[exim] Sieve filters broken due to tainted expansions?

Top Page
Delete this message
Reply to this message
Author: Tobias Klausmann
To: exim-users
Subject: [exim] Sieve filters broken due to tainted expansions?

I'm running exim in this configuration:

17:28:39 64561 Exim version uid=0 gid=0 pid=64561 D=fff9ffff
Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [9.2.0]
Library version: Glibc: Compile: 2.30
                        Runtime: 2.30
Library version: BDB: Compile: Berkeley DB 5.3.28: (September  9, 2013)
                      Runtime: Berkeley DB 5.3.28: (September  9, 2013)
Library version: OpenSSL: Compile: OpenSSL 1.1.1d  10 Sep 2019
                          Runtime: OpenSSL 1.1.1d  10 Sep 2019
                                 : built on: Tue Dec  3 18:07:39 2019 UTC
Library version: IDN2: Compile: 2.3.0
                       Runtime: 2.3.0
Library version: Stringprep: Compile: 1.35
                             Runtime: 1.35
Library version: Cyrus SASL: Compile: 2.1.27
                             Runtime: 2.1.27 [Cyrus SASL]
Library version: PCRE: Compile: 8.43
                       Runtime: 8.43 2019-02-23

I have a special user router setup:

    driver = redirect
    local_part_suffix = -*
    require_files =  /home/$local_part/.mail-extensions:/home/$local_part/.forward
    condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
    file = /home/$local_part/.forward
    file_transport = address_file
    pipe_transport = address_pipe
    reply_transport = address_reply

And the top of my .forward looks like this:

# Sieve filter
require ["fileinto", "envelope"];
if header :contains ["From"] ["@someblacklisteddomain"] { discard; stop; }
if header :contains ["From"] ["@antoher junkmailer"] { discard; stop; }

and a .mail-extensions file with this:

-foobar # an extension that is ok, so klausman-foobar@??? is a valid destination

This setup has worked well for over a decade. It broke with exim
4.93, with mail being rejected/not deleivered if an extension
address is used. My mainlong is full of:

2020-01-07 17:28:09 1iorSJ-000C9a-83 == klausman@??? <klausman-gentoo@???> R=extension_user_delivery_f defer (-1): internal problem in extension_user_delivery_f router (recipient is klausman-gentoo@???): failure to transfer data from subprocess: status=0100 readerror='Success'

(very helpful error, that)

During debugging I found this:

# exim -bt klausman-gentoo@???
attempt to expand tainted string '$rheader_From'
attempt to expand tainted string '${if def:header_From {true}{false}}'
Sieve error: header string expansion failed in line 3
klausman-gentoo@??? -> inbox
transport = address_file

I presume "tainted" strings can not be used in Sieve filters
anymore? That would make Sieve entirely pointless, from my POV.
So clearly, I am missing something. What is going on?