Hello,
After upgrading a test server to Debian Bullseye (Exim 4.94.2) a simple test resulted in this: --- $ exim -v -bv [email protected] LOG: MAIN PANIC Tainted filename '/etc/exim4/localdomains' LOG: MAIN PANIC DIE failed to open /etc/exim4/localdomains when checking "@:localhost:/etc/exim4/localdomains:ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=$domain": Permission denied (euid=110 egid=117) --- The config line(s) causing this is already clear above, but here's the real deal: --- LOCALDOM = /etc/exim4/localdomains domainlist local_domains = @:localhost:LOCALDOM:ldap;ldap::///ou=mail,dc=do,dc=main?mailDomain?sub?mailDomain=$domain --- The cause is of course the use of $domain in the LDAP query, but both the error nor the scope of taint checking are helpful here. The permission denied bit is also a red herring, that file/macro gets used happily by other (local delivery) routers. Removing the LOCALDOM macro and thus the file name fixes it (so the tainted $domain is fine for LDAP, gee), however this leaves one with questions. When using $domain_data instead there is no taint error, alas that variable does not get populated. I think we have a chicken and egg problem here, as the router in question does have a "domains = +local_domains" in it. So the domain is not matched, the router not called and that's the end of that. How would one populate $domain_data in this case? Is there hope for a fix that would remove the false taint error in this case? Thanks, Christian -- Christian Balzer Network/Systems Engineer [email protected] Rakuten Communications -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
