Exim won't start

[bryancs]

My last exim_mainlog shows:

[email][email protected][/email] [~]# tail /var/log/exim_mainlog -f
2014-06-24 20:13:40 1Wvu1Z-0008Lo-U9 re-exec of exim (/usr/sbin/exim) with -Mc failed: Permission denied

My exim status:

[email][email protected][/email] [~]# service exim status
exim dead but subsys locked

Starting exim results the following error:

[email][email protected][/email] [~]# service exim start
Starting exim: /bin/bash: /usr/sbin/exim: Permission denied
                                                           [FAILED]
0 processes (antirelayd) sent signal 9

Restarting on the WHM also failed.

Upon checking /usr/sbin/exim, I got the following permissions:

[email][email protected][/email][/email] [~]# ll /usr/sbin/exim
---------- 1 root root 1.2M Feb  6 22:42 /usr/sbin/exim

And doing a chmod results in an operation not permitted.
To add also, this server was reported to be attacking other sites using WP exactly on the same date on exim's last logs. I'm not sure if the two are related.
How can I get my exim up and running again?

 

[cPanelMichael]

Hello

The permissions on /usr/sbin/exim should be 4755. Is this a VPS? Is it possible your hosting provider or system administrator disabled Exim on purpose after the abuse report you referenced? Check to see if it's set to immutable:

lsattr /usr/sbin/exim

Thank you.

 

[bryancs]

Hi Michael!

Thanks for the reply.
Running lsattr results the following:

[email protected] [~]# lsattr /usr/sbin/exim
----i--------e- /usr/sbin/exim

Yes, this is a VPS.

 

[cPanelMichael]

You can remove the immutable attribute via:

chattr -i /usr/sbin/exim

At that point, you can correct permission values on this file. Check /var/log/exim_paniclog after the next Exim restart attempt to see if any additional issues arise. Note that you may want to consult with your VPS hosting provider to see if they made this change.

Thank you.

 

[bryancs]

Thanks Michael!

The chattr command did enabled me to correct the permissions. I set it to 4755 based on your suggestion and I was able to start exim without issue. Logs on /var/log/exim_paniclog shows only entries from June 24 and older. Now I'm seeing rate limit SMTP errors from gmail on exim_mainlog but this one's on a different page. This issue is pretty much resolved now.

Thanks again!

 

[cPanelMichael]

I am happy to see the issue is now resolved. Thank you for updating us with the outcome.

 

[dportela]

I just wanted to report that this happened tonight with me, on my VPS hosted at BlueHost. The tech I was chatting with had absolutely no idea what was going on, and the "admin" he contacted seemed clueless as well. I found this thread after about an hour of searching up and down for solutions to this issue, and sure enough, the "i" attribute was set and the permissions on exim were hosed. Made it mutable and set permissions to 4755, and it let me start it right up again.