Re: [exim] Exim 4.94 new config for routers (Tainted filenam…

Góra strony
Delete this message
Reply to this message
Autor: SysAdmin EM
Data:  
Dla: exim-users
Temat: Re: [exim] Exim 4.94 new config for routers (Tainted filename for search)
I tried modifying the router as follows but I get an error of "Unrouteable
address"

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = $local_part_data
file_transport = address_file
group = exim
pipe_transport = virtual_address_pipe
retry_use_local_part
domains = dsearch,ret=full;//opt/exim/valiases
local_parts = lsearch;$domain_data
unseen

### Log

2021-05-11 15:56:18 1lgXYH-0004jp-0Q <= emawata@??? H=
mail-qk1-f178.google.com [209.85.222.178] P=esmtps
X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=3512
id=CAGUDtnmAe0GDRxfM5=t=N4p13UxfQ=cCaYcbKBW96+yZ=UZoGg@???
2021-05-11 15:56:18 1lgXYH-0004jp-0Q ** no-reply@???:
Unrouteable address
2021-05-11 15:56:18 1lgXYI-0004jz-6Y <= <> R=1lgXYH-0004jp-0Q U=exim
P=local S=4859
2021-05-11 15:56:18 1lgXYH-0004jp-0Q Completed

El mar, 11 de may. de 2021 a la(s) 14:03, SysAdmin EM (emawata@???)
escribió:

> Hello,
> i update my exim version from 4.92 to 4.94.
>
> I try send an email to a test domain and see this error:
>
> 2021-05-11 13:33:47 1lgVKM-0001dB-2z <= emawata@??? H=
> mail-qk1-f170.google.com [209.85.222.170] P=esmtps
> X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=3515
> id=CAGUDtn=vYmu9=GmjZ=+h3Y6HaEjDTv-GtXFuaW6=YVq_E3OXyA@???
> 2021-05-11 13:33:47 1lgVKM-0001dB-2z Tainted filename for search:
> '/opt/exim/valiases/dominioprueba1.tk'
> 2021-05-11 13:33:47 1lgVKM-0001dB-2z == no-reply@???
> R=virtual_aliases_nostar defer (-1): failed to expand "${if
> exists{/opt/exim/valiases/$domain}{${lookup{$local_part@$domain}lsearch{/opt/exim/valiases/$domain}}}}":
> NULL
>
> I have read the changes of the new version, I must use the variables $
> local_part_data and $ domain_data but I don't understand how to adapt this
> to my routers.
>
> Can someone help me adapt the following router to take as an example.
>
> virtual_aliases_nostar:
> driver = redirect
> allow_defer
> allow_fail
> data = ${if exists{/opt/exim/valiases/$domain}{${lookup{$local_part@
> $domain}lsearch{/opt/exim/valiases/$domain}}}}..
> file_transport = address_file
> group = exim
> pipe_transport = virtual_address_pipe
> retry_use_local_part
> domains = lsearch;/opt/exim/localdomains
> unseen
>
> I have tried using dsearch as they recommend but I am getting an error:
>
> [root@vps-1713830-x ~] # /opt/exim/bin/exim -d -be '${if
> exists{/opt/exim/valiases/dominioprueba1.tk}{${
> lookup{no-reply@???}dsearch,ret=full{/opt/exim/valiases}}}}'
>
> Exim version 4.94.2 uid=0 gid=0 pid=8957 D=f7715cfd
> Support for: crypteq iconv() IPv6 Perl OpenSSL Content_Scanning DANE DKIM
> DNSSEC Event PIPE_CONNECT PRDR SPF TCP_Fast_Open
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz
> dbmnz dsearch mysql
> Authenticators: cram_md5 plaintext spa
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir autoreply pipe smtp
> Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
> Fixed never_users: 0
> Configure owner: 0:0
> Size of off_t: 8
> Compiler: GCC [4.8.5 20150623 (Red Hat 4.8.5-44)]
> Library version: Glibc: Compile: 2.17
>                        Runtime: 2.17
> Library version: BDB: Compile: Berkeley DB 5.3.21: (May 11, 2012)
>                      Runtime: Berkeley DB 5.3.21: (May 11, 2012)
> Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips  26 Jan 2017
>                          Runtime: OpenSSL 1.0.2k-fips  26 Jan 2017
>                                 : built on: reproducible build, date
> unspecified
> Library version: spf2: Compile: 1.2.10
>                       Runtime: 1.2.10
> Library version: PCRE: Compile: 8.32
>                       Runtime: 8.32 2012-11-30
> Total 11 lookups
> Library version: MySQL: Compile: 50732 5.7.32 [mysqld-5.7]
>                        Runtime: 50732 5.7.32
> WHITELIST_D_MACROS unset
> TRUSTED_CONFIG_LIST unset
> changed uid/gid: -C, -D, -be or -bf forces real uid
>  uid=0 gid=0 pid=8957
>  auxiliary group list: 0
> openssl option, adding to     03104000: 01000000 (no_sslv2 +no_sslv3
> +no_tlsv1)
> openssl option, adding to     03104000: 02000000 (no_sslv3 +no_tlsv1)
> openssl option, adding to     03104000: 04000000 (no_tlsv1)
> configuration file is /etc/exim/configure
> log selectors = 00000ffc 19005022 00000003
> Starting Perl interpreter
> trusted user
> admin user
> dropping to exim gid; retaining priv uid
> seeking password data for user "exim": using cached result
> getpwnam() succeeded uid=502 gid=502
> seeking password data for user "mailman": cache not available
> getpwnam() succeeded uid=1002 gid=1002
> originator: uid=0 gid=0 login=root name=root
> sender address = root@???
>  search_open: dsearch "/opt/exim/valiases"
>  search_find: file="/opt/exim/valiases"
>    key="no-reply@???" partial=-1 affix=NULL starflags=0
> opts="ret=full"
>  LRU list:
>    3/opt/exim/valiases
>    End
>  internal_search_find: file="/opt/exim/valiases"
>    type=dsearch key="no-reply@???" opts="ret=full"
>  file lookup required for no-reply@???
>    in /opt/exim/valiases
>  lookup failed

>
> search_tidyup called
> ####################################################################
>
> Regards,
>