Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
Tainted arg 2 for mailman_transport transport command
exim-users at exim
Jul 20, 2022, 5:59 AM
Post #1 of 21 (1588 views)
Permalink
Hi gang!

I've been running Mailman with exim4 for about 20 years now!
Yesterday, I upgraded my Debian to exim 4.96-3. Then I got hit by
this mailman problem. Log entry

| 2022-07-20 11:43:44 1oE87D-007hOf-2N ** nep-technicians@lists.openlib.org
| R=mailman_router T=mailman_transport: Tainted arg 2 for mailman_transport
| transport command: 'nep-technicians'

The list nep-technicians seems to exist

root@darni ~ # exim -bt nep-technicians@lists.openlib.org
nep-technicians@lists.openlib.org
router = mailman_router, transport = mailman_transport

Downgrading exim to 4.96-1 does not seem to fix the issue. Here
is the transporter

root@darni /etc/exim4 # cat ./conf.d/transport/14_exim4-config_mailman
mailman_transport:
driver = pipe
command = MM_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
$local_part
current_directory = MM_HOME
home_directory = MM_HOME
user = MM_UID
group = MM_GID

just what the instruction say ... Here is my router

root@darni /etc/exim4 # cat ./conf.d/router/114_exim4-config_mailman | grep -v ^\#
mailman_router:
driver = accept
domains = +mm_domains
require_files = MM_LISTCHK
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_transport

Here is my template, again with comments left out for brefty

root@darni /etc/exim4 # cat conf.d/main/template_14_exim4-config_mailman | grep -v ^\#
MM_HOME=/var/lib/mailman
MM_UID=list
MM_GID=list
domainlist mm_domains=lists.openlib.org
MM_WRAP=MM_HOME/mail/mailman
MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck

A manual check of MM_LISTCHK suggests that nep-techncians
should be found since the config.pck is there.

root@darni ~ # ls /var/lib/mailman/lists/nep-technicians/config.pck
/var/lib/mailman/lists/nep-technicians/config.pck

What more to check?

--

Cheers,

Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 6:16 AM
Post #2 of 21 (1588 views)
Permalink
• Thomas Krichel via Exim-users [2022-07-20 12:59]:
>
> Hi gang!
>
> I've been running Mailman with exim4 for about 20 years now!
> Yesterday, I upgraded my Debian to exim 4.96-3. Then I got hit by
> this mailman problem. Log entry
>
> | 2022-07-20 11:43:44 1oE87D-007hOf-2N ** nep-technicians@lists.openlib.org
> | R=mailman_router T=mailman_transport: Tainted arg 2 for mailman_transport
> | transport command: 'nep-technicians'
>
> The list nep-technicians seems to exist
>
> root@darni ~ # exim -bt nep-technicians@lists.openlib.org
> nep-technicians@lists.openlib.org
> router = mailman_router, transport = mailman_transport
>
> Downgrading exim to 4.96-1 does not seem to fix the issue. Here
> is the transporter
>
> root@darni /etc/exim4 # cat ./conf.d/transport/14_exim4-config_mailman
> mailman_transport:
> driver = pipe
> command = MM_WRAP \
> '${if def:local_part_suffix \
> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
> {post}}' \
> $local_part
> current_directory = MM_HOME
> home_directory = MM_HOME
> user = MM_UID
> group = MM_GID
>
> just what the instruction say ... Here is my router
>
> root@darni /etc/exim4 # cat ./conf.d/router/114_exim4-config_mailman | grep -v ^\#
> mailman_router:
> driver = accept
> domains = +mm_domains
> require_files = MM_LISTCHK
> local_part_suffix_optional
> local_part_suffix = -admin : \
> -bounces : -bounces+* : \
> -confirm : -confirm+* : \
> -join : -leave : \
> -owner : -request : \
> -subscribe : -unsubscribe
> transport = mailman_transport
>
> Here is my template, again with comments left out for brefty
>
> root@darni /etc/exim4 # cat conf.d/main/template_14_exim4-config_mailman | grep -v ^\#
> MM_HOME=/var/lib/mailman
> MM_UID=list
> MM_GID=list
> domainlist mm_domains=lists.openlib.org
> MM_WRAP=MM_HOME/mail/mailman
> MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
>
> A manual check of MM_LISTCHK suggests that nep-techncians
> should be found since the config.pck is there.
>
> root@darni ~ # ls /var/lib/mailman/lists/nep-technicians/config.pck
> /var/lib/mailman/lists/nep-technicians/config.pck
>
> What more to check?

you could make a wrapper, e.g. like this:

https://marc.info/?l=exim-users&m=165650068118956&w=2

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 7:09 AM
Post #3 of 21 (1588 views)
Permalink
Kirill Miazine via Exim-users writes

> > What more to check?
>
> you could make a wrapper, e.g. like this:
>
> https://marc.info/?l=exim-users&m=165650068118956&w=2

Thank you. I'm not au fait with this, so as a quick
fix, I downgraded to 4.95, since I need to keep my service
running. I suspect that

https://www.exim.org/howto/mailman21.html

needs changing to cope with 4.96. I would be happy to
assist in this effort by testing.

--

Cheers,

Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 7:26 AM
Post #4 of 21 (1588 views)
Permalink
On 20/07/2022 15:09, Thomas Krichel via Exim-users wrote:
> https://www.exim.org/howto/mailman21.html


Thanks for pointing this document out. I can't locate the source
right off; it's certainly not been on my radar and won't have
been revised to match the last five years worth of tightening
security in Exim.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 7:37 AM
Post #5 of 21 (1588 views)
Permalink
• Thomas Krichel via Exim-users [2022-07-20 14:09]:
> Kirill Miazine via Exim-users writes
>
> > > What more to check?
> >
> > you could make a wrapper, e.g. like this:
> >
> > https://marc.info/?l=exim-users&m=165650068118956&w=2
>
> Thank you. I'm not au fait with this, so as a quick
> fix, I downgraded to 4.95, since I need to keep my service
> running. I suspect that
>
> https://www.exim.org/howto/mailman21.html
>
> needs changing to cope with 4.96. I would be happy to
> assist in this effort by testing.

IIRC Mailman has some facility to generate aliases file, which Exim
could be using. Mailman is able to generate those automatically, and
that should make the taint checking happy, as there won't be any unsafe
variables left.

Looking at https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/files/head:/Mailman/MTA
it seems you'd have to say that your MTA is Postfix.

--
-- Kirill Miazine <km@krot.org>

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 7:54 AM
Post #6 of 21 (1588 views)
Permalink
On 20/07/2022 15:37, Kirill Miazine via Exim-users wrote:
> IIRC Mailman has some facility to generate aliases file, which Exim
> could be using. Mailman is able to generate those automatically, and
> that should make the taint checking happy, as there won't be any unsafe
> variables left.

Getting a file out of Mailman to verify recipient names against would be ideal.
You want also to use a static list of possible affixes, rather than a wildcard.

Handling initial signups for a list, where you don't have a known name
to verify, seems like it could be an issue. Still, do a proper job
on all the possible other cases first, to reduce the attack surface,
*before* resorting to deliberately subverting Exim's attempts to
provide security.

These attempts are not perfect; there are ways of evading them.
But do not forget the log4j fracas.

> Looking athttps://bazaar.launchpad.net/~mailman-coders/mailman/2.1/files/head:/Mailman/MTA
> it seems you'd have to say that your MTA is Postfix.

:-(

--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 8:09 AM
Post #7 of 21 (1588 views)
Permalink
• Jeremy Harris via Exim-users [2022-07-20 15:54]:
> On 20/07/2022 15:37, Kirill Miazine via Exim-users wrote:
> > IIRC Mailman has some facility to generate aliases file, which Exim
> > could be using. Mailman is able to generate those automatically, and
> > that should make the taint checking happy, as there won't be any unsafe
> > variables left.
>
> Getting a file out of Mailman to verify recipient names against would be ideal.
> You want also to use a static list of possible affixes, rather than a wildcard.

Again, if my memory serves me right, Mailman may generates an alias file in the form of:

list: command-without-variables
list-owner: command-without-variables
list-bounce: command-without-variables
list-foo: command-without-variables

So it will include both list name and all applicable suffixes.

> Handling initial signups for a list, where you don't have a known name
> to verify, seems like it could be an issue.

There shouldn't be any issues with this one, should there?

list-bounce+*: command-without-variables

> Still, do a proper job on all the possible other cases first, to
> reduce the attack surface, *before* resorting to deliberately
> subverting Exim's attempts to provide security.
>
> These attempts are not perfect; there are ways of evading them. But do
> not forget the log4j fracas.
>
> > Looking
> > athttps://bazaar.launchpad.net/~mailman-coders/mailman/2.1/files/head:/Mailman/MTA
> > it seems you'd have to say that your MTA is Postfix.
>
> :-(

That would be ironic: descripe a setup for Exim and specify MTA to be
Postfix.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 8:16 AM
Post #8 of 21 (1588 views)
Permalink
On Wed, 20 Jul 2022, Thomas Krichel via Exim-users wrote:

> I've been running Mailman with exim4 for about 20 years now!
> Yesterday, I upgraded my Debian to exim 4.96-3. Then I got hit by
> this mailman problem. Log entry
>
> | 2022-07-20 11:43:44 1oE87D-007hOf-2N ** nep-technicians@lists.openlib.org
> | R=mailman_router T=mailman_transport: Tainted arg 2 for mailman_transport
> | transport command: 'nep-technicians'
>
> The list nep-technicians seems to exist
>
> root@darni ~ # exim -bt nep-technicians@lists.openlib.org
> nep-technicians@lists.openlib.org
> router = mailman_router, transport = mailman_transport
>
> Downgrading exim to 4.96-1 does not seem to fix the issue. Here
> is the transporter
>
> root@darni /etc/exim4 # cat ./conf.d/transport/14_exim4-config_mailman
> mailman_transport:
> driver = pipe
> command = MM_WRAP \
> '${if def:local_part_suffix \
> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
> {post}}' \
> $local_part
> current_directory = MM_HOME
> home_directory = MM_HOME
> user = MM_UID
> group = MM_GID
>
> just what the instruction say ... Here is my router
>
> root@darni /etc/exim4 # cat ./conf.d/router/114_exim4-config_mailman | grep -v ^\#
> mailman_router:
> driver = accept
> domains = +mm_domains
> require_files = MM_LISTCHK
> local_part_suffix_optional
> local_part_suffix = -admin : \
> -bounces : -bounces+* : \
> -confirm : -confirm+* : \
> -join : -leave : \
> -owner : -request : \
> -subscribe : -unsubscribe
> transport = mailman_transport
>
> Here is my template, again with comments left out for brefty
>
> root@darni /etc/exim4 # cat conf.d/main/template_14_exim4-config_mailman | grep -v ^\#
> MM_HOME=/var/lib/mailman
> MM_UID=list
> MM_GID=list
> domainlist mm_domains=lists.openlib.org
> MM_WRAP=MM_HOME/mail/mailman
> MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
>
> A manual check of MM_LISTCHK suggests that nep-techncians
> should be found since the config.pck is there.
>
> root@darni ~ # ls /var/lib/mailman/lists/nep-technicians/config.pck
> /var/lib/mailman/lists/nep-technicians/config.pck
>
> What more to check?

You have checked everything, but you need to use an untainted
value in command. Based on
echo /var/lib/mailman/lists/nep-technicians/config.pck |\
sed -e 's/\/config.pck\$//' -e 's/\/.*\///g'config.pck
(the order of the replacements matters)
could you try replacing your transport with:

mailman_transport:
driver = pipe
command = MM_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
${sg{sg{$local_part}{\/config.pck$}{}}{.*\/}{}}
current_directory = MM_HOME
home_directory = MM_HOME
user = MM_UID
group = MM_GID

?
I don't have an exim config system with MM_LISTCHK
and I have never tested the sg function in an exim config before,
so this is unlikely to be exactly right.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 8:28 AM
Post #9 of 21 (1588 views)
Permalink
On Wed, 20 Jul 2022, Andrew C Aitchison via Exim-users wrote:

> On Wed, 20 Jul 2022, Thomas Krichel via Exim-users wrote:
>> root@darni /etc/exim4 # cat ./conf.d/transport/14_exim4-config_mailman
>> mailman_transport:
>> driver = pipe
>> command = MM_WRAP \
>> '${if def:local_part_suffix \
>> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
>> {post}}' \
>> $local_part
>> current_directory = MM_HOME
>> home_directory = MM_HOME
>> user = MM_UID
>> group = MM_GID
>>
>> just what the instruction say ... Here is my router
>>
>> root@darni /etc/exim4 # cat ./conf.d/router/114_exim4-config_mailman | grep
>> -v ^\#
>> mailman_router:
>> driver = accept
>> domains = +mm_domains
>> require_files = MM_LISTCHK
>> local_part_suffix_optional
>> local_part_suffix = -admin : \
>> -bounces : -bounces+* : \
>> -confirm : -confirm+* : \
>> -join : -leave : \
>> -owner : -request : \
>> -subscribe : -unsubscribe
>> transport = mailman_transport
>>
>> Here is my template, again with comments left out for brefty
>>
>> root@darni /etc/exim4 # cat conf.d/main/template_14_exim4-config_mailman |
>> grep -v ^\#
>> MM_HOME=/var/lib/mailman
>> MM_UID=list
>> MM_GID=list
>> domainlist mm_domains=lists.openlib.org
>> MM_WRAP=MM_HOME/mail/mailman
>> MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
>>
>> A manual check of MM_LISTCHK suggests that nep-techncians
>> should be found since the config.pck is there.
>>
>> root@darni ~ # ls /var/lib/mailman/lists/nep-technicians/config.pck
>> /var/lib/mailman/lists/nep-technicians/config.pck
>>
>> What more to check?
>
> You have checked everything, but you need to use an untainted
> value in command. Based on
> echo /var/lib/mailman/lists/nep-technicians/config.pck |\
> sed -e 's/\/config.pck\$//' -e 's/\/.*\///g'config.pck
> (the order of the replacements matters)
> could you try replacing your transport with:
>
> mailman_transport:
> driver = pipe
> command = MM_WRAP \
> '${if def:local_part_suffix \
> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
> {post}}' \
> ${sg{sg{$local_part}{\/config.pck$}{}}{.*\/}{}}
> current_directory = MM_HOME
> home_directory = MM_HOME
> user = MM_UID
> group = MM_GID
>
> ?
> I don't have an exim config system with MM_LISTCHK
> and I have never tested the sg function in an exim config before,
> so this is unlikely to be exactly right.

I was right that this was wrong :-(
Please try
${sg{sg{$}{\/config.pck$}{MM_LISTCHK}}{.*\/}{}}
instead.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 8:34 AM
Post #10 of 21 (1588 views)
Permalink
Argh. Still wrong.
Is
${sg{sg{$MM_LISTCHK}{\/config.pck$}{}}{.*\/}{}}
a better replacement for $local_part ?

On Wed, 20 Jul 2022, Andrew C Aitchison wrote:

> On Wed, 20 Jul 2022, Andrew C Aitchison via Exim-users wrote:
>
>> On Wed, 20 Jul 2022, Thomas Krichel via Exim-users wrote:
>>> root@darni /etc/exim4 # cat ./conf.d/transport/14_exim4-config_mailman
>>> mailman_transport:
>>> driver = pipe
>>> command = MM_WRAP \
>>> '${if def:local_part_suffix \
>>> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
>>> {post}}' \
>>> $local_part
>>> current_directory = MM_HOME
>>> home_directory = MM_HOME
>>> user = MM_UID
>>> group = MM_GID
... ... ...
>>> What more to check?
>>
>> You have checked everything, but you need to use an untainted
>> value in command. Based on
>> echo /var/lib/mailman/lists/nep-technicians/config.pck |\
>> sed -e 's/\/config.pck\$//' -e 's/\/.*\///g'config.pck
>> (the order of the replacements matters)
>> could you try replacing your transport with:
>>
>> mailman_transport:
>> driver = pipe
>> command = MM_WRAP \
>> '${if def:local_part_suffix \
>> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
>> {post}}' \
>> ${sg{sg{$local_part}{\/config.pck$}{}}{.*\/}{}}
>> current_directory = MM_HOME
>> home_directory = MM_HOME
>> user = MM_UID
>> group = MM_GID
>>
>> ?
>> I don't have an exim config system with MM_LISTCHK
>> and I have never tested the sg function in an exim config before,
>> so this is unlikely to be exactly right.
>
> I was right that this was wrong :-(
> Please try
> ${sg{sg{$}{\/config.pck$}{MM_LISTCHK}}{.*\/}{}}
> instead.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 11:27 PM
Post #11 of 21 (1587 views)
Permalink
Andrew C Aitchison via Exim-users writes
>
> Argh. Still wrong.
> Is
> ${sg{sg{$MM_LISTCHK}{\/config.pck$}{}}{.*\/}{}}
> a better replacement for $local_part ?

Thank you so much!

I have a test installation now. If any wants to use it to figure
out the right transporter, contact me off-list.

This transporter:

mailman_transport:
driver = pipe
command = MM_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
${sg{sg{$MM_LISTCHK}{\/config.pck$}{}}{.*\/}{}}
current_directory = MM_HOME
home_directory = MM_HOME
user = MM_UID
group = MM_GID


which I believe is what Andrew's last suggestion aims at still fails with

2022-07-21 06:19:30 1oEPWy-002t7O-0x == nep-test@lists.repec.org R=mailman_router
T=mailman_transport defer (0): Expansion of
"${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}"
from command "/var/lib/mailman/mail/mailman '${if
def:local_part_suffix
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} {post}}'
${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}"
in mailman_transport transport failed: $ not followed by letter,
digit, or {

Messages are no longer rejected, just kept waiting for the issue
to be resolved.


--

Cheers,

Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 11:42 PM
Post #12 of 21 (1587 views)
Permalink
Jeremy Harris via Exim-users writes

> Getting a file out of Mailman to verify recipient names against would be ideal.

At Mailman list signup, names are optional. Most of my users don't give a name.

--

Cheers,

Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 20, 2022, 11:58 PM
Post #13 of 21 (1587 views)
Permalink
Kirill Miazine via Exim-users writes

> Again, if my memory serves me right,

It serves you right!

root@siche ~ # /usr/lib/mailman/bin/genaliases

output is stances like

## nep-fle mailing list
nep-fle: "|/var/lib/mailman/mail/mailman post nep-fle"
nep-fle-admin: "|/var/lib/mailman/mail/mailman admin nep-fle"
nep-fle-bounces: "|/var/lib/mailman/mail/mailman bounces nep-fle"
nep-fle-confirm: "|/var/lib/mailman/mail/mailman confirm nep-fle"
nep-fle-join: "|/var/lib/mailman/mail/mailman join nep-fle"
nep-fle-leave: "|/var/lib/mailman/mail/mailman leave nep-fle"
nep-fle-owner: "|/var/lib/mailman/mail/mailman owner nep-fle"
nep-fle-request: "|/var/lib/mailman/mail/mailman request nep-fle"
nep-fle-subscribe: "|/var/lib/mailman/mail/mailman subscribe nep-fle"
nep-fle-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe nep-fle"

--

Cheers,

Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 21, 2022, 1:57 AM
Post #14 of 21 (1587 views)
Permalink
• Thomas Krichel via Exim-users [2022-07-21 06:58]:
> Kirill Miazine via Exim-users writes
>
> > Again, if my memory serves me right,
>
> It serves you right!
>
> root@siche ~ # /usr/lib/mailman/bin/genaliases
>
> output is stances like
>
> ## nep-fle mailing list
> nep-fle: "|/var/lib/mailman/mail/mailman post nep-fle"
> nep-fle-admin: "|/var/lib/mailman/mail/mailman admin nep-fle"
> nep-fle-bounces: "|/var/lib/mailman/mail/mailman bounces nep-fle"
> nep-fle-confirm: "|/var/lib/mailman/mail/mailman confirm nep-fle"
> nep-fle-join: "|/var/lib/mailman/mail/mailman join nep-fle"
> nep-fle-leave: "|/var/lib/mailman/mail/mailman leave nep-fle"
> nep-fle-owner: "|/var/lib/mailman/mail/mailman owner nep-fle"
> nep-fle-request: "|/var/lib/mailman/mail/mailman request nep-fle"
> nep-fle-subscribe: "|/var/lib/mailman/mail/mailman subscribe nep-fle"
> nep-fle-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe nep-fle"

This is a good start and could go with an (untested) couple of a router
and a transport:

mailman_router:
driver = redirect
domains = ... # <- list of domains for mailman
data = ${lookup{$local_part}lsearch{/path/to/aliases/file}}
pipe_transport = mailman_transport

mailman_transport:
driver = pipe
user = ... # <- mailman user name
group = ... # <- mailman group name

The mailman_router would probably need a way to handle suffixes for
subscriptions and if you're doing VERP.

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 21, 2022, 2:30 AM
Post #15 of 21 (1587 views)
Permalink
On 21/07/2022 07:27, Thomas Krichel via Exim-users wrote:
> 2022-07-21 06:19:30 1oEPWy-002t7O-0x == nep-test@lists.repec.org R=mailman_router
> T=mailman_transport defer (0): Expansion of
> "${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}"
> from command "/var/lib/mailman/mail/mailman '${if
> def:local_part_suffix
> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} {post}}'
> ${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}"
> in mailman_transport transport failed: $ not followed by letter,
> digit, or {

Here's how to get more info on this expansion problem.

I'm using "noutf8" only in case this message messes up UTF8 characters.
I manually replaced "$local_part" with "nep-test".

# exim -d-all+expand+noutf8 -be
[ignore irrelevant output here, before the '>' prompt]
> MM_HOME=/var/lib/mailman
Defined macro 'MM_HOME'
> MM_WRAP=MM_HOME/mail/mailman
Defined macro 'MM_WRAP'
> MM_LISTCHK=MM_HOME/lists/${lc:nep-test}/config.pck
Defined macro 'MM_LISTCHK'
> ${sg{sg{$MM_LISTCHK}{\/config.pck$}{}}{.*\/}{}}
/considering: ${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}
/considering: sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}
|-------text: sg{
|considering: $/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}
|failed to expand: sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}
\___error message: $ not followed by letter, digit, or {
|failed to expand: ${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}
\___error message: $ not followed by letter, digit, or {
Failed: $ not followed by letter, digit, or {
> ^D



So, there's a spare '$' before MM_LISTCHK. Eyeballing that, I suspect it should be
associated with the previous "sg" that looked like plain text. And the braces '{ ]'
don't look right...

Needing to use two ${sg} 's on something makes me wonder if the approach was right....
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 21, 2022, 3:32 AM
Post #16 of 21 (1587 views)
Permalink
On Thu, 21 Jul 2022, Jeremy Harris via Exim-users wrote:

> On 21/07/2022 07:27, Thomas Krichel via Exim-users wrote:
>> 2022-07-21 06:19:30 1oEPWy-002t7O-0x == nep-test@lists.repec.org
>> R=mailman_router
>> T=mailman_transport defer (0): Expansion of
>> "${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}"
>> from command "/var/lib/mailman/mail/mailman '${if
>> def:local_part_suffix
>> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} {post}}'
>> ${sg{sg{$/var/lib/mailman/lists/${lc::$local_part}/config.pck}{\/config.pck$}{}}{.*\/}{}}"
>> in mailman_transport transport failed: $ not followed by letter,
>> digit, or {
>
> Here's how to get more info on this expansion problem.
>
> I'm using "noutf8" only in case this message messes up UTF8 characters.
> I manually replaced "$local_part" with "nep-test".
>
> # exim -d-all+expand+noutf8 -be

Thanks.

> ${sg{${sg{/var/lib/mailman/lists/${lc:nep-test}/config.pck}{\/config.pck\$}{}}}{.*\/}{}}
/considering: ${sg{${sg{/var/lib/mailman/lists/${lc:nep-test}/config.pck}{\/config.pck\$}{}}}{.*\/}{}}
/considering: ${sg{/var/lib/mailman/lists/${lc:nep-test}/config.pck}{\/config.pck\$}{}}}{.*\/}{}}
/considering: /var/lib/mailman/lists/${lc:nep-test}/config.pck}{\/config.pck\$}{}}}{.*\/}{}}
!/considering: nep-test}/config.pck}{\/config.pck\$}{}}}{.*\/}{}}
!|--expanding: nep-test
!\_____result: nep-test
|--expanding: /var/lib/mailman/lists/${lc:nep-test}/config.pck
\_____result: /var/lib/mailman/lists/nep-test/config.pck
/considering: \/config.pck\$}{}}}{.*\/}{}}
|--expanding: \/config.pck\$
\_____result: /config.pck$
/considering: }}}{.*\/}{}}
|--expanding:
\_____result:
|--expanding: ${sg{/var/lib/mailman/lists/${lc:nep-test}/config.pck}{\/config.pck\$}{}}
\_____result: /var/lib/mailman/lists/nep-test
/considering: .*\/}{}}
|--expanding: .*\/
\_____result: .*/
/considering: }}
|--expanding:
\_____result:
|--expanding: ${sg{${sg{/var/lib/mailman/lists/${lc:nep-test}/config.pck}{\/config.pck\$}{}}}{.*\/}{}}
\_____result: nep-test
nep-test
>


> Needing to use two ${sg} 's on something makes me wonder if the approach was
> right....

I approve of your gut-reaction.
Having slept on it, I don't think this will work and have another idea
which seems simpler.

mailman_router:
driver = accept
domains = +mm_domains
local_parts = dsearch,filter=dir;MM_HOME/lists
require_files = MM_LISTCHK
local_part_suffix_optional
local_part_suffix = -admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe
transport = mailman_transport


mailman_transport:
driver = pipe
command = MM_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
${lc:local_part_data}
current_directory = MM_HOME
home_directory = MM_HOME
user = MM_UID
group = MM_GID

Thomas and I are going to take this offline for a while.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 21, 2022, 3:45 AM
Post #17 of 21 (1587 views)
Permalink
On 20/07/2022 15:26, Jeremy Harris via Exim-users wrote:
> On 20/07/2022 15:09, Thomas Krichel via Exim-users wrote:
>> https://www.exim.org/howto/mailman21.html
>
>
> Thanks for pointing this document out.  I can't locate the source
> right off;

Now found (a .xsl file!)

Not too hard to edit and test; so if people can suggest content...
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Jul 21, 2022, 11:18 PM
Post #18 of 21 (1583 views)
Permalink
Andrew C Aitchison via Exim-users writes

> Thomas and I are going to take this offline for a while.

Well not that long of a while. Andrew has come up with a
router and a transporter that I have tested to work on
a separate installation.

mailman_router:
driver = accept
local_parts = dsearch,filter=dir;MM_HOME/lists
require_files = MM_HOME/lists/$local_part_data/config.pck
local_part_suffix_optional
local_part_suffix = -bounces : -bounces+* : \
-confirm+* : -join : -leave : \
-owner : -request : -admin
domains = +mm_domains
transport = mailman_transport

mailman_transport:
driver = pipe
command = MM_WRAP \
'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}' \
${lc:$local_part_data}
current_directory = MM_HOME
home_directory = MM_HOME
user = MM_UID
group = MM_GID

In Debian MM_HOME would /var/lib/mailman.

As Andrew writes

> The changes should just be the router has a new line
> local_parts = dsearch,filter=dir;MM_HOME/lists
> and in both $local_part becomes $local_part_data

This closes the problem.

My great thanks to Andrew and all other respondents here!

--

Cheers,

Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Aug 21, 2022, 12:40 AM
Post #19 of 21 (1452 views)
Permalink
On Fri, Jul 22, 2022 at 9:21 AM Thomas Krichel via Exim-users <
exim-users@exim.org> wrote:

>
> Andrew C Aitchison via Exim-users writes
>
> > Thomas and I are going to take this offline for a while.
>
> Well not that long of a while. Andrew has come up with a
> router and a transporter that I have tested to work on
> a separate installation.
>
> mailman_router:
> driver = accept
> local_parts = dsearch,filter=dir;MM_HOME/lists
> require_files = MM_HOME/lists/$local_part_data/config.pck
> local_part_suffix_optional
> local_part_suffix = -bounces : -bounces+* : \
> -confirm+* : -join : -leave : \
> -owner : -request : -admin
> domains = +mm_domains
> transport = mailman_transport
>
> mailman_transport:
> driver = pipe
> command = MM_WRAP \
> '${if def:local_part_suffix \
> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
> {post}}' \
> ${lc:$local_part_data}
> current_directory = MM_HOME
> home_directory = MM_HOME
> user = MM_UID
> group = MM_GID
>
> In Debian MM_HOME would /var/lib/mailman.
>
> As Andrew writes
>
> > The changes should just be the router has a new line
> > local_parts = dsearch,filter=dir;MM_HOME/lists
> > and in both $local_part becomes $local_part_data
>
> This closes the problem.
>
> My great thanks to Andrew and all other respondents here!
>
>
Using this very same router and transport, I am a little surprised that I
still did get a hit on the taint issue:

mailman_transport transport returned FAIL for
listname-bounces+johndoe=at.co.ke@lists.my.dom.ain
post-process listname-bounces+johndoe=at.co.ke@lists.my.dom.ain (2)
LOG: MAIN
** listname@lists.my.dom.ain
<listname-bounces+johndoe=at.co.ke@lists.my.dom.ain> R=mailman_router
T=mailman_transport: Tainted arg 1 for mailman_transport transport command:
'bounces'
>>>>>>>>>>>>>>>> deliveries are done >>>>>>>>>>>>>>>>
changed uid/gid: post-delivery tidying
uid=26 gid=26 pid=22462
auxiliary group list: 26
set_process_info: 22462 tidying up after delivering 1oOacJ-000Fkn-0q
Processing retry items
Succeeded addresses:
Failed addresses:
Deferred addresses:
listname-bounces+johndoe=at.co.ke@lists.my.dom.ain: no retry items
end of retry processing
LOG: MAIN
Frozen (delivery error message)
delivery deferred: update_spool=1 header_rewritten=0
Writing spool header file: /var/spool/exim//input//hdr.1oOacJ-000Fkn-0q
DSN: **** SPOOL_OUT - address:
<listname-bounces+johndoe=at.co.ke@lists.my.dom.ain> errorsto: <NULL>
orcpt: <NULL> dsn_flags: 0x0
Renaming spool header file: /var/spool/exim//input//1oOacJ-000Fkn-0q-H
Size of headers = 710
end delivery of 1oOacJ-000Fkn-0q
search_tidyup called
search_tidyup called
>>>>>>>>>>>>>>>> Exim pid=22462 (fresh-exec) terminating with rc=0
>>>>>>>>>>>>>>>>





--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(?)_/¯ :-)
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Aug 21, 2022, 1:12 AM
Post #20 of 21 (1452 views)
Permalink
Odhiambo Washington writes

> Using this very same router and transport, I am a little surprised that I
> still did get a hit on the taint issue:

I will set Odhiambo my complete configuration.

--

Cheers,

Thomas Krichel http://openlib.org/home/krichel
skype:thomaskrichel

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: Tainted arg 2 for mailman_transport transport command [ In reply to ]
exim-users at exim
Oct 7, 2022, 3:23 AM
Post #21 of 21 (1267 views)
Permalink
On Sun, Aug 21, 2022 at 10:40 AM Odhiambo Washington <odhiambo@gmail.com>
wrote:

>
>
> On Fri, Jul 22, 2022 at 9:21 AM Thomas Krichel via Exim-users <
> exim-users@exim.org> wrote:
>
>>
>> Andrew C Aitchison via Exim-users writes
>>
>> > Thomas and I are going to take this offline for a while.
>>
>> Well not that long of a while. Andrew has come up with a
>> router and a transporter that I have tested to work on
>> a separate installation.
>>
>> mailman_router:
>> driver = accept
>> local_parts = dsearch,filter=dir;MM_HOME/lists
>> require_files = MM_HOME/lists/$local_part_data/config.pck
>> local_part_suffix_optional
>> local_part_suffix = -bounces : -bounces+* : \
>> -confirm+* : -join : -leave : \
>> -owner : -request : -admin
>> domains = +mm_domains
>> transport = mailman_transport
>>
>> mailman_transport:
>> driver = pipe
>> command = MM_WRAP \
>> '${if def:local_part_suffix \
>> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
>> {post}}' \
>> ${lc:$local_part_data}
>> current_directory = MM_HOME
>> home_directory = MM_HOME
>> user = MM_UID
>> group = MM_GID
>>
>> In Debian MM_HOME would /var/lib/mailman.
>>
>> As Andrew writes
>>
>> > The changes should just be the router has a new line
>> > local_parts = dsearch,filter=dir;MM_HOME/lists
>> > and in both $local_part becomes $local_part_data
>>
>> This closes the problem.
>>
>> My great thanks to Andrew and all other respondents here!
>>
>>
> Using this very same router and transport, I am a little surprised that I
> still did get a hit on the taint issue:
>
> mailman_transport transport returned FAIL for
> listname-bounces+johndoe=at.co.ke@lists.my.dom.ain
> post-process listname-bounces+johndoe=at.co.ke@lists.my.dom.ain (2)
> LOG: MAIN
> ** listname@lists.my.dom.ain
> <listname-bounces+johndoe=at.co.ke@lists.my.dom.ain> R=mailman_router
> T=mailman_transport: Tainted arg 1 for mailman_transport transport command:
> 'bounces'
> >>>>>>>>>>>>>>>> deliveries are done >>>>>>>>>>>>>>>>
> changed uid/gid: post-delivery tidying
> uid=26 gid=26 pid=22462
> auxiliary group list: 26
> set_process_info: 22462 tidying up after delivering 1oOacJ-000Fkn-0q
> Processing retry items
> Succeeded addresses:
> Failed addresses:
> Deferred addresses:
> listname-bounces+johndoe=at.co.ke@lists.my.dom.ain: no retry items
> end of retry processing
> LOG: MAIN
> Frozen (delivery error message)
> delivery deferred: update_spool=1 header_rewritten=0
> Writing spool header file: /var/spool/exim//input//hdr.1oOacJ-000Fkn-0q
> DSN: **** SPOOL_OUT - address:
> <listname-bounces+johndoe=at.co.ke@lists.my.dom.ain> errorsto: <NULL>
> orcpt: <NULL> dsn_flags: 0x0
> Renaming spool header file: /var/spool/exim//input//1oOacJ-000Fkn-0q-H
> Size of headers = 710
> end delivery of 1oOacJ-000Fkn-0q
> search_tidyup called
> search_tidyup called
> >>>>>>>>>>>>>>>> Exim pid=22462 (fresh-exec) terminating with rc=0
> >>>>>>>>>>>>>>>>
>

Hello good people,

I tested the configuration shared by @Thomas Krichel
<krichel@openlib.org> which
is what was crafted by Dr. Andrew C Aitchison.
I still very much get these same errors with my list and surely don't know
what I am doing differently in my config.

A full debug run on a typical message is here:
https://pastebin.ubuntu.com/p/8ck5CDMCjF/

Hoping someone can see what is the issue.

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(?)_/¯ :-)
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal