I've finally got a reproducible case!

On 2014-06-15 0:19, Todd Lyons wrote:
We will need:

1) A simple exim.conf
2) A MAIL FROM that causes this.
3) A RCPT TO that will be accepted by the exim.conf above.
4) An email headers and body that will be accepted by the exim.conf above.

This is the minimal exim config which will cause the problem:

acl_smtp_mail = acl_check_mail
acl_smtp_rcpt = acl_check_rcpt
smtp_banner = ${sg {${run{/bin/dash -c 'date --date="20 years ago"'}{$value}{}}}{\n}{}}

addresslist senders_whitelist = wildlsearch;/var/spool/exim4/data/sender-whitelist addresslist senders_blacklist = wildlsearch;/var/spool/exim4/data/sender-blacklist

ACL_WRITE_LOG = ${run{/bin/dash -c "echo $acl_c0 >> /var/log/exim4/sessionlog"}{true}{true}}

begin acl

acl_check_mail:
  warn
    set acl_c0 = $sender_address
    condition = ACL_WRITE_LOG
  deny
    senders = +senders_blacklist
  deny
    !senders = +senders_whitelist
    !verify = sender/callout
  warn
    set acl_c0 = $sender_address
    condition = ACL_WRITE_LOG
  accept

acl_check_rcpt:
  warn
    set acl_c0 = $sender_address
    condition = ACL_WRITE_LOG
  accept

begin routers

dnslookup:
  driver = dnslookup
  transport = remote_smtp

begin transports

remote_smtp:
  driver = smtp

Both the addresslists references are empty files. Peculiar thing is, if you change anything to the above config, chances are the problem disappears! For example, remove the '--date="20 years ago"' part or comment the blacklist lines.

To reproduce the problem, execute this swaks command:

swaks --from [email protected] --to <your address here> --server 127.0.0.1; cat /var/log/exim4/sessionlog

You should get the following output:

[email protected]
[email protected]
update+zrdpeglrciie@facebookmail

As you can see, the .com is stripped from $sender_address at the third call to ACL_WRITE_LOG. The number of characters stripped varied when I was stripping down my config file. This is starting to feel like a buffer overflow...

--
Jelle Raaijmakers

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to