Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Exim 4.94 new config for routers (Tainted filename for search)
exim-users at exim
May 11, 2021, 10:03 AM
Post #1 of 4 (424 views)
Permalink
Hello,
i update my exim version from 4.92 to 4.94.

I try send an email to a test domain and see this error:

2021-05-11 13:33:47 1lgVKM-0001dB-2z <= emawata@gmail.com H=
mail-qk1-f170.google.com [209.85.222.170] P=esmtps
X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=3515
id=CAGUDtn=vYmu9=GmjZ=+h3Y6HaEjDTv-GtXFuaW6=YVq_E3OXyA@mail.gmail.com
2021-05-11 13:33:47 1lgVKM-0001dB-2z Tainted filename for search:
'/opt/exim/valiases/dominioprueba1.tk'
2021-05-11 13:33:47 1lgVKM-0001dB-2z == no-reply@dominioprueba1.tk
R=virtual_aliases_nostar defer (-1): failed to expand "${if
exists{/opt/exim/valiases/$domain}{${lookup{$local_part@$domain}lsearch{/opt/exim/valiases/$domain}}}}":
NULL

I have read the changes of the new version, I must use the variables $
local_part_data and $ domain_data but I don't understand how to adapt this
to my routers.

Can someone help me adapt the following router to take as an example.

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/opt/exim/valiases/$domain}{${lookup{$local_part@
$domain}lsearch{/opt/exim/valiases/$domain}}}}..
file_transport = address_file
group = exim
pipe_transport = virtual_address_pipe
retry_use_local_part
domains = lsearch;/opt/exim/localdomains
unseen

I have tried using dsearch as they recommend but I am getting an error:

[root@vps-1713830-x ~] # /opt/exim/bin/exim -d -be '${if
exists{/opt/exim/valiases/dominioprueba1.tk}{${
lookup{no-reply@dominioprueba1.tk}dsearch,ret=full{/opt/exim/valiases}}}}'
Exim version 4.94.2 uid=0 gid=0 pid=8957 D=f7715cfd
Support for: crypteq iconv() IPv6 Perl OpenSSL Content_Scanning DANE DKIM
DNSSEC Event PIPE_CONNECT PRDR SPF TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz
dbmnz dsearch mysql
Authenticators: cram_md5 plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir autoreply pipe smtp
Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Compiler: GCC [4.8.5 20150623 (Red Hat 4.8.5-44)]
Library version: Glibc: Compile: 2.17
Runtime: 2.17
Library version: BDB: Compile: Berkeley DB 5.3.21: (May 11, 2012)
Runtime: Berkeley DB 5.3.21: (May 11, 2012)
Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017
Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017
: built on: reproducible build, date
unspecified
Library version: spf2: Compile: 1.2.10
Runtime: 1.2.10
Library version: PCRE: Compile: 8.32
Runtime: 8.32 2012-11-30
Total 11 lookups
Library version: MySQL: Compile: 50732 5.7.32 [mysqld-5.7]
Runtime: 50732 5.7.32
WHITELIST_D_MACROS unset
TRUSTED_CONFIG_LIST unset
changed uid/gid: -C, -D, -be or -bf forces real uid
uid=0 gid=0 pid=8957
auxiliary group list: 0
openssl option, adding to 03104000: 01000000 (no_sslv2 +no_sslv3
+no_tlsv1)
openssl option, adding to 03104000: 02000000 (no_sslv3 +no_tlsv1)
openssl option, adding to 03104000: 04000000 (no_tlsv1)
configuration file is /etc/exim/configure
log selectors = 00000ffc 19005022 00000003
Starting Perl interpreter
trusted user
admin user
dropping to exim gid; retaining priv uid
seeking password data for user "exim": using cached result
getpwnam() succeeded uid=502 gid=502
seeking password data for user "mailman": cache not available
getpwnam() succeeded uid=1002 gid=1002
originator: uid=0 gid=0 login=root name=root
sender address = root@vps-1655337-x.dattaweb.com
search_open: dsearch "/opt/exim/valiases"
search_find: file="/opt/exim/valiases"
key="no-reply@dominioprueba1.tk" partial=-1 affix=NULL starflags=0
opts="ret=full"
LRU list:
3/opt/exim/valiases
End
internal_search_find: file="/opt/exim/valiases"
type=dsearch key="no-reply@dominioprueba1.tk" opts="ret=full"
file lookup required for no-reply@dominioprueba1.tk
in /opt/exim/valiases
lookup failed

search_tidyup called
####################################################################

Regards,
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 new config for routers (Tainted filename for search) [ In reply to ]
exim-users at exim
May 11, 2021, 12:07 PM
Post #2 of 4 (424 views)
Permalink
I tried modifying the router as follows but I get an error of "Unrouteable
address"

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = $local_part_data
file_transport = address_file
group = exim
pipe_transport = virtual_address_pipe
retry_use_local_part
domains = dsearch,ret=full;//opt/exim/valiases
local_parts = lsearch;$domain_data
unseen

### Log

2021-05-11 15:56:18 1lgXYH-0004jp-0Q <= emawata@gmail.com H=
mail-qk1-f178.google.com [209.85.222.178] P=esmtps
X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=3512
id=CAGUDtnmAe0GDRxfM5=t=N4p13UxfQ=cCaYcbKBW96+yZ=UZoGg@mail.gmail.com
2021-05-11 15:56:18 1lgXYH-0004jp-0Q ** no-reply@dominioprueba1.tk:
Unrouteable address
2021-05-11 15:56:18 1lgXYI-0004jz-6Y <= <> R=1lgXYH-0004jp-0Q U=exim
P=local S=4859
2021-05-11 15:56:18 1lgXYH-0004jp-0Q Completed

El mar, 11 de may. de 2021 a la(s) 14:03, SysAdmin EM (emawata@gmail.com)
escribió:

> Hello,
> i update my exim version from 4.92 to 4.94.
>
> I try send an email to a test domain and see this error:
>
> 2021-05-11 13:33:47 1lgVKM-0001dB-2z <= emawata@gmail.com H=
> mail-qk1-f170.google.com [209.85.222.170] P=esmtps
> X=TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=no K S=3515
> id=CAGUDtn=vYmu9=GmjZ=+h3Y6HaEjDTv-GtXFuaW6=YVq_E3OXyA@mail.gmail.com
> 2021-05-11 13:33:47 1lgVKM-0001dB-2z Tainted filename for search:
> '/opt/exim/valiases/dominioprueba1.tk'
> 2021-05-11 13:33:47 1lgVKM-0001dB-2z == no-reply@dominioprueba1.tk
> R=virtual_aliases_nostar defer (-1): failed to expand "${if
> exists{/opt/exim/valiases/$domain}{${lookup{$local_part@$domain}lsearch{/opt/exim/valiases/$domain}}}}":
> NULL
>
> I have read the changes of the new version, I must use the variables $
> local_part_data and $ domain_data but I don't understand how to adapt this
> to my routers.
>
> Can someone help me adapt the following router to take as an example.
>
> virtual_aliases_nostar:
> driver = redirect
> allow_defer
> allow_fail
> data = ${if exists{/opt/exim/valiases/$domain}{${lookup{$local_part@
> $domain}lsearch{/opt/exim/valiases/$domain}}}}..
> file_transport = address_file
> group = exim
> pipe_transport = virtual_address_pipe
> retry_use_local_part
> domains = lsearch;/opt/exim/localdomains
> unseen
>
> I have tried using dsearch as they recommend but I am getting an error:
>
> [root@vps-1713830-x ~] # /opt/exim/bin/exim -d -be '${if
> exists{/opt/exim/valiases/dominioprueba1.tk}{${
> lookup{no-reply@dominioprueba1.tk}dsearch,ret=full{/opt/exim/valiases}}}}'
>
> Exim version 4.94.2 uid=0 gid=0 pid=8957 D=f7715cfd
> Support for: crypteq iconv() IPv6 Perl OpenSSL Content_Scanning DANE DKIM
> DNSSEC Event PIPE_CONNECT PRDR SPF TCP_Fast_Open
> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch dbm dbmjz
> dbmnz dsearch mysql
> Authenticators: cram_md5 plaintext spa
> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
> Transports: appendfile/maildir autoreply pipe smtp
> Malware: f-protd f-prot6d drweb fsecure sophie clamd avast sock cmdline
> Fixed never_users: 0
> Configure owner: 0:0
> Size of off_t: 8
> Compiler: GCC [4.8.5 20150623 (Red Hat 4.8.5-44)]
> Library version: Glibc: Compile: 2.17
> Runtime: 2.17
> Library version: BDB: Compile: Berkeley DB 5.3.21: (May 11, 2012)
> Runtime: Berkeley DB 5.3.21: (May 11, 2012)
> Library version: OpenSSL: Compile: OpenSSL 1.0.2k-fips 26 Jan 2017
> Runtime: OpenSSL 1.0.2k-fips 26 Jan 2017
> : built on: reproducible build, date
> unspecified
> Library version: spf2: Compile: 1.2.10
> Runtime: 1.2.10
> Library version: PCRE: Compile: 8.32
> Runtime: 8.32 2012-11-30
> Total 11 lookups
> Library version: MySQL: Compile: 50732 5.7.32 [mysqld-5.7]
> Runtime: 50732 5.7.32
> WHITELIST_D_MACROS unset
> TRUSTED_CONFIG_LIST unset
> changed uid/gid: -C, -D, -be or -bf forces real uid
> uid=0 gid=0 pid=8957
> auxiliary group list: 0
> openssl option, adding to 03104000: 01000000 (no_sslv2 +no_sslv3
> +no_tlsv1)
> openssl option, adding to 03104000: 02000000 (no_sslv3 +no_tlsv1)
> openssl option, adding to 03104000: 04000000 (no_tlsv1)
> configuration file is /etc/exim/configure
> log selectors = 00000ffc 19005022 00000003
> Starting Perl interpreter
> trusted user
> admin user
> dropping to exim gid; retaining priv uid
> seeking password data for user "exim": using cached result
> getpwnam() succeeded uid=502 gid=502
> seeking password data for user "mailman": cache not available
> getpwnam() succeeded uid=1002 gid=1002
> originator: uid=0 gid=0 login=root name=root
> sender address = root@vps-1655337-x.dattaweb.com
> search_open: dsearch "/opt/exim/valiases"
> search_find: file="/opt/exim/valiases"
> key="no-reply@dominioprueba1.tk" partial=-1 affix=NULL starflags=0
> opts="ret=full"
> LRU list:
> 3/opt/exim/valiases
> End
> internal_search_find: file="/opt/exim/valiases"
> type=dsearch key="no-reply@dominioprueba1.tk" opts="ret=full"
> file lookup required for no-reply@dominioprueba1.tk
> in /opt/exim/valiases
> lookup failed
>
> search_tidyup called
> ####################################################################
>
> Regards,
>
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Exim 4.94 new config for routers (Tainted filename for search) [ In reply to ]
exim-users at exim
May 11, 2021, 12:44 PM
Post #3 of 4 (424 views)
Permalink
SysAdmin EM via Exim-users <exim-users@exim.org> (Di 11 Mai 2021 21:07:02 CEST):
> I tried modifying the router as follows but I get an error of "Unrouteable
> address"

Try using:

pipe_transport = virtual_address_pipe
retry_use_local_part
domains = dsearch,ret=full;//opt/exim/valiases
- local_parts = lsearch;$domain_data
+ local_parts = lsearch;/opt/exim/valiases/$domain_data
unseen


Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Attached Files:

Re: Exim 4.94 new config for routers (Tainted filename for search) [ In reply to ]
exim-users at exim
May 12, 2021, 5:33 AM
Post #4 of 4 (424 views)
Permalink
I try that way but I got this message:

[root@vps-1713830-x ~] # /opt/exim/bin/exim -bt no-reply@dominioprueba1.tk
LOG: MAIN PANIC DIE
failed to open /opt/exim/valiases///opt/exim/valiases/dominioprueba1.tk
for linear search: No such file or directory

[root@vps-1713830-x /opt/exim] # cd /opt/exim/valiases/
[root@vps-1713830-x /opt/exim/valiases] # ll
total 8
-rw-r--r-- 1 root root 15 ene 26 07:55 dominioprueba1.tk
-rw-r--r-- 1 root root 15 may 3 10:51 dominioprueba2.tk
[root@vps-1713830-x /opt/exim/valiases] # cat dominioprueba1.tk
*: :blackhole:

As follows if it works but I get an error in a routine that previously
worked correctly.

virtual_aliases_nostar:
driver = redirect
allow_defer
allow_fail
data = $local_part_data
file_transport = address_file
group = exim
pipe_transport = virtual_address_pipe
retry_use_local_part
domains = dsearch,ret=full;//opt/exim/valiases
local_parts = lsearch;$domain_data
unseen

After that router, go to the next:

virtual_user:
driver = accept
condition = "${perl{check_deliver}{$domain}{$local_part}}"
headers_remove="x-spam-exim"
domains = lsearch;/opt/exim/userdomains
retry_use_local_part
transport = virtual_userdelivery

virtual_userdelivery:
driver = appendfile
delivery_date_add
envelope_to_add
directory = "${perl{getmaildir}{$local_part_data@$domain_data}}/Maildir"
maildir_format = true
group = exim
mode = 0660
quota = "${if exists\
<------><------>{${perl{getmaildir}{$local_part_data@
$domain_data}}/etc/${domain_data}/quota}\
<------><------>{${lookup{$local_part_data}lsearch*{${perl{getmaildir}{$local_part_data@
$domain_data}}/etc/${domain_data}/quota}{$value}}}\
<------><------>{}}"
return_path_add
user = "${lookup{$domain_data}lsearch*{/opt/exim/userdomains}{$value}}"

But, now i see a new error en the exim debug (/opt/exim/bin/exim -d -bd) i
see this

8677 == no-reply@dominioprueba1.tk R=virtual_user T=virtual_userdelivery
defer (-1): Expansion of "${if
exists{${perl{getmaildir}{$local_part_data@$domain_data}}/etc/${domain_data}/quota}
{${lookup{$local_part_data}lsearch*{${perl{getmaildir}{$local_part_data@$domain_data}}/etc/${domain_data}/quota}{$value}}}
{}}" in virtual_userdelivery transport failed: Perl subroutine "getmaildir"
returned undef to force failure

The subroutine "getmaildir" I use it to know where the home of the hosting
account is:

sub getmaildir {
my ($email) = @_;
($mailuser,$domain) = split(/\@/,$email);
my $primary_hostname = Exim::expand_string('$primary_hostname');
if ($domain eq $primary_hostname) {
<------>$user = $mailuser;
} else {
<------>$user = getdomainowner($domain);
}
return(gethomedir($user));
}

all local domains are stored in a file / opt / exim / localdomains:

[root@vps-1713830-x /opt/exim] # head localdomains
centos7-64-fz.dattaweb.com
dominioprueba1.tk
dominioprueba2.tk

With the new change I don't know how to read that content.

Thanks for the help.

Regards,
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal