How to Fix Exim Error: segfault at 0 ip.

With the latest CVE issued by Exim development team, we upgraded Exim to latest version which is Exim 4.88 and found bunch of segfault error after the upgrade as below;

Mar  7 21:13:18 rome kernel: exim[5505]: segfault at 0 ip 00007f3f78503790 sp 00007ffe620fb2f0 error 4 in exim[7f3f78422000+120000]
Mar  7 21:13:19 rome kernel: exim[5507]: segfault at 0 ip 00007f3f78503790 sp 00007ffe620fb2f0 error 4 in exim[7f3f78422000+120000]
Mar  7 21:13:20 rome kernel: exim[5509]: segfault at 0 ip 00007f3f78503790 sp 00007ffe620fb2f0 error 4 in exim[7f3f78422000+120000]
Mar  7 21:13:20 rome kernel: exim[5511]: segfault at 0 ip 00007f3f78503790 sp 00007ffe620fb2f0 error 4 in exim[7f3f78422000+120000]
Mar  7 21:13:21 rome kernel: exim[5515]: segfault at 0 ip 00007f3f78503790 sp 00007ffe620fb2f0 error 4 in exim[7f3f78422000+120000]
Mar  7 21:13:21 rome kernel: exim[5517]: segfault at 0 ip 00007f3f78503790 sp 00007ffe620fb2f0 error 4 in exim[7f3f78422000+120000]
Mar  7 21:13:21 rome kernel: exim[5519]: segfault at 0 ip 00007f3f78503790 sp 00007ffe620fb2f0 error 4 in exim[7f3f78422000+120000]

On our mail server setup, we have Exim relay servers run facing the public internet before the email get delivered to Exim Mail Server. We are quite a numbers of emails were stuck in the relay servers, especially those established with TLS connections.

Strangely the error only shown “retry time not reach for host… ” as below

2017-03-07 16:52:04 1ckbTi-0004Qq-UC == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckbTQ-0004Qu-MQ == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckaHf-0003hQ-JD == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckZvQ-0003gV-5H == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckZ6l-00031q-ND == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckWdj-0000Va-I7 == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckY4D-0001sL-FJ == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckWLm-0000Ce-5I == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'
2017-03-07 16:52:04 1ckWLm-0000Cc-4C == [email protected] R=mailertable_router T=remote_smtp defer (-53): retry time not reached for any host for 'romeinitaly.com'

When issued the force deliver exim -M <message-id>, immediately you can see segfault error in Exim Mail Server via /var/log/syslog (in our case, running on CentOS 7).

The relay servers will return “broken pipe” error message;

2017-03-07 01:22:04 1ckpau-0009K5-HK SSL_write: (from (etcsmtp.asdasdasd.cn) [xx.xx.xx.xx]) syscall: Broken pipe
2017-03-07 01:22:04 1ckpau-0009K5-HK TLS error (SSL_write): error:1409F07F:SSL routines:ssl3_write_pending:bad write retry
2017-03-07 01:22:04 1ckpau-0009K5-HK H=xx.xx.xx.xx [xx.xx.xxx.xx]: SMTP error from remote mail server after sending data block: 250 947 byte chunk received: Broken pipe

Clearly, something has broken and your emails are not coming in 😉

As of today (7 Mar 2016), Exim developers are working on the fix, the temporary workaround is adding “chunking_advertise_hosts =” into exim.conf, at exim main config area. Something like below;

keep_environment = ^LDAP
add_environment = PATH=/usr/bin::/bin
chunking_advertise_hosts =

######################################################################
#                       ACL CONFIGURATION                            #
#         Specifies access control lists for incoming SMTP mail      #
######################################################################

begin acl

acl_check_not_smtp:

Save exim config and restart exim services. Enjoy seeing email flooding in 😉