Please wrap your lines at a traditional length.
On 07/07/2021 15:31, Michal Soltys via Exim-users wrote:
warn
log_message = Header syntax invalid [$acl_verify_message], message
will be fakerejected
!verify = header_syntax
control = fakereject/The message will be delivered, but it
violates RFCs [$acl_verify_message]. Please fix it.
When we get a message that fails header check, we get exim complaining in
paniclog about tainted string (tls connection is also prematurely terminated in
such case judging from e.g. msmtp's output, although the mail gets delivered) -
removing $acl_verify_message fixes this - but why would this string be
considered tainted ?
Because it contains data supplied by a potential attacker.
The issue is why it is being expanded.
2021-07-07 11:38:32.836 1m140m-0001YT-6t Tainted string 'The message will be delivered, but it violates RFCs [malformed
address: '>\n may not follow "'[email protected]'" <'[email protected]: failing address in "To:"
header is: "'[email protected]'" <'[email protected]'>]. Please fix it.' in expansion
This is the "response message" part of the fakereject control. It's being
expanded once,
correctly, to give the string we see in that paniclog line. The complaint is
that we're
trying to expand it again. I'm failing to find in the code where that might
happen,
unfortunately.
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
