Exim is a mail transfer agent (MTA) for hosts that are running Unix or Unix-like operating systems. It was designed on the assumption that it would be run on hosts that are permanently connected to the Internet. However, it can be used on intermittently connected hosts with suitable configuration adjustments.
Message Identification: Every message handled by Exim is given a message id which is sixteen characters long. It is divided into three parts, separated by hyphens, for example 16VDhn-0001bo-D3. Each part is a sequence of letters and digits, normally encoding numbers in base 62.
16VDhn: The first six characters of the message id are the time at which the message started to be received, to a granularity of one second.
0001bo: Next six characters are the id of the process that received the message.
D3: Fractional part of the time of reception.
Spooling & Security:
Headers: The header of a message is the first part of a message’s text, consisting of a number of lines, each of which has a name such as From:, To:, Subject:, etc. Long header lines can be split over several text lines by indenting the continuations. The header is separated from the body by a blank line.
Spool Directory: The term spool directory is used for a directory in which Exim keeps the messages on its queue – that is, those that it is in the process of delivering.
Policy control (ACL Access Control List): Job is to stop MTAs being abused as “open relays” by misguided individuals who send out vast amounts of unsolicited junk, and want to disguise its source.
SpamAssassin: Exim is compiled with the content-scanning extension, facilities are provided in the ACL mechanism for passing the message to external virus and/or spam scanning software. The result of such a scan is passed back to the ACL, which can then use it to decide what to do with the message.
Spool Directory / Log: Exim can receive mail from another host is using SMTP over TCP/IP, in which case the sender and recipient addresses are transferred using SMTP commands. Exim accepts a message, it writes two files in its spool directory.
> The first contains the envelope information, the current status of the message, and the header lines, and the second contains the body of the message.
> The names of the two spool files consist of the message id, followed by -H for the file containing the envelope and header, and -D for the data file.
A message remains in the spool directory until it is completely delivered to its recipients or to an error address, or until it is deleted by an administrator or by the user who originally created it.
In cases when delivery cannot proceed – for example, when a message can neither be delivered to its recipients nor returned to its sender, the message is marked “frozen” on the spool, and no more deliveries are attempted.
While Exim is working on a message, it writes information about each delivery attempt to its main log file. This includes successful, unsuccessful, and delayed deliveries for each recipient.
Sending Email: There are two kinds of transport: for a local transport, the destination is a file or a pipe on the local host, whereas for a remote transport the destination is some other host. A message is passed to a specific transport as a result of successful routing. If a message has several recipients, it may be passed to a number of different transports.
Local Transport:
Second router is reached only when the domain is recognized as one that “belongs” to the local host. This router does redirection – also known as aliasing and forwarding. When it generates one or more new addresses from the original, each of them is routed independently from the start. Otherwise, the router may cause an address to fail, or it may simply decline to handle the address, in which case the address is passed to the next router.
Remote transport:
Router that looks up domains in the DNS in order to find the hosts to which this address routes. If it succeeds, the address is assigned to a suitable SMTP transport; if it does not succeed, the router is configured to fail the address.
Retry mechanism: Retries to send emails
Temporary delivery failure : If host is down or not responding, retries later
Permanent delivery failure: After host is down and bounces back.
Failures to deliver bounce messages: frozen left on the queue forever.
Mailbox & Passwords: E-mail account usernames and passwords are stored in files named passwd and shadow in the following directory structure:
/$HOME/$USER/etc/$DOMAIN/
Actual path:
$HOME is the actual account home directory;
$USER is the cPanel account user, and;
$DOMAIN is the actual domain in question.
Passwords are stored in shadow in this directory in salted MD5 format. There is no way to make them human-readable, but the file can be copied and the passwords will still work.
The actual mailboxes are stored in the following format:
/$HOME/$USER/mail/$DOMAIN/$MAILBOX
where $MAILBOX is the name of the mailbox user as defined in cPanel. $MAILBOX is a directory containing all of the files related to the actual mail account data. You can copy the files and directories from the etc and mail directories from one cPanel account to another, or from one server to another.
Re-sync:
/$HOME/$USER/.cpanel/email_accounts.cache
/$HOME/$USER/.cpanel/email_accounts.yaml
