Exim4 srs.conf error

ram108 · October 29, 2023, 11:32am

Ubuntu 22.04 + Exim4 + Dovecot

I experience non-working email and thousands of log errors:

2023-10-29 14:20:08 1qvjNM-000l8k-1e == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path "${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}": empty address

Found this thread: Email forwarding problems - Community Support / Mail - Hestia Control Panel - Discourse (hestiacp.com). The advice here is to install using the config: https://github.com/hestiacp/hestiacp/blob/main/install/deb/exim/exim4.conf.template

I have Ubuntu 22.04 installed and still I experience this error.

If I set that config, the error above disappears, but I get a lot of these log entries instead:

2023-10-29 13:04:21 1qx2eb-000tnS-Qj Tainted filename for search: '/etc/exim4/domains/XXX.ru/aliases'

And the mail still doesn’t work.

The mailbox in the question above is a forwarding [email protected] to [email protected]

sahsanu · October 29, 2023, 11:52am

You should use 4.95 conf file:

cp /usr/local/hestia/install/deb/exim/exim4.conf.4.95.template /etc/exim4/exim4.conf.template

and create the srs.conf file

head /dev/urandom | tr -dc 'A-Za-z0-9' | head -c16 > /etc/exim4/srs.conf
chmod 640 /etc/exim4/srs.conf
chown root:Debian-exim /etc/exim4/srs.conf

After that, restart exim and try again:

systemctl restart exim4

ram108 · October 30, 2023, 12:41pm

Thanks! I already have this very config installed and also have the srs.conf file present, but I used your instructions again.

Nothing has changed, mail still doesn’t go, I see errors in the logs:

2023-10-30 15:39:18 1qxRY6-002Hj3-Ae == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}": empty address

I can also see in the logs:

2023-10-30 15:45:35 1qxReB-002I5o-BM ** [email protected]: Unrouteable address
2023-10-30 15:45:35 1qxReB-002I5o-BM Frozen (delivery error message)
2023-10-30 15:45:36 1qxReC-002I5u-GH <= [email protected] U=pantogroff P=local S=7390
2023-10-30 15:45:36 1qxReC-002I5u-GH ** [email protected]: Unrouteable address
2023-10-30 15:45:36 1qxReC-002I5z-HJ <= <> R=1qxReC-002I5u-GH U=Debian-exim P=local S=8703
2023-10-30 15:45:36 1qxReC-002I5u-GH Completed

I don’t have [email protected] and [email protected] on the server.

But there is a box [email protected] with forwarding to [email protected]

It is to [email protected] that I send mail and get these errors.

2023-10-30 15:43:04 1qxRbk-002Huh-06 <= [email protected] U=pantogroff P=local S=7393
2023-10-30 15:43:04 1qxRbk-002Huh-06 ** [email protected]: Unrouteable address
2023-10-30 15:43:04 1qxRbk-002Hum-1F <= <> R=1qxRbk-002Huh-06 U=Debian-exim P=local S=8681
2023-10-30 15:43:04 1qxRbk-002Huh-06 Completed
2023-10-30 15:43:04 1qxRbk-002Hum-1F => admin <[email protected]> R=localuser_fwd_only T=devnull
2023-10-30 15:43:04 1qxRbk-002Hum-1F == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}": empty address
2023-10-30 15:43:27 1qxRc7-002HvH-O2 <= [email protected] U=pantogroff P=local S=7347```

sahsanu · October 30, 2023, 12:50pm

Use echo to generate srs.conf file:

echo "$(head /dev/urandom | tr -dc 'A-Za-z0-9' | head -c16)" > /etc/exim4/srs.conf

Restart exim and try again:

systemctl restart exim4

If that doesn’t work, show the output of:

grep SRS_SECRET /etc/exim4/exim4.conf.template

ram108 · October 30, 2023, 12:56pm

It’s available:

cat /etc/exim4/srs.conf
FeMACSeeKyToNxWK

grep SRS_SECRET /etc/exim4/exim4.conf.template
SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}
    condition = ${if inbound_srs {$local_part} {SRS_SECRET}}
  return_path = ${srs_encode {SRS_SECRET} {$return_path} {$original_domain}}

sahsanu · October 30, 2023, 12:56pm

Neither srv1.pantogroff.ru nor pantogroff.ru has MX records.

ram108 · October 30, 2023, 12:59pm

Yes, It has:

root@srv2:~# dig +short pantogroff.ru mx | sort -n | nawk '{print $2; exit}' | dig +short -f -
176.57.211.17
root@srv2:~# dig +short srv1.pantogroff.ru mx | sort -n | nawk '{print $2; exit}' | dig +short -f -
176.57.211.17
root@srv2:~#

sahsanu · October 30, 2023, 1:00pm

I said to use echo because previous used command to create it doesn’t add a return carriage.

cat -A /etc/exim4/srs.conf

Also, SRS_SECRET looks fine. Check the MX problem with that domain and also, if you don’t host the mail for that domain how do you expect to forward it?

sahsanu · October 30, 2023, 1:01pm

My bad, I checked pantogrof.ru instead of pantogroff.ru

ram108 · October 30, 2023, 1:11pm

That was the problem. I generated a srs.conf file with a carriage return at the end.

Mail works now. Thank you very much!

I have this problem on two fresh Ubuntu 22.04 servers with Hestia panel installed.

ram108 · October 30, 2023, 1:22pm

Mail is working, but I still see a lot of errors in the paniclog (((((

2023-10-30 16:17:24 1qxS8y-002L9s-4w == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}": empty address

What’s the matter, I don’t know. It works fine on Ubuntu 20.04.

eris · October 30, 2023, 1:31pm

20.04 did not have option for SRS and it is not included in there…

eris · October 30, 2023, 1:32pm

Is the issue not the SRS file not working

ram108 · October 30, 2023, 3:52pm

What is the issue? Is any way to fix it?

eris · October 30, 2023, 4:33pm

How do you send the emails?

ram108 · November 1, 2023, 9:40am

I am using mail provider web interface (gmail, yandex) to send email to my server address [email protected]. This mail box is a redirect only to another email on gmail or yandex.

2023-10-30 16:17:24 1qxS8y-002L9s-4w == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}": empty address

When I send email to [email protected], I get these errors, described above.

The same errors on another our server with Ubuntu 22.04.

And there are no errors on servers with Ubuntu 20.04

eris · November 1, 2023, 9:48am

You can try:
https://www.mail-archive.com/[email protected]/msg57361.html

ram108 · November 3, 2023, 6:49pm

But I still getting errors on mail boxes, that does not exist at all. And thay all are in the queue.

Realistically, very big problems with Exim4 on Ubuntu 22.04.

I have to clear mannualy a queue of thousands of emails every day.

2023-11-03 21:42:48 1qyz84-003iyq-Pr <= [email protected] U=legowise P=local S=7182
2023-11-03 21:42:48 1qyz84-003iyq-Pr ** [email protected]: Unrouteable address
2023-11-03 21:42:48 1qyz84-003iyv-Qm <= <> R=1qyz84-003iyq-Pr U=Debian-exim P=local S=8489
2023-11-03 21:42:48 1qyz84-003iyq-Pr Completed
2023-11-03 21:42:48 1qyz84-003iyv-Qm ** [email protected]: Unrouteable address
2023-11-03 21:42:48 1qyz84-003iyv-Qm Frozen (delivery error message)
2023-11-03 21:44:53 1qyzA5-003j1n-7q <= [email protected] U=pantogroff P=local S=7195
2023-11-03 21:44:53 1qyzA5-003j1n-7q ** [email protected]: Unrouteable address
2023-11-03 21:44:53 1qyzA5-003j1s-8v <= <> R=1qyzA5-003j1n-7q U=Debian-exim P=local S=8513
2023-11-03 21:44:53 1qyzA5-003j1n-7q Completed
2023-11-03 21:44:53 1qyzA5-003j1s-8v ** [email protected]: Unrouteable address
2023-11-03 21:44:53 1qyzA5-003j1s-8v Frozen (delivery error message)

paniclog again:

2023-11-03 21:48:41 1qyzDl-003jIi-IK == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${if def:return_path {${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}}}": empty address
2023-11-03 21:48:42 1qyzDm-003jIs-G2 == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${if def:return_path {${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}}}": empty address
2023-11-03 21:52:08 1qyzH6-003jYA-6U == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${if def:return_path {${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}}}": empty address
2023-11-03 21:52:38 1qyzHa-003jZ4-CB == [email protected] <[email protected]> R=dnslookup T=remote_forwarded_smtp defer (-1): Failed to expand return path
"${if def:return_path {${srs_encode {${readfile{/etc/exim4/srs.conf}}} {$return_path} {$original_domain}}}}": empty address

ram108 · November 3, 2023, 6:51pm

How to totally off this SRS and use Exim4 configs of Ubuntu 20.04 ?

xeruf · November 5, 2023, 5:33pm