Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

In Progress [CPANEL-17032] Exim Configuration Manager - conflicting values in Basic and Advanced Editor

Discussion in 'E-mail Discussion' started by coursevector, Apr 23, 2019.

  1. coursevector

    coursevector Well-Known Member

    Joined:
    Feb 23, 2015
    Messages:
    72
    Likes Received:
    5
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    I ran into a strange issue today and wanted to know if this is a bug in how cPanel handles Exim's configuration.

    I had ServerA, setup in summer of 2018. It was later configured from the default of "+no_sslv2 +no_sslv3" to "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1". Everything seemed smooth sailing after that.

    Then in spring of 2019, we spun up ServerB and migrated a site from ServerA. ServerB is brand new, so it's default was already "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1", so I thought this should cause no issues. Until an old Xerox could no longer email scans. Long story short, my changes on ServerA never actually applied and I'll explain what I think is the cause below.

    Based on cPanel's documentation , if you make changes for the first time to Exim it will generate a exim.conf.local file of the original defaults. Then save your actual changes to exim.conf.localopts. It will then run a script to process both and generate the final exim.conf file. When I configured Server A in October 2018, it generated exim.conf.local with:
    "openssl_options = +no_sslv2 +no_sslv3". It then saved my changes to exim.conf.localopts with:
    "openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1".
    But after exim.conf was generated, the final setting still only had "+no_sslv2 +no_sslv3" being applied. Which after reading the documentation makes sense as "/etc/exim.conf.local file is Exim’s override file". So no matter how many times I saved my changes, it would not apply them to exim.conf. I never realized this occurred until switching servers. Even checking the Exim's Basic Editor, shows my intended settings.

    So my question, is this a bug in how cPanel processes the Exim changes? Why is exim.conf.local an override file if it stores (sometimes) dated defaults that cannot be overridden?
     
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,272
    Likes Received:
    2,154
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @coursevector,

    There's actually an internal case open to address this behavior. Case CPANEL-17032 is open to address an issue where it's possible to save different values for the same Exim configuration option (using both /etc/exim.conf.local and /etc/exim.conf.localopts). This can lead to a scenario where the values you saved for an option in WHM >> Exim Configuration Manager >> Basic Editor isn't actually enabled because the value for that option in /etc/exim.conf.local is not automatically updated to reflect the change.

    I'll monitor this case and update this thread with more information on it's status as it becomes available. In the meantime, the specific workaround for the openssl_options setting is to update the value using both WHM >> Exim Configuration Manager >> Basic Editor and WHM >> Exim Configuration Manager >> Advanced Editor.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. coursevector

    coursevector Well-Known Member

    Joined:
    Feb 23, 2015
    Messages:
    72
    Likes Received:
    5
    Trophy Points:
    8
    cPanel Access Level:
    Root Administrator
    Excellent, thank you
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice