Correct Permissions for /etc/localdomains ?

[mikelegg]

The exim panic log on one of my servers contains hundreds of these entries ...

2011-02-03 11:31:56 1Pko3A-00031m-9Z Error in system filter: failed to expand "${lookup{${extract{2}{@}{$recipients}}}lsearch{/etc/localdomains}{yes}{no}}" in filter file: failed to open /etc/localdomains for linear search: Permission denied (euid=510 egid=512)

The only way to prevent this is to change the permissions on /etc/localdomains to 644.

But cPanel keeps changing it back to 640 which I believe is all it should really require, but this causes the problem to re-occur.

The permissions are currently ... -rw-r--r-- 1 root mail 8476 Feb 2 22:26 localdomains

But soon it will revert to -rw-r----- 1 root mail 8476 Feb 2 22:26 localdomains

This causes the queue to fill with undeliverable mail.

Has anyone else ever encountered this before?

 

[cPanelTristan]

Hello,

Do you have any idea what email is triggering the error? You might try running /scripts/eximup --force to see if that corrects the issue, but it's likely some email is invalidly triggering the message. You should be able to check the message ID (1Pko3A-00031m-9Z in the provided example) to see what is happening with that email:

exigrep 1Pko3A-00031m-9Z /var/log/exim_mainlog

Thanks.

 

[mikelegg]

Hi Tristan

Every entry in the log has a different message ID, it's not just related to a single message.

 

[cPanelTristan]

Hello,

I didn't believe it was related to a single message, but to a set type of message. Have you reviewed the logs as indicated to see if the same type of scenario is causing this such as sending to a non-existent address causing a bounce back to the main hostname account on the server (for a failure of some sort). The idea is that it is being triggered by a set situation, which can only be determined by checking exim_mainlog for a few message IDs to see what is happening with those messages.

Thanks.

 

[mikelegg]

Sorry, I see what you mean now.

I'll check it out.

 

[mikelegg]

I checked 4 messages from different dates/times and they were all bounce messages, from remote servers to local addresses.

2011-02-03 11:31:56 1Pko3A-00031m-9Z <= <> R=1Pko38-00031C-4j U=mailnull P=local S=2415 T="Mail delivery failed: returning message to sender" for [email protected]

2011-02-03 11:31:02 1Pko2I-0002ve-RE <= <> R=1Pko2G-0002ut-3s U=mailnull P=local S=2234 T="Mail delivery failed: returning message to sender" for [email protected]

2011-02-02 11:56:57 1PkRxp-0000lp-ME <= <> H=titan.sslserver.net.au [118.127.52.72] P=esmtps X=TLSv1:AES256-SHA:256 S=6279 [email protected] T="Delivery Status Notification (Failure)" for [email protected]

2011-02-03 08:33:07 1PklG7-0000hx-Qq <= <> H=mx02.appspoint.com.au (mx01.appspoint.com.au) [118.102.106.36] P=esmtps X=TLSv1:RC4-MD5:128 S=8407 id=ebd1603e-7967-4d68-a8db-0e2e939c12f4 T="Undeliverable: Vacancy - apply online" for [email protected]

So it looks like it is related to a single type of message.

I think I know the cause of the problem now, I recently asked my sys admins to see what we could do about backscatter on that server and the changes they made may have affected inbound bounce messages as well as outgoing bounce messages.

I'll get them to reverse the changes made and see if that helps.

Thanks Tristan.

 

[mikelegg]

The sys admins say that the recent change wouldn't have caused this problem.

So we're going to try /scripts/eximup --force

 

[mikelegg]

/scripts/eximup --force hasn't fixed the problem.

The other thing that has changed recently is we started using "Send outgoing mail from the IP that matches the domain name in /etc/mailips" so perhaps this is the cause of the problem.

I think I'll lodge a support ticket.

 

[cPanelTristan]

Once you've opened the support ticket, please post the ticket number here if you are willing to do that. I think a support ticket would be helpful so we can log into the system to review the settings.

 

[mikelegg]

Hi Tristan

I lodged the ticket and Matt got me to reset the exim configuration to default (Main >> Service Configuration >> Exim Configuration Editor > Advanced > Reset all configs to default.)

This fixed the problem.

 

[cPanelTristan]

Did this change end up unselecting "Send outgoing mail from the IP that matches the domain name in /etc/mailips" as an option? I'm just curious.

 

[mikelegg]

Did this change end up unselecting "Send outgoing mail from the IP that matches the domain name in /etc/mailips" as an option? I'm just curious.

Interestingly, it didn't!

So I'm not sure what exactly got set to default.