bryancs

Member
Jun 23, 2014
5
0
1
cPanel Access Level
Root Administrator
My last exim_mainlog shows:

Code:
[email][email protected][/email] [~]# tail /var/log/exim_mainlog -f
2014-06-24 20:13:40 1Wvu1Z-0008Lo-U9 re-exec of exim (/usr/sbin/exim) with -Mc failed: Permission denied
My exim status:
Code:
[email][email protected][/email] [~]# service exim status
exim dead but subsys locked
Starting exim results the following error:
Code:
[email][email protected][/email] [~]# service exim start
Starting exim: /bin/bash: /usr/sbin/exim: Permission denied
                                                           [FAILED]
0 processes (antirelayd) sent signal 9
Restarting on the WHM also failed.

Upon checking /usr/sbin/exim, I got the following permissions:
Code:
[email][email protected][/email][/email] [~]# ll /usr/sbin/exim
---------- 1 root root 1.2M Feb  6 22:42 /usr/sbin/exim
And doing a chmod results in an operation not permitted.
To add also, this server was reported to be attacking other sites using WP exactly on the same date on exim's last logs. I'm not sure if the two are related.
How can I get my exim up and running again?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
Hello :)

The permissions on /usr/sbin/exim should be 4755. Is this a VPS? Is it possible your hosting provider or system administrator disabled Exim on purpose after the abuse report you referenced? Check to see if it's set to immutable:

Code:
lsattr /usr/sbin/exim
Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
You can remove the immutable attribute via:

Code:
chattr -i /usr/sbin/exim
At that point, you can correct permission values on this file. Check /var/log/exim_paniclog after the next Exim restart attempt to see if any additional issues arise. Note that you may want to consult with your VPS hosting provider to see if they made this change.

Thank you.
 

bryancs

Member
Jun 23, 2014
5
0
1
cPanel Access Level
Root Administrator
Thanks Michael!

The chattr command did enabled me to correct the permissions. I set it to 4755 based on your suggestion and I was able to start exim without issue. Logs on /var/log/exim_paniclog shows only entries from June 24 and older. Now I'm seeing rate limit SMTP errors from gmail on exim_mainlog but this one's on a different page. This issue is pretty much resolved now.

Thanks again!
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,250
463
I am happy to see the issue is now resolved. Thank you for updating us with the outcome.
 

dportela

Registered
Aug 21, 2014
1
0
1
cPanel Access Level
Root Administrator
I just wanted to report that this happened tonight with me, on my VPS hosted at BlueHost. The tech I was chatting with had absolutely no idea what was going on, and the "admin" he contacted seemed clueless as well. I found this thread after about an hour of searching up and down for solutions to this issue, and sure enough, the "i" attribute was set and the permissions on exim were hosed. Made it mutable and set permissions to 4755, and it let me start it right up again.