I ran into a strange issue today and wanted to know if this is a bug in how cPanel handles Exim's configuration.
I had ServerA, setup in summer of 2018. It was later configured from the default of "+no_sslv2 +no_sslv3" to "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1". Everything seemed smooth sailing after that.
Then in spring of 2019, we spun up ServerB and migrated a site from ServerA. ServerB is brand new, so it's default was already "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1", so I thought this should cause no issues. Until an old Xerox could no longer email scans. Long story short, my changes on ServerA never actually applied and I'll explain what I think is the cause below.
Based on cPanel's documentation , if you make changes for the first time to Exim it will generate a exim.conf.local file of the original defaults. Then save your actual changes to exim.conf.localopts. It will then run a script to process both and generate the final exim.conf file. When I configured Server A in October 2018, it generated exim.conf.local with:
"openssl_options = +no_sslv2 +no_sslv3". It then saved my changes to exim.conf.localopts with:
"openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1".
But after exim.conf was generated, the final setting still only had "+no_sslv2 +no_sslv3" being applied. Which after reading the documentation makes sense as "/etc/exim.conf.local file is Exim’s override file". So no matter how many times I saved my changes, it would not apply them to exim.conf. I never realized this occurred until switching servers. Even checking the Exim's Basic Editor, shows my intended settings.
So my question, is this a bug in how cPanel processes the Exim changes? Why is exim.conf.local an override file if it stores (sometimes) dated defaults that cannot be overridden?
I had ServerA, setup in summer of 2018. It was later configured from the default of "+no_sslv2 +no_sslv3" to "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1". Everything seemed smooth sailing after that.
Then in spring of 2019, we spun up ServerB and migrated a site from ServerA. ServerB is brand new, so it's default was already "+no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1", so I thought this should cause no issues. Until an old Xerox could no longer email scans. Long story short, my changes on ServerA never actually applied and I'll explain what I think is the cause below.
Based on cPanel's documentation , if you make changes for the first time to Exim it will generate a exim.conf.local file of the original defaults. Then save your actual changes to exim.conf.localopts. It will then run a script to process both and generate the final exim.conf file. When I configured Server A in October 2018, it generated exim.conf.local with:
"openssl_options = +no_sslv2 +no_sslv3". It then saved my changes to exim.conf.localopts with:
"openssl_options = +no_sslv2 +no_sslv3 +no_tlsv1 +no_tlsv1_1".
But after exim.conf was generated, the final setting still only had "+no_sslv2 +no_sslv3" being applied. Which after reading the documentation makes sense as "/etc/exim.conf.local file is Exim’s override file". So no matter how many times I saved my changes, it would not apply them to exim.conf. I never realized this occurred until switching servers. Even checking the Exim's Basic Editor, shows my intended settings.
So my question, is this a bug in how cPanel processes the Exim changes? Why is exim.conf.local an override file if it stores (sometimes) dated defaults that cannot be overridden?
