Bug#933332: exim4-config: Upgrading exim4 causes dc_readhost to be silently changed when configtype is "satellite"

Richard Hilton richard-612 at outlook.com
Mon Jul 29 11:34:42 BST 2019 

Package: exim4-config
Version: 4.89-2+deb9u5
Severity: important

When upgrading exim4 using aptitude on servers where dc_eximconfig_configtype='satellite', dc_readhost is silently changed from empty to the machine's FQDN.

This causes outgoing email to be sent with an incorrect From header. Instead of using the sender address specified by the client, the hostname in the email address is changed to the new dc_readhost value. 

In many cases this causes failed delivery (due to SPF checks) or replies being sent to incorrect addresses.

The expected outcome would be that dc_readhost is not changed during package updates.


-- Relevant lines from /etc/exim4/update-exim4.conf.conf BEFORE upgrade:
dc_eximconfig_configtype='satellite'
dc_other_hostnames='host.domain.tld'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='smtp.domain.tld'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

-- Relevant lines from /etc/exim4/update-exim4.conf.conf AFTER upgrade:
dc_eximconfig_configtype='satellite'
dc_other_hostnames='host.domain.tld'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost='host.domain.tld'
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost='smtp.domain.tld'
CFILEMODE='644'
dc_use_split_config='true'
dc_hide_mailname='true'
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'

-- Output from aptitude 
# sudo aptitude safe-upgrade 
The following packages will be upgraded:
  exim4-base exim4-config exim4-daemon-heavy patch
4 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0 B/2175 kB of archives. After unpacking 0 B will be used.
Do you want to continue? [Y/n/?]
Reading changelogs... Done
Preconfiguring packages ...
(Reading database ... 43672 files and directories currently installed.)
Preparing to unpack .../exim4-config_4.89-2+deb9u5_all.deb ...
Unpacking exim4-config (4.89-2+deb9u5) over (4.89-2+deb9u4) ...
Preparing to unpack .../exim4-base_4.89-2+deb9u5_amd64.deb ...
Unpacking exim4-base (4.89-2+deb9u5) over (4.89-2+deb9u4) ...
Preparing to unpack .../patch_2.7.5-1+deb9u2_amd64.deb ...
Unpacking patch (2.7.5-1+deb9u2) over (2.7.5-1+deb9u1) ...
Preparing to unpack .../exim4-daemon-heavy_4.89-2+deb9u5_amd64.deb ...
Unpacking exim4-daemon-heavy (4.89-2+deb9u5) over (4.89-2+deb9u4) ...
Setting up exim4-config (4.89-2+deb9u5) ...
Setting up exim4-base (4.89-2+deb9u5) ...
Setting up patch (2.7.5-1+deb9u2) ...
Setting up exim4-daemon-heavy (4.89-2+deb9u5) ...
Processing triggers for systemd (232-25+deb9u11) ...
Processing triggers for man-db (2.7.6.1-2) ...

Current status: 0 (-4) upgradable.

(The same behaviour occurs when exim4-daemon-light is installed instead of exim4-daemon-heavy.)

-- Package-specific info:
Exim version 4.89 #2 built 20-Jul-2019 11:32:35
Copyright (c) University of Cambridge, 1995 - 2017
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2017
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS move_frozen_messages DKIM DNSSEC Event OCSP PRDR SOCKS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file is /var/lib/exim4/config.autogenerated

-- System Information:
Debian Release: 9.9
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.15.0-33-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages exim4-config depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.61

exim4-config recommends no packages.

exim4-config suggests no packages.

More information about the Pkg-exim4-maintainers mailing list