[exim] Re: ${run expansion error in 4.96

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MSlavko at <-
MAndreas Metzler at ->
Delete this message
Reply to this message
Author: Robert Lister
Date:  
To: exim-users
Subject: [exim] Re: ${run expansion error in 4.96

Hmmm.

I ran into this after upgrade from Debian 11 (bullseye) to Debian 12 (bookworm)

It seems the package maintainers decided not to build Exim with SPF ACL support, and some configurations rely on calling spfquery instead.

     condition = ${run{/usr/bin/spfquery.mail-spf-perl \
                        --ip ${quote:$sender_host_address} \
                        --scope mfrom \
                        --identity ${quote:$sender_address} \
                        }\
                    {no}{${if eq {$runrc}{1}{yes}{no}}}}
     message = [SPF] $sender_host_address is not allowed to send mail from \
               ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.
     log_message = SPF check failed.


I notice now though in the latest Debian package that the config checks if SPF is available (compiled in) and uses that instead. Although I don't think it's compiled in by default in the Debian packages.

If I understand correctly, there doesn't seem to be a way to fix the run bug right now because of another bug and a change in exim itself.

There doesn't seem to be any good guidance on how the taint checking is supposed to work with run commands. I tried the preexpand option, but then it refused to work: 'attempt to execute tainted path" or some error, and my reading of the docs and Google foo drew a blank on how to untrained it.

Basically it doesn't seem possible to get SPF checking working with Debian or Ubuntu unless you either build Exim from source to get its own SPF ACL checking, as the alternative doesn't seem to work either and looks like the patches haven't made it to the Debian package either yet.

If you want SPF checking, then either have to make a custom build, or wait for a fix to appear before upgrading to Debian bookworm.


Any advice appreciated.



Regards,



Rob




[1] https://wiki.debian.org/PkgExim4UserFAQ#Why_are_you_not_using_exim.27s_built-in_SPF_interface.3F
https://bugs.launchpad.net/ubuntu/+source/exim4/+bug/1998678


On 2023-06-13 05:51, Slavko via Exim-users wrote:
> Dňa 13. júna 2023 4:02:32 UTC používateľ Bill Brelsford via Exim-users <exim-users@???> napísal:
> Anyone else seeing this?  Any suggestions before I file a bug report?
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1025420
> regards
>
> --
> Slavko
> https://www.slavino.sk/

--
Robert Lister  - email:  robl@???      -     tel: 020 7043 7996

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Re: fake helo at connect[exim] Re: ${run expansion error in 4.96->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)