Package: exim4-daemon-heavy Version: 4.98.2-1+deb13u3 Severity: important Dear Maintainer,
The security update to exim4 4.98.2-1+deb13u3 (trixie-security, installed 2026-06-15) introduced a regression in virtual alias routing for sites using a bare filename in the `domains` condition of Exim routers. ** Symptoms Virtual alias addresses are rejected with: 550 5.1.1 Bad destination mailbox address `exim4 -d -bt user@domain` shows the virtual_aliases router being skipped with "domains mismatch" despite the domain being present in the domains file. ** Configuration The virtual_aliases router had: domains = VIRTDIR/domains where VIRTDIR expands to /etc/exim4/virtual. This configuration worked correctly under all previous versions of exim4 in trixie. ** Root cause In 4.98.2-1+deb13u3, a bare filename in a domains list is no longer treated as an implicit lsearch. The string is matched literally, so no domain ever matches. The debug trace confirms this: cfsg.net in domains? list element: /etc/exim4/virtual/domains cfsg.net in domains? no (end of list) virtual_aliases router skipped: domains mismatch Note that the domainlist declaration for local_domains in the same config uses the explicit prefix and was unaffected: domainlist local_domains = @ : localhost : lsearch;/etc/exim4/virtual/domains ** Workaround Adding the explicit lsearch; prefix to the router domains condition restores correct behavior: domains = lsearch;VIRTDIR/domains ** Impact Any site using a bare filename (without explicit lookup type prefix) in a router domains condition will silently lose routing for those domains after this update. Virtual alias setups following the pattern documented in the Exim4 Debian split configuration examples are likely affected. ** Reproducibility Confirmed on Debian trixie, exim4-daemon-heavy 4.98.2-1+deb13u3, monolithic config. Routing worked correctly prior to this update with the same configuration. Regards, Terry Roy File it with: -- Package-specific info: Exim version 4.98.2 #2 built 27-May-2026 16:58:40 Copyright (c) University of Cambridge, 1995 - 2018 (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2024 Hints DB: Berkeley DB: Berkeley DB 5.3.28: (September 9, 2013) Support for: Content_Scanning crypteq Expand_dlfunc iconv() IPv6 PAM Perl GnuTLS move_frozen_messages TLS_resume DANE DKIM DNSSEC ESMTP_Limits ESMTP_Wellknown Event I18N OCSP PIPECONNECT PRDR PROXY Queue_Ramp SOCKS SPF SRS TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite Authenticators: cram_md5 cyrus_sasl dovecot external plaintext spa tls Routers: accept dnslookup ipliteral iplookup manualroute queryprogram redirect Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated Configuration file is /etc/exim4/exim4.conf # /etc/exim4/update-exim4.conf.conf # # Edit this file and /etc/mailname by hand and execute update-exim4.conf # yourself or use 'dpkg-reconfigure exim4-config' # # Please note that this is _not_ a dpkg-conffile and that automatic changes # to this file might happen. The code handling this will honor your local # changes, so this is usually fine, but will break local schemes that mess # around with multiple versions of the file. # # update-exim4.conf uses this file to determine variable values to generate # exim configuration macros for the configuration file. # # Most settings found in here do have corresponding questions in the # Debconf configuration, but not all of them. # # This is a Debian specific file dc_eximconfig_configtype='local' dc_other_hostnames='localhost' dc_local_interfaces='127.0.0.1 ; ::1' dc_readhost='' dc_relay_domains='' dc_minimaldns='false' dc_relay_nets='' dc_smarthost='' CFILEMODE='644' dc_use_split_config='false' dc_hide_mailname='' dc_mailname_in_oh='true' dc_localdelivery='mail_spool' mailname:localhost # /etc/default/exim4 EX4DEF_VERSION='' # 'combined' - one daemon running queue and listening on SMTP port # 'no' - no daemon running the queue # 'separate' - two separate daemons # 'ppp' - only run queue with /etc/ppp/ip-up.d/exim4. # 'nodaemon' - no daemon is started at all. # 'queueonly' - only a queue running daemon is started, no SMTP listener. # setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4 QUEUERUNNER='combined' # how often should we run the queue QUEUEINTERVAL='30m' # options common to quez-runner and listening daemon COMMONOPTIONS='' # more options for the daemon/process running the queue (applies to the one # started in /etc/ppp/ip-up.d/exim4, too. QUEUERUNNEROPTIONS='' # special flags given to exim directly after the -q. See exim(8) QFLAGS='' # Options for the SMTP listener daemon. By default, it is listening on # port 25 only. To listen on more ports, it is recommended to use # -oX 25:587:10025 -oP /run/exim4/exim.pid #SMTPLISTENEROPTIONS='' SMTPLISTENEROPTIONS='-oX 25:465 -oP /var/run/exim4/exim.pid' # for debugging #SMTPLISTENEROPTIONS='-d+transports -oX 25:465 -oP /var/run/exim4/exim.pid' #SMTPLISTENEROPTIONS='-d+auth -oX 25:465 -oP /var/run/exim4/exim.pid' -- System Information: Debian Release: 13.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.12.90+deb13.1-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages exim4-daemon-heavy depends on: ii debconf [debconf-2.0] 1.5.91 ii exim4-base 4.98.2-1+deb13u3 ii libc6 2.41-12+deb13u3 ii libcrypt1 1:4.4.38-1 ii libdb5.3t64 5.3.28+dfsg2-9 ii libgnutls-dane0t64 3.8.9-3+deb13u4 ii libgnutls30t64 3.8.9-3+deb13u4 ii libidn12 1.43-1 ii libidn2-0 2.3.8-2 ii libldap2 2.6.10+dfsg-1 ii libmariadb3 1:11.8.6-0+deb13u1 ii libnsl2 1.3.0-3+b3 ii libpam0g 1.7.0-5 ii libpcre2-8-0 10.46-1~deb13u1 ii libperl5.40 5.40.1-6 ii libpq5 17.10-0+deb13u1 ii libsasl2-2 2.1.28+dfsg1-9 ii libspf2-2t64 1.2.10-8.3 ii libsqlite3-0 3.46.1-7+deb13u1 exim4-daemon-heavy recommends no packages. exim4-daemon-heavy suggests no packages. -- debconf information: exim4-daemon-heavy/drec:
