Hey,
I'm running exim in this configuration:
17:28:39 64561 Exim version 4.93.0.3 uid=0 gid=0 pid=64561 D=fff9ffff
Support for: crypteq iconv() IPv6 PAM Perl TCPwrappers OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PRDR TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch passwd
Authenticators: cram_md5 cyrus_sasl plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [9.2.0]
Library version: Glibc: Compile: 2.30
Runtime: 2.30
Library version: BDB: Compile: Berkeley DB 5.3.28: (September 9, 2013)
Runtime: Berkeley DB 5.3.28: (September 9, 2013)
Library version: OpenSSL: Compile: OpenSSL 1.1.1d 10 Sep 2019
Runtime: OpenSSL 1.1.1d 10 Sep 2019
: built on: Tue Dec 3 18:07:39 2019 UTC
Library version: IDN2: Compile: 2.3.0
Runtime: 2.3.0
Library version: Stringprep: Compile: 1.35
Runtime: 1.35
Library version: Cyrus SASL: Compile: 2.1.27
Runtime: 2.1.27 [Cyrus SASL]
Library version: PCRE: Compile: 8.43
Runtime: 8.43 2019-02-23
I have a special user router setup:
extension_user_delivery_f:
driver = redirect
local_part_suffix = -*
require_files = /home/$local_part/.mail-extensions:/home/$local_part/.forward
condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
user=$local_part
check_ancestor
file = /home/$local_part/.forward
allow_filter
allow_fail
verify=false
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
And the top of my .forward looks like this:
# Sieve filter
require ["fileinto", "envelope"];
if header :contains ["From"] ["@someblacklisteddomain"] { discard; stop; }
if header :contains ["From"] ["@antoher junkmailer"] { discard; stop; }
and a .mail-extensions file with this:
-foobar # an extension that is ok, so klausman-foobar@??? is a valid destination
This setup has worked well for over a decade. It broke with exim
4.93, with mail being rejected/not deleivered if an extension
address is used. My mainlong is full of:
2020-01-07 17:28:09 1iorSJ-000C9a-83 == klausman@??? <klausman-gentoo@???> R=extension_user_delivery_f defer (-1): internal problem in extension_user_delivery_f router (recipient is klausman-gentoo@???): failure to transfer data from subprocess: status=0100 readerror='Success'
(very helpful error, that)
During debugging I found this:
# exim -bt klausman-gentoo@???
LOG: MAIN PANIC
attempt to expand tainted string '$rheader_From'
LOG: MAIN PANIC
attempt to expand tainted string '${if def:header_From {true}{false}}'
Sieve error: header string expansion failed in line 3
klausman-gentoo@??? -> inbox
transport = address_file
I presume "tainted" strings can not be used in Sieve filters
anymore? That would make Sieve entirely pointless, from my POV.
So clearly, I am missing something. What is going on?
Best,
Tobias
