EXIM configuration - setup permissions problem


We've just set a Linux box (Slackware 10.0).

We have lots of domains, some delivered by SMTP, some by POP3 which are presently downloaded onto an aging MS SBS 4.5 server with Exchange 5.5.  We don't want to change that just yet because we're moving offices and will be getting new IP addresses and servers.

The Linux box has two NICs, one of which is connected to the LAN, the other to a DSL firewall/router.  We're already using it as a proxy server.

What I'd like to also do is to configure fetchmail and Exim on the box to relay the POP3 accounts to our existing Exchange 5.5 server - we have to do this quickly because it uses the MS pop3 connector which will not be available after we retire the small business server 4.5 box.  I'm also very scared of rebooting that machine (from several nasty past experiences), so I don't really want to open it up to put a second LAN card in it.

Here comes the problem:

We've downloaded Exim 4.4 and compiled it up with the following options:

EXIM_GROUP is unspecified.

I've created a user called exim.  Exim is just a normal user in the "users" group, because it's the only one on the box apart from me and root.

make install has to be executed as root, so the files in the installation directories all have -rwxr-xr-x root root permissions.

This is probably all down to some stupid permissions problem because I've been working with MS for too long and almost forgotten *nix.

I've read this section on the Exim help, but it doesn't seem to make sense to me - see section 5.2.  http://www.exim.org/exim-html-4.40/doc/html/spec.html

If I chown/chgrp all the files (which surely I have to because I don't want to run as root) to exim/users, su to exim and then ./exim -bd I get the following error (3 times):

"Exim configuration file /usr/exim/configure has the wrong owner group or mode"

Can somebody with a running Exim please let me know how you have set the compile options/ user permissions/groups  because this is getting really frustrating.

If I try to run it as root (which I shouldn't) it does get a lot further, but won't relay because of the "never_users" of root - this isn't really the right way to do it so fixing the permissions is really the answer I'm looking for.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

From section 4.13 of the above doc -

The install script copies files only if they are newer than the files they are going to replace. The Exim binary is required to be owned by root and have the setuid bit set, for normal configurations. Therefore, you must run make install as root so that it can set up the Exim binary in this way. However, in some special situations (for example, if a host is doing no local deliveries) it may be possible to run Exim without making the binary setuid root (see chapter 4.8 for details).

4.8 says

It is not necessary to be root to do any of the other things Exim does, such as receiving messages and delivering them externally over SMTP, and it is obviously more secure if Exim does not run as root except when necessary. For this reason, a user and group for Exim to use must be defined in Local/Makefile.

I guess you need to set an Exim group at compile or use it setuid root.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wesbirdAuthor Commented:

I tried recompiling it with an "exim" group, and the daemon won't even start as exim or root now.  Exim -bP shows the following (if this means anything to anyone?):

acl_not_smtp =
acl_smtp_auth =
acl_smtp_connect =
acl_smtp_data =
acl_smtp_etrn =
acl_smtp_expn =
acl_smtp_helo =
acl_smtp_mail =
acl_smtp_mailauth =
acl_smtp_predata =
acl_smtp_quit =
acl_smtp_rcpt = acl_check_rcpt
acl_smtp_vrfy =
admin_groups =
auth_advertise_hosts = *
auto_thaw = 0s
bi_command =
bounce_message_file =
bounce_message_text =
bounce_return_size_limit = 100K
bounce_sender_authentication =
callout_domain_negative_expire = 3h
callout_domain_positive_expire = 1w
callout_negative_expire = 2h
callout_positive_expire = 1d
callout_random_local_part = $primary_hostname-$tod_epoch-testing
check_log_inodes = 0
check_log_space = 0
check_spool_inodes = 0
check_spool_space = 0
daemon_smtp_ports = smtp
delay_warning = 1d
delay_warning_condition = ${if match{$h_precedence:}{(?i)bulk|list|junk}{no}{yes
deliver_queue_load_max =
dns_again_means_nonexist =
dns_check_names_pattern = (?i)^(?>(?(1)\.|())[^\W_](?>[a-z0-9-]*[^\W_])?)+$
dns_ipv4_lookup =
dns_retrans = 0s
dns_retry = 0
errors_copy =
errors_reply_to =
exim_group = exim
exim_path = /usr/exim/bin/exim
exim_user = exim
extra_local_interfaces =
finduser_retries = 0
freeze_tell =
gecos_name =
gecos_pattern =
header_line_maxsize = 0
header_maxsize = 1048576
headers_charset = ISO-8859-1
helo_accept_junk_hosts =
helo_allow_chars =
helo_lookup_domains = @ : @[]
helo_try_verify_hosts =
helo_verify_hosts =
hold_domains =
host_lookup =
host_lookup_order = bydns:byaddr
host_reject_connection =
hosts_connection_nolog =
hosts_treat_as_local =
ignore_bounce_errors_after = 2d
ignore_fromline_hosts =
keep_malformed = 4d
local_from_prefix =
local_from_suffix =
local_interfaces =
local_scan_timeout = 5m
localhost_number =
log_file_path =
log_selector =
lookup_open_max = 25
max_username_length = 0
message_body_visible = 500
message_id_header_domain =
message_id_header_text =
message_size_limit = 50M
never_users =
percent_hack_domains =
pid_file_path =
pipelining_advertise_hosts = *
primary_hostname = xxxx.co.uk
process_log_path =
qualify_domain = xxxx.co.uk
qualify_recipient = xxxx.co.uk
queue_domains =
queue_only_file =
queue_only_load =
queue_run_max = 5
queue_smtp_domains =
receive_timeout = 0s
received_header_text = Received: ${if def:sender_rcvhost {from $sender_rcvhost\n
\t}{${if def:sender_ident {from $sender_ident }}${if def:sender_helo_name {(helo
=$sender_helo_name)\n\t}}}}by $primary_hostname ${if def:received_protocol {with
 $received_protocol}} (Exim $version_number)\n\tid $message_id${if def:received_
for {\n\tfor $received_for}}
received_headers_max = 30
recipient_unqualified_hosts =
recipients_max = 0
remote_max_parallel = 2
remote_sort_domains =
retry_data_expire = 1w
retry_interval_max = 1d
rfc1413_hosts = *
rfc1413_query_timeout = 30s
sender_unqualified_hosts =
smtp_accept_max = 20
smtp_accept_max_nonmail = 10
smtp_accept_max_nonmail_hosts = *
smtp_accept_max_per_connection = 1000
smtp_accept_max_per_host =
smtp_accept_queue = 0
smtp_accept_queue_per_connection = 10
smtp_accept_reserve = 0
smtp_active_hostname =
smtp_banner = $primary_hostname ESMTP Exim $version_number $tod_full
smtp_connect_backlog = 20
smtp_etrn_command =
smtp_load_reserve =
smtp_max_synprot_errors = 3
smtp_max_unknown_commands = 3
smtp_ratelimit_hosts =
smtp_ratelimit_mail =
smtp_ratelimit_rcpt =
smtp_receive_timeout = 5m
smtp_reserve_hosts =
spool_directory = /var/spool/exim
syslog_facility =
syslog_processname = exim
system_filter =
system_filter_directory_transport =
system_filter_file_transport =
system_filter_group = exim
system_filter_pipe_transport =
system_filter_reply_transport =
system_filter_user = exim
timeout_frozen_after = 1w
timezone =
trusted_groups =
trusted_users =
unknown_login =
unknown_username =
untrusted_set_sender =
uucp_from_pattern = ^From\s+(\S+)\s+(?:[a-zA-Z]{3},?\s+)?(?:[a-zA-Z]{3}\s+\d?\d|
uucp_from_sender = $1
warn_message_file =

What error messages do you get?
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

wesbirdAuthor Commented:
None I've noticed in the /var/spool/exim... - mainlog logfiles. (Will not be back at site for at least 10hrs - and have firewalled it without a way tunnel in from home yet! [it's only a 10 minute walk - but not at this time of night] )  Do you know the paths to system logifles I may have to check (slackware 10)?

wesbirdAuthor Commented:
(since the recompile that is) - let's freeze this thread until I'm back in the office.
wesbirdAuthor Commented:
For your information, we did get fetchmail working today - it saved the company. This town got ADSL only three weeks ago [and I'm rushing around all my small clients and this biggest client getting it working for them], and the big client is growing very fast; in the last two weeks they've been getting over 250MB email traffic per day, through a single 64K ISDN channel.  

It would have been ISDN meltdown - if the MS SBS 4.5 POP3 connector goes, it's 6 or 7 hours to catch up with the mail (they handle shedloads of digital photographs).  1MB/s link with fetchmail saved the day, but fetchmail bombs out if the SMTP receiver is not available (I tested this today) which is why I need Exim as a fallback.  I know this is small for what Exim can handle, because it's what a lot of ISPs use - but it's our story ;-), and I really need it!!

Stupid question perhaps, but why exim? I would recommend postfix.
wesbirdAuthor Commented:
Because I don't know anything about postfix!

Besides which, I've got exim working now - another recompile, and changed


The problem was in fact that I had not put a '#' in front the first time I compiled it (but had just left it as a blank group name), but you were right about the issue being around there so pts for your help will be awarded shortly.

P.S. for anybody else with setup problems, try running

exim -bd -d

which will write all logfile info to the console instead of the logfile.  Very helpful if your logfile permissions are wrong.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.