Problem after upgrade to exim-4.94-1.el7 on CentOS 7 Topic is solved

[tjebbeke]

The original goal of my fork was to test new features (IPv6 Support: https://github.com/serghey-rodin/vesta/pull/1139

is that pull request outdated?
i mean, did you make new commits about ipv6 after 2017 ?
if yes, should we close this PR?

That pull request is still valid. Maybe some bug fixes. But not much I think.

[compiz]

So by running
curl -O https://raw.githubusercontent.com/madeI ... migrate.sh
bash vst-install-rhel-migrate.sh

We will move to your fork? That easy? I am thinking of doing it!
Is there any changelog to see what's what vs vanila vesta?
for example is that exim problem solved in your fork?

I suggest you to first take good backups or snapshot of your server. It is tested, but you never know what goes wrong.

- My fork is completely in sync (or almost) with the official vesta version, I'm only 7 commits behind.
- I added extra features:
-> IPv6 Support
-> Plugin support (beta and in development)
-> Letsencrypt on vesta CP
-> Automated testing at every commit: https://travis-ci.org/madeITBelgium/vesta
Here you can see all issues, features: https://github.com/madeITBelgium/vesta/ ... s%3Aclosed

The original goal of my fork was to test new features (IPv6 Support: https://github.com/serghey-rodin/vesta/pull/1139, Plugin system: https://github.com/serghey-rodin/vesta/issues/1132)
At this moment I have no intention to rebrand or change the vesta core. I only want a clean and easy alternative for the official repo with some important and good new features (IPv6, Plugins, ...), wich I hope will come ever to the official repo.

Aha! Thanks for your response!
I will stay for the time being my current vesta since I have no need for ipv6 or plugins and I have already used letsencrypt for everything in my server!
I would be more interested in a fork that would by default on clean machine would use csf firewall and rspamd for spam compared to the default ones which, in my case didn't work and were causing me problems all the time!
Also a suggestion to all forks -forgive me if it is used in some forks that I am not using- is to add those settings by default https://www.mysterydata.com/how-to-get- ... bs-qualys/
for apache and nginx.
I wish I can help somehow but I am not familiar with how to add those to an install script, I can beta test in vps though if that can be of a help!
Also on centos at least I get always really old version of roundcubemail and in most cases it doesn't even work!
For centos how to update it is: yum update roundcubemail --enablerepo=remi and after that: chmod g-w /etc/logrotate.d/roundcubemail

[bella]

Hi,

after upgrading to the newest epel release exim-4-94-1.el7 exim stops working and starts complaining in the log.

Sending email:
sender verify defer for <[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL

Receiving email:
2020-06-18 11:47:08 Tainted filename for search: '/etc/exim/domains/myfancydomain.com/aliases'
2020-06-18 11:47:08 H=stp.vestacp.com [188.226.163.96] X=TLS1.2:DHE-RSA-AES128-SHA:128 CV=no F=<[email protected]> temporarily rejected RCPT <[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL

Is there any solution to fix the config? As far as I found out this is caused by exim 4.94 that stops using tainted $local_part variable as local filename for delivery. This seems to be already fixed on Debian accordingly to https://launchpad.net/debian/+source/exim4/+changelog but now it´s live on Epel and there is no availability to downgrade to the older version via Epel.

If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:
wget https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm

Hello,

exim-4.94 doesn't allow using tainted variables in file or directory names so I had to replace expressions like 'lsearch{/etc/exim/domains/$domain/aliases}' with 'lsearch{/etc/exim/domains/${extract{1}{0}{${lookup{$domain}dsearch{/etc/exim/domains/}}}}/aliases}' in exim.conf. Worked perfectly fine for me.

[peters]

Hi,

after upgrading to the newest epel release exim-4-94-1.el7 exim stops working and starts complaining in the log.

Sending email:
sender verify defer for <[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL

Receiving email:
2020-06-18 11:47:08 Tainted filename for search: '/etc/exim/domains/myfancydomain.com/aliases'
2020-06-18 11:47:08 H=stp.vestacp.com [188.226.163.96] X=TLS1.2:DHE-RSA-AES128-SHA:128 CV=no F=<[email protected]> temporarily rejected RCPT <[email protected]>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL

Is there any solution to fix the config? As far as I found out this is caused by exim 4.94 that stops using tainted $local_part variable as local filename for delivery. This seems to be already fixed on Debian accordingly to https://launchpad.net/debian/+source/exim4/+changelog but now it´s live on Epel and there is no availability to downgrade to the older version via Epel.

If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:
wget https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm

Hello,

exim-4.94 doesn't allow using tainted variables in file or directory names so I had to replace expressions like 'lsearch{/etc/exim/domains/$domain/aliases}' with 'lsearch{/etc/exim/domains/${extract{1}{0}{${lookup{$domain}dsearch{/etc/exim/domains/}}}}/aliases}' in exim.conf. Worked perfectly fine for me.

That sounds great. Could you please post your exim.conf or provide it on github so we can see how exactly to fix it? Thank you.

[systron]

@bella
Kindly would you share working exim.conf?

[tjebbeke]

@bella
Kindly would you share working exim.conf?

You can try this config file: https://github.com/madeITBelgium/vesta/ ... /exim.conf

[systron]

Thanks tjebbeke a lot.

It worked perfectly for remote mails,

Local delivery errors: file or directory name for local_delivery transport) not permitted

@bella
Kindly would you share working exim.conf?

You can try this config file: https://github.com/madeITBelgium/vesta/ ... /exim.conf

[edica]

Thanks for sharing.

Yes, same problem. I don't receive emails.

Thanks tjebbeke a lot.

It worked perfectly for remote mails,

Local delivery errors: file or directory name for local_delivery transport) not permitted

@bella
Kindly would you share working exim.conf?

You can try this config file: https://github.com/madeITBelgium/vesta/ ... /exim.conf

[SanTi]

@bella
Kindly would you share working exim.conf?

You can try this config file: https://github.com/madeITBelgium/vesta/ ... /exim.conf

I applied this and 451 error solved but it is giving SMTP 550 error at the momet.

reject.log

Code: Select all

2020-06-27 10:46:38 dovecot_login authenticator failed for (User) [46.x8.x45.x52]: 435 Unable to authenticate at present: authentication socket read error or premature eof
2020-06-27 10:46:42 H=localhost (domain.com) [::1] F=<[email protected]> rejected RCPT <[email protected]>: relay not permitted

main.log

Code: Select all

2020-06-27 10:48:40 1jp5Zo-0005Wj-Dy <= [email protected] H=mail-wr1-f52.google.com [209.85.221.52] P=esmtps X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=2585 DKIM=gmail.com id=CAN+Zbvg1NM_gdrgvb2C8uDsPeW+O2tbgf5BBSD5x+kN0ojqXyBWMg@mail.gmail.com
2020-06-27 10:48:40 1jp5Zo-0005Wj-Dy == [email protected] R=localuser T=local_delivery defer (-1): Tainted '/home/user/mail/mydomain.com/noreply' (file or directory name for local_delivery transport) not permitted

I solved problem with downgrade the exim-4.94-1.el7 to exim-4.93-3.el7 by temporarly

Code: Select all

wget https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm

[xlegends]

here too

exim 494

I was able to remotely receive emails but not send. I used the above exim config now I can send by not receiving anymore.