Exim 4.92

I've updated my post, as it was missing a couple of steps. Please try again.
I see access now... But, if someone runs the set_permissions.sh, all files will change back to diradmin

Will have to wait until early tomorrow morning to see if 4.92 works, one client really got annoyed when nothing worked. Not that I blame them.
 
Last edited:
That's not correct. If the option secure_access_group= is set in directadmin.conf, then access group is used:


Code:
        SAC=`/usr/local/directadmin/directadmin c |grep '^secure_access_group=' | cut -d= -f2`
        if [ "${SAC}" = "" ]; then
                SAC=diradmin
 
I think this is working now, tried sending from a gmail address to a non-existent address on the server, and it connected to TLS1.2 then bounced back correctly........ I'll monitor it for 24 hours and report back.

So, my question is this, is secure_access_group important on certs for Exim 4.92 now? :confused:
 
It's different issues but they are related. As I can understand, without secure_access_group Exim SNI does not work at all because of incorrect permissions, but this was not a problem so far, because before version 4.92 Exim just falls back to the main certificate in this case.
 
Last edited:
Hi guys,

I'm treating this like a bug:
https://www.directadmin.com/features.php?id=2391

Fixed in 1.57.2 (or now with pre-release binaries compiled June 21st). The set_permissions.sh will always set 640 diradmin:mail now, so this will sort it with the June 21st script:
./set_permissions.sh da_files

The oversight was that mail_sni is always enabled by default for new installs now, and secure_access_group has been enabled by default for a long time,
but case where mail_sni being on, and secure_access_group not being on was not considered.

Should be ok now, after permissions get reset.

I'm a bit confused how it was working before if exim wasn't able to read them though..
Either way, glad this has been tracked down with a solution.

Let us know if anyone still runs into this after resetting the cert/key permissions.

John
 
Any conclusive TLDR with the set of the correct steps to get upgraded to 4.92 without much pain, please ?
 
Last edited:
OK, so if
# exim -bV
shows exim version below 4.92, and
# /usr/local/directadmin/directadmin c | grep '^secure_access_group='
gives
secure_access_group=access
all you do is:
# cd /usr/local/directadmin/custombuild
# ./build update
# ./build set exim yes
# ./build exim

Worked for me. Thanks.
 
if i have an old exim that is installed through apt on an old debian server,
can i just upgrade like this with DA to the Exim DA version or do i need to make a backup of the conf, then uninstall the debian package and then configure DA to install exim?

And do i need to upgrade to cunstombuild 2.0 first for this? (server is stil using custombuild 1.58.2 because it refuses to update to newer version 1.xx versions.)

oops... digging up an old thread. will create a new one.
 
Last edited:
Back
Top