Re: [exim] Sieve filters broken due to tainted expansions?
Hi! On Tue, 07 Jan 2020, Jeremy Harris via Exim-users wrote: > On 07/01/2020 16:47, Tobias Klausmann via Exim-users wrote: > > # exim -bt klausman-gen...@schwarzvogel.de > > LOG: MAIN PANIC > > attempt to expand tainted string '$rheader_From' > > LOG: MAIN PANIC > > attempt to expand tainted string '${if def:header_From {true}{false}}' > > Sieve error: header string expansion failed in line 3 > > klausman-gen...@schwarzvogel.de -> inbox > > transport = address_file > > Raised bug 2506 for this. > Please say what platform and who built the exim binary. $ uname -a Linux skade 5.5.0-rc3 #15 SMP Fri Dec 27 13:10:59 CET 2019 x86_64 Intel(R) Core(TM) i7-7700 CPU @ 3.60GHz GenuineIntel GNU/Linux Exim was built on the same machine, using Gentoo's portage. Adress test with -d+all and full config (I've also attached my exim.conf): 08:54:49 2563 Exim version 4.93.0.4 uid=1000 gid=1000 pid=2563 D=fff9 Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd Authenticators: cram_md5 cyrus_sasl plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Compiler: GCC [9.2.0] Library version: Glibc: Compile: 2.30 Runtime: 2.30 Library version: BDB: Compile: Berkeley DB 5.3.28: (September 9, 2013) Runtime: Berkeley DB 5.3.28: (September 9, 2013) Library version: OpenSSL: Compile: OpenSSL 1.1.1d 10 Sep 2019 Runtime: OpenSSL 1.1.1d 10 Sep 2019 : built on: Tue Dec 3 18:07:39 2019 UTC Library version: IDN2: Compile: 2.3.0 Runtime: 2.3.0 Library version: Stringprep: Compile: 1.35 Runtime: 1.35 Library version: Cyrus SASL: Compile: 2.1.27 Runtime: 2.1.27 [Cyrus SASL] Library version: PCRE: Compile: 8.43 Runtime: 8.43 2019-02-23 08:54:49 2563 Total 11 lookups WHITELIST_D_MACROS unset TRUSTED_CONFIG_LIST unset 08:54:49 2563 changed uid/gid: -C, -D, -be or -bf forces real uid 08:54:49 2563 uid=1000 gid=1000 pid=2563 08:54:49 2563 auxiliary group list: 10 12 16 35 78 100 110 237 245 249 250 1000 08:54:49 2563 seeking password data for user "root": cache not available 08:54:49 2563 getpwnam() succeeded uid=0 gid=0 08:54:49 2563 tls_validate_require_cipher child 2564 ended: status=0x0 08:54:49 2563 adding PATH=/sbin:/usr/sbin 08:54:49 2563 configuration file is exim.conf 08:54:49 2563 log selectors = 0ffc 99005032 0003 08:54:49 2563 admin user 08:54:49 2563 dropping to exim gid; retaining priv uid 08:54:49 2563 changing group to 12 failed: Operation not permitted 08:54:49 2563 originator: uid=1000 gid=1000 login=klausman name=Tobias Klausmann 08:54:49 2563 sender address = klaus...@schwarzvogel.de 08:54:49 2563 Address testing: uid=1000 gid=1000 euid=1000 egid=1000 08:54:49 2563 08:54:49 2563 Testing klausman-gen...@schwarzvogel.de 08:54:49 2563 08:54:49 2563 Considering klausman-gen...@schwarzvogel.de 08:54:49 2563 >>> 08:54:49 2563 routing klausman-gen...@schwarzvogel.de 08:54:49 2563 > virtual router < 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 checking domains 08:54:49 2563 search_open: dsearch "/etc/exim/virtual" 08:54:49 2563 search_find: file="/etc/exim/virtual" 08:54:49 2563 key="schwarzvogel.de" partial=-1 affix=NULL starflags=0 08:54:49 2563 LRU list: 08:54:49 2563 5/etc/exim/virtual 08:54:49 2563 End 08:54:49 2563 internal_search_find: file="/etc/exim/virtual" 08:54:49 2563 type=dsearch key="schwarzvogel.de" 08:54:49 2563 file lookup required for schwarzvogel.de 08:54:49 2563 in /etc/exim/virtual 08:54:49 2563 lookup failed 08:54:49 2563 schwarzvogel.de in "dsearch;/etc/exim/virtual"? no (end of list) 08:54:49 2563 virtual router skipped: domains mismatch 08:54:49 2563 > dnslookup router < 08:54:49 2563 local_part=klausman-gentoo domain=schwarzvogel.de 08:54:49 2563 checking domains 08:54:49 2563 schwarzvogel.de in "schwarzvogel.de:skade.schwarzvogel.de:i-no.de"? yes (matched "schwarzvogel.de") 08:54:49 2563 schwarzvogel.de in "! +local_domains"? no (matched "! +local_domains") 08:54:49 2563 dnslookup router skipped: domains mismatch 08:54:49 2563 > new_system_aliases router <
Re: [exim] Sieve filters broken due to tainted expansions?
On 07/01/2020 20:20, Michael Haardt via Exim-users wrote: > This is quite likely an internal expansion from sieve.c:2327. I did > not really follow the list recently, so I missed the introduction of > "tainted" expansions, but the code does this: > > expand_header(_value,h); > header_def=expand_string(string_sprintf("${if def:header_%s > {true}{false}}",quote(h))); > if (header_value.character == NULL || header_def == NULL) Yes, I found that location also. But, so far, all the coding looks ok - and a quick testcase finds no issues. > That's to expand and check if a header is defined in order to > compare it with a value. Perhaps there is a better way to do > that That depends somewhat on how much modularity we want to maintain (here, between the sieve-filter code - which is somewhat of an add-on - and the exim core code. We could, for instance, provide and use native interfaces for querying headers rather than going via the expansions facility). But it's not wrong to be using those expansions IF the strings being expanded as untainted (obviously the results could be; in fact _will_ be for headers). Actually, explaining that has made me wonder... where was the filter script coming from for Tobias' case, and do we consider that as a trusted source or a tainted one?I'll have a dig in that direction. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Sieve filters broken due to tainted expansions?
> # exim -bt klausman-gen...@schwarzvogel.de > LOG: MAIN PANIC > attempt to expand tainted string '$rheader_From' > LOG: MAIN PANIC > attempt to expand tainted string '${if def:header_From {true}{false}}' > Sieve error: header string expansion failed in line 3 This is quite likely an internal expansion from sieve.c:2327. I did not really follow the list recently, so I missed the introduction of "tainted" expansions, but the code does this: expand_header(_value,h); header_def=expand_string(string_sprintf("${if def:header_%s {true}{false}}",quote(h))); if (header_value.character == NULL || header_def == NULL) That's to expand and check if a header is defined in order to compare it with a value. Perhaps there is a better way to do that or a different API should be used now? Michael -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Sieve filters broken due to tainted expansions?
On 07/01/2020 16:47, Tobias Klausmann via Exim-users wrote: > # exim -bt klausman-gen...@schwarzvogel.de > LOG: MAIN PANIC > attempt to expand tainted string '$rheader_From' > LOG: MAIN PANIC > attempt to expand tainted string '${if def:header_From {true}{false}}' > Sieve error: header string expansion failed in line 3 > klausman-gen...@schwarzvogel.de -> inbox > transport = address_file Raised bug 2506 for this. Please say what platform and who built the exim binary. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim maintenance release 4.93.0.4 | branch exim-4.93+fixes
On 07/01/2020 16:59, john via Exim-users wrote: > I assume that this release does not fix the problem I have with tainted > strings when receiving (or failing to) mail from my phone? I'm bemused by your issue, as I said. I can only suggest, as it's a self-build, to remove the definition of TAINT_CHECK_FAST from OS/Makefile-Linux and try that. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Sieve filters broken due to tainted expansions?
Hi! On Tue, 07 Jan 2020, Tobias Klausmann via Exim-users wrote: > I'm running exim in this configuration: [...] Same problem with 4.93.0.4. best, Tobias -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] Exim maintenance release 4.93.0.4 | branch exim-4.93+fixes
I assume that this release does not fix the problem I have with tainted strings when receiving (or failing to) mail from my phone? ==John ff -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] Sieve filters broken due to tainted expansions?
Hey, I'm running exim in this configuration: 17:28:39 64561 Exim version 4.93.0.3 uid=0 gid=0 pid=64561 D=fff9 Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR TCP_Fast_Open Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd Authenticators: cram_md5 cyrus_sasl plaintext spa Routers: accept dnslookup ipliteral manualroute queryprogram redirect Transports: appendfile/maildir/mailstore autoreply pipe smtp Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline Fixed never_users: 0 Configure owner: 0:0 Size of off_t: 8 Compiler: GCC [9.2.0] Library version: Glibc: Compile: 2.30 Runtime: 2.30 Library version: BDB: Compile: Berkeley DB 5.3.28: (September 9, 2013) Runtime: Berkeley DB 5.3.28: (September 9, 2013) Library version: OpenSSL: Compile: OpenSSL 1.1.1d 10 Sep 2019 Runtime: OpenSSL 1.1.1d 10 Sep 2019 : built on: Tue Dec 3 18:07:39 2019 UTC Library version: IDN2: Compile: 2.3.0 Runtime: 2.3.0 Library version: Stringprep: Compile: 1.35 Runtime: 1.35 Library version: Cyrus SASL: Compile: 2.1.27 Runtime: 2.1.27 [Cyrus SASL] Library version: PCRE: Compile: 8.43 Runtime: 8.43 2019-02-23 I have a special user router setup: extension_user_delivery_f: driver = redirect local_part_suffix = -* require_files = /home/$local_part/.mail-extensions:/home/$local_part/.forward condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}} user=$local_part check_ancestor file = /home/$local_part/.forward allow_filter allow_fail verify=false file_transport = address_file pipe_transport = address_pipe reply_transport = address_reply And the top of my .forward looks like this: # Sieve filter require ["fileinto", "envelope"]; if header :contains ["From"] ["@someblacklisteddomain"] { discard; stop; } if header :contains ["From"] ["@antoher junkmailer"] { discard; stop; } and a .mail-extensions file with this: -foobar # an extension that is ok, so klausman-foo...@schwarzvogel.de is a valid destination This setup has worked well for over a decade. It broke with exim 4.93, with mail being rejected/not deleivered if an extension address is used. My mainlong is full of: 2020-01-07 17:28:09 1iorSJ-000C9a-83 == klaus...@schwarzvogel.de R=extension_user_delivery_f defer (-1): internal problem in extension_user_delivery_f router (recipient is klausman-gen...@schwarzvogel.de): failure to transfer data from subprocess: status=0100 readerror='Success' (very helpful error, that) During debugging I found this: # exim -bt klausman-gen...@schwarzvogel.de LOG: MAIN PANIC attempt to expand tainted string '$rheader_From' LOG: MAIN PANIC attempt to expand tainted string '${if def:header_From {true}{false}}' Sieve error: header string expansion failed in line 3 klausman-gen...@schwarzvogel.de -> inbox transport = address_file I presume "tainted" strings can not be used in Sieve filters anymore? That would make Sieve entirely pointless, from my POV. So clearly, I am missing something. What is going on? Best, Tobias -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
Re: [exim] 4.93 Breaks MailScanner - Header File Change?
On 07/01/2020 12:14, Tony Yates via Exim-users wrote: > "Any of the above may have an extra hyphen prepended, to indicate the > the corresponding data is > untrusted." > > The addition of extra hyphens on variables in the '-H' file breaks > MailScanner. If the new behaviour is seen as important can it not at > least be made optional with a new configuration flag? No. The spool file content is not regarded as an exported, stable interface. Mailscanner should not be looking at it, or is at risk of such breakage. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
[exim] 4.93 Breaks MailScanner - Header File Change?
Hi, Per page 493 of the current spec: "Any of the above may have an extra hyphen prepended, to indicate the the corresponding data is untrusted." The addition of extra hyphens on variables in the '-H' file breaks MailScanner. If the new behaviour is seen as important can it not at least be made optional with a new configuration flag? Thanks. Regards, Tony.. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/