Edit and validate the live Exim configuration. This page appears only when the mail stack is installed and enabled with Exim+Dovecot. Access: root.

What you’re editing

• /etc/exim/exim.conf — the global mail transfer agent config.
• Controls routing and relaying, ACLs, SMTP authentication, transports, TLS, queue management, and policy hooks used for spam/virus filtering and rate limits.

Editor and apply flow

• Click Validate & Apply Changes to save and test the configuration.
• A backup is created as /etc/exim/exim.conf.bak before applying changes.
• Syntax/options are checked; if errors are found, the backup is restored and the error details are shown.
• On success, Exim is restarted and its active state is verified.
• Safety limit: files larger than 1 MB are refused by the editor.

Common adjustments

• Relay policy: define trusted networks and authenticated submission; avoid open relays.
• SMTP listeners: confirm submission ports and TLS policies for 25/465/587 as required.
• TLS: certificate/key paths, minimum protocol and ciphers, and mandatory encryption for auth.
• Routing and transports: smarthost relays, per-domain routes, queue runners, retry rules.
• Limits and protection: max recipients per message, message size, connection/ratelimit controls.
• DKIM/antispam integration: plug your signing and filtering chains where your policy expects them.

Operational tips

• Keep a shell session open while applying changes in case you need to revert quickly.
• Review ACL order: a misplaced condition can allow or block more than intended.
• If you change submission policy, verify MUAs can still authenticate and send.

Troubleshooting

• Validation failed: the error output points to the offending line or option. Fix and re-apply; the original file has already been restored.
• Service didn’t become active: the page shows detailed service status. Check logs (main/panic/reject) and roll back to the backup if needed.
• Mail flow issues after changes: test inbound and outbound via SMTP on 25/465/587, confirm DNS (A/MX/TXT) and TLS handshakes, then review ACLs and routers/transports.