Page 6 of 10
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Thu Jun 25, 2020 12:14 pm
by tjebbeke
dpeca wrote: ↑Thu Jun 25, 2020 9:39 am
is that pull request outdated?
i mean, did you make new commits about ipv6 after 2017 ?
if yes, should we close this PR?
That pull request is still valid. Maybe some bug fixes. But not much I think.
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Thu Jun 25, 2020 2:11 pm
by compiz
Aha! Thanks for your response!
I will stay for the time being my current vesta since I have no need for ipv6 or plugins and I have already used letsencrypt for everything in my server!
I would be more interested in a fork that would by default on clean machine would use csf firewall and rspamd for spam compared to the default ones which, in my case didn't work and were causing me problems all the time!
Also a suggestion to all forks -forgive me if it is used in some forks that I am not using- is to add those settings by default
https://www.mysterydata.com/how-to-get- ... bs-qualys/
for apache and nginx.
I wish I can help somehow but I am not familiar with how to add those to an install script, I can beta test in vps though if that can be of a help!
Also on centos at least I get always really old version of roundcubemail and in most cases it doesn't even work!
For centos how to update it is: yum update roundcubemail --enablerepo=remi and after that: chmod g-w /etc/logrotate.d/roundcubemail
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Thu Jun 25, 2020 2:18 pm
by bella
peters wrote: ↑Thu Jun 18, 2020 9:53 am
Hi,
after upgrading to the newest epel release exim-4-94-1.el7 exim stops working and starts complaining in the log.
Sending email:
sender verify defer for <
[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL
Receiving email:
2020-06-18 11:47:08 Tainted filename for search: '/etc/exim/domains/myfancydomain.com/aliases'
2020-06-18 11:47:08 H=stp.vestacp.com [188.226.163.96] X=TLS1.2:DHE-RSA-AES128-SHA:128 CV=no F=<
[email protected]> temporarily rejected RCPT <
[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL
Is there any solution to fix the config? As far as I found out this is caused by exim 4.94 that stops using tainted $local_part variable as local filename for delivery. This seems to be already fixed on Debian accordingly to
https://launchpad.net/debian/+source/exim4/+changelog but now it´s live on Epel and there is no availability to downgrade to the older version via Epel.
If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:
wget
https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm
Hello,
exim-4.94 doesn't allow using tainted variables in file or directory names so I had to replace expressions like 'lsearch{/etc/exim/domains/$domain/aliases}' with 'lsearch{/etc/exim/domains/${extract{1}{0}{${lookup{$domain}dsearch{/etc/exim/domains/}}}}/aliases}' in exim.conf. Worked perfectly fine for me.
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Thu Jun 25, 2020 3:37 pm
by peters
bella wrote: ↑Thu Jun 25, 2020 2:18 pm
peters wrote: ↑Thu Jun 18, 2020 9:53 am
Hi,
after upgrading to the newest epel release exim-4-94-1.el7 exim stops working and starts complaining in the log.
Sending email:
sender verify defer for <
[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL
Receiving email:
2020-06-18 11:47:08 Tainted filename for search: '/etc/exim/domains/myfancydomain.com/aliases'
2020-06-18 11:47:08 H=stp.vestacp.com [188.226.163.96] X=TLS1.2:DHE-RSA-AES128-SHA:128 CV=no F=<
[email protected]> temporarily rejected RCPT <
[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL
Is there any solution to fix the config? As far as I found out this is caused by exim 4.94 that stops using tainted $local_part variable as local filename for delivery. This seems to be already fixed on Debian accordingly to
https://launchpad.net/debian/+source/exim4/+changelog but now it´s live on Epel and there is no availability to downgrade to the older version via Epel.
If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:
wget
https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm
Hello,
exim-4.94 doesn't allow using tainted variables in file or directory names so I had to replace expressions like 'lsearch{/etc/exim/domains/$domain/aliases}' with 'lsearch{/etc/exim/domains/${extract{1}{0}{${lookup{$domain}dsearch{/etc/exim/domains/}}}}/aliases}' in exim.conf. Worked perfectly fine for me.
That sounds great. Could you please post your exim.conf or provide it on github so we can see how exactly to fix it? Thank you.
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Thu Jun 25, 2020 6:28 pm
by systron
@bella
Kindly would you share working exim.conf?
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Fri Jun 26, 2020 10:02 am
by tjebbeke
systron wrote: ↑Thu Jun 25, 2020 6:28 pm
@bella
Kindly would you share working exim.conf?
You can try this config file:
https://github.com/madeITBelgium/vesta/ ... /exim.conf
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Fri Jun 26, 2020 12:45 pm
by systron
Thanks tjebbeke a lot.
It worked perfectly for remote mails,
Local delivery errors: file or directory name for local_delivery transport) not permitted
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Fri Jun 26, 2020 1:39 pm
by edica
Thanks for sharing.
Yes, same problem. I don't receive emails.
systron wrote: ↑Fri Jun 26, 2020 12:45 pm
Thanks tjebbeke a lot.
It worked perfectly for remote mails,
Local delivery errors: file or directory name for local_delivery transport) not permitted
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Sat Jun 27, 2020 7:58 am
by SanTi
I applied this and 451 error solved but it is giving SMTP 550 error at the momet.
reject.log
Code: Select all
2020-06-27 10:46:38 dovecot_login authenticator failed for (User) [46.x8.x45.x52]: 435 Unable to authenticate at present: authentication socket read error or premature eof
2020-06-27 10:46:42 H=localhost (domain.com) [::1] F=<[email protected]> rejected RCPT <[email protected]>: relay not permitted
main.log
Code: Select all
2020-06-27 10:48:40 1jp5Zo-0005Wj-Dy <= [email protected] H=mail-wr1-f52.google.com [209.85.221.52] P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=2585 DKIM=gmail.com id=CAN+Zbvg1NM_gdrgvb2C8uDsPeW+O2tbgf5BBSD5x+kN0ojqXyBWMg@mail.gmail.com
2020-06-27 10:48:40 1jp5Zo-0005Wj-Dy == [email protected] R=localuser T=local_delivery defer (-1): Tainted '/home/user/mail/mydomain.com/noreply' (file or directory name for local_delivery transport) not permitted
I solved problem with downgrade the exim-4.94-1.el7 to exim-4.93-3.el7 by temporarly
Code: Select all
wget https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm
Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7
Posted: Sun Jun 28, 2020 2:58 am
by xlegends
here too
exim 494
I was able to remotely receive emails but not send. I used the above exim config now I can send by not receiving anymore.