On Tue, Oct 26, 2021 at 08:29:45AM +0200, Andreas Metzler via Exim-users wrote: > On 2021-10-26 Dominik Vogt via Exim-users <[email protected]> wrote: > > After upgrading from Devuan 3 (~= Debian 10) to Devuan-4 > > (~=Debian-11), not changing the exim config file the new Exim > > version is 4.94.2. > > > Running "sendmail -qf" emits error messages like this one: > > > 2021-10-25 23:00:12.776 [7584] 1melHk-0000VC-R0 == > > FOOBAR@localhost R=local_user T=mail_spool defer (-1) DT=0.004s: > > Tainted '/var/mail/FOOBAR' (file or directory name for mail_spool > > transport) not permitted > > > It seems to complain about the file /var/mail/FOOBAR for > > _incoming_ mail. What is the cause of this and how can it be > > fixed? > [...]
I didn't get this warning during upgrade. This is likely a Devuan thing. > Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the > concept of tainted data read from untrusted sources, like e.g. message > sender or recipient. This tainted data (e.g. $local_part or $domain) > cannot be used among other things as a file or directory name or command > name. So, the solution is to merge the modifications to the old exim4.conf.template into the ...dpkg-dist file and use the result. That works. Thanks. -- But I don't understand why Exim behaves differently for the two local accounts: (1) Address: [email protected] Local user: FOOBAR (The local user name is in no way related to the domain part of the mail address. They are identical by "accident".) vs. (2) Address: [email protected] Local user: FANTASYNAME The emails to (1) trigger the "tainted" error, but the ones to (2) are delivered without a problem. In both cases, the recipient address is rewritten by fetchmail ("username@localhost"): user '...' there is 'FOOBAR' here vs. user '...' there is 'FANTASYNAME' here Ciao Dominik ^_^ ^_^ -- Dominik Vogt -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
