Exim 4.92

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
I've updated my post, as it was missing a couple of steps. Please try again.
I see access now... But, if someone runs the set_permissions.sh, all files will change back to diradmin

Will have to wait until early tomorrow morning to see if 4.92 works, one client really got annoyed when nothing worked. Not that I blame them.
 
Last edited:

zEitEr

Super Moderator
Joined
Apr 11, 2005
Messages
13,902
Location
GMT +7.00
That's not correct. If the option secure_access_group= is set in directadmin.conf, then access group is used:


Code:
        SAC=`/usr/local/directadmin/directadmin c |grep '^secure_access_group=' | cut -d= -f2`
        if [ "${SAC}" = "" ]; then
                SAC=diradmin
 

Peter Laws

Verified User
Joined
Sep 13, 2008
Messages
1,747
Location
London UK
I think this is working now, tried sending from a gmail address to a non-existent address on the server, and it connected to TLS1.2 then bounced back correctly........ I'll monitor it for 24 hours and report back.

So, my question is this, is secure_access_group important on certs for Exim 4.92 now? :confused:
 

ClayRabbit

Verified User
Joined
Jan 3, 2004
Messages
260
Location
Russia
It's different issues but they are related. As I can understand, without secure_access_group Exim SNI does not work at all because of incorrect permissions, but this was not a problem so far, because before version 4.92 Exim just falls back to the main certificate in this case.
 
Last edited:

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
8,932
Hi guys,

I'm treating this like a bug:
https://www.directadmin.com/features.php?id=2391

Fixed in 1.57.2 (or now with pre-release binaries compiled June 21st). The set_permissions.sh will always set 640 diradmin:mail now, so this will sort it with the June 21st script:
./set_permissions.sh da_files

The oversight was that mail_sni is always enabled by default for new installs now, and secure_access_group has been enabled by default for a long time,
but case where mail_sni being on, and secure_access_group not being on was not considered.

Should be ok now, after permissions get reset.

I'm a bit confused how it was working before if exim wasn't able to read them though..
Either way, glad this has been tracked down with a solution.

Let us know if anyone still runs into this after resetting the cert/key permissions.

John
 

domu

Verified User
Joined
Jul 22, 2003
Messages
17
Any conclusive TLDR with the set of the correct steps to get upgraded to 4.92 without much pain, please ?
 
Last edited:

domu

Verified User
Joined
Jul 22, 2003
Messages
17
OK, so if
# exim -bV
shows exim version below 4.92, and
# /usr/local/directadmin/directadmin c | grep '^secure_access_group='
gives
secure_access_group=access
all you do is:
# cd /usr/local/directadmin/custombuild
# ./build update
# ./build set exim yes
# ./build exim

Worked for me. Thanks.
 
Top