Custom Exim and Dovecot settings not working

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hello,

Hello
I am trying to set custom settings to Exim and Dovecot.

EXIM
In this guide https://help.directadmin.com/item.php?id=576

It says to use /etc/exim.variables.conf.custom
And we can read “ They can be values that already exist in /etc/exim.variables.conf.default, or extra variables from the top section of the /etc/exim.conf. “

In this guide : https://help.directadmin.com/item.php?id=51
If we follow this guide that seems to be for CB 2.0 it says:

Custom exim.conf override
With CustomBulid 2.0 revision 1995+, you'll be able to add a custom exim.conf to this location to have any custom changes saved, and copied over to the /etc/exim.conf: “

And we must use /usr/local/directadmin/custombuild/custom/exim/exim.conf
So I add some settings in /custom/exim/exim.variables.conf.custom

cat /usr/local/directadmin/custombuild/custom/exim/exim.variables.conf.custom
openssl_options=+no_sslv2 +no_sslv3
tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
daemon_smtp_ports=25 : 587 : 465
tls_on_connect_ports=465
disable_ipv6=true
message_size_limit=20M

/etc/exim.variables.conf.custom is empty

./build exim_conf
Enabling BlockCracking...
BlockCracking is now enabled.
2019-11-20 08:54:34 cwd=/usr/local/directadmin/custombuild 2 args: /usr/sbin/exim --version
2019-11-20 08:54:34 cwd=/usr/local/directadmin/custombuild 2 args: /usr/sbin/exim --version
Enabling Easy Spam Fighter...
Easy Spam Fighter is now enabled.
Enabling Rspamd Config...
Rspamd config is now enabled.
Restarting exim.

/etc/exim.variables.conf.custom still empty
/etc/exim.variables.conf no changes here

I also do not see any changes in /etc/exim.conf

Why do I get this line duplicated
"2019-11-20 08:54:34 cwd=/usr/local/directadmin/custombuild 2 args: /usr/sbin/exim --version#

Where does DA apply the /custom/exim/exim.variables.conf.custom settings after ./build exim_conf ?
Is there a guide updated custom settings for Exim, Dovecot, phpMyAdmin ?

DOVECOT

I just found this guide with custom setting for SSL.

So we need to use custom/dovecot/conf/ssl.conf for custom Dovecot SSL settings.

What about dovecot.conf custom settings, is there a way to create custom settings under /usr/local/directadmin/custombuild/custom/dovecot

Is there a guide to do custom Dovecot settings not just SSL ?

Can we use custom settings for roundcube ?

I was expecting to see a guide that talk about alll available custom settings in DA.

It seems hard to learn how DA is doing with custom settings.

Anyone can help me with this?

Thanks
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hi,

In /etc/exim.variables.conf.custom I get errors after ./build exim_conf

Exim configuration error in line 5 of /etc/exim.variables.conf:
main option "server_advertise_condition" unknown
Exim configuration error in line 5 of /etc/exim.variables.conf:
main option "client_condition" unknown

Where should I set this options ?
### skip plain text authenticators when the connection is not encrypted
client_condition = ${if !eq{$tls_out_cipher}{}}

### restrict the advertisement of a particular mechanism to encrypted connections
server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}

###You can insist that any client that uses the AUTH command for authentication must start a TLS session first, by setting auth_over_tls_hosts. For example,
auth_over_tls_hosts = *
 

mxroute

Verified User
Joined
Sep 24, 2019
Messages
9
Hope I can be of a little help, if not completely.

cat /usr/local/directadmin/custombuild/custom/exim/exim.variables.conf.custom
You're right in this guide ( https://help.directadmin.com/item.php?id=51 ) it clearly indicates that one can even go as far as to have a custom exim.conf by placing the file here:

/usr/local/directadmin/custombuild/custom/exim/exim.conf

However this does not work. I asked on the forum about customizing exim.conf before and only received the suggestion to make the file immutable. So we can assume that this documentation is out of date and that the custombuild/custom/{service} folder structure is no longer a valid method of altering defaults, even for the custom variables file you are trying to write. Hopefully the devs will update that.

The correct method for the variables will in fact be just writing /etc/exim.variables.conf.custom, as this is not overwritten by rebuilding exim config. After you write that file you can do the "build exim_conf" and it'll write your changes into /etc/exim.variables.conf.

For dovecot.conf you'll find the same, any edits you make to it will have to be reapplied on a conf rebuild, there seems to be no way around this other than a chattr +i, though I'm not sure if that'll just error out conf rebuilds and perhaps break any of their other write jobs that would occur after.

My advice is start an internal wiki of the changes you've made so you remember them for further deployments.

main option "server_advertise_condition" unknown
I believe this to be because exim.variables.conf.custom is included near the top of the file and the variable server_advertise_condition is not a generic exim variable, rather it is part of an authenticator. Those are the sections under "begin authenticators" in exim.conf.

The level of customization you're wanting here may simply require you to make edits to the main conf files and accept that they'll be overwritten on rebuilds, unless you're willing to try the immutable file suggestion I was given (I'm not, I'll reapply mine on updates).
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Hi mxroute,

Unfortunately I lose some time trying to understand the way DA works with this custom settings in the actual version, DA guides do not help and sometimes just make confusions. I think that DirectaAdmin should offer better and updated guides.
DA should inform users that most of this guides are outdated and advice to follow the standard.
If they offer custom settings for web servers why do not do it also for all basic services ?!
Thanks
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,342
Location
LT, EU
We're working on updates documentation. Regarding custom/exim/exim.conf - it makes no sense with eximconf=yes set in the options.conf file. I mean it'd try updating exim configuration, but it couldn't, because of the overwrite. I'd suggest turning eximconf=no if you don't want exim configuration to be updated/overwritten. If you like to customize a specific place - you could name it here, and we could check if an easier way to customize just that part could be provided.

exim.variables.conf.custom should be filled at /etc/exim.variables.conf.custom, when you've done the overwrites, just execute "./build exim_conf" and it'll apply those changes to exim.variables.conf.

The custom/ system in CustomBuild is pretty simple. For example, you need to customize dovecot configuration file, just find it in /usr/local/directadmin/custombuild/configure, copy it to the same place just with "configure" replaced with "custom" in the path (/usr/local/directadmin/custombuild/custom) and next time you run configuration update (for example "./build dovecot_conf") - it'll use configuration file from custom/.

Please let me know if there are more questions on this and sorry for any confusion :)

Thank you!
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
Thanks Martynas but I am a bit confused with the custom/exim/exim.conf.
Let´s say that I way to use settings like these:

daemon_smtp_ports = 25 : 465 : 587
tls_on_connect_ports = 465 : 587

auth_over_tls_hosts = *
tls_advertise_hosts = *
client_condition = ${if !eq{$tls_out_cipher}{}}
server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
auth_advertise_hosts = localhost : ${if eq{$tls_cipher}{}{nope}{*}}
auth_advertise_hosts = ${if or { {eq {$received_port}{465}} {eq {$received_port}{587}} } {*}{}}

I think the best way is to use custom/exim/exim.conf and as you told I should set eximconf=no in options.conf followed by ./build exim_conf to update /etc/exim.conf. Is this correct ?

So I just need to set ./directadmin set eximconf no

How does eximconf=no affect the ./build exim_conf ?

So as I can see ./build exim_conf do not look for custom/exim/exim.variables.conf.custom it just look for /etc/exim.variables.conf.custom I thought the ideia was to have all custom settings under custom/exim/*.

Thanks
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,342
Location
LT, EU
If you set eximconf=no it means you do not want to receive any updates to exim.conf, so, "./build exim_conf" would just do nothing :) And your file would never be overwritten.

exim.variables.conf.custom is just for new/modified settings, it shouldn't be a copy of exim.variables.conf. For example, you want:
tls_on_connect_ports=465 : 587

You just edit /etc/exim.variables.conf.custom, add that line, and do "./build exim_conf" after. That's it.
 

crenet

Verified User
Joined
Sep 23, 2019
Messages
92
As you say there is no way to live eximconf=yes to receive new updates and force/custom this
server_advertise_condition = ${if eq{$tls_in_cipher}{}{no}{yes}}
Because this belong to /etc/exim.conf and not to /etc/exim.variables.conf.custom
Custom exim settings are not available in /usr/local/directadmin/custombuild/configure.
I see that this custom settings are limited to what is in /exim.variables.conf otherwise we need to set eximconf=no.

Thanks
 
Last edited:

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
8,931
Looking at the current /etc/exim.conf 4.5.18, I'm not seeing server_advertise_condition listed.
This should mean you can just add it to your exim.variables.conf.custom, ./build eximconf, and be on your way with the desired setting.

Let me know if I'm missing something here :)

John
 
Top