Exim 4.93 has been released

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello,

Exim 4.93 has been released, info here:

Note that this release requires Makefile changes to:
  1. Include
    Code:
    USE_OPENSSL=yes
  2. Append
    Code:
    -std=gnu99
    to the CFLAGS
CustomBuild 2.0 will do this for you.
To update:
Code:
cd /usr/local/directadmin/custombuild
./build update
./build exim

Note, CustomBuild 1.2 and older (which should not be using) will not do this for you, and you'd need to use custombuild/custom/exim/Makefile to set it up manually.

John
 
On FreeBSD 11.3 I got this issue after building Exim:

Code:
...
Exim 4.93 Installed.
Restarting exim.
Shutting down exim:     [ OK ]
Starting exim:          [ OK ]
Downloading             s-nail-14.9.15.tar.gz...
/usr/local/directadmin/custombuild/s-nail-14.9        1011 kB 1348 kBps    01s
Found /usr/local/directadmin/custombuild/s-nail-14.9.15.tar.gz
Extracting ...
Done.
Making s-nail...
LC_ALL=C: Command not found.
export: Command not found.
if: Expression Syntax.
then: Command not found.
*** Error code 1

Stop.
make: stopped in /usr/local/directadmin/custombuild/s-nail-14.9.15
 
I have done this update but mails keep stuck in the queue.

All mails are showing these errors:

Code:
2019-12-10 09:41:06 Received from [email protected] H=(SAMCLOUD01.samandar.be) [185.2.54.141] P=esmtpa A=login:[email protected] S=135997 T="ETM - Transportopdracht 193687"
2019-12-10 09:41:07 H=howel-nl.mail.protection.outlook.com [104.47.6.36] Broken pipe
2019-12-10 09:41:07 H=howel-nl.mail.protection.outlook.com [104.47.4.36] Broken pipe
2019-12-10 09:41:07 H=aspmx.l.google.com [172.217.218.27] Broken pipe
2019-12-10 09:41:07 H=alt1.aspmx.l.google.com [172.253.118.27] Broken pipe
2019-12-10 09:41:07 H=alt2.aspmx.l.google.com [108.177.97.27] Broken pipe
2019-12-10 09:41:07 H=aspmx2.googlemail.com [172.253.118.26] Broken pipe
2019-12-10 09:41:07 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe
2019-12-10 09:41:07 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe
2019-12-10 09:42:37 H=howel-nl.mail.protection.outlook.com [104.47.4.36] Broken pipe
2019-12-10 09:42:37 H=howel-nl.mail.protection.outlook.com [104.47.5.36] Broken pipe
2019-12-10 09:42:37 H=aspmx.l.google.com [172.217.218.27] Broken pipe
2019-12-10 09:42:37 H=alt1.aspmx.l.google.com [172.253.118.27] Broken pipe
2019-12-10 09:42:37 H=alt2.aspmx.l.google.com [108.177.97.27] Broken pipe
2019-12-10 09:42:37 H=aspmx2.googlemail.com [172.253.118.26] Broken pipe
2019-12-10 09:42:37 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe
2019-12-10 09:42:37 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe


EDIT: support of my host has downgraded to Exim 4.92 which solved the problem.
Waiting for info about how this problem can be solved so I can upgrade again to 4.93
 
Last edited:
Hi.
After Upgrade from 4.92 to 4.93 we have many SPF fails.
"550-Please see http://www.open-spf.org"

ALL Sender Server has SPFs.
Settings like "mx"
If the sender has only one MX everything is ok and the mail will delivered.
Has the sender 2 or more mx and send over the different mx so exim make fails and block with
"SPF: IP is not allowed to send mail from "domain" Please see http://www.open-spf.org/Why?

Perhaps a bug ?
 
did you try? wondering if it’s needed.
Code:
./build exim_conf
 
On FreeBSD 11.3 I got this issue after building Exim:

Code:
...
Exim 4.93 Installed.
Restarting exim.
Shutting down exim:     [ OK ]
Starting exim:          [ OK ]
Downloading             s-nail-14.9.15.tar.gz...
/usr/local/directadmin/custombuild/s-nail-14.9        1011 kB 1348 kBps    01s
Found /usr/local/directadmin/custombuild/s-nail-14.9.15.tar.gz
Extracting ...
Done.
Making s-nail...
LC_ALL=C: Command not found.
export: Command not found.
if: Expression Syntax.
then: Command not found.
*** Error code 1

Stop.

make: stopped in /usr/local/directadmin/custombuild/s-nail-14.9.15

looks like s-nail. Wonder could it be that
 
Hi.
After Upgrade from 4.92 to 4.93 we have many SPF fails.
"550-Please see http://www.open-spf.org"

ALL Sender Server has SPFs.
Settings like "mx"
If the sender has only one MX everything is ok and the mail will delivered.
Has the sender 2 or more mx and send over the different mx so exim make fails and block with
"SPF: IP is not allowed to send mail from "domain" Please see http://www.open-spf.org/Why?

Perhaps a bug ?

Maybe this can be the cause?

https://git.exim.org/exim.git/blob_...de2105bb3790c6135914c62:/doc/doc-txt/NewStuff point 10:
10. The spf lookup now supports IPv6.
 
SPF: Also confirm that exim is compiled with SPF support, eg:
Code:
 exim -bV | grep 'Support for:'
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR SPF Experimental_SRS
looking for SPF in the output.

Just tested again, and incoming SPF checks are working on our live test box.
Not too sure how the IPv6 would be affecting it, but you can manually test the lookup with:
Code:
dig TXT domain.com
to see what it shows. It should contain either the ipv4 or ipv6 in question.. but if it shows "a" or "mx" or "include", then you'd do lookups on those values.. so "a" would be
Code:
dig A domain.com
and MX would be:
Code:
dig MX domain.com
followed by the lookup on the MX result. Also try "dig AAAA domain.com" lookups on the values to see if it works.. wondering if something weird setup with the domains TXT spf regarding AAAA only shows itself now that exim is working? I'm not too sure.

s-nail: I Believe this is the basic "mail" command the some CB scripts use to send notices, like the daily update notices, when available. Pretty sure it's not critical for exim to operate, but I'll look into why it's having compile issues on FreeBSD.

John
 
Still got problem with SPF with CB2 rev 2315. What I did is send an email to "[email protected]25.com" which is the email testing service. It will normally email back the result. With this update, no result comes back. But if I downgrade to 4.92, this work fine.

Log is below :

2019-12-11 08:44:37 SPFCheck: 34.209.113.130 is not allowed to send mail from verifier.port25.com: Please see http://www.open-spf.org/Why?id=auth...25.com&ip=34.209.113.130&receiver=xxx.xxx.com : Reason: mechanism
2019-12-11 08:44:37 H=verifier.port25.com [34.209.113.130] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<[email protected]25.com> rejected RCPT <[email protected]>: SPF: 34.209.113.130 is not allowed to send mail from verifier.port25.com: Please see http://www.open-spf.org/Why?id=auth...25.com&ip=34.209.113.130&receiver=xxx.xxx.com : Reason: mechanism
 
Still got problem with SPF with CB2 rev 2315. What I did is send an email to "[email protected]25.com" which is the email testing service. It will normally email back the result. With this update, no result comes back. But if I downgrade to 4.92, this work fine.

Log is below :

2019-12-11 08:44:37 SPFCheck: 34.209.113.130 is not allowed to send mail from verifier.port25.com: Please see http://www.open-spf.org/[email protected]&ip=34.209.113.130&receiver=xxx.xxx.com : Reason: mechanism
2019-12-11 08:44:37 H=verifier.port25.com [34.209.113.130] X=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no F=<[email protected]25.com> rejected RCPT <[email protected]>: SPF: 34.209.113.130 is not allowed to send mail from verifier.port25.com: Please see http://www.open-spf.org/[email protected]&ip=34.209.113.130&receiver=xxx.xxx.com : Reason: mechanism

The same symtoms we had here with the 4.93 Exim version. With the Exim 4.92 everything works again.

For several customers who had 2 or more MX, it looked like only the last MX was detected. The other two reported the IP xxxx is not allowed to send mail from "domain name" Please see http://www.open-spf.org
 
I have done this update but mails keep stuck in the queue.

All mails are showing these errors:

Code:
2019-12-10 09:41:06 Received from [email protected] H=(SAMCLOUD01.samandar.be) [185.2.54.141] P=esmtpa A=login:[email protected] S=135997 T="ETM - Transportopdracht 193687"
2019-12-10 09:41:07 H=howel-nl.mail.protection.outlook.com [104.47.6.36] Broken pipe
2019-12-10 09:41:07 H=howel-nl.mail.protection.outlook.com [104.47.4.36] Broken pipe
2019-12-10 09:41:07 H=aspmx.l.google.com [172.217.218.27] Broken pipe
2019-12-10 09:41:07 H=alt1.aspmx.l.google.com [172.253.118.27] Broken pipe
2019-12-10 09:41:07 H=alt2.aspmx.l.google.com [108.177.97.27] Broken pipe
2019-12-10 09:41:07 H=aspmx2.googlemail.com [172.253.118.26] Broken pipe
2019-12-10 09:41:07 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe
2019-12-10 09:41:07 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe
2019-12-10 09:42:37 H=howel-nl.mail.protection.outlook.com [104.47.4.36] Broken pipe
2019-12-10 09:42:37 H=howel-nl.mail.protection.outlook.com [104.47.5.36] Broken pipe
2019-12-10 09:42:37 H=aspmx.l.google.com [172.217.218.27] Broken pipe
2019-12-10 09:42:37 H=alt1.aspmx.l.google.com [172.253.118.27] Broken pipe
2019-12-10 09:42:37 H=alt2.aspmx.l.google.com [108.177.97.27] Broken pipe
2019-12-10 09:42:37 H=aspmx2.googlemail.com [172.253.118.26] Broken pipe
2019-12-10 09:42:37 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe
2019-12-10 09:42:37 [email protected] R=lookuphost T=remote_smtp defer (32): Broken pipe


EDIT: support of my host has downgraded to Exim 4.92 which solved the problem.
Waiting for info about how this problem can be solved so I can upgrade again to 4.93

Same issue here, we are downgrading to exim 4.92 on the affected systems.

Any fix for these issues?
 
The same symtoms we had here with the 4.93 Exim version. With the Exim 4.92 everything works again.

Can confirm Marwen using the same [email protected]25.com service. I get the IPv6 ip error. SPF settings of verifier.port25.com seem to be ok?

Logfile:
Code:
2019-12-11 10:26:18 SPFCheck: 2600:1f14:a73:9b01:d769:5be1:de28:5251 is not allowed to send mail from verifier.port25.com: Please see http://www.open-spf.org/Why?id=auth-results%40verifier.port25.com&ip=2600%3a1f14%3aa73%3a9b01%3ad769%3a5be1%3ade28%3a5251&receiver=<snip> : Reason: mechanism

Code:
$ dig +short txt verifier.port25.com
"v=spf1 a -all"

$ dig +short a verifier.port25.com
34.209.113.130

$ dig +short aaaa verifier.port25.com
2600:1f14:a73:9b01:d769:5be1:de28:5251

Downgrading to exim 4.92 does not generate this error.
 
For me there is the same issue with email messages being rejected by SPF mechanism. After downgrading do 4.92 issue is resolved, but it is no real solution.
 
SPF: Also confirm that exim is compiled with SPF support, eg:
Code:
 exim -bV | grep 'Support for:'
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR SPF Experimental_SRS
looking for SPF in the output.

John

I've got:
Apache config:
]# exim -bV | grep 'Support for:'
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open Experimental_SRS
2019-12-12 16:03:34 cwd=/root 2 args: exim -bV

No SPF support!
My system:
Centos 7.7.1908
CB 2317

exim -bV
Exim version 4.92.3 #5 built 05-Oct-2019 22:39:59
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq IPv6 Perl OpenSSL move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PRDR TCP_Fast_Open Experimental_SRS
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
2019-12-12 16:38:47 cwd=/etc 2 args: exim -bV
Configuration file is /etc/exim.conf

Do I need to do/fix something? I have no mail que or 550 messages.

Edit: As I am reading my own post I am surprised to see I have exim 4.92. I followed the build instructions in the opening post to the letter a couple of days earlier.
 
Last edited:
Back
Top