[exim] failed to expand ACL string after upgrade

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\M 
MMMJeremy Harris at ->
Delete this message
Reply to this message
Author: exim-users
Date:  
To: exim-users
Subject: [exim] failed to expand ACL string after upgrade
Hi,

after updating to Ubuntu 22.10 (upgrading exim from 4.95-4ubuntu2.2 to 4.96-3ubuntu1.1), SPF checks (via spf-tools-perl) are failing with "failed to expand ACL string" (which leads to a temp
reject):

2022-12-03 15:40:48 H=SENDER_HOST (SENDER_HELO) [SENDER_IP] X=TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256 CV=no F=<SENDER_ADDRESS> temporarily rejected RCPT <RCPT_ADDRESS>:
failed to expand ACL string "${run{/usr/bin/spfquery.mail-spf-perl --ip ${quote:$sender_host_address} --identity ${if def:sender_address_domain {--scope mfrom --identity
${quote:$sender_address}}{--scope helo --identity ${quote:$sender_helo_name}}}}{no}{${if eq {$runrc}{1}{yes}{no}}}}": Expansion of "${quote:$sender_host_address" from command
"/usr/bin/spfquery.mail-spf-perl --ip ${quote:$sender_host_address" in ${run} expansion failed: missing } at end of string

It fails on expanding the condition, which is part of the exim configuration from Ubuntu/Debian: 

--cut exim configuration
   deny
     message = [SPF] $sender_host_address is not allowed to send mail from \
               ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.  \
               Please see \
               http://www.openspf.org/Why?scope=${if def:sender_address_domain \
               {mfrom}{helo}};identity=${if def:sender_address_domain \
               {$sender_address}{$sender_helo_name}};ip=$sender_host_address
     log_message = SPF check failed.
     !acl = acl_local_deny_exceptions
     condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
                    ${quote:$sender_host_address} --identity \
                    ${if def:sender_address_domain \
                        {--scope mfrom  --identity ${quote:$sender_address}}\
                        {--scope helo --identity ${quote:$sender_helo_name}}}}\
                    {no}{${if eq {$runrc}{1}{yes}{no}}}}
--cut


I double checked parentheses and can't find any missing. Logged all variables used in the query, everything is defined and set properly (I could run spfquery.mail-spf-perl with the params
provided without any issues. I am not able to find a syntax error (especially not the missing "}" mentioned in the error message). Use of tainted $sender_address and $sender_helo_name in run
should not be an issue (according to https://www.exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html#vi382).

Is there something I miss/overlook? Any help appreciated.

Regards,
Thomas



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] dkim=fail (body hash mismatch; body probably modified in transit)Re: [exim] failed to expand ACL string after upgrade->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)