Are you still on Exim 4.93 and using DKIM? Might be time to upgrade.

K

Kal

Verified User
Joined
Nov 18, 2019
Messages
135
Location
Australia
I just realised that DKIM has been failing for some time. (That'll teach me not to ignore those Google DMARC reports!) Since SPF is still passing, DMARC generally overlooks it, but forwarded email gets a double-fail, and that is a big problem.

So I looked into it. DKIM headers were not getting added at all, even though DKIM is enabled and set up correctly. The problem, unsurprisingly perhaps, was Exim.

Like a lot of people, I had never-ending problems with Exim 4.94, and the only reliable solution was to downgrade to 4.93.0.4. I made sure I had the correct config versions too, and dutifully set up custom versions to make sure Custom Build didn't overwrite them with newer versions. This was my custom_versions.txt file:

Code: 
exim:4.93.0.4:
exim_conf_45:4.5.23:
exim_dkim_conf:1.5:

And everything worked fine… or so I thought. It turns out that DirectAdmin ignored that last line and did overwrite the /etc/exim.dkim.conf file at some stage, updating it to version 1.6, and I suspect that's what broke DKIM.

Things are even worse now. If you rebuild exim or exim_conf, you'll see this line in the output:

Code: 
Selecting exim.conf 4.5.24 automatically, as older versions are not supported with exim 4.94 and newer.

This, even though my exim version is still on 4.93.0.4! And that breaks everything.

But lo and behold, what is this…? The Exim team have finally updated poor old Exim 4.94 (released on 1 Jun 2020) to 4.94.1 and now 4.94.2 as of April 30! 🤯 I thought it would never happen. At least one other DA user reports good things. I've only just installed it, and DKIM is up and working again!

Only time will tell if 4.94.2 has dispelled the demons of 4.94, but with DirectAdmin making it so hard to stay on 4.93, I think it's time to run with it.

🤞🙏
 
Kal said:
Only time will tell if 4.94.2 has dispelled the demons of 4.94, but with DirectAdmin making it so hard to stay on 4.93, I think it's time to run with it.
Click to expand...
honestly everything < exim 4.94.2 is vulnrable to the 21 nails exploit, don't recommend running old versions anyways.
 
 
yeah true, I helped a friend of mine a while back with a similar issue, though I had no issues at all on my own box.
cause in that case was not DA but CloudLinux, funny enough.
 
Well you call 4.94.2 a fix, but fact is most of us didn't have any issues with the 4.94 release.

So I'm glad to see all is working now for all the people who had this issue. But I'm just thinking if it wouldn't have been better for Exim to investigate why this only happens on some systems, not on all systems.
What is the difference between for example 2 Centos 7 systems, where 1 has the issue and the other does not.

Because the cause of that might help to prevent a similar issue in the future.
 
Thanks Kal. Your suggestion saved my production servers. I have around 20 VPS's. 18 of them would not be able to support Exim 4.94 and I was still on 4.93 for the same reason as you
 
patrickkasie said:
Thanks Kal. Your suggestion saved my production servers. I have around 20 VPS's. 18 of them would not be able to support Exim 4.94 and I was still on 4.93 for the same reason as you
Click to expand...
No worries! So glad it helped.

Over three months on, I haven't had a single problem since upgrading to 4.94.2.
 
You must log in or register to reply here.
Back
Top