Your message dated Thu, 20 Jan 2011 17:48:19 +0100
with message-id <[email protected]>
and subject line Re: Bug#610611: exim4: Delivery lines (those with =>)
disappear from log.
has caused the Debian Bug report #610611,
regarding exim4: Delivery lines (those with =>) disappear from log.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
610611: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610611
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: exim4
Version: 4.72-3
Severity: important
Following the most recent upgrade (4.72-2, 4.72-3+b1) delivery lines and the
"Completed" line are no longer placed in the log. This only happens for
messages arriving by SMTP, locally genetated messages
are fine. The server in question only accepts AUTHenticated mail. Changing the
log_selector has no effect as might be expected; I've tried "+all" and "".
-- Package-specific info:
Exim version 4.72 #1 built 29-Dec-2010 19:23:37
Copyright (c) University of Cambridge, 1995 - 2007
Berkeley DB: Berkeley DB 4.8.30: (April 9, 2010)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS
move_frozen_messages Content_Scanning DKIM Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb dsearch
ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
GnuTLS compile-time version: 2.8.6
GnuTLS runtime version: 2.8.6
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
# On the Internet
dc_eximconfig_configtype='internet'
# Accept *@[80.175.38.7]
# These are added to the end of domainlist local_hosts
dc_other_hostnames='@[]'
# Blank means all
dc_local_interfaces=''
#
dc_readhost=''
# Names we relay TO
# Can't use CONFDIR here (lenny)
dc_relay_domains=''
#dc_relay_domains='cdb;/etc/exim4/virtual_domains.cdb'
#Don't want this
dc_minimaldns='false'
# DANGER! open relay possibilities here
dc_relay_nets=''
# Are you sending to a smarthost?
dc_smarthost=''
CFILEMODE='640'
dc_use_split_config='true'
dc_hide_mailname='false'
# New for lenny...
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:smtp3.tvscience.co.uk
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.18 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages exim4 depends on:
ii debconf [debconf-2.0] 1.5.36 Debian configuration management sy
ii exim4-base 4.72-3+b1 support files for all Exim MTA (v4
ii exim4-daemon-heavy 4.72-3+b1 Exim MTA (v4) daemon with extended
exim4 recommends no packages.
exim4 suggests no packages.
-- debconf information:
exim4/drec:
--- End Message ---
--- Begin Message ---
On 2011-01-20 Martin Nicholas wrote:
> andreas,
> I have runit installed and WAS supervising Exim with runsv. However,
> suspicious that this might be the problem I am now running
> exim4 with "/etc/init.d/exim4 start". Here's the putput from ps:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> 100 29886 1 0 4586 5580 3 10:57 ? 00:00:00
> /usr/sbin/exim4 -bd -q7m -DSMTP_TOUT=5m
[...]
> I have just spotted a mystery entry in runsvdir, but I'm now starting Exim
> the old-fashioned way with no errors indicating:
> 2011-01-19 18:58:53 [31965] exim user lost privilege for using -D option
> That implies that exim can't write to its own log file. Is that
> whats happening now?
[...]
Hello,
Yes. the -D commandline argument is the problem. Quoting
/usr/share/doc/exim4-daemon-heavy/NEWS.Debian.gz:
| Exim versions up to and including 4.72 are vulnerable to CVE-2010-4345.
| This is a privilege escalation issue that allows the exim user to gain
| root privileges by specifying an alternate configuration file using the -C
| option. The macro override facility (-D) might also be misused for this
| purpose.
|
| In reaction to this security vulnerability upstream has made a number of
| user visible changes. This package includes these changes.
| ---------------------------------------------------------
| If exim is invoked with the -C or -D option the daemon will not regain
| root privileges though re-execution. This is usually necessary for local
| delivery, though. Therefore it is generally not possible anymore to run an
| exim daemon with -D or -C options.
[ please read on there, for a solution ]
cu andreas
--- End Message ---
