The enforce_mail_permissions setting in Exim (mail server used in cPanel-based hosting) is a security feature that ensures email files and directories have the correct ownership and permissions. It prevents unauthorized access and modification of email-related files, helping to maintain mail server integrity.

What Does enforce_mail_permissions Do?

  • Ensures mail files belong to the correct user.
  • Prevents email spoofing and unauthorized mail delivery.
  • Avoids permission errors that might allow mail folders to be altered by unauthorized users.

Checking the Current enforce_mail_permissions Setting

To check if enforce_mail_permissions is enabled, run:

exim -bP | grep enforce_mail_permissions

Expected output:

enforce_mail_permissions = true

If the output is false, then this security feature is disabled.

Enabling or Disabling enforce_mail_permissions

If you need to enable or disable enforce_mail_permissions, follow these steps:

Enable via cPanel/WHM (for Root Users)

1

Log in to WHM as root.

2

Navigate to:

WHM > Service Configuration > Exim Configuration Manager > Advanced Editor
3

Locate enforce_mail_permissions and set it to:

enforce_mail_permissions = true
4

Click Save and Restart Exim.

Enable via SSH (for Root Users)

1

Open SSH and edit the Exim configuration file:

nano /etc/exim.conf
2

Add or modify the line:

enforce_mail_permissions = true
3

Save the file (Ctrl + X, then Y).

4

Restart Exim:

systemctl restart exim
5

Verify the setting:

exim -bP | grep enforce_mail_permissions

Disabling enforce_mail_permissions (If Necessary)

While not recommended, you may need to disable this setting for debugging purposes.

  1. Open Exim config:
    2. nano /etc/exim.conf
  2. Change:
    3. enforce_mail_permissions = false
  3. Save and restart Exim:
    4. systemctl restart exim

Troubleshooting Common Issues

Mail Delivery Failing After Enabling enforce_mail_permissions

Error Example:

550-5.7.1 Your mail directory has incorrect ownership or permissions

Solution:

Run the following to fix incorrect permissions:

chown -R user:mail /home/user/mail
chmod -R 700 /home/user/mail

Mail Stuck in Queue

If you see mail stuck in the Exim queue, try:

exim -qff

When Should You Enable This Setting?

  • Recommended for shared hosting to prevent unauthorized mail access.
  • Useful for security compliance to restrict email file modifications.
  • Avoid disabling unless troubleshooting mail delivery issues.
  • Check status: exim -bP | grep enforce_mail_permissions
  • Enable it (recommended for security): Edit exim.conf and set true
  • Fix mail permission errors: Adjust ownership with chown -R user:mail /home/user/mail
  • Restart Exim: systemctl restart exim