Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Debian exim4 security patch
Operating Systems Linux Debian Debian exim4 security patch Post 302481396 by KevinGB on Friday 17th of December 2010 11:18:38 AM
Old 12-17-2010
Debian exim4 security patch
I have just had to fix a debian5 system which suddenly started rejecting correctly addressed emails as '550 relay not permitted.' It turned out that rogue exim4 config files had been injected into the system at /etc/exim4/exim4.conf and /etc/exim4/exim.conf and these were messing up mail routing.

The system had been compromised similar to this description: Details of the root kit that got installed on my Debian Lenny boxes due to the exim remote root exploit : netsec

I also found a few strange processes running which were started around the same time as the problem started. Note that you must restore a valid version of ps (see the link) before you use it to look for rogue processes.

The security patch is described here: [SECURITY] [DSA-2131-1] New exim4 packages fix remote code execution

I strongly recommed that you apply this patch if it applies to you.
 

2 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Problems with debian linux + exim4 + MS Outlook 2003

This seems to be a rather constant question that pops up on a lot of forums but as of yet I have not found a complete solutions on any of the forums so I'm asking everyone who might know about this in an attempt to find a complete solution for this: I have bought 3 domain names and they all... (0 Replies)
Discussion started by: liviutudor
0 Replies

2. UNIX for Dummies Questions & Answers

EXim4 on Debian - setting up multiple mailboxes

I have exim4 smtp server running on Debian. I tend to use only one user account to login. The machine is running multiple websites and I have assigned unique email addresses for each of the websites. Emails sent to these addresses do not seem to get delivered. Emails sent to the alias that I... (0 Replies)
Discussion started by: shikarishambu
0 Replies

LEARN ABOUT DEBIAN

update-exim4defaults

UPDATE-EXIM4DEFAULTS(8) 				      System Manager's Manual					   UPDATE-EXIM4DEFAULTS(8)

NAME

       update-exim4defaults - Manage exim4 daemon default file.

SYNOPSIS

       update-exim4defaults  [	--qflags  flags ] [ --queuerunner combined|queueonly|separate|ppp|no|nodaemon ] [ --queuetime time ] [ --commonop-
       tions options ] [ --queuerunneroptions options ] [ --smtplisteneroptions options ] [ --remove-common options ] [ --remove-queue options ] [
       --remove-smtp options ] [ --force|-f ] [ --help|-h ] [ --init ]

DESCRIPTION

       update-exim4defaults  allows one to set run parameters for the Exim daemon in /etc/default/exim4.  Its main purpose is for interaction with
       packages enhancing Exim like virus-scanners that need to change the way the exim daemon is started.

OPTIONS

       --help|-h
	      Print short usage instructions and exit.

       --qflags flags
	      Set qflags, special flags given to exim directly after the "-q". See exim(8) for more information.

       --queuerunner combined|queueonly|separate|ppp|no|nodaemon
	      Should the init script start one daemon that listens on the smtp port for incoming connections and runs the queue at regular  inter-
	      vals  (combined) , or should it start two separate daemons, one listening on the smtp port, the other running the queue (separate) ,
	      or should the queue only be run by /etc/ppp/ip-up.d/exim4 (ppp) , or shouldn't we run the queue at all, for example if you'd  rather
	      do this with cron ? Or should we only start a queuerunner (queueonly) or no daemon at all (nodaemon) ?

       --queuetime time
	      In which intervals should we run the queue? This passed as option -q<qflags>time to Exim, e.g. -q30m or -qq1h.

       --commonoptions options
	      Options passed both to queue-running and listening instances of Exim.

       --queuerunneroptions options
	      Options only passed to the instance of Exim running the queue.

       --smtplisteneroptions options
	      Options only passed to the instance of Exim listening on the SMTP port.

       --force|-f
	      Without  this  option  update-exim4defaults  exits  with	an  error  if  at  least  one of the options --queuetime, --commonoptions,
	      --queuerunneroptions or --smtplisteneroptions is used and the corresponding value in /etc/default/exim4 is already set to a nonempty
	      value.

       --remove-common option
	      Try to remove the given option from COMMONOPTIONS.

       --remove-queue option
	      Try to remove the given option from QUEUERUNNEROPTIONS.

       --remove-smtp option
	      Try to remove the given option from SMTPLISTENEROPTIONS.

       The  --remove-commands  cannot  be  used  at  the  same	time as any of --commonoptions, --queuerunneroptions or --smtplisteneroptions. The
       --remove-commands will additionally remove whitespace at the beginning and the end of the option and exchange multiple spaces wi  a  single
       one.

       --init create  a  default  /etc/default/exim4 file and exit immediately. Unless --force was also specified update-exim4defaults exits (suc-
	      cessfully) without doing anything if /etc/default/exim4 already exists. All other options are ignored.

EXIT STATUS

       0      change was successful or nothing needed to be done.

       1      generic error: wrong options, unreadable configuration file, etc.

       2      QUEUEINTERVAL was already set.

       4      COMMONOPTIONS was already set.

       8      QUEUERUNNEROPTIONS was already set.

       16     SMTPLISTENEROPTIONS was already set.

       32     QFLAGS was already set.

       64     --remove-something failed, i.e. the value of the option was not changed.

       Exit codes 2 to 32 will be summed up, if more than one unsuccessful option was given.

FILES

       /etc/default/exim4
	      The configuration file.

       /etc/init.d/exim4
	      The Exim init-script.

       /etc/ppp/ip-up.d/exim4
	      The queuerunner in this file also uses COMMONOPTIONS and QUEUERUNNEROPTIONS and does not run if QUEUERUNNER=no.

BUGS

       This manual page needs a major re-work. If somebody knows better groff than us and has more experience in writing manual pages, any patches
       would be greatly appreciated.

SEE ALSO

       exim(8), /usr/share/doc/exim4-base/

AUTHOR

       Andreas Metzler <ametzler at downhill.at.eu.org>

EXIM4								  March 26, 2003					   UPDATE-EXIM4DEFAULTS(8)
All times are GMT -4. The time now is 02:26 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy