#1136360 exim4-config: add a warning when CFILEMODE has looser permissions than some configuration files

#1136360#5
Date:
2026-05-12 14:44:45 UTC
From:
To:
update-exim4.conf generates a world-readable file by default. It is possible to overlook the CFILEMODE parameter in update-exim4.conf.conf. It is especially a problem as these permissions are reapplied on exim restart, even if they were modified with chmod.
As an additional protection layer (to avoid leaking LDAP or database passwords), I suggest displaying a warning when a file inside /etc/exim/conf.d/ has stricter read permissions than CFILEMODE.