Hi! On Tue, 07 Jan 2020, Jeremy Harris via Exim-users wrote: > On 07/01/2020 16:47, Tobias Klausmann via Exim-users wrote: > > # exim -bt klausman-gen...@schwarzvogel.de > > LOG: MAIN PANIC > > attempt to expand tainted string '$rheader_From' > > LOG: MAIN PANIC > > attempt to expand tainted string '${if def:header_From {true}{false}}' > > Sieve error: header string expansion failed in line 3 > > klausman-gen...@schwarzvogel.de -> inbox > > transport = address_file > > Raised bug 2506 for this. > Please say what platform and who built the exim binary.
$ uname -a Linux skade 5.5.0-rc3 #15 SMP Fri Dec 27 13:10:59 CET 2019 x86_64 Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz GenuineIntel GNU/Linux Exim was built on the same machine, using Gentoo's portage. Adress test with -d+all and full config (I've also attached my exim.conf): 08:54:49 2563 Exim version 4.93.0.4 uid=1000 gid=1000 pid=2563 D=fff9ffff Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd Authenticators: cram_md5 cyrus_sasl plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Compiler: GCC [9.2.0] Library version: Glibc: Compile: 2.30 Runtime: 2.30 Library version: BDB: Compile: Berkeley DB 5.3.28: (September 9, 2013) Runtime: Berkeley DB 5.3.28: (September 9, 2013) Library version: OpenSSL: Compile: OpenSSL 1.1.1d 10 Sep 2019 Runtime: OpenSSL 1.1.1d 10 Sep 2019 : built on: Tue Dec 3 18:07:39 2019 UTC Library version: IDN2: Compile: 2.3.0 Runtime: 2.3.0 Library version: Stringprep: Compile: 1.35 Runtime: 1.35 Library version: Cyrus SASL: Compile: 2.1.27 Runtime: 2.1.27 [Cyrus SASL] Library version: PCRE: Compile: 8.43 Runtime: 8.43 2019-02-23 08:54:49 2563 Total 11 lookups WHITELIST_D_MACROS unset TRUSTED_CONFIG_LIST unset 08:54:49 2563 changed uid/gid: -C, -D, -be or -bf forces real uid 08:54:49 2563 uid=1000 gid=1000 pid=2563 08:54:49 2563 auxiliary group list: 10 12 16 35 78 100 110 237 245 249 250 1000 08:54:49 2563 seeking password data for user "root": cache not available 08:54:49 2563 getpwnam() succeeded uid=0 gid=0 08:54:49 2563 tls_validate_require_cipher child 2564 ended: status=0x0 08:54:49 2563 adding PATH=/sbin:/usr/sbin 08:54:49 2563 configuration file is exim.conf 08:54:49 2563 log selectors = 00000ffc 99005032 00000003 08:54:49 2563 admin user 08:54:49 2563 dropping to exim gid; retaining priv uid 08:54:49 2563 changing group to 12 failed: Operation not permitted 08:54:49 2563 originator: uid=1000 gid=1000 login=klausman name=Tobias Klausmann 08:54:49 2563 sender address = klaus...@schwarzvogel.de 08:54:49 2563 Address testing: uid=1000 gid=1000 euid=1000 egid=1000 08:54:49 2563 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 08:54:49 2563 Testing klausman-gen...@schwarzvogel.de 08:54:49 2563 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 08:54:49 2563 Considering klausman-gen...@schwarzvogel.de 08:54:49 2563 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 08:54:49 2563 routing klausman-gen...@schwarzvogel.de 08:54:49 2563 --------> virtual router <-------- 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 checking domains 08:54:49 2563 search_open: dsearch "/etc/exim/virtual" 08:54:49 2563 search_find: file="/etc/exim/virtual" 08:54:49 2563 key="schwarzvogel.de" partial=-1 affix=NULL starflags=0 08:54:49 2563 LRU list: 08:54:49 2563 5/etc/exim/virtual 08:54:49 2563 End 08:54:49 2563 internal_search_find: file="/etc/exim/virtual" 08:54:49 2563 type=dsearch key="schwarzvogel.de" 08:54:49 2563 file lookup required for schwarzvogel.de 08:54:49 2563 in /etc/exim/virtual 08:54:49 2563 lookup failed 08:54:49 2563 schwarzvogel.de in "dsearch;/etc/exim/virtual"? no (end of list) 08:54:49 2563 virtual router skipped: domains mismatch 08:54:49 2563 --------> dnslookup router <-------- 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 checking domains 08:54:49 2563 schwarzvogel.de in "schwarzvogel.de:skade.schwarzvogel.de:i-no.de"? yes (matched "schwarzvogel.de") 08:54:49 2563 schwarzvogel.de in "! +local_domains"? no (matched "! +local_domains") 08:54:49 2563 dnslookup router skipped: domains mismatch 08:54:49 2563 --------> new_system_aliases router <-------- 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 calling new_system_aliases router 08:54:49 2563 rda_interpret (string): '${lookup{$local_part}lsearch{/etc/mail/aliases}}' 08:54:49 2563 ╭considering: ${lookup{$local_part}lsearch{/etc/mail/aliases}} 08:54:49 2563 ╭considering: $local_part}lsearch{/etc/mail/aliases}} 08:54:49 2563 ├──expanding: $local_part 08:54:49 2563 ╰─────result: klausman-gentoo 08:54:49 2563 ╰──(tainted) 08:54:49 2563 ╭considering: /etc/mail/aliases}} 08:54:49 2563 ├──expanding: /etc/mail/aliases 08:54:49 2563 ╰─────result: /etc/mail/aliases 08:54:49 2563 search_open: lsearch "/etc/mail/aliases" 08:54:49 2563 search_find: file="/etc/mail/aliases" 08:54:49 2563 key="klausman-gentoo" partial=-1 affix=NULL starflags=0 08:54:49 2563 LRU list: 08:54:49 2563 7/etc/mail/aliases 08:54:49 2563 5/etc/exim/virtual 08:54:49 2563 End 08:54:49 2563 internal_search_find: file="/etc/mail/aliases" 08:54:49 2563 type=lsearch key="klausman-gentoo" 08:54:49 2563 file lookup required for klausman-gentoo 08:54:49 2563 in /etc/mail/aliases 08:54:49 2563 lookup failed 08:54:49 2563 ├──expanding: ${lookup{$local_part}lsearch{/etc/mail/aliases}} 08:54:49 2563 ╰─────result: 08:54:49 2563 expanded: '' 08:54:49 2563 file is not a filter file 08:54:49 2563 parse_forward_list: 08:54:49 2563 new_system_aliases router declined for klausman-gen...@schwarzvogel.de 08:54:49 2563 --------> userforward router <-------- 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 checking for local user 08:54:49 2563 seeking password data for user "klausman-gentoo": cache not available 08:54:49 2563 getpwnam() returned NULL (user not found) 08:54:49 2563 userforward router skipped: klausman-gentoo is not a local user 08:54:49 2563 --------> extension_user_verify router <-------- 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 stripped suffix -gentoo 08:54:49 2563 extension_user_verify router skipped: verify_only set 08:54:49 2563 --------> extension_user_delivery_f router <-------- 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 stripped suffix -gentoo 08:54:49 2563 checking require_files 08:54:49 2563 ╭considering: /home/$local_part/.mail-extensions 08:54:49 2563 ├──expanding: /home/$local_part/.mail-extensions 08:54:49 2563 ╰─────result: /home/klausman/.mail-extensions 08:54:49 2563 ╰──(tainted) 08:54:49 2563 file check: /home/$local_part/.mail-extensions 08:54:49 2563 expanded file: /home/klausman/.mail-extensions 08:54:49 2563 stat() yielded 0 08:54:49 2563 ╭considering: /home/$local_part/.forward 08:54:49 2563 ├──expanding: /home/$local_part/.forward 08:54:49 2563 ╰─────result: /home/klausman/.forward 08:54:49 2563 ╰──(tainted) 08:54:49 2563 file check: /home/$local_part/.forward 08:54:49 2563 expanded file: /home/klausman/.forward 08:54:49 2563 stat() yielded 0 08:54:49 2563 checking "condition" "${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}"... 08:54:49 2563 ╭considering: ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}} 08:54:49 2563 ╭considering: $local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}} 08:54:49 2563 ├──expanding: $local_part_suffix 08:54:49 2563 ╰─────result: -gentoo 08:54:49 2563 ╰──(tainted) 08:54:49 2563 ╭considering: /home/$local_part/.mail-extensions}{yes}{no}} 08:54:49 2563 ├──expanding: /home/$local_part/.mail-extensions 08:54:49 2563 ╰─────result: /home/klausman/.mail-extensions 08:54:49 2563 ╰──(tainted) 08:54:49 2563 search_open: lsearch "/home/klausman/.mail-extensions" 08:54:49 2563 search_find: file="/home/klausman/.mail-extensions" 08:54:49 2563 key="-gentoo" partial=-1 affix=NULL starflags=0 08:54:49 2563 LRU list: 08:54:49 2563 7/home/klausman/.mail-extensions 08:54:49 2563 7/etc/mail/aliases 08:54:49 2563 5/etc/exim/virtual 08:54:49 2563 End 08:54:49 2563 internal_search_find: file="/home/klausman/.mail-extensions" 08:54:49 2563 type=lsearch key="-gentoo" 08:54:49 2563 file lookup required for -gentoo 08:54:49 2563 in /home/klausman/.mail-extensions 08:54:49 2563 lookup yielded: # Gentoo 08:54:49 2563 ╭considering: yes}{no}} 08:54:49 2563 ├──expanding: yes 08:54:49 2563 ╰─────result: yes 08:54:49 2563 ╭───scanning: no}} 08:54:49 2563 ├──expanding: no 08:54:49 2563 ├─────result: no 08:54:49 2563 ╰───skipping: result is not used 08:54:49 2563 ├──expanding: ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}} 08:54:49 2563 ╰─────result: yes 08:54:49 2563 calling extension_user_delivery_f router 08:54:49 2563 ╭considering: $local_part 08:54:49 2563 ├──expanding: $local_part 08:54:49 2563 ╰─────result: klausman 08:54:49 2563 ╰──(tainted) 08:54:49 2563 seeking password data for user "klausman": cache not available 08:54:49 2563 getpwnam() succeeded uid=1000 gid=1000 08:54:49 2563 rda_interpret (file): '/home/$local_part/.forward' 08:54:49 2563 ╭considering: /home/$local_part/.forward 08:54:49 2563 ├──expanding: /home/$local_part/.forward 08:54:49 2563 ╰─────result: /home/klausman/.forward 08:54:49 2563 ╰──(tainted) 08:54:49 2563 expanded: '/home/klausman/.forward' 08:54:49 2563 search_tidyup called 08:54:49 2565 changed uid/gid: extension_user_delivery_f router (recipient is klausman-gen...@schwarzvogel.de) 08:54:49 2565 uid=1000 gid=1000 pid=2565 08:54:49 2565 auxiliary group list: 10 12 16 35 78 100 110 237 245 249 250 1000 08:54:49 2565 turned off address rewrite logging (not root or exim in this process) 08:54:49 2565 7892 bytes read from /home/klausman/.forward 08:54:49 2565 data is a Sieve filter program 08:54:49 2565 Sieve: start of processing 08:54:49 2565 ╭considering: $rheader_From 08:54:49 2565 LOG: MAIN PANIC 08:54:49 2565 attempt to expand tainted string '$rheader_From' 08:54:49 2565 ├failed to expand: $rheader_From 08:54:49 2565 ╰───error message: attempt to expand tainted string '$rheader_From' 08:54:49 2565 ╭considering: ${if def:header_From {true}{false}} 08:54:49 2565 LOG: MAIN PANIC 08:54:49 2565 attempt to expand tainted string '${if def:header_From {true}{false}}' 08:54:49 2565 ├failed to expand: ${if def:header_From {true}{false}} 08:54:49 2565 ╰───error message: attempt to expand tainted string '${if def:header_From {true}{false}}' 08:54:49 2565 fileinto `inbox' 08:54:49 2565 Sieve error: header string expansion failed in line 6 08:54:49 2565 Sieve: end of processing 08:54:49 2565 search_tidyup called 08:54:49 2563 rda_interpret: subprocess yield=0 error=NULL 08:54:49 2563 set transport address_file 08:54:49 2563 extension_user_delivery_f router generated inbox 08:54:49 2563 pipe, file, or autoreply 08:54:49 2563 errors_to=NULL transport=address_file 08:54:49 2563 uid=1000 gid=1000 home=NULL 08:54:49 2563 routed by extension_user_delivery_f router 08:54:49 2563 envelope to: klausman-gen...@schwarzvogel.de 08:54:49 2563 transport: <none> 08:54:49 2563 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 08:54:49 2563 Considering inbox 08:54:49 2563 search_tidyup called 08:54:49 2563 >>>>>>>>>>>>>>>> Exim pid=2563 (main) terminating with rc=0 >>>>>>>>>>>>>>>> klausman-gen...@schwarzvogel.de -> inbox transport = address_file Best, Tobias
keep_environment = add_environment = <; PATH=/sbin:/usr/sbin primary_hostname = mail.schwarzvogel.de chunking_advertise_hosts = domainlist local_domains = schwarzvogel.de:skade.schwarzvogel.de:i-no.de hostlist relay_from_hosts = <; 127.0.0.1/8 ; ::1 log_selector = +delivery_size +subject +smtp_confirmation acl_smtp_rcpt = acl_check_rcpt acl_smtp_helo = acl_check_helo qualify_domain = schwarzvogel.de never_users = root queue_list_requires_admin = false host_lookup = * rfc1413_query_timeout = 0s ignore_bounce_errors_after = 0s timeout_frozen_after = 7d smtp_banner = $smtp_active_hostname tls_advertise_hosts = * tls_certificate = /etc/letsencrypt/live/mail.schwarzvogel.de/fullchain.pem tls_privatekey = /etc/letsencrypt/live/mail.schwarzvogel.de/privkey.pem begin acl acl_check_helo: accept condition = ${if match {$sender_fullhost}{127.0.0.1} {yes}{no}} deny message = Invalid HELO. You're spam or a virus, or your sysadmin is an idiot. log_message = HELO/EHLO domain without dot. condition = ${if match{$sender_helo_name}{\\.}{no}{yes}} accept acl_check_rcpt: accept hosts = : deny local_parts = ^.*[@%!/|] : ^\\. deny recipients = lsearch;/etc/exim/never_users accept local_parts = postmaster domains = +local_domains require verify = sender accept domains = +local_domains endpass message = unknown user verify = recipient accept domains = +relay_to_domains verify = recipient/callout=15s/callout_defer_ok endpass message = unrouteable address verify = recipient accept hosts = +relay_from_hosts deny message = relay not permitted accept begin routers virtual: driver = redirect domains = dsearch;/etc/exim/virtual data = ${lookup{$local_part}lsearch*{/etc/exim/virtual/$domain}} no_more dnslookup: driver = dnslookup domains = ! +local_domains transport = remote_smtp ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8 no_more new_system_aliases: driver = redirect allow_fail allow_defer data = ${lookup{$local_part}lsearch{/etc/mail/aliases}} file_transport = address_file pipe_transport = address_pipe userforward: driver = redirect check_local_user file = $home/.forward no_verify no_expn check_ancestor require_files = $home/.forward allow_filter allow_fail file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply extension_user_verify: driver = accept local_part_suffix = -* require_files = /home/$local_part/.mail-extensions verify_only condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}} extension_user_delivery_f: driver = redirect local_part_suffix = -* require_files = /home/$local_part/.mail-extensions:/home/$local_part/.forward condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}} user=$local_part check_ancestor file = /home/$local_part/.forward allow_filter allow_fail verify=false file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply extension_user_delivery: driver = accept local_part_suffix = -* require_files = /home/$local_part/.mail-extensions condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}} user=$local_part verify=false transport = local_delivery localuser: driver = accept check_local_user transport = local_delivery begin transports remote_smtp: driver = smtp procmail_pipe: driver = pipe command = /usr/bin/procmail -d $local_part return_path_add delivery_date_add envelope_to_add check_string = "From " escape_string = ">From " user = $local_part group = mail local_delivery: driver = appendfile directory = /home/$local_part/Mail/inbox/ delivery_date_add envelope_to_add return_path_add mode = 0660 maildir_format user = $local_part group = mail address_pipe: driver = pipe return_output address_file: driver = appendfile directory = /home/$local_part/Mail/$address_file maildir_format = true user = $local_part group = mail maildir_tag = ,S=$message_size quota_size_regex = S=(\d+) delivery_date_add envelope_to_add return_path_add address_reply: driver = autoreply begin retry * * F,2h,5m; G,16h,1h,1.5; F,4d,6h
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/