[exim] Exim 4.63 tempfail (451) error containing sensitive l…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MStephan Bosch at ->
Delete this message
Reply to this message
Author: Stephan Bosch
Date:  
To: exim-users
Subject: [exim] Exim 4.63 tempfail (451) error containing sensitive lookup information.
Hi,

I don't know how I achieved this, but this is what I found in the log of
a postfix server submitting mail to my main exim4 server:

Mar 24 23:39:51 tiger postfix/smtp[3814]: BB856100A640: host
mx.example.com[192.168.0.1] said:
451-expansion of "$address_data vrdDomain=${lookup ldap
451-{user=uid=exim,ou=Programs,dc=example,dc=com pass=<PASSWORD!>
451-ldap:///${lc:${extract{ddn}{$address_data}}}?scmDomain?base?
(&(objectClass=VirtualDomain)(scmDomain=${quote_ldap:$domain}))}}
451-${lookup ldap {user=uid=exim,ou=Programs,dc=example,dc=com
pass=<PASSWORD!>
451-ldap:///${lc:${extract{ddn}{$address_data}}}??sub?
(&(objectClass=VirtualMailAddress)(|(vrtMail=${quote_ldap:$local_part}
@${quote_ldap:$domain})(vrtMailAlias=${quote_ldap:$local_part}@
${quote_ldap:$domain})))}}"
451-failed in lookup router: lookup of
"user=uid=exim,ou=Programs,dc=example,dc=com
451-pass=<PASSWORD!!> ldap:///scmdomain=example.com,ou=mail
451-accounts,uid=klant,ou=customers,dc=example,dc=com??sub?
(&(objectClass=VirtualMailAddress)(|(vrtMail=stephan@???)
(vrtMailAlias=stephan@???)))"
451 gave DEFER: ldap_result failed: 81, Can't contact LDAP server (in reply

So, it looks as though when LDAP server is unavailable, exim spews full
LDAP string substitutions to the client, including passwords!! I've not
been able to reproduce this yet though.

The system is a soon-to-be-upgraded Debian etch installation with:

# exim4 -bV
Exim version 4.63 #1 built 20-Jan-2007 10:42:32
Copyright (c) University of Cambridge 2006
Berkeley DB: Sleepycat Software: Berkeley DB 4.3.29: (September 6, 2005)
Support for: crypteq iconv() IPv6 PAM Perl GnuTLS move_frozen_messages
Content_Scanning Old_Demime
Lookups: lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmnz dnsdb
dsearch ldap ldapdn ldapm mysql nis nis0 passwd pgsql sqlite
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral iplookup manualroute queryprogram
redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Fixed never_users: 0
Size of off_t: 8
Configuration file is /etc/exim4/exim4.conf

I've never seen this happen before.

Any ideas?

Regards,

--
Stephan Bosch
stephan@???

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] DKIM[exim] Fw: Question on Rate Limiting by domain/user->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)