On 2021-10-26 Dominik Vogt via Exim-users <[email protected]> wrote: > After upgrading from Devuan 3 (~= Debian 10) to Devuan-4 > (~=Debian-11), not changing the exim config file the new Exim > version is 4.94.2.
> Running "sendmail -qf" emits error messages like this one: > 2021-10-25 23:00:12.776 [7584] 1melHk-0000VC-R0 == > FOOBAR@localhost R=local_user T=mail_spool defer (-1) DT=0.004s: > Tainted '/var/mail/FOOBAR' (file or directory name for mail_spool > transport) not permitted > It seems to complain about the file /var/mail/FOOBAR for > _incoming_ mail. What is the cause of this and how can it be > fixed? [...] Hello, Assuming Devuan is using the Debian packages you should have seen this warning from /usr/share/doc/exim4-base/NEWS.Debian.gz on upgrading. If you have not, please install apt-listchanges, which is Priority: standard for a good reason. ------------------------- exim4 (4.94-18) experimental; urgency=medium Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the concept of tainted data read from untrusted sources, like e.g. message sender or recipient. This tainted data (e.g. $local_part or $domain) cannot be used among other things as a file or directory name or command name. This WILL BREAK configurations which are not updated accordingly. [....] ------------------------- cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
