Problem after upgrade to exim-4.94-1.el7 on CentOS 7 Topic is solved

[peters]

The reason for the tainted error appearing in the log is that the variable $domain is used by VestaCP and many other exim configurations is used within the path to many files like passwd, aliases etc. and exim 4.94 denies this as this looks for exim like the variable will be overwritten and this could also be done by something malicious.

However I'm not sure how the exim devs think a config like many people need can be achieved within exim 4.94. Looking on Debian lists the package maintainers provided some patches so the taint detection for the local part and domain variable is ignored.

[XAOC]

How to disable autoupdate of exim ?

[RodolfoSouza]

I have the same doubt.

How to disable autoupdate of exim ?

[XAOC]

I have disabled automatic updates



I'm periodically checking Exim version:

Code: Select all

rpm -qa |grep exim

[peters]

It should not be auto updated by VestaCP as it only updates itself. Exim is provided from the EPEL Repository and updated by yum. If you want to prevent the update do not run yum update or exclude exim before from your EPEL repository config.

[XAOC]

I thought so that automatic updates in vesta are for the panel itself but I didn't know what else to try
The fact is that I didn't run a yum update at all. What else can trigger exim update ?

[peters]

Oh sorry my bad yum update is triggered by /usr/local/vesta/bin/v-update-sys-vesta-all so you need to disable it within your VestaCP cron config or exclude exim from your epel source.

[XAOC]

Thanks for helping out.

[RodolfoSouza]

Oh sorry my bad yum update is triggered by /usr/local/vesta/bin/v-update-sys-vesta-all so you need to disable it within your VestaCP cron config or exclude exim from your epel source.

I don't have "v-update-sys-vesta-all" in my cron, just the:

/usr/local/vesta/bin/v-update-letsencrypt-ssl
/usr/local/vesta/bin/v-update-sys-rrd
/usr/local/vesta/bin/v-update-user-stats
/usr/local/vesta/bin/v-update-sys-queue webstats
/usr/local/vesta/bin/v-update-sys-queue traffic
/usr/local/vesta/bin/v-update-sys-queue disk

Can any of them be execute the exim update?

[peters]

I don't think so maybe its initiated from somewhere else.

To ensure that you stay on exim 4.93 as long as there will be no other solution I recommend to exclude exim from receiving updates.

Run the following:

vi /etc/yum.repos.d/epel.repo
Insert exclude=exim within the [epel] part right under gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

This ensures that whenever yum update is executed it will exclude to update exim.

Important: Please do not forget to remove the exclude when this issue has been resolved. Otherwise it will threaten your system by not updating exim with future versions and security bugfixes.