6

I am running exim 4.84_2 on Debian, now since a few weeks I get the following mails from anacron:

/etc/cron.daily/exim4-base:
LOG: MAIN
  Warning: purging the environment.
 Suggested action: use keep_environment.

I have added the following line to /etc/exim4/exim4.conf.template:

keep_environment =

But when running update-exim4.conf I get the following error:

2016-05-17 00:20:00 Exim configuration error in line 900 of /var/lib/exim4/config.autogenerated.tmp:
  option "keep_environment" unknown

Any ideas?

Matthias
  • 282
  • 3
  • 16
  • 1
    Keep the environment purged, that is a security fix. Further reading can be found here https://www.exim.org/static/doc/CVE-2016-1531.txt – Kondybas May 16 '16 at 22:53

3 Answers3

2

On Debian you can set the macro

MAIN_KEEP_ENVIRONMENT =

in /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs or where ever you set your macros. See: /usr/share/doc/exim4/changelog.Debian.gz

Adrian Zaugg
  • 366
  • 2
  • 11
  • I activated a new server with VestaCP, but we got this error too (I have made some VPS+Vesta, but it's the first occurence with this error). I should just past this code into 01... file without any value after = sign? Thank you! – Harkály Gergő Jan 19 '17 at 14:04
  • 1
    Yes, without anything. – Adrian Zaugg Jan 20 '17 at 15:44
  • If you are not using a split-file configuration, you can add set this macro at the top of `/etc/exim4/exim4.conf.template` – jdhildeb Jan 10 '18 at 17:07
  • It's generally better to add such things to `/etc/exim4/exim4.conf.localmacros`. Works for split and non-split configs. – x-yuri Jun 17 '19 at 05:16
  • And if you're running Jessie, `MAIN_KEEP_ENVIRONMENT` won't help. It was added later. In case of Debian Stretch, you don't have to do anything. Save probably update `exim`. – x-yuri Jun 17 '19 at 05:25
0

Do note the comments in exim4.conf.template and /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs:

# /etc/exim4/exim4.conf.template is only used with the non-split
#   configuration scheme.
# /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs is only used
#   with the split configuration scheme.

In other words, the file to edit may vary depending on whether you're using split configuration files.

I followed the configuration example in the link below and it worked:

https://tronche.com/wiki/Exim_keep_environment

mofftech
  • 11
  • 2
0

If you get option "keep_environment" unknown, then most likely your exim doesn't have a certain security fix.

The fix was made in 4.86.2. But also backported to 4.84.2. Both Jessie and Stretch have it. It cleans the environment according to keep_environment, add_environment options. If keep_environment is not set, it logs a warning and suggests to add it. Since exim might be configured in a way that needs to keep some environment variables. Which is not the case on Debian with the default config. So on Debian normally it can be set to empty value.

And at some point the option was added to the config (4.87--RC6-3). But it was in Debian Stretch. That's unlikely to be backpoirted to Jessie, since it is no security issue.

So, update exim. Then if you're running Jessie, add to /etc/exim4/exim4.conf.localmacros:

keep_environment =

And:

update-exim4.conf
systemctl reload exim4
x-yuri
  • 1,845
  • 1
  • 22
  • 27