[exim] 4.94 - De-tainting without lookup?

Top Page
Delete this message
Reply to this message
Author: Matthias Hörmann
Date:  
To: exim-users
Subject: [exim] 4.94 - De-tainting without lookup?
Hello

EPEL on Centos/RHEL 7 recently gave use Exim 4.94 which broken
significant parts of our config.

We tried to re-write things to conform to the new severely restricted
Exim config language but some parts are giving us trouble.

One bit is this transport which we have been using for years now for debugging
purposes (we mostly run webservers using exim to send mails from websites we
develop).

> # save copy of outgoing messages
> traffic_tap_save_copy:
> driver = appendfile
> delivery_date_add
> envelope_to_add
> return_path_add
> maildir_format = true
> create_directory = true
> directory = /var/mailarchive/outgoing/$sender_address_domain/$sender_address_local_part/$domain/$local_part/
> user = mail
> group = mail


Basically this is supposed to save all outgoing mail indexed by both sending
and recipient address. I can not see a way to implement this at all (short of
letting exim dump it all in one folder and use more flexible tools to sort it
into separate directories.

We also have similar transports for storing incoming mail for virtual users.

Search/Replace does not lead to de-tainting. Calling external programs to
filter the data (bad as that would be for performance anyway) does not seem to
de-taint data.

I obviously can not build a lookup table for any possible domain and local part
in the entire internet to de-taint this.

In a regular programming language or a shell script or our Puppet manifest what
we would do here is just some search and replace of all dangerous characters
(all but the known safe ones in fact) with something like an underscore and be
done with it.

How does that work in the new tainted exim reality?

On a side-note, to the best of my knowledge other than slash and the null byte
on Linux at least all characters are safe for use in filenames anyway though I
could see how you want to avoid the risk of them being fed into other tools
indirectly that way.

Thanks for any help you can provide. Sorry for any of my annoyance that bled
through in the paragraphs above but this change really has severely limited the
expressiveness of the Exim config language without any warning. It feels like
this should have been a major version update.

Matthias Hörmann

--
Mit freundlichen Grüßen,

Matthias Hörmann

fon: +49 (0) 521 - 329647-29
fax: +49 (0) 521 - 329647-40
email: matthias.hoermann@???

---------------
saltation GmbH & Co. KG | Niederwall 43 | 33602 Bielefeld
Sitz Bielefeld | Amtsgericht Bielefeld HRA 15344
Persönlich haftende Gesellschafterin:
saltation Beteiligungs-GmbH | Niederwall 43 | 33602 Bielefeld
Sitz Bielefeld | Amtsgericht Bielefeld HRB 39339
Geschäftsführer: Daniel Brün
---------------

Wir erfüllen unsere Informationspflichten gem. Artt. 13-14 DS-GVO
durch Veröffentlichung auf unserer Internetseite unter

https://www.saltation.com/de/datenschutzerklaerung.html

oder durch Zusendung auf Ihre formlose Anfrage.