On Sat, Jul 18, 2020 at 10:25:52AM +0100, Dave Restall - System Administrator, , , via Exim-users wrote: > > On 2020-07-18 The Doctor via freebsd-ports <freebsd-po...@freebsd.org> wrote: > > > Trying Exim 4.94 and I am getting > > > > 2020-07-17 19:28:04.818 [8344] 1jwbdQ-00023D-Cx == doc...@nk.ca R=localuser > > T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or > > directory name for local_delivery transport) not permitted > ... > > 2020-07-17 19:30:09.228 [9608] 1jwbdQ-00023D-Cx == doc...@nk.ca R=localuser > > T=local_delivery defer (-1) DT=0.001s: Tainted '/var/mail/doctor' (file or > > directory name for local_delivery transport) not permitted > > > > Why is this happening? > > You are not alone :-) > > 4.94 introduced more rigorous checking of expanded strings. Any strings > that could potentially be supplied by a remote user e.g. $local_part have > been classed as tainted. This means that they are not to be trusted to > be used directly for things like file name expansion or database lookups. > The log entries you are seeing are informing you that your lookups need > a bit of sanitizing. Generally you can use the tainted data but you > need to clean it before you use it e.g. quote it or use it to derive > another variable. > > It's a bit more onerous but this is the price we have to pay for enhanced > security in exim. > > Personally, I understand why the devs did this, it is a useful and > worthwhile upgrade to exim, where I think they went wrong is that they > didn't really handle the release of it quite well in the announcement > and even pre-annnouncement. Something along the lines of "We're > going to add strict de-tainting to exim 4.94 which will break a lot > of configurations so please be ready to re-factor your configurations > during the upgrade" would have been useful. If it was made plain, > A LOT of users (me included) missed it so it could be argued that it > wasn't made plain enough.... > > The RTFM reply you got was not useful either. There should be a section > in the manual purely about de-tainting, its reasoning, possible side > effects and mitigations. As it currently is, anybody wanting information > on what's going on has to trawl through the manual and make inferences > from what they find. > > In short, the devs haven't covered themselves with glory with this > upgrade - IMHO. > > Regards, > > If this the fact that the mail directory is set to chmod 1777 ?
> > > D > lists/exim/users/2020-07-18.tx exim-users > +----------------------------------------------------------------------------+ > | Dave Restall, Computer Anorak, Geek, Cyclist, Radio Amateur G4FCU, Bodger | > | Mob +44 (0) 7973 831245 Skype: dave.restall Radio: G4FCU | > | email : d...@restall.net - Anti-SocialMediaist - Web : Not Ready Yet :-( | > +- QOTD ---------------------------------------------------------------------+ > | Reappraisal, n.: | > | An abrupt change of mind after being found out. | > +----------------------------------------------------------------------------+ > > > -- > ## List details at https://lists.exim.org/mailman/listinfo/exim-users > ## Exim details at http://www.exim.org/ > ## Please use the Wiki with this list - http://wiki.exim.org/ -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca Yahweh, Queen & country!Never Satan President Republic!Beware AntiChrist rising! https://www.empire.kred/ROOTNK?t=94a1f39b Slight not what's near, while aiming at what's far. -Euripides -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/