Package: exim4-daemon-heavy
Version: 4.94.2-7
Severity: important
Hello Maintainer,
after upgrading the server from Debian 9 to 11 there is a problem with (actual)
no solution.
Here is an example from the paniclog:
2022-01-06 14:13:56 1n4NwM-00ASE5-Py == sys...@example.com R=mysql_user
T=local_mysql_delivery defer (-1): Tainted '/srv/ma
il/example.com/system/' (file or directory name for local_mysql_delivery
transport) not permitted
2022-01-06 14:13:56 1n3cy0-008N8T-By == karsten@example-com R=mysql_user
T=local_mysql_delivery defer (-1): Tainted '/srv/m
ail/example.com/karsten/' (file or directory name for local_mysql_delivery
transport) not permitted
The mainlog is full of messages like this for every local delivery:
2022-01-09 14:53:39 1n5pDL-000Z0k-OR == sys...@example.com R=mysql_user
T=local_mysql_delivery defer (-1): Tainted '/srv/ma
il/example.com/system/' (file or directory name for local_mysql_delivery
transport) not permitted
The research of this error message leads to a big discussion without an
solution here:
https://www.mail-archive.com/exim-users@exim.org/msg54866.html (another example)
This seems to be introduced in exim V 4.94:
https://www.mail-archive.com/exim-users@exim.org/msg54868.html
The documentation is not understandable:
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_appendfile_transport.html#SECTfildiropt
What must be done to get the mails de-tainted?
When there is no simple understandable solution an server version < 4.94 must
be used.
The config for this part is this:
local_mysql_delivery:
driver = appendfile
directory = /srv/mail/${domain}/${local_part}/
maildir_format
delivery_date_add
envelope_to_add
return_path_add
user = Debian-exim
group = mail
mode = 0660
Thank you for any hint to solve the problem.
Best regards
karsten
-- Package-specific info:
Exim version 4.94.2 #2 built 13-Jul-2021 16:04:57
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2018
Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013)
Support for: crypteq iconv() IPv6 PAM Perl Expand_dlfunc GnuTLS move_frozen_messages Content_Scanning DANE DKIM DNSSEC
Event I18>
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql
nis nis>
Authenticators: cram_md5 cyrus_sasl dovecot plaintext spa tls
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
-- System Information:
Debian Release: 11.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-10-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
