Page 2 of 9

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Fri Jun 19, 2020 11:00 pm
by peters
The reason for the tainted error appearing in the log is that the variable $domain is used by VestaCP and many other exim configurations is used within the path to many files like passwd, aliases etc. and exim 4.94 denies this as this looks for exim like the variable will be overwritten and this could also be done by something malicious.

However I'm not sure how the exim devs think a config like many people need can be achieved within exim 4.94. Looking on Debian lists the package maintainers provided some patches so the taint detection for the local part and domain variable is ignored.

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 11:13 am
by XAOC
How to disable autoupdate of exim ?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 1:46 pm
by RodolfoSouza
I have the same doubt.
XAOC wrote:
Sun Jun 21, 2020 11:13 am
How to disable autoupdate of exim ?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 2:49 pm
by XAOC
I have disabled automatic updates

Image

I'm periodically checking Exim version:

Code: Select all

rpm -qa |grep exim

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 2:53 pm
by peters
It should not be auto updated by VestaCP as it only updates itself. Exim is provided from the EPEL Repository and updated by yum. If you want to prevent the update do not run yum update or exclude exim before from your EPEL repository config.

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 3:00 pm
by XAOC
I thought so that automatic updates in vesta are for the panel itself but I didn't know what else to try
The fact is that I didn't run a yum update at all. What else can trigger exim update ?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 3:28 pm
by peters
Oh sorry my bad yum update is triggered by /usr/local/vesta/bin/v-update-sys-vesta-all so you need to disable it within your VestaCP cron config or exclude exim from your epel source.

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 4:52 pm
by XAOC
Thanks for helping out.

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 7:56 pm
by RodolfoSouza
peters wrote:
Sun Jun 21, 2020 3:28 pm
Oh sorry my bad yum update is triggered by /usr/local/vesta/bin/v-update-sys-vesta-all so you need to disable it within your VestaCP cron config or exclude exim from your epel source.
I don't have "v-update-sys-vesta-all" in my cron, just the:

/usr/local/vesta/bin/v-update-letsencrypt-ssl
/usr/local/vesta/bin/v-update-sys-rrd
/usr/local/vesta/bin/v-update-user-stats
/usr/local/vesta/bin/v-update-sys-queue webstats
/usr/local/vesta/bin/v-update-sys-queue traffic
/usr/local/vesta/bin/v-update-sys-queue disk

Can any of them be execute the exim update?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Sun Jun 21, 2020 8:31 pm
by peters
I don't think so maybe its initiated from somewhere else.

To ensure that you stay on exim 4.93 as long as there will be no other solution I recommend to exclude exim from receiving updates.

Run the following:

vi /etc/yum.repos.d/epel.repo
Insert exclude=exim within the [epel] part right under gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

This ensures that whenever yum update is executed it will exclude to update exim.

Important: Please do not forget to remove the exclude when this issue has been resolved. Otherwise it will threaten your system by not updating exim with future versions and security bugfixes.