Page 3 of 3 FirstFirst 123
Results 41 to 50 of 50

Thread: Exim 4.92

  1. #41
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    verify_snidomains_certs.sh
    Well, I get a 'OK' for all of them.....

  2. #42
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    Quote Originally Posted by zEitEr View Post
    I've updated my post, as it was missing a couple of steps. Please try again.
    I see access now... But, if someone runs the set_permissions.sh, all files will change back to diradmin

    Will have to wait until early tomorrow morning to see if 4.92 works, one client really got annoyed when nothing worked. Not that I blame them.
    Last edited by Peter Laws; 06-20-2019 at 01:26 AM.

  3. #43
    Join Date
    Apr 2005
    Location
    GMT +7.00
    Posts
    13,745
    That's not correct. If the option secure_access_group= is set in directadmin.conf, then access group is used:


    Code:
            SAC=`/usr/local/directadmin/directadmin c |grep '^secure_access_group=' | cut -d= -f2`
            if [ "${SAC}" = "" ]; then
                    SAC=diradmin
    Regards, Alex G.

    - Get the best commercial DirectAdmin support and hire me on poralix.com
    - Follow and like @Poralix on Facebook

  4. #44
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    You're right, I didn't check the sub-function in da_files()

  5. #45
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    I think this is working now, tried sending from a gmail address to a non-existent address on the server, and it connected to TLS1.2 then bounced back correctly........ I'll monitor it for 24 hours and report back.

    So, my question is this, is secure_access_group important on certs for Exim 4.92 now?

  6. #46
    Join Date
    Jan 2004
    Location
    Russia
    Posts
    260
    It's different issues but they are related. As I can understand, without secure_access_group Exim SNI does not work at all because of incorrect permissions, but this was not a problem so far, because before version 4.92 Exim just falls back to the main certificate in this case.
    Last edited by ClayRabbit; 06-20-2019 at 06:20 PM.
    From Siberia with love
    And sorry for bad english

  7. #47
    Hi guys,

    I'm treating this like a bug:
    https://www.directadmin.com/features.php?id=2391

    Fixed in 1.57.2 (or now with pre-release binaries compiled June 21st). The set_permissions.sh will always set 640 diradmin:mail now, so this will sort it with the June 21st script:
    ./set_permissions.sh da_files

    The oversight was that mail_sni is always enabled by default for new installs now, and secure_access_group has been enabled by default for a long time,
    but case where mail_sni being on, and secure_access_group not being on was not considered.

    Should be ok now, after permissions get reset.

    I'm a bit confused how it was working before if exim wasn't able to read them though..
    Either way, glad this has been tracked down with a solution.

    Let us know if anyone still runs into this after resetting the cert/key permissions.

    John

  8. #48
    Join Date
    Jul 2003
    Posts
    17
    Any conclusive TLDR with the set of the correct steps to get upgraded to 4.92 without much pain, please ?
    Last edited by domu; 06-21-2019 at 12:32 AM.

  9. #49
    Join Date
    Sep 2008
    Location
    London UK
    Posts
    1,746
    Quote Originally Posted by domu View Post
    Any conclusive TLDR with the set of the correct steps to get upgraded to 4.92 without much pain, please ?
    If you have secure_access_group set in directadmin.conf, you're fine. If not, follow post #37

  10. #50
    Join Date
    Jul 2003
    Posts
    17
    OK, so if
    # exim -bV
    shows exim version below 4.92, and
    # /usr/local/directadmin/directadmin c | grep '^secure_access_group='
    gives
    secure_access_group=access
    all you do is:
    # cd /usr/local/directadmin/custombuild
    # ./build update
    # ./build set exim yes
    # ./build exim

    Worked for me. Thanks.

Page 3 of 3 FirstFirst 123

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •