[exim-dev] [Bug 2605] New: $domain_data is not expanded during event_action
https://bugs.exim.org/show_bug.cgi?id=2605
Bug ID: 2605
Summary: $domain_data is not expanded during event_action
Product: Exim
Version: 4.94
Hardware: x86-64
OS: Linux
Status: NEW
Severity: bug
Priority: medium
Component: String expansion
Assignee: unalloca...@exim.org
Reporter: d...@vusam.com
CC: exim-dev@exim.org
Recently started to rewrite our config to make sure we deal with taints
correctly.
While testing the changes I noticed that "${quote_mysql:$domain_data}" is not
expanded during event_action. Our event_action is like this:
event_action = ${if eq {msg:delivery}{$event_name}{${lookup mysql{ INSERT INTO
mail_received (domain, bytesIn) VALUES ('${quote_mysql:$domain_data}',
${quote_mysql:$message_size})}}}{}}
This result in a query with empty '' and thus fails.
When using $domain it works. Not sure if this affects other variables too.
- Daan
--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim
details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #9 from davidc --- Hi Jeremy, Indeed, it would be preferable that, if a message is to be rejected for any reason (including after DATA), that rejection is passed back to the sender's SMTP connection, rather than accepting and sending a bounce (and the consequent problems with backscatter and reputation). David -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2595] Allow custom socket path for SYSLOG
https://bugs.exim.org/show_bug.cgi?id=2595 Jeremy Harris changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #4 from Jeremy Harris --- Lacking further discussion, won't-fix. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2594] CNAME handling can break TLS certificate verification
https://bugs.exim.org/show_bug.cgi?id=2594 Jeremy Harris changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED --- Comment #9 from Jeremy Harris --- Nobody commented -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2596] Changing the default value for the hosts_noproxy_tls option breaks the use of smtp authorization
https://bugs.exim.org/show_bug.cgi?id=2596 Jeremy Harris changed: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #4 from Jeremy Harris --- Lacking further discussion, nothing to fix. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2587] pam expansion condition fails on tainted data
https://bugs.exim.org/show_bug.cgi?id=2587 Jeremy Harris changed: What|Removed |Added Resolution|--- |FIXED Status|ASSIGNED|RESOLVED -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #8 from Jeremy Harris --- Hmm, you're right; I was misremembering. The copy-through only applies to the data phase; as the original calout mech is being used for the cutthrough delivery startup all of its behaviour remains. Back to the previous - presumably you want the cutthrough data-time semantics so only doing the callout,hold does not help? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #7 from davidc --- Created attachment 1320 --> https://bugs.exim.org/attachment.cgi?id=1320=edit Full config of cutthrough only (no recipient verification) -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #6 from davidc --- Created attachment 1319 --> https://bugs.exim.org/attachment.cgi?id=1319=edit Debug of cutthrough only (no recipient verification) masking error with 550 admin prohibition -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #5 from Jeremy Harris --- Please attach the whole debug output for that test. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2602] Tainted name '/etc/exim/vfilters/domain.com' for file read not permitted
https://bugs.exim.org/show_bug.cgi?id=2602 --- Comment #3 from Jeremy Harris --- Docs update: 6e2400bf8b -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #4 from davidc --- With recipient verification removed and only the cutthrough accept line present: >From sender to inbound relay: << 220 smtpin001.a.snlmail.net ESMTP >> ehlo asd << 250-smtpin001.a.snlmail.net Hello sarlonintman001.sargasso.net.uk [2a05:e200:0:1::1] << 250-SIZE 52428800 << 250-8BITMIME << 250-PIPELINING << 250-CHUNKING << 250-STARTTLS << 250 HELP >> mail from: << 250 OK >> rcpt to: << 550 Administrative prohibition >> quit << 221 smtpin001.a.snlmail.net closing connection >From inbound relay to mailstore host: << 220 mailstore001.a.snlmail.net ESMTP >> EHLO smtpin001.a.snlmail.net << 250-mailstore001.a.snlmail.net Hello smtpin001.a.snlmail.net [2a05:e200:1:74::2:1] << 250-SIZE 52428800 << 250-8BITMIME << 250-PIPELINING << 250-CHUNKING << 250 HELP >> MAIL FROM: >> RCPT TO: << 250 OK << 550 Address inva...@sargasso.pw unknown. >> QUIT << 221 mailstore001.a.snlmail.net closing connection So the sender just gets "550 Administrative prohibition"; even if smtp_return_error_details is turned on at the inbound relay, it is hiding the error. Whereas when recipient verification is used, they get 550-Callout verification failed:" "550 550 Address inva...@sargasso.pw unknown.". -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #3 from Jeremy Harris --- (In reply to davidc from comment #2) > Doing only cutthrough means the sender only gets "550 Administrative > prohibition" to RCPT rather than any useful error (e-mail address doesn't > exist, user is over quota etc) and I don't see an option to change this. The sender should get whatever the onward system responds. The response is not supplied by the system doing the cutthrough. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #2 from davidc --- Hi Jeremy, Doing only cutthrough means the sender only gets "550 Administrative prohibition" to RCPT rather than any useful error (e-mail address doesn't exist, user is over quota etc) and I don't see an option to change this. The specification also mentions a couple of scenarios in which cutthrough cannot be used, in such cases we would like to at least have already performed the recipient verification so we can reject, rather than queue and then bounce. I forgot to mention above, in case it is not obvious, removing "hold" from the verification options means everything works fine. (Although weirdly it then makes *three* separate SMTP connections with the target host, two verifications for the same recipient and then one for the actual message. But this is a suitable workaround for now). Thanks David -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2603] $address_pipe is empty
https://bugs.exim.org/show_bug.cgi?id=2603 Git Commit changed: What|Removed |Added CC||g...@exim.org --- Comment #4 from Git Commit --- Git commit: https://git.exim.org/exim.git/commitdiff/80c2ec2e47c556daff00c79ee068ce68f25fd264 commit 80c2ec2e47c556daff00c79ee068ce68f25fd264 Author: Jeremy Harris AuthorDate: Sat Jun 20 00:54:05 2020 +0100 Commit: Jeremy Harris CommitDate: Sat Jun 20 01:05:08 2020 +0100 Fix string_copy() macro to not multiple-eval args. Bug 2603 Broken-by: a76d120aed --- doc/doc-txt/ChangeLog | 6 ++ src/src/functions.h | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 0354ff2..717e0d2 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -49,6 +49,12 @@ JH/09 Relax restrictions on ACL verify condition needing access to message permit also mime, dkim, prdr quit and notquit. Applies to header-syntax, not_blind, header_sender and header_names_ascii verification. +JH/10 Bug 2603: Fix coding of string copying to only evaluate arguments once. + Previously a macro used one argument twice; when called with the + argument as an expression having side-effects, incorrect operation + resulted. Use an inlineable function. + + Exim version 4.94 - diff --git a/src/src/functions.h b/src/src/functions.h index 1f0c30d..110d4db 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -772,9 +772,9 @@ string_copy_trc(const uschar * s, const char * func, int line) /* Simple string-copy functions maintaining the taint */ #define string_copyn(s, len) \ -string_copyn_taint_trc((s), (len), is_tainted(s), __FUNCTION__, __LINE__) +string_copyn_trc((s), (len), __FUNCTION__, __LINE__) #define string_copy(s) \ -string_copy_taint_trc((s), is_tainted(s), __FUNCTION__, __LINE__) +string_copy_trc((s), __FUNCTION__, __LINE__) /* -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 --- Comment #1 from Jeremy Harris --- If you're going to do cutthrough delivery there is zero point in separately specifying a recipient callout. Not to say there isn't a bug here, but you are making it needlessly complex. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2603] $address_pipe is empty
https://bugs.exim.org/show_bug.cgi?id=2603 Jeremy Harris changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2604] New: exim does not send DATA to target host when verify callout hold and delivery cutthrough
https://bugs.exim.org/show_bug.cgi?id=2604 Bug ID: 2604 Summary: exim does not send DATA to target host when verify callout hold and delivery cutthrough Product: Exim Version: N/A Hardware: x86 OS: Windows Status: NEW Severity: bug Priority: medium Component: Transports Assignee: unalloca...@exim.org Reporter: david-exim-b...@infotrek.co.uk CC: exim-dev@exim.org Created attachment 1318 --> https://bugs.exim.org/attachment.cgi?id=1318=edit sample pcap of both SMTP sessions Mail server setup: sender --smtp--> inbound relay(exim) --smtp--> mailstore host(exim) Inbound relay has a callout to verify recipient with 'hold' option set to keep SMTP session alive for the message. Delivery is then cutthrough. The inbound relay often does not send the DATA command to the mailstore host and also misses out parts of the message. This causes at best SMTP synchronisation errors. Attached is a pcap of a simple test using telnet, but this also happens in reality with real mail from real senders. In the pcap: - sending host is sarlonintman001 (2a05:e200:0:1::1) - inbound relay is smtpin001 (2a05:e200:1:74::2:1) - mailstore host is mailstore001 (2a05:e200:1:74::3:1) The dialogue from sending host to inbound relay: << 220 smtpin001.a.snlmail.net ESMTP >> ehlo asd << 250-smtpin001.a.snlmail.net Hello sarlonintman001.sargasso.net.uk [2a05:e200:0:1::1] << 250-SIZE 52428800 << 250-8BITMIME << 250-PIPELINING << 250-CHUNKING << 250-STARTTLS << 250 HELP >> mail from: << 250 OK >> rcpt to: << 250 Accepted >> data << 354 Enter message, ending with "." on a line by itself >> Subject: test >> >> testing >> . << 554 SMTP synchronization error >> quit << 221 smtpin001.a.snlmail.net closing connection The dialogue from inbound relay to mailstore host: << 220 mailstore001.a.snlmail.net ESMTP >> EHLO smtpin001.a.snlmail.net << 250-mailstore001.a.snlmail.net Hello smtpin001.a.snlmail.net [2a05:e200:1:74::2:1] << 250-SIZE 52428800 << 250-8BITMIME << 250-PIPELINING << 250-CHUNKING << 250 HELP >> MAIL FROM: >> RCPT TO: << 250 OK << 250 Accepted >> testing >> . << 554 SMTP synchronization error >> QUIT Note that the DATA command and the initial part of the message (subject line) is missing. Exim version 4.92 (Debian exim4-daemon-heavy package) Configuration on relay host (one standalone file; Debian config is not used): log_selector = +lost_incoming_connection +retry_defer +sender_on_delivery +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +tls_peerdn never_users= root host_lookup= * print_topbitchars = false rfc1413_hosts = * rfc1413_query_timeout = 5s ignore_bounce_errors_after = 2d timeout_frozen_after = 7d smtp_banner= $smtp_active_hostname ESMTP smtp_receive_timeout= 1m tls_certificate= xxx tls_privatekey = xxx domainlist relay_domains = sargasso.pw acl_smtp_rcpt= acl_check_rcpt acl_smtp_predata = acl_smtp_ratelimit begin acl acl_check_rcpt: # Accept local accept hosts = : # Accept hostlist accept hosts = @ : 127.0.0.1 # Require it is a domain we relay for require message = Relaying not permitted. domains = +relay_domains # Require that the user being sent to exists require verify= recipient/callout=10s,defer_ok,use_sender,hold,no_cache message = Recipient <$local_part@$domain> unknown # Accept message and cut-through accept control = cutthrough_delivery acl_smtp_ratelimit: # Log all sender host ratelimits warnratelimit = 0 / 1h / readonly log_message = RATELIMIT INFO: Sender $sender_host_address rate $sender_rate / $sender_rate_period # System-wide rate limit defer ratelimit = 10 / 1s / $primary_hostname log_message = RATELIMIT DEFER: System message rate $sender_rate / $sender_rate_period. message = System load exceeded. Try again later. # Per sender host rate limit defer ratelimit = 100 / 1h / strict / $sender_host_address log_message = RATELIMIT DEFER: Sender host $sender_host_address message rate $sender_rate / $sender_rate_period. message = You have exceeded your maximum message rate. Please try again later. # Accept messages not rate limited accept ## # ROUTERS CONFIGURATION # # Specifies how addresses are handled # ## begin routers system_aliases: driver = redirect
[exim-dev] [Bug 2603] $address_pipe is empty
https://bugs.exim.org/show_bug.cgi?id=2603 --- Comment #3 from marty...@mc2.dev --- I can confirm it's fixed after the patch. Thank you! -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
