So my workaround was to create a simple wrapper and call it, instead of
dovecot-lda:
$ cat /local/bin/dovecot-lda-wrapper
#!/bin/sh
exec /usr/local/libexec/dovecot/dovecot-lda \
-d "${LOCAL_PART}@${DOMAIN}" \
-a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
-r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
-f "${SENDER}"
Here's how it is called from Exim:
dovecot_pipe:
driver = pipe
command = /local/bin/dovecot-lda-wrapper
• Kirill Miazine via Exim-dev [2022-04-25 14:47]:
> Beware that the just released RC0 for Exim 4.96 may break your Dovecot
> LDA delivery. It did break mine, which is similar to what is described
> on https://wiki.dovecot.org/LDA/Exim
>
> Here is the relevant ChangeLog entry:
>
> JH/25 Taint-check exec arguments for transport-initiated external processes.
> Previously, tainted values could be used. This affects "pipe", "lmtp" and
> "queryprogram" transport, transport-filter, and ETRN commands.
> The ${run} expansion is also affected: in "preexpand" mode no part of
> the command line may be tainted, in default mode the executable name
> may not be tainted.
>
> As of now I don't have a personal working solution to get untained data.
> I did try a small hack, but Exim was smart enough to see what I was
> doing, so I'm rolling back until I better unstand the tainting
> facilities and how to untaint the data.
>
> The concept is great, though.
>
> • Jeremy Harris via Exim-announce [2022-04-23 20:23]:
> > Hi all,
> >
> > Enough changes have accumulated since 4.95 for it to be worth
> > spinning another release. The first Release Candidate is available
> >
> > - as tarball: https://ftp.exim.org/pub/exim/exim4/test
> > - directly from Git: https://git.exim.org
> > tag exim-4.96-RC0
> >
> > The signatures on the release tarballs (and this mail) should be
> > mine, key ID 0xBCE58C8CE41F32DF.
> >
> > Please test and give feedback on the RC so that we can shake out
> > issues before 4.96 goes official.
> >
> > The sourcebase is still open for feature additions at this point
> > in the release process.
> >
> >
> > New stuff we've added since 4.95:
> >
> > - A new ACL condition: seen. Records/tests a timestamp against a key.
> > - A variant of the "mask" expansion operator to give normalised IPv6.
> > - UTC output option for exim_dumpdb, exim_fixdb.
> > - An event for failing TLS connects to the daemon.
> > - The ACL "debug" control gains options "stop", "pretrigger" and "trigger".
> > - Query-style lookups are now checked for quoting, if the query string is
> > built using untrusted data ("tainted"). For now lack of quoting is merely
> > logged; a future release will upgrade this to an error.
> > - The expansion conditions match_<list-type> and inlist now set $value for
> > the expansion of the "true" result of the ${if}. With a static list, this
> > can be used for de-tainting.
> >
> > Notable removals since 4.95:
> >
> > - the "allow_insecure_tainted_data" main config option and the
> > "taint" log_selector. These were previously deprecated.
> >
> > As usual, you should read the ChangeLog file for other changes.
> > --
> > Cheers,
> > Jeremy
--
-- Kirill Miazine <km@???>
