December 12, 2010

 Updating Exim to 4.72

Updating Exim to 4.72 is essential, as it contains security measures that nullify current issues with versions 4.69 and older. Before applying this update, make sure you have the PCRE package installed. This can be done via yum or apt. For Fedora or CentOS:

% yum install pcre-devel

For Ubuntu/Debian:

% apt-get install libpcre3 libpcre3-dev libpcre++-dev

---
To update Exim, do the following:

1.) Download the new Exim package from: http://kb.atmail.com/attach/eximatmail.tgz

% wget  'http://kb.atmail.com/attach/eximatmail.tgz'

2.) Replace your current package with the new package:

% mv /usr/local/atmail/server_source/eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz.old
% mv /usr/local/atmail/server_source/exim-4.69/ /tmp/exim-4.69/
% mv eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz

3.) Make a backup of your current configure file:

% cp -R /usr/local/atmail/mailserver/configure /usr/local/atmail/mailserver/configure.backup

4.) Stop Atmail:

% /etc/init.d/atmailserver stop

5.) Rebuild:

% php /usr/local/atmail/server_source/scripts/buildexim.php

5.) After rebuilding, open up your /usr/local/atmail/mailserver/configure file. Find this line:

# Stop the SMTP if load > X
smtp_load_reserve = 20

6.) Below this, add:

dkim_verify_signers = $sender_address_domain

7.) Find:

acl_smtp_data = acl_check_content

8.) Below this, add:

acl_smtp_dkim = acl_check_dkim

9.) Find:

deny    message       = relay not permitted

10.) Below this, add:

acl_check_dkim:

deny message = Invalid DKIM
dkim_status = fail

accept

11.) Restart Atmail:

% /etc/init.d/atmailserver restart

Congratulations! Now you have the new version, with improved security and DKIM capabilities.


Filed under: Anti-Spam,Atmail 5,Atmail 6,Exim,Improvements and Fixes,Uncategorized — John Contad @ 9:24 pm

10 Comments »

  1. mv /usr/local/atmail/server_source/eximatmail.tgz mv /usr/local/atmail/server_source/eximatmail.tgz.old

    should probably be:

    mv /usr/local/atmail/server_source/eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz.old
    (without the second ‘mv’ between the filenames)

    Also you should probably put a ‘cd /tmp/’ before the wget in step 1, so no one accidentally downloads directly to /usr/local/atmail/server_source and overwrites the old file before backing it up

    Comment by Oli — December 13, 2010 @ 5:27 am
  2. step 5) – at least in atmail 5, the file buildexim.php is in a different path:
    /usr/local/atmail/webmail/modules/buildexim.php

    Comment by Oli — December 13, 2010 @ 6:04 am
  3. when upgrading from 4.69 you might get an error message in step 5
    “pcre.h: No such file or directory”
    exim does no longer include pcre headers

    on centos, you can fix that by running
    yum install pcre-devel

    then run step 5) again

    Comment by Oli — December 13, 2010 @ 9:56 pm
  4. Exim configuration error in line 12 of /usr/local/atmail/mailserver/configure:
    main option “dkim_verify_signers” unknown

    Comment by Mike Hill — December 14, 2010 @ 9:06 am
  5. I wanted to add I needed to install:

    yum install pcre-devel

    before my installed worked.

    Comment by Mike Hill — December 14, 2010 @ 12:46 pm
  6. I followed your steps on Ubuntu 10.4 LTS and when I run:
    php /usr/local/atmail/server_source/scripts/buildexim.php

    I get the following error:

    make[1]: *** [exim_dbmbuild.o] Error 1
    make[1]: Leaving directory `/usr/local/atmail/server_source/exim-4.72/build-Linux-x86_64′
    make: *** [all] Error 2

    Installation directory is /usr/local/atmail/mailserver/bin

    *** /usr/local/atmail/server_source/exim-4.72/build-Linux-x86_64/exim does not exist or is empty
    *** Have you built Exim successfully?
    *** Exim installation failed ***
    make: *** [install] Error 1
    PHP Notice: Undefined offset: 1 in /usr/local/atmail/webmail/library/utility.php on line 77

    Comment by Ken — December 15, 2010 @ 8:23 am
  7. Seems installing libpcre++-dev fixed the problem: (although it wasn’t required for the previous installation of atmail’s exim)

    sudo apt-get install libpcre++-dev
    sudo php /usr/local/atmail/server_source/scripts/buildexim.php

    Atmail SMTP Server Installation: SUCCESSFUL

    Comment by Ken — December 15, 2010 @ 9:45 am
  8. Some changes needed for Atmail 5 with RHEL 5

    [root@GatewayMTA atmail]# /usr/local/atmail/mailserver/bin/exim -bV
    Exim version 4.69 #1 built 06-Oct-2008 10:42:08
    Copyright (c) University of Cambridge 2006
    Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 12, 2006)
    Support for: crypteq iconv() OpenSSL Content_Scanning Experimental_DKIM
    Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz mysql
    Authenticators: plaintext
    Routers: accept dnslookup ipliteral manualroute queryprogram redirect
    Transports: appendfile/maildir autoreply pipe smtp
    Fixed never_users: 0
    Size of off_t: 8
    Configuration file is /usr/local/atmail/mailserver/configure

    [root@GatewayMTA atmail]# yum install pcre-devel

    [root@GatewayMTA ~]# mkdir exim-4.72-atmail

    [root@GatewayMTA ~]# cd exim-4.72-atmail/

    [root@GatewayMTA exim-4.72-atmail]# wget ‘http://kb.atmail.com/attach/eximatmail.tgz

    [root@GatewayMTA exim-4.72-atmail]# mv /usr/local/atmail/server_source/eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz.old

    [root@GatewayMTA exim-4.72-atmail]# mv /usr/local/atmail/server_source/exim-4.69/ /tmp/exim-4.69/

    [root@GatewayMTA exim-4.72-atmail]# cp eximatmail.tgz /usr/local/atmail/server_source/eximatmail.tgz

    [root@GatewayMTA exim-4.72-atmail]# /etc/init.d/atmailserver stop
    Stopping @Mail server: av-module imap imap-ssl pop3 pop3-ssl smtp log-daemon

    [root@GatewayMTA exim-4.72-atmail]# php /usr/local/atmail/webmail/modules/buildexim.php

    [root@GatewayMTA atmail]# /usr/local/atmail/mailserver/bin/exim -bV
    Exim version 4.72 #1 built 21-Dec-2010 10:47:54
    Copyright (c) University of Cambridge, 1995 – 2007
    Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (February 19, 2009)
    Support for: crypteq iconv() OpenSSL Content_Scanning DKIM
    Lookups: lsearch wildlsearch nwildlsearch iplsearch dbm dbmnz dnsdb mysql
    Authenticators: plaintext
    Routers: accept dnslookup ipliteral manualroute queryprogram redirect
    Transports: appendfile/maildir autoreply pipe smtp
    Fixed never_users: 0
    Size of off_t: 8
    OpenSSL compile-time version: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    OpenSSL runtime version: OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
    Configuration file is /usr/local/atmail/mailserver/configure

    Comment by Pol — December 21, 2010 @ 11:42 pm
  9. The PCRE issues should be fixed in the upgrade script (for those using newer Atmail version. I’ve also appended the pcre-devel installation docs. Thanks for the help!

    Comment by John Contad — January 12, 2011 @ 7:02 pm
  10. john,

    Are you going to make an upgrade for 4.74? I read about another issue.

    thanks

    Comment by Mike Hill — February 8, 2011 @ 4:48 pm

RSS feed for comments on this post. TrackBack URI

Leave a comment