.pid. This location can be overridden by setting PID_FILE_PATH in Local/Makefile. The file is written while Exim is still running as root.
When -oX is used on the command line to start a listening daemon, the process id is not written to the normal pid file path. However, -oP can be used to specify a path on the command line if a pid file is required.
The SIGHUP signal can be used to cause the daemon to re-execute itself. This should be done whenever Exim's configuration file, or any file that is incorporated into it by means of the .include facility, is changed, and also whenever a new version of Exim is installed. It is not necessary to do this when other files that are referenced from the configuration (for example, alias files) are changed, because these are reread each time they are used.
If Exim was built with USE_READLINE=yes in Local/Makefile, it tries to load the libreadline library dynamically whenever the -be option is used without command line arguments. If successful, it uses the readline() function, which provides extensive line-editing facilities, for reading the test data. A line history is supported.
Long expansion expressions can be split over several lines by using backslash continuations. As in Exim's run time configuration, white space at the start of continuation lines is ignored. Each argument or data line is passed through the string expansion mechanism, and the result is output. Variable values from the configuration file (for example, $qualify_domain) are available, but no message-specific values (such as $sender_domain) are set, because no message is being processed (but see -bem and -Mset).
Note: If you use this mechanism to test lookups, and you change the data files or databases you are using, you must exit and restart Exim before trying the same lookup again. Otherwise, because each Exim process caches the results of lookups, you will just get the same result as before.
exim4 -bem /tmp/testmessage
The file is read as a message (as if receiving a locally-submitted non-SMTP message) before any of the test expansions are done. Thus, message-specific variables such as $message_size and $header_from: are available. However, no Received: header is added to the message. If the -t option is set, recipients are read from the headers in the normal way, and are shown in the $recipients variable. Note that recipients cannot be given on the command line, because further arguments are taken as strings to expand (just like -be).
If you want to test a system filter file, use -bF instead of -bf. You can use both -bF and -bf on the same command, in order to test a system filter and a user filter in the same run. For example:
exim4 -bF /system/filter -bf /user/filter </test/message
This is helpful when the system filter adds header lines or sets filter variables that are used by the user filter.
If the test filter file does not begin with one of the special lines
# Exim filter
# Sieve filter
it is taken to be a normal .forward file, and is tested for validity under that interpretation.
The result of an Exim command that uses -bf, provided no errors are detected, is a list of the actions that Exim would try to take if presented with the message for real. More details of filter testing are given in the separate document entitled Exim's interfaces to mail filtering.
When testing a filter file, the envelope sender can be set by the -f option, or by a "From " line at the start of the test message. Various parameters that would normally be taken from the envelope recipient address of the message can be set by means of additional command line options (see the next four options).
exim4 -bh 10.9.8.7.1234
exim4 -bh fe80::a00:20ff:fe86:a061.5678
When an IPv6 address is given, it is converted into canonical form. In the case of the second example above, the value of $sender_host_address after conversion to the canonical form is fe80:0000:0000:0a00:20ff:fe86:a061.5678.
Comments as to what is going on are written to the standard error file. These include lines beginning with "LOG" for anything that would have been logged. This facility is provided for testing configuration options for incoming messages, to make sure they implement the required policy. For example, you can test your relay controls using -bh.
Warning 1: You can test features of the configuration that rely on ident (RFC 1413) information by using the -oMt option. However, Exim cannot actually perform an ident callout when testing using -bh because there is no incoming SMTP connection.
Warning 2: Address verification callouts are also skipped when testing using -bh. If you want these callouts to occur, use -bhc instead.
Messages supplied during the testing session are discarded, and nothing is written to any of the real log files. There may be pauses when DNS (and other) lookups are taking place, and of course these may time out. The -oMi option can be used to specify a specific IP interface and port if this is important, and -oMaa and -oMai can be used to set parameters as if the SMTP session were authenticated.
The exim_checkaccess utility is a "packaged" version of -bh whose output just states whether a given recipient address from a given host is acceptable or not.
Features such as authentication and encryption, where the client input is not plain text, cannot easily be tested with -bh. Instead, you should use a specialized SMTP test program such as swaks.
If -bi is encountered, the command specified by the bi_command configuration option is run, under the uid and gid of the caller of Exim. If the -oA option is used, its value is passed to the command as an argument. The command set by bi_command may not contain arguments. The command can use the exim_dbmbuild utility, or some other means, to rebuild alias files if this is required. If the bi_command option is not set, calling Exim with -bi is a no-op.
If any addresses in the message are unqualified (have no domain), they are qualified by the values of the qualify_domain or qualify_recipient options, as appropriate. The -bnq option (see below) provides a way of suppressing this for special cases.
Policy checks on the contents of local messages can be enforced by means of the non-SMTP ACL.
The return code is zero if the message is successfully accepted. Otherwise, the action is controlled by the -oex option setting - see below.
The format of the message must be as defined in RFC 2822, except that, for compatibility with Sendmail and Smail, a line in one of the forms
From sender Fri Jan 5 12:55 GMT 1997
From sender Fri, 5 Jan 97 12:55:01
(with the weekday optional, and possibly with additional text after the date) is permitted to appear at the start of the message. There appears to be no authoritative specification of the format of this line. Exim recognizes it by matching against the regular expression defined by the uucp_from_pattern option, which can be changed if necessary.
The specified sender is treated as if it were given as the argument to the -f option, but if a -f option is also present, its argument is used in preference to the address taken from the message. The caller of Exim must be a trusted user for the sender of a message to be set in this way.
Exim will have changed working directory before resolving the filename, so using fully qualified pathnames is advisable. Exim will be running as the Exim user when it tries to open the file, rather than as the invoking user. This option requires admin privileges.
The -bmalware option will not be extended to be more generally useful, there are better tools for file-scanning. This option exists to help administrators verify their Exim and AV scanner configuration.
Sometimes, qualification is not wanted. For example, if -bS (batch SMTP) is being used to re-submit messages that originally came from remote hosts after content scanning, you probably do not want to qualify unqualified addresses in header lines. (Such lines will be present only if you have not enabled a header syntax check in the appropriate ACL.)
The -bnq option suppresses all qualification of unqualified addresses in messages that originate on the local host. When this is used, unqualified addresses in the envelope provoke errors (causing message rejection) and unqualified addresses in header lines are left alone.
exim4 -bP qualify_domain hold_domains
However, any option setting that is preceded by the word "hide" in the configuration file is not shown in full, except to an admin user. For other users, the output is as in this example:
mysql_servers = <value not displayable>
If configure_file is given as an argument, the name of the run time configuration file is output. If a list of configuration files was supplied, the value that is output here is the name of the file that was actually used.
If the -n flag is given, then for most modes of -bP operation the name will not be output.
If log_file_path or pid_file_path are given, the names of the directories where log files and daemon pid files are written are output, respectively. If these values are unset, log files are written in a sub-directory of the spool directory called log, and the pid file is written directly into the spool directory.
If -bP is followed by a name preceded by +, for example,
exim4 -bP +local_domains
it searches for a matching named list of any type (domain, host, address, or local part) and outputs what it finds.
If one of the words router, transport, or authenticator is given, followed by the name of an appropriate driver instance, the option settings for that driver are output. For example:
exim4 -bP transport local_delivery
The generic driver options are output first, followed by the driver's private options. A list of the names of drivers of a particular type can be obtained by using one of the words router_list, transport_list, or authenticator_list, and a complete list of all drivers with their option settings can be obtained by using routers, transports, or authenticators.
If environment is given as an argument, the set of environment variables is output, line by line. Using the -n flag supresses the value of the variables.
If invoked by an admin user, then macro, macro_list and macros are available, similarly to the drivers. Because macros are sometimes used for storing passwords, this option is restricted. The output format is one item per line.
Each message on the queue is displayed as in the following example:
The first line contains the length of time the message has been on the queue (in this case 25 minutes), the size of the message (2.9K), the unique local identifier for the message, and the message sender, as contained in the envelope. For bounce messages, the sender address is empty, and appears as "<>". If the message was submitted locally by an untrusted user who overrode the default sender address, the user's login name is shown in parentheses before the sender address.
If the message is frozen (attempts to deliver it are suspended) then the text "*** frozen ***" is displayed at the end of this line.
The recipients of the message (taken from the envelope, not the headers) are displayed on subsequent lines. Those addresses to which the message has already been delivered are marked with the letter D. If an original address gets expanded into several addresses via an alias or forward file, the original is displayed with a D only when deliveries for all of its child addresses are complete.
exim4 -brt bach.comp.mus.example
Retry rule: *.comp.mus.example F,2h,15m; F,4d,30m;
The first argument, which is required, can be a complete address in the form local_part@domain, or it can be just a domain name. If the second argument contains a dot, it is interpreted as an optional second domain name; if no retry rule is found for the first argument, the second is tried. This ties in with Exim's behaviour when looking for retry rules for remote hosts - if no rule is found that matches the host, one that matches the mail domain is sought. Finally, an argument that is the name of a specific delivery error, as used in setting up retry rules, can be given. For example:
exim4 -brt haydn.comp.mus.example quota_3d
Retry rule: *@haydn.comp.mus.example quota_3d F,1h,15m
The message itself is read from the standard input, in SMTP format (leading dots doubled), terminated by a line containing just a single dot. An error is provoked if the terminating dot is missing. A further message may then follow.
As for other local message submissions, the contents of incoming batch SMTP messages can be checked using the non-SMTP ACL. Unqualified addresses are automatically qualified using qualify_domain and qualify_recipient, as appropriate, unless the -bnq option is used.
Some other SMTP commands are recognized in the input. HELO and EHLO act as RSET; VRFY, EXPN, ETRN, and HELP act as NOOP; QUIT quits, ignoring the rest of the standard input.
If any error is encountered, reports are written to the standard output and error streams, and Exim gives up immediately. The return code is 0 if no error was detected; it is 1 if one or more messages were accepted before the error was detected; otherwise it is 2.
In this usage, if the caller of Exim is trusted, or untrusted_set_sender is set, the senders of messages are taken from the SMTP MAIL commands. Otherwise the content of these commands is ignored and the sender is set up as the calling user. Unqualified addresses are automatically qualified using qualify_domain and qualify_recipient, as appropriate, unless the -bnq option is used.
The -bs option is also used to run Exim from inetd, as an alternative to using a listening daemon. Exim can distinguish the two cases by checking whether the standard input is a TCP/IP socket. When Exim is called from inetd, the source of the mail is assumed to be remote, and the comments above concerning senders and qualification do not apply. In this situation, Exim behaves in exactly the same way as it does when receiving a message via the listening daemon.
If no arguments are given, Exim runs in an interactive manner, prompting with a right angle bracket for addresses to be tested.
Unlike the -be test option, you cannot arrange for Exim to use the readline() function, because it is running as root and there are security issues.
Each address is handled as if it were the recipient address of a message (compare the -bv option). It is passed to the routers and the result is written to the standard output. However, any router that has no_address_test set is bypassed. This can make -bt easier to use for genuine routing tests if your first router passes everything to a scanner program.
The return code is 2 if any address failed outright; it is 1 if no address failed outright but at least one could not be resolved for some reason. Return code 0 is given only when all addresses succeed.
Note: When actually delivering a message, Exim removes duplicate recipient addresses after routing is complete, so that only one delivery takes place. This does not happen when testing with -bt; the full results of routing are always shown.
Warning: -bt can only do relatively simple testing. If any of the routers in the configuration makes any tests on the sender address of a message, you can use the -f option to set an appropriate sender when running -bt tests. Without it, the sender is assumed to be the calling user at the default qualifying domain. However, if you have set up (for example) routers whose behaviour depends on the contents of an incoming message, you cannot test those conditions using -bt. The -N option provides a possible way of doing such tests.
As part of its operation, -bV causes Exim to read and syntax check its configuration file. However, this is a static check only. It cannot check values that are to be expanded. For example, although a misspelt ACL verb is detected, an error in the verb's arguments is not. You cannot rely on -bV alone to discover (for example) all the typos in the configuration; some realistic testing is needed. The -bh and -N options provide more dynamic testing facilities.
If verification fails, and the caller is not an admin user, no details of the failure are output, because these might contain sensitive information such as usernames and passwords for database lookups.
If no arguments are given, Exim runs in an interactive manner, prompting with a right angle bracket for addresses to be verified.
Unlike the -be test option, you cannot arrange for Exim to use the readline() function, because it is running as exim4 and there are security issues.
Verification differs from address testing (the -bt option) in that routers that have no_verify set are skipped, and if the address is accepted by a router that has fail_verify set, verification fails. The address is verified as a recipient if -bv is used; to test verification for a sender address, -bvs should be used.
If the -v option is not set, the output consists of a single line for each address, stating whether it was verified or not, and giving a reason in the latter case. Without -v, generating more than one address by redirection causes verification to end successfully, without considering the generated addresses. However, if just one address is generated, processing continues, and the generated address must verify successfully for the overall verification to succeed.
When -v is set, more details are given of how the address has been handled, and in the case of address redirection, all the generated addresses are also considered. Verification may succeed for some and fail for others.
The return code is 2 if any address failed outright; it is 1 if no address failed outright but at least one could not be resolved for some reason. Return code 0 is given only when all addresses succeed.
If any of the routers in the configuration makes any tests on the sender address of a message, you should use the -f option to set an appropriate sender when running -bv tests. Without it, the sender is assumed to be the calling user at the default qualifying domain.
In this mode, Exim expects to be passed a socket as fd 0 (stdin) which is listening for connections. This permits the system to start up and have inetd (or equivalent) listen on the SMTP ports, starting an Exim daemon for each port only when the first connection is received.
If the option is given as -bw<time> then the time is a timeout, after which the daemon will exit, which should cause inetd to listen once more.
The file names need to be absolute names.
When this option is used by a caller other than root, and the list is different from the compiled-in list, Exim gives up its root privilege immediately, and runs with the real and effective uid and gid set to those of the caller. However, if a TRUSTED_CONFIG_LIST file is defined in Local/Makefile, that file contains a list of full pathnames, one per line, for configuration files which are trusted. Root privilege is retained for any configuration file so listed, as long as the caller is the Exim user (or the user specified in the CONFIGURE_OWNER option, if any), and as long as the configuration file is not writeable by inappropriate users or groups.
Leaving TRUSTED_CONFIG_LIST unset precludes the possibility of testing a configuration using -C right through message reception and delivery, even if the caller is root. The reception works, but by that time, Exim is running as the Exim user, so when it re-executes to regain privilege for the delivery, the use of -C causes privilege to be lost. However, root can test reception and delivery using two separate commands (one to put a message on the queue, using -odq, and another to do the delivery, using -M).
If ALT_CONFIG_PREFIX is defined in Local/Makefile, it specifies a prefix string with which any file named in a -C command line option must start. In addition, the file name must not contain the sequence /../. However, if the value of the -C option is identical to the value of CONFIGURE_FILE in Local/Makefile, Exim ignores -C and proceeds as usual. There is no default setting for ALT_CONFIG_PREFIX; when it is unset, any file name can be used with -C.
ALT_CONFIG_PREFIX can be used to confine alternative configuration files to a directory to which only root has access. This prevents someone who has broken into the Exim account from running a privileged Exim with an arbitrary configuration file.
The -C facility is useful for ensuring that configuration files are syntactically correct, but cannot be used for test deliveries, unless the caller is privileged, or unless it is an exotic configuration that does not require privilege. No check is made on the owner or group of the files specified by this option.
If WHITELIST_D_MACROS is defined in Local/Makefile then it should be a colon-separated list of macros which are considered safe and, if -D only supplies macros from this list, and the values are acceptable, then Exim will not give up root privilege if the caller is root, the Exim run-time user, or the CONFIGURE_OWNER, if set. This is a transition mechanism and is expected to be removed in the future. Acceptable values for the macros satisfy the regexp: ^[A-Za-z0-9_/.-]*$
The entire option (including equals sign if present) must all be within one command line item. -D can be used to set the value of a macro to the empty string, in which case the equals sign is optional. These two commands are synonymous:
exim4 -DABC ...
exim4 -DABC= ...
To include spaces in a macro definition item, quotes must be used. If you use quotes, spaces are permitted around the macro name and the equals sign. For example:
exim4 '-D ABC = something' ...
-D may be repeated up to 10 times on a command line.
When -d is used, -v is assumed. If -d is given on its own, a lot of standard debugging data is output. This can be reduced, or increased to include some more rarely needed information, by directly following -d with a string made up of names preceded by plus or minus characters. These add or remove sets of debugging data, respectively. For example, -d+filter adds filter debugging, whereas -d-all+filter selects only filter debugging. Note that no spaces are allowed in the debug setting. The available debugging categories are:
acl ACL interpretation
deliver general delivery logic
dns DNS lookups (see also resolver)
dnsbl DNS black list (aka RBL) code
exec arguments for execv() calls
expand detailed debugging for string expansions
filter filter handling
hints_lookup hints data lookups
host_lookup all types of name-to-IP address handling
ident ident lookup
interface lists of local interfaces
lists matching things in lists
load system load checks
local_scan can be used by local_scan()
lookup general lookup code and all lookups
memory memory handling
pid add pid to debug output lines
process_info setting info for the process log
queue_run queue runs
receive general message reception logic
resolver turn on the DNS resolver's debugging output
retry retry handling
rewrite address rewriting
route address routing
timestamp add timestamp to debug output lines
tls TLS logic
uid changes of uid/gid and looking up uid/gid
verify address verification logic
all almost all of the above (see below), and also -v
The all option excludes memory when used as +all, but includes it for -all. The reason for this is that +all is something that people tend to use when generating debug output for Exim maintainers. If +memory is included, an awful lot of output that is very rarely of interest is generated, so it now has to be explicitly requested. However, -all does turn everything off.
The resolver option produces output only if the DNS resolver was compiled with DEBUG enabled. This is not the case in some operating systems. Also, unfortunately, debugging output from the DNS resolver is written to stdout rather than stderr.
The default (-d with no argument) omits expand, filter, interface, load, memory, pid, resolver, and timestamp. However, the pid selector is forced when debugging is turned on for a daemon, which then passes it on to any re-executed Exims. Exim also automatically adds the pid to debug lines when several remote deliveries are run in parallel.
The timestamp selector causes the current time to be inserted at the start of all debug output lines. This can be useful when trying to track down delays in processing.
If the debug_print option is set in any driver, it produces output whenever any debugging is selected, or if -v is used.
Processes running as root or the Exim user are always trusted. Other trusted users are defined by the trusted_users or trusted_groups options. In the absence of -f, or if the caller is not trusted, the sender of a local message is set to the caller's login name at the default qualify domain.
There is one exception to the restriction on the use of -f: an empty sender can be specified by any user, trusted or not, to create a message that can never provoke a bounce. An empty sender can be specified either as an empty string, or as a pair of angle brackets with nothing between them, as in these examples of shell commands:
In addition, the use of -f is not restricted when testing a filter file with -bf or when testing or verifying addresses using the -bt or -bv options.
Allowing untrusted users to change the sender address does not of itself make it possible to send anonymous mail. Exim still checks that the From: header refers to the local user, and if it does not, it adds a Sender: header, though this can be overridden by setting no_local_from_check.
White space between -f and the <address> is optional (that is, they can be given as two arguments or one combined argument). The sender of a locally-generated message can also be set (when permitted) by an initial "From " line in the message - see the description of -bm above - but if -f is also present, it overrides "From ".
control = suppress_local_fixups
for every message received. Note that Sendmail will complain about such bad formatting, where Exim silently just does not fix it up. This may change in future.
As this affects audit information, the caller must be a trusted user to use this option.
The tag should not be longer than 32 characters.
Retry hints for any of the addresses are overridden - Exim tries to deliver even if the normal retry time has not yet been reached. This option requires the caller to be an admin user. However, there is an option called prod_requires_admin which can be set false to relax this restriction (and also the same requirement for the -q, -R, and -S options).
The deliveries happen synchronously, that is, the original Exim process does not terminate until all the delivery attempts have finished. No output is produced unless there is a serious error. If you want to see what is happening, use the -v option as well, or inspect Exim's main log.
Because -N discards any message to which it applies, only root or the Exim user are allowed to use it with -bd, -q, -R or -M. In other words, an ordinary user can use it only when supplying an incoming message to which it will apply. Although transportation never fails when -N is set, an address may be deferred because of a configuration problem on a transport, or a routing problem. Once -N has been used for a delivery attempt, it sticks to the message, and applies to any subsequent delivery attempts that may happen for that message.
When all the messages have been received, the reception process exits, leaving the delivery processes to finish in their own time. The standard output and error streams are closed at the start of each delivery process. This is the default action if none of the -od options are present.
If one of the queueing options in the configuration file (queue_only or queue_only_file, for example) is in effect, -odb overrides it if queue_only_override is set true, which is the default setting. If queue_only_override is set false, -odb has no effect.
The original Exim reception process does not finish until the delivery process for the final message has ended. The standard error stream is left open during deliveries.
However, like -odb, this option has no effect if queue_only_override is false and one of the queueing options in the configuration file is in effect.
If there is a temporary delivery error during foreground delivery, the message is left on the queue for later delivery, and the original reception process exits.
When -odqs does operate, a delivery process is started for each incoming message, in the background by default, but in the foreground if -odi is also present. The recipient addresses are routed, and local deliveries are done in the normal way. However, if any SMTP deliveries are required, they are not done at this time, so the message remains on the queue until a subsequent queue runner process encounters it. Because routing was done, Exim knows which messages are waiting for which hosts, and so a number of messages for the same host can be sent in a single SMTP connection. The queue_smtp_domains configuration option has the same effect for specific domains. See also the -qq option.
Provided this error message is successfully sent, the Exim receiving process exits with a return code of zero. If not, the return code is 2 if the problem is that the original message has no recipients, or 1 for any other error. This is the default -oex option if Exim is called as rmail.
The -oMa option sets the sender host address. This may include a port number at the end, after a full stop (period). For example:
exim4 -bs -oMa 10.9.8.7.1234
An alternative syntax is to enclose the IP address in square brackets, followed by a colon and the port number:
exim4 -bs -oMa [10.9.8.7]:1234
The IP address is placed in the $sender_host_address variable, and the port, if present, in $sender_host_port. If both -oMa and -bh are present on the command line, the sender host IP address is taken from whichever one is last.
The best example of a message reference is when Exim sends a bounce message. The message reference is the message-id of the original message for which Exim is sending the bounce.
-oMr <rval> -oMs <sval>
It sets the incoming protocol and host name (for trusted callers). The host name and its colon can be omitted when only the protocol is to be set. Note the Exim already has two private options, -pd and -ps, that refer to embedded Perl. It is therefore impossible to set a protocol value of d or s using this option (but that does not seem a real limitation).
The -q option starts one queue runner process. This scans the queue of waiting messages, and runs a delivery process for each one in turn. It waits for each delivery process to finish before starting the next one. A delivery process may not actually do any deliveries if the retry times for the addresses have not been reached. Use -qf (see below) if you want to override this.
If the delivery process spawns other processes to deliver other messages down passed SMTP connections, the queue runner waits for these to finish before proceeding.
When all the queued messages have been considered, the original queue runner process terminates. In other words, a single pass is made over the waiting mail, one message at a time. Use -q with a time (see below) if you want this to be repeated periodically.
Exim processes the waiting messages in an unpredictable order. It isn't very random, but it is likely to be different each time, which is all that matters. If one particular message screws up a remote MTA, other messages to the same MTA have a chance of getting through if they get tried first.
It is possible to cause the messages to be processed in lexical message id order, which is essentially the order in which they arrived, by setting the queue_run_in_order option, but this is not recommended for normal use.
The hints database that remembers which messages are waiting for specific hosts is updated, as if delivery to those hosts had been deferred. After this is complete, a second, normal queue scan happens, with routing and delivery taking place as normal. Messages that are routed to the same host should mostly be delivered down a single SMTP connection because of the hints that were set up during the first queue scan. This option may be useful for hosts that are connected to the Internet intermittently.
exim4 -q 0t5C6f-0000c8-00
Messages that arrived earlier than 0t5C6f-0000c8-00 are not inspected. If a second message id is given, messages whose ids are lexically greater than it are also skipped. If the same id is given twice, for example,
exim4 -q 0t5C6f-0000c8-00 0t5C6f-0000c8-00
just one delivery process is started, for that message. This differs from -M in that retry data is respected, and it also differs from -Mc in that it counts as a delivery from a queue run. Note that the selection mechanism does not affect the order in which the messages are scanned. There are also other ways of selecting specific sets of messages for delivery in a queue run - see -R and -S.
/usr/sbin/exim4 -bd -q30m
Such a daemon listens for incoming SMTP calls, and also starts a queue runner process every 30 minutes.
When a daemon is started by -q with a time value, but without -bd, no pid file is written unless one is explicitly requested by the -oP option.
This option is similar to -q with no time value, that is, it causes Exim to perform a single queue run, except that, when scanning the messages on the queue, Exim processes only those that have at least one undelivered recipient address containing the given string, which is checked in a case-independent way. If the <rsflags> start with r, <string> is interpreted as a regular expression; otherwise it is a literal string.
If you want to do periodic queue runs for messages with specific recipients, you can combine -R with -q and a time value. For example:
exim4 -q25m -R @special.domain.example
This example does a queue run for messages with recipients in the given domain every 25 minutes. Any additional flags that are specified with -q are applied to each queue run.
Once a message is selected for delivery by this mechanism, all its addresses are processed. For the first selected message, Exim overrides any retry information and forces a delivery attempt for each undelivered address. This means that if delivery of any address in the first message is successful, any existing retry information is deleted, and so delivery attempts for that address in subsequently selected messages (which are processed without forcing) will run. However, if delivery of any address does not succeed, the retry information is updated, and in subsequently selected messages, the failing address will be skipped.
If the <rsflags> contain f or ff, the delivery forcing applies to all selected messages, not just the first; frozen messages are included when ff is present.
The -R option makes it straightforward to initiate delivery of all messages to a given domain after a host has been down for some time. When the SMTP command ETRN is accepted by its ACL, its default effect is to run Exim with the -R option, but it can be configured to run an arbitrary command instead.
If the command has any arguments, they specify addresses to which the message is not to be delivered. That is, the argument addresses are removed from the recipients list obtained from the headers. This is compatible with Smail 3 and in accordance with the documented behaviour of several versions of Sendmail, as described in man pages on a number of operating systems (e.g. Solaris 8, IRIX 6.5, HP-UX 11). However, some versions of Sendmail add argument addresses to those obtained from the headers, and the O'Reilly Sendmail book documents it that way. Exim can be made to add argument addresses instead of subtracting them by setting the option extract_addresses_remove_arguments false.
If there are any Resent- header lines in the message, Exim extracts recipients from all Resent-To:, Resent-Cc:, and Resent-Bcc: header lines instead of from To:, Cc:, and Bcc:. This is for compatibility with Sendmail and other MTAs. (Prior to release 4.20, Exim gave an error if -t was used in conjunction with Resent- header lines.)
RFC 2822 talks about different sets of Resent- header lines (for when a message is resent several times). The RFC also specifies that they should be added at the front of the message, and separated by Received: lines. It is not at all clear how -t should operate in the present of multiple sets, nor indeed exactly what constitutes a "set". In practice, it seems that MUAs do not follow the RFC. The Resent- lines are often added at the end of the header, and if a message is resent more than once, it is common for the original set of Resent- headers to be renamed as X-Resent- when a new set is added. This removes any possible ambiguity.
The full Exim specification, the Exim book, and the Exim wiki.