Help with very strange exim log entries

Sven Hartge sven at svenhartge.de
Sun Feb 19 16:21:51 UTC 2017 

[Please Cc: me, I am not subscribed to pkg-exim4-maintainers.]

Hi!

Before I turn this into an official bug report, I want to solicit your
opinions on this matter.

To be honest, I am quite irritated I can not find the issue behind this
issue.

I am seeing the following log messages in /var/log/syslog on my Debian Sid
system:

,----
| Feb 19 01:28:44 ds9 exim[711921]: exim: setuid for log-file creation failed, aborting
| Feb 19 01:28:44 ds9 exim[711922]: exim: setuid for log-file creation failed, aborting
| Feb 19 01:28:44 ds9 exim[711920]: 2017-02-19 01:28:44 unable to set gid=112 or uid=112 (euid=0): calling tls_validate_require_cipher
| Feb 19 01:28:44 ds9 exim[711920]: 2017-02-19 01:28:44 Cannot open main log file "/var/log/exim4/mainlog": Permission denied: euid=0 egid=112
| Feb 19 01:28:44 ds9 exim[711920]: exim: could not open panic log - aborting: see message(s) above
| Feb 19 01:28:44 ds9 exim[711928]: exim: setuid for log-file creation failed, aborting
| Feb 19 01:28:44 ds9 exim[711929]: exim: setuid for log-file creation failed, aborting
| Feb 19 01:28:44 ds9 exim[711927]: 2017-02-19 01:28:44 unable to set gid=112 or uid=112 (euid=0): calling tls_validate_require_cipher
| Feb 19 01:28:44 ds9 exim[711927]: 2017-02-19 01:28:44 Cannot open main log file "/var/log/exim4/mainlog": Permission denied: euid=0 egid=112
| Feb 19 01:28:44 ds9 exim[711927]: exim: could not open panic log - aborting: see message(s) above
`----

At this time cron.daily is running. The error message is easily found via
Google, but all "solutions" hint at the SUID bit being absent on the
exim4 binary, but this is not the case:

,----
| # ls -al /usr/sbin/exim*
| lrwxrwxrwx 1 root root       5 Feb 13 19:04 /usr/sbin/exim -> exim4
| -rwsr-xr-x 1 root root 1114524 Feb 13 19:04 /usr/sbin/exim4
| -rwxr-xr-x 1 root root    4688 Feb 13 19:04 /usr/sbin/exim_checkaccess
| -rwxr-xr-x 1 root root   74293 Feb 13 19:04 /usr/sbin/exim_convert4r4
| -rwxr-xr-x 1 root root   13676 Feb 13 19:04 /usr/sbin/exim_dbmbuild
| -rwxr-xr-x 1 root root   17784 Feb 13 19:04 /usr/sbin/exim_dumpdb
| -rwxr-xr-x 1 root root   21880 Feb 13 19:04 /usr/sbin/exim_fixdb
| -rwxr-xr-x 1 root root   17768 Feb 13 19:04 /usr/sbin/exim_lock
| -rwxr-xr-x 1 root root  151033 Feb 13 19:04 /usr/sbin/eximstats
| -rwxr-xr-x 1 root root   17784 Feb 13 19:04 /usr/sbin/exim_tidydb
`----

Also /var/log/exim4 looks fine as well:

,----
| # ls -al /var/log/exim4
| total 804
| drwxr-s---  2 Debian-exim adm    4096 Feb 19 01:28 .
| drwxr-xr-x 41 root        root  16384 Feb 19 01:28 ..
| -rw-r-----  1 Debian-exim adm  156216 Feb 19 17:13 mainlog
| -rw-r-----  1 Debian-exim adm  255484 Feb 19 01:28 mainlog.1
| -rw-r-----  1 Debian-exim adm   38813 Feb 10 03:26 mainlog.10.gz
| -rw-r-----  1 Debian-exim adm   30469 Feb 18 01:27 mainlog.2.gz
| -rw-r-----  1 Debian-exim adm   31203 Feb 17 03:27 mainlog.3.gz
| -rw-r-----  1 Debian-exim adm   34308 Feb 16 03:26 mainlog.4.gz
| -rw-r-----  1 Debian-exim adm   33984 Feb 15 03:26 mainlog.5.gz
| -rw-r-----  1 Debian-exim adm   40292 Feb 14 03:26 mainlog.6.gz
| -rw-r-----  1 Debian-exim adm   35111 Feb 13 03:24 mainlog.7.gz
| -rw-r-----  1 Debian-exim adm   34053 Feb 12 03:26 mainlog.8.gz
| -rw-r-----  1 Debian-exim adm   37238 Feb 11 03:26 mainlog.9.gz
| -rw-r--r--  1 Debian-exim adm       0 Feb 16 00:47 paniclog
| -rw-r-----  1 Debian-exim adm       0 Feb 18 01:27 rejectlog
| -rw-r-----  1 Debian-exim adm     193 Feb 17 17:26 rejectlog.1
| -rw-r-----  1 Debian-exim adm     156 Feb  2 13:54 rejectlog.10.gz
| -rw-r-----  1 Debian-exim adm     159 Feb 16 11:27 rejectlog.2.gz
| -rw-r-----  1 Debian-exim adm     175 Feb 15 18:41 rejectlog.3.gz
| -rw-r-----  1 Debian-exim adm     366 Feb 14 19:15 rejectlog.4.gz
| -rw-r-----  1 Debian-exim adm     358 Feb 12 18:23 rejectlog.5.gz
| -rw-r-----  1 Debian-exim adm     169 Feb 10 20:23 rejectlog.6.gz
| -rw-r-----  1 Debian-exim adm     189 Feb  9 17:41 rejectlog.7.gz
| -rw-r-----  1 Debian-exim adm     351 Feb  8 12:02 rejectlog.8.gz
| -rw-r-----  1 Debian-exim adm     213 Feb  8 01:42 rejectlog.9.gz
`----

This is a recent development, this occurs since 2017-02-12 for me,
according to /var/log/syslog.*.gz

I am also a bit mystified why the process name in /var/log/syslog is just
"exim" instead of "exim4". I don't have an "exim" binary on that system,
only the symlink provided by the exim4-daemon-light package itself. I also 
find it strange that those messages appear in /var/log/syslog and not 
/var/log/exim4/*log.

Do you have any idea on how to debug this further? I believe this to a
misconfiguration or other oddity on my system and *not* an exim4 bug in
any way.

Grüße,
Sven.

More information about the Pkg-exim4-maintainers mailing list