Exim Makefile options - TRUSTED_CONFIG_LIST

paul-w

Verified User
Joined
Jan 25, 2006
Messages
51
Location
Berkshire, UK
I’m in the process of configuring a server running centos 6.1 x64, exim 4.76 and mailscanner 4.84.3 on DirectAdmin 1.41.1.

I have run into the issue whereby specifying a config file with the -C switch no longer runs exim as root unless a TRUSTED_CONFIG_LIST file is defined in Local/Makefile. See the exim documentation at http://www.exim.org/exim-html-current/doc/html/spec_html/ch05.html

This behaviour was changed in newer versions of exim (from around 4.74 because of a root exploit.

Problem is, I don’t know whether a TRUSTED_CONFIG_LIST file was defined in Local/Makefile because Exim was installed on my system from da_exim-4.76-1.x86_64.rpm.

I think it is a case of compiling from source because having read the instructions at http://help.directadmin.com/item.php?id=125 I downloaded http://www.directadmin.com/Makefile and there's no mention of TRUSTED_CONFIG_LIST in there. I believe I would be looking for something like:
TRUSTED_CONFIG_LIST=/usr/local/exim/trusted_configs

Can anyone confirm?
 
Last edited:
Solved this after many hours.

You need to compile from source because the version that ships with DA wasn’t built with the new TRUSTED_CONFIG_LIST functionality. This is described here: http://www.exim.org/exim-html-current/doc/html/spec_html/ch05.html

For MailScanner users (which uses 2 instances of exim to handle inbound and outbound messages respectively) I've posted my full findings at http://www.michele.me/blog/archives/2006/01/installing-mailscanner-on-directadmin-with-exim/ which contains the instructions I used to setup MailScanner+DirectAdmin in the first place some 5+ years ago.

To summarise for anyone else wanting to call multiple instances of exim and/or call exim with other than the default config file, here's what to do:

1. Follow the instructions at http://help.directadmin.com/item.php?id=125 to download the exim source files and a Makefile.

2. Add TRUSTED_CONFIG_LIST to the Makefile and leave everything else alone:
# grep trusted_configs /root/exim-4.76/Local/Makefile
TRUSTED_CONFIG_LIST=/usr/local/exim/trusted_configs

3. Note that the default config file is specified in the Makefile and no need to add this config file to the trusted_configs file:
# grep exim.conf /root/exim-4.76/Local/Makefile
CONFIGURE_FILE=/etc/exim.conf

4. Add the full path to any other config files you are using to the /usr/local/exim/trusted_configs:
# cat /usr/local/exim/trusted_configs
/etc/exim_send.conf

5. If your script for starting your multiple instances of exim still fails to start the exim instances, double check any variables being used in the script.

For example, my /etc/init.d/MailScanner script contains the following at the top of the file:
EXIM=/usr/sbin/exim
EXIMINCF=/etc/exim.conf
EXIMSENDCF=/etc/exim_send.conf

But it actually uses the values in /etc/sysconfig/MailScanner:
EXIM=/usr/local/exim/bin/exim
EXIMINCF=/usr/local/exim/configure # Incoming configuration file
EXIMSENDCF=/usr/local/exim/exim_send.conf # Outgoing configuration file

So in my case I updated /etc/sysconfig/MailScanner to use the values in /etc/init.d/MailScanner and all was then well.
 
Back
Top