Upgraded to debian 12 srs not working

Hudds-Phil · August 19, 2023, 12:11pm

Hi,
debian 12
latest CP

I upgraded a test Hestiacp server to debian 12 last week as a test for any issues and all worked perfectly including SRS, the updated exim4.conf.template file magically appeared along with srs.conf file and just worked.

Today I upgrade my live Hestiacp server, all seems to have gone well except for SRS, there is no SRS.conf file or the template not updated i’ve also uploaded the new exim4.conf.template, I restarted exim4, restarted hestia and still no srs.conf, no matter what I do.

Is there a command to run just the srs setup?

Cheers

eris · August 19, 2023, 12:48pm

Create:
/etc/exim4/srs.conf

with as contents an random string…

Hudds-Phil · August 19, 2023, 12:59pm

Hi Eris, I did create a blank srs.conf, do I need to add some random characters?

Hudds-Phil · August 19, 2023, 1:00pm

Hi Eris, I did create a blank srs.conf, do I need to add some random characters?

eris · August 19, 2023, 2:06pm

It need a random string just use a password geneator …

sahsanu · August 20, 2023, 5:13am

Just in case, this is what HestiaCP does to create srs.conf file:

echo "$(head /dev/urandom | tr -dc "A-Za-z0-9" | head -c16)" > /etc/exim4/srs.conf
chown root:Debian-exim /etc/exim4/srs.conf
chmod 640 /etc/exim4/srs.conf

And you should check whether your exim conf has this directive in /etc/exim4/exim4.conf.template:

SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}

Location of SRS_SECRET in conf file:

[...]
smtp_banner = $smtp_active_hostname
smtp_active_hostname = ${lookup dnsdb{>: defer_never,ptr=$interface_address}{${listextract{1}{$value}}}{$primary_hostname}}
add_environment = <; PATH=/bin:/usr/bin
keep_environment =
disable_ipv6 = true

SRS_SECRET = ${readfile{/etc/exim4/srs.conf}}

smtputf8_advertise_hosts =
domainlist local_domains = dsearch;/etc/exim4/domains/
domainlist relay_to_domains = dsearch;/etc/exim4/domains/
[...]

Remember to restart exim after adding the changes.

Hudds-Phil · August 21, 2023, 8:34am

Thanks guys for all your help, I’ve implemented the changes needed and will see how it goes.
Silly question, Is there a way to check if its working?

sahsanu · August 22, 2023, 11:24am

Create a mail account in HestiaCP and add a forward mail address to an external domain like an account you could have in gmail.com. Send a mail to your HestiaCP mail account and wait for the mail arrives to your gmail account. In gmail you can view the headers and SPF info using more (three dots) -> show original.

There you will see whether you have passed SPF check (that should be a good check to know srs works) and in the headers you will see several headers containing srs0= .

Hudds-Phil · August 22, 2023, 11:38am

Hi Sahsanu, Ah ok, I was expecting/going down some complicated path not thinking the simple method