Re: [exim] Database lookup tainted

Góra strony
Delete this message
Reply to this message
Autor: exim.org
Data:  
Dla: Jeremy Harris, exim-users
Temat: Re: [exim] Database lookup tainted
Emails are neither accepted nor delivered and show "Temporary internal error" in log.

Here's a bit more of the log file:


12:19:39.351 12159   ├──expanding: servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='${quote_pgsql:$local_part@$domain}';
12:19:39.351 12159   ╰─────result: servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxxx';
12:19:39.351 12159              ╰──(tainted)
12:19:39.352 12159  search_open: pgsql "NULL"
12:19:39.352 12159  search_find: file="NULL"
12:19:39.352 12159    key="servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxx';" partial=-1 affix=NULL starflags=0 opts=NULL
12:19:39.352 12159  LRU list:
12:19:39.352 12159  internal_search_find: file="NULL"
12:19:39.352 12159    type=pgsql key="servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxxx';" opts=NULL
12:19:39.352 12159  database lookup required for servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxxx';
12:19:39.352 12159  PostgreSQL query: "servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxxx';" opts 'NULL'
12:19:39.352 12159  lookup deferred: PostgreSQL server "127.0.0.1/xx/xx/xx" is tainted
12:19:39.352 12159  ├failed to expand: ${lookup pgsql {servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='${quote_pgsql:$local_part@$domain}';}}
12:19:39.352 12159  ╰───error message: lookup of "servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxxx';" gave DEFER: PostgreSQL server "127.0.0.1/xx/xx/xx" is tainted
12:19:39.352 12159 db_aliases router: defer for xx@xxxx
12:19:39.352 12159   message: failed to expand "${lookup pgsql {servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='${quote_pgsql:$local_part@$domain}';}}": lookup of "servers=127.0.0.1/xx/xx/xx; SELECT string_agg(DISTINCT userid,',') AS target FROM aliases WHERE address='xx@xxxx';" gave DEFER: PostgreSQL server "127.0.0.1/xx/xx/xx" is tainted
12:19:39.352 12159 ----------- end verify ------------
12:19:39.352 12159 require: condition test deferred in ACL "acl_check_rcpt"


and here's acl_check_rcpt:

acl_check_rcpt:
  accept  hosts          = :


  deny    message        = Restricted characters in address
          domains        = +local_domains
          local_parts    = ^[.] : ^.*[@%!/|]


  deny    message        = Restricted characters in address
          domains        = !+local_domains
          local_parts    = ^[./|] : ^.*[@%!] : ^.*/\\.\\./


  accept  local_parts    = postmaster
          domains        = +local_domains


  require verify         = sender


  accept  hosts          = +relay_from_hosts
          control        = submission


  accept  authenticated  = *
          control        = submission/sender_retain


  deny    message        = Invalid sender for sending domain (SPF)
          spf            = fail


# set acl_m1 for whitelist recipients, evaluated in acl_check_data
  accept  recipients     = +whitelist_recipients
          set   acl_m_wl = accepted


  accept  domains        = +relay_to_domains
          verify         = recipient/callout=10s,defer_ok


  accept  domains        = +local_domains
          sender_domains = !+local_domains
          verify         = recipient


deny



2. Juni 2020 14:06, "Jeremy Harris via Exim-users" <exim-users@???> schrieb:

> On 02/06/2020 12:12, exim.org--- via Exim-users wrote:
>
>> However after updating to 4.94 I only get errors like this (private details replaced):
>>
>> 2:19:39.350 12159 ╭considering: ${lookup pgsql {servers=127.0.0.1/mydb/mydbuser/mydbpw; SELECT
>> string_agg(DISTINCT userid,',') AS target FROM aliases WHERE
>> address='${quote_pgsql:$local_part@$domain}';}}
>> 12:19:39.351 12159 ╭considering: servers=127.0.0.1/mydb/mydbuser/mydbpw; SELECT string_agg(DISTINCT
>> userid,',') AS target FROM aliases WHERE address='${quote_pgsql:$local_part@$domain}';}}
>> 12:19:39.351 12159 ╭considering: $local_part@$domain}';}}
>> 12:19:39.351 12159 ├──expanding: $local_part@$domain
>> 12:19:39.351 12159 ╰─────result: myuser@???
>> 12:19:39.351 12159 ╰──(tainted)
>
> You don't say in what fashion it is not working. The taint in that
> position is not an error.
>
>> What do I have to change to make this work again?
>> What is the reason it says tainted?
>
> The content (of both) of the variables being expanded came from a
> source we cannot trust, it being a potential attacker. For this
> reason it is tagged as "tainted".
> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org
> ## Please use the Wiki with this list - http://wiki.exim.org