Re: [exim] failed to expand ACL string after upgrade

Top Page
This message is part of the following thread:
M-\the complete thread tree sorted by date
M\Mexim-users at <-
MMMJeremy Harris at ->
Delete this message
Reply to this message
Author: exim-users
Date:  
To: exim-users
Subject: Re: [exim] failed to expand ACL string after upgrade
Hi Andreas,

thanks for picking this up.

On 03.12.22 19:10, Andreas Metzler via Exim-users wrote:
>> after updating to Ubuntu 22.10 (upgrading exim from 4.95-4ubuntu2.2 to
>> 4.96-3ubuntu1.1), SPF checks (via spf-tools-perl) are failing with "failed
>> to expand ACL string" (which leads to a temp reject):

> I could not quickly find the problem, however exim4-daemon-heavy 4.95
> and later should be linked against libspf2 and the default configuration
> would use
> spf = fail
> instead of "condition = ${run{/usr/bin/spfquery.mail ..."

It seems like the Ubuntu maintainers decided not to link against libspf2 (unfortunately): 

# ldd $(which exim4)
    linux-vdso.so.1 (0x00007ffc59d45000)
    libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007fb1dd929000)
    libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fb1dd840000)
    libnsl.so.2 => /lib/x86_64-linux-gnu/libnsl.so.2 (0x00007fb1dd826000)
    libpam.so.0 => /lib/x86_64-linux-gnu/libpam.so.0 (0x00007fb1dd815000)
    libdb-5.3.so => /lib/x86_64-linux-gnu/libdb-5.3.so (0x00007fb1dd666000)
    libldap-2.5.so.0 => /lib/x86_64-linux-gnu/libldap-2.5.so.0 (0x00007fb1dd606000)
    liblber-2.5.so.0 => /lib/x86_64-linux-gnu/liblber-2.5.so.0 (0x00007fb1dd5f6000)
    libmysqlclient.so.21 => /lib/x86_64-linux-gnu/libmysqlclient.so.21 (0x00007fb1dce00000)
    libpq.so.5 => /lib/x86_64-linux-gnu/libpq.so.5 (0x00007fb1dd5a5000)
    libsqlite3.so.0 => /lib/x86_64-linux-gnu/libsqlite3.so.0 (0x00007fb1dccb0000)
    libsasl2.so.2 => /lib/x86_64-linux-gnu/libsasl2.so.2 (0x00007fb1dd58a000)
    libperl.so.5.34 => /lib/x86_64-linux-gnu/libperl.so.5.34 (0x00007fb1dc800000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fb1dc400000)
    libgnutls.so.30 => /lib/x86_64-linux-gnu/libgnutls.so.30 (0x00007fb1dc60a000)
    libgnutls-dane.so.0 => /lib/x86_64-linux-gnu/libgnutls-dane.so.0 (0x00007fb1dd581000)
    libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007fb1dd4e6000)
    libidn.so.12 => /lib/x86_64-linux-gnu/libidn.so.12 (0x00007fb1dd4b1000)
    libidn2.so.0 => /lib/x86_64-linux-gnu/libidn2.so.0 (0x00007fb1dd48e000)
    /lib64/ld-linux-x86-64.so.2 (0x00007fb1ddb50000)
    libtirpc.so.3 => /lib/x86_64-linux-gnu/libtirpc.so.3 (0x00007fb1dcc83000)
    libaudit.so.1 => /lib/x86_64-linux-gnu/libaudit.so.1 (0x00007fb1dcc55000)
    libzstd.so.1 => /lib/x86_64-linux-gnu/libzstd.so.1 (0x00007fb1dcba6000)
    libssl.so.3 => /lib/x86_64-linux-gnu/libssl.so.3 (0x00007fb1dc35b000)
    libcrypto.so.3 => /lib/x86_64-linux-gnu/libcrypto.so.3 (0x00007fb1dbe00000)
    libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2 (0x00007fb1dcb93000)
    libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007fb1dba00000)
    libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007fb1dc33b000)
    libgssapi_krb5.so.2 => /lib/x86_64-linux-gnu/libgssapi_krb5.so.2 (0x00007fb1dc2e7000)
    libp11-kit.so.0 => /lib/x86_64-linux-gnu/libp11-kit.so.0 (0x00007fb1dbcc3000)
    libunistring.so.2 => /lib/x86_64-linux-gnu/libunistring.so.2 (0x00007fb1db856000)
    libtasn1.so.6 => /lib/x86_64-linux-gnu/libtasn1.so.6 (0x00007fb1dc2cf000)
    libnettle.so.8 => /lib/x86_64-linux-gnu/libnettle.so.8 (0x00007fb1dc27f000)
    libhogweed.so.6 => /lib/x86_64-linux-gnu/libhogweed.so.6 (0x00007fb1dbc7b000)
    libgmp.so.10 => /lib/x86_64-linux-gnu/libgmp.so.10 (0x00007fb1db7d3000)
    libunbound.so.8 => /lib/x86_64-linux-gnu/libunbound.so.8 (0x00007fb1db6dd000)
    libcap-ng.so.0 => /lib/x86_64-linux-gnu/libcap-ng.so.0 (0x00007fb1dc276000)
    libkrb5.so.3 => /lib/x86_64-linux-gnu/libkrb5.so.3 (0x00007fb1db614000)
    libk5crypto.so.3 => /lib/x86_64-linux-gnu/libk5crypto.so.3 (0x00007fb1dbc4f000)
    libcom_err.so.2 => /lib/x86_64-linux-gnu/libcom_err.so.2 (0x00007fb1dc270000)
    libkrb5support.so.0 => /lib/x86_64-linux-gnu/libkrb5support.so.0 (0x00007fb1dc263000)
    libffi.so.8 => /lib/x86_64-linux-gnu/libffi.so.8 (0x00007fb1dc256000)
    libevent-2.1.so.7 => /lib/x86_64-linux-gnu/libevent-2.1.so.7 (0x00007fb1db5c2000)
    libkeyutils.so.1 => /lib/x86_64-linux-gnu/libkeyutils.so.1 (0x00007fb1dbc48000)


According to the changelog, this is because libspf2 is in universe section:
--cut
exim4 (4.96-3ubuntu1) kinetic; urgency=medium 

   * Merge with Debian unstable. (LP: #1971274) Remaining changes:
     - Show Ubuntu distribution in SMTP banner
       + d/p/fix_smtp_banner.patch: Show Ubuntu distribution
         in SMTP banner.
       + Build-Depends on lsb-release to detect Distribution.
     - Disable external SPF support to avoid Build-Depends on libspf2-dev
       (only available in universe). SPF can still be implemented via
       spf-tools-perl, as documented in exim4.conf.template. (LP #1952738)
       This reverts Vcs-Git commit 494f1fe, first released in 4.95~RC0-1.
       Changes:
        + d/control: drop Build-Depends on libspf2-dev.
        + d/d/c/a/30_exim4-config_check_rcpt: restore SPF logic based
          on spfquery.mail-spf-perl from spf-tools-perl.
        + d/EDITME.exim4-heavy.diff: disable support for libspf2.
--cut


Not the first time, I had an issue due to something being in universe and dropped...

Regards,
Thomas

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] failed to expand ACL string after upgradeRe: [exim] failed to expand ACL string after upgrade->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)