[SOLVED ]problem after upgrade exim

[urgido]

Hi

After upgrade to the latest exim update I got the following error on all my servers:
Redirecting to /bin/systemctl status exim.service
● exim.service - Exim Mail Transport Agent
Loaded: loaded (/etc/systemd/system/exim.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sun 2024-07-14 18:20:15 CST; 17s ago
Process: 706406 ExecStart=/usr/sbin/exim -bd -q${QUEUE} (code=exited, status=1/FAILURE)
Main PID: 706406 (code=exited, status=1/FAILURE)

jul 14 18:20:14 suite.tuhost.cloud systemd[1]: Started Exim Mail Transport Agent.
jul 14 18:20:15 suite.tuhost.cloud exim[706413]: 2024-07-14 18:20:15 expansion of tls_require_ciphers failed: $ not followed by letter, digit, or {
jul 14 18:20:15 suite.tuhost.cloud exim[706413]: 2024-07-14 18:20:15 Exim configuration error:
jul 14 18:20:15 suite.tuhost.cloud exim[706413]: tls_require_ciphers invalid: failed to expand tls_require_ciphers
jul 14 18:20:15 suite.tuhost.cloud systemd[1]: exim.service: Main process exited, code=exited, status=1/FAILURE
jul 14 18:20:15 suite.tuhost.cloud systemd[1]: exim.service: Failed with result 'exit-code'.

/etc/exim.variables.conf.custom

daemon_smtp_ports=25 : 587 : 465
tls_on_connect_ports=465
disable_ipv6=false
message_size_limit=50M
smtp_receive_timeout=5m
smtp_accept_max=100
message_body_visible=3000
print_topbitchars=true
recipients_max=150
smtp_accept_queue_per_connection=0
smtp_accept_max_per_connection=100
deliver_queue_load_max=10.0
queue_only_load=100.0
queue_run_max=5
ignore_bounce_errors_after=2d
timeout_frozen_after=3d
trusted_users=mail:majordomo:diradmin
split_spool_directory=yes
keep_environment=PWD:HOME
tls_certificate=${if exists{/etc/virtual/snidomains}{${lookup{$tls_in_sni}nwildlsearch{/etc/virtual/snidomains}{${if exists{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$va$
tls_privatekey=${if exists{/etc/virtual/snidomains}{${lookup{$tls_in_sni}nwildlsearch{/etc/virtual/snidomains}{${if exists{/usr/local/directadmin/data/users/${extract{1}{:}{$value}}/domains/${extract{2}{:}{$val$
openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1
tls_require_ciphers = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES256$
hostlist relay_hosts=
chunking_advertise_hosts=+proxy_hosts_ip
tls_dhparam = /etc/exim_dh.pem
tls_dh_max_bits = 4096

I have set ssl_configuration old allowing TLS 1.1 because of some inexperts users. I follow this guide: https://forum.directadmin.com/threa...tls-1-1-and-older-for-exim-and-dovecot.60422/

Service still down.
Can somebody has same issue or guide me how I can fix it?
Thanks

 

[urgido]

Searching in the forums I found the following suggestion that works for me:
tls_require_ciphers=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-RSA-AES256-SHA256:AES128-SHA:AES256-SHAES-CBC3-SHA:!DSS


Can somebody tell me if this solution is ok or am I doing something wrong?
Thanks!

 

[urgido]

ON thunderbid I got:
Sending of the message failed.
An error occurred while sending mail: Outgoing server (SMTP) error. The server responded: TLS currently unavailable.

 

[urgido]

Also tried but fails too:

openssl_options=+no_sslv2 +no_sslv3
tls_require_ciphers=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305HE-RSA-AES256-GCM-SHA384HE-RSA-AES128-GCM-SHA256HE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHAHE-RSA-AES128-SHA256HE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHAES-CBC3-SHA

 

[urgido]

SOLUTION:
My mistake
Malformed /etc/exim.variables.conf.custom so, I fix it and all works again!