In Progress [CPANEL-17032] Exim Configuration Manager - conflicting values in Basic and Advanced Editor

coursevector

Well-Known Member
Feb 23, 2015
77
5
8
cPanel Access Level
Root Administrator
I ran into a strange issue today and wanted to know if this is a bug in how cPanel handles Exim's configuration.

I had ServerA, setup in summer of 2018. It was later configured from the default of "+no_sslv2 +no_sslv3" to "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1". Everything seemed smooth sailing after that.

Then in spring of 2019, we spun up ServerB and migrated a site from ServerA. ServerB is brand new, so it's default was already "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1", so I thought this should cause no issues. Until an old Xerox could no longer email scans. Long story short, my changes on ServerA never actually applied and I'll explain what I think is the cause below.

Based on cPanel's documentation , if you make changes for the first time to Exim it will generate a exim.conf.local file of the original defaults. Then save your actual changes to exim.conf.localopts. It will then run a script to process both and generate the final exim.conf file. When I configured Server A in October 2018, it generated exim.conf.local with:
"openssl_options = +no_sslv2 +no_sslv3". It then saved my changes to exim.conf.localopts with:
"openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1".
But after exim.conf was generated, the final setting still only had "+no_sslv2 +no_sslv3" being applied. Which after reading the documentation makes sense as "/etc/exim.conf.local file is Exim’s override file". So no matter how many times I saved my changes, it would not apply them to exim.conf. I never realized this occurred until switching servers. Even checking the Exim's Basic Editor, shows my intended settings.

So my question, is this a bug in how cPanel processes the Exim changes? Why is exim.conf.local an override file if it stores (sometimes) dated defaults that cannot be overridden?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello @coursevector,

There's actually an internal case open to address this behavior. Case CPANEL-17032 is open to address an issue where it's possible to save different values for the same Exim configuration option (using both /etc/exim.conf.local and /etc/exim.conf.localopts). This can lead to a scenario where the values you saved for an option in WHM >> Exim Configuration Manager >> Basic Editor isn't actually enabled because the value for that option in /etc/exim.conf.local is not automatically updated to reflect the change.

I'll monitor this case and update this thread with more information on it's status as it becomes available. In the meantime, the specific workaround for the openssl_options setting is to update the value using both WHM >> Exim Configuration Manager >> Basic Editor and WHM >> Exim Configuration Manager >> Advanced Editor.

Thank you.