Mailing List Archive

I'm getting a LOT of there. It started when I changed the permissions on
the exim executable from 755 to 750 - but I changed it back to 755 and
it delivered mail for a while and then started this again. If I restart
Exim it works for a while and then reverts to the errors. What am I
doing wring?


2005-09-09 08:17:12 1EDkcq-0000xq-DO unable to set gid=501 or uid=520
(euid=12): virtual_userforward router (recipient is marc@perkel.com)
2005-09-09 08:17:12 1EDkcq-0000xq-DO internal problem in
virtual_userforward router (recipient is marc@perkel.com): failure to
transfer data from subprocess: status=0100 readerror='No such file or
directory'
2005-09-09 08:17:12 1EDkcq-0000xq-DO == marc@perkel.com
R=virtual_userforward defer (-1): internal problem in
virtual_userforward router (recipient is marc@perkel.com): failure to
transfer data from subprocess: status=0100 readerror='No such file or
directory'
2005-09-09 08:17:12 1EDkcp-0000wj-BL <=
sentto-15945187-830-1126278924-yarnlady=janet.menschel.net@returns.groups.yahoo.com
H=localhost (pascal.ctyme.com) [127.0.0.1] P=esmtp S=618807
id=20050909151522.40309.qmail@web32908.mail.mud.yahoo.com for
janet@menschel.net
2005-09-09 08:17:12 1EDkcq-0000yT-AO => /nobackup/spamlog/nonspam
<bettina@lessig.org> R=mail_log_filter T=address_file
2005-09-09 08:17:12 1EDkcq-0000xq-DO => /nobackup/spamlog/ham
<marc@perkel.com> R=mail_log_filter T=address_file
2005-09-09 08:17:12 1EDkcq-0000yT-AO Frozen
2005-09-09 08:17:13 1EDkcp-0000wj-BL unable to set gid=12 or uid=47001
(euid=12): local delivery to janet <janet@menschel.net>
transport=virtual_local_delivery
2005-09-09 08:17:13 1EDkcp-0000wj-BL failed to read delivery status for
\0\janet@menschel.net from delivery subprocess
2005-09-09 08:17:13 1EDkcp-0000wj-BL appendfile transport process
returned non-zero status 0x0100: exit code 1

John Jetmore wrote:

>On Fri, 9 Sep 2005, Marc Perkel wrote:
>
>
>
>>Trying to lock down permissions on the email system which doesn't use real
>>unix usrrs. So I tried setting the permission on Exim to 750 so that only
>>
>>
>
>Without commenting on whether this is an overall workable scheme, the
>binary still has to be setuid, right? So wouldn't that be 4750?
>
>--John
>
>
>
That's likely it. I did 750. I set it all back to 4755?

--
Marc Perkel - marc@perkel.com

Spam Filter: http://www.junkemailfilter.com
My Blog: http://marc.perkel.com

On 09/09/05, Marc Perkel <marc@perkel.com> wrote:
>
>
> John Jetmore wrote:
>
> >On Fri, 9 Sep 2005, Marc Perkel wrote:
> >
> >
> >
> >>Trying to lock down permissions on the email system which doesn't use real
> >>unix usrrs. So I tried setting the permission on Exim to 750 so that only
> >>
> >>
> >
> >Without commenting on whether this is an overall workable scheme, the
> >binary still has to be setuid, right? So wouldn't that be 4750?
> >
> >--John
> >
> >
> >
> That's likely it. I did 750. I set it all back to 4755?

Try it, maybe? Please do some work yourself in between posts.

To make sure you've un-done what you've broken, you could run 'make
install' again.

Peter


--
Peter Bowyer
Email: peter@bowyer.org
Tel: +44 1296 768003
VoIP: sip:peter@bowyer.org

Is anybody able to assist with the below issue?

The one thing I can say is that it doesn’t impact all email but it’s not clear what the criteria is of what it does impact.

> On May 9, 2023, at 11:20 PM, Robert Nicholson <robert.nicholson@gmail.com> wrote:
>
> Here’s more detailed trace
>
> I’m redacting some things.
>
> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O <= username@domain H=mail-lf1-f50.google.com [X.X.X.X] P=esmtps X=TLS1.2:ECDHE-ECDSA-AES128-GCM-SHA256:128 CV=no S=8412 DKIM=domain.20221208.smtp.com id=CAMp+ihqPY0eLVsndLnN1pQxyO7_NT-TbRanQRwOpjdowwq2=kA@mail.gmail.com T="My contact info" from <username@domain> for me@mydomain
> mainlog:2023-05-09 13:49:51 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1pwUHO-0005xx-1O
> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O SIGSEGV (fault address: (nil))
> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O SIGSEGV (null pointer indirection)
> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O internal problem in userforward router (recipient is user@host): failure to transfer data from subprocess: status=0100 readerror='No such file or directory'
> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O == user@host <me@mydomain> R=userforward defer (-1): internal problem in userforward router (recipient is user@host): failure to transfer data from subprocess: status=0100 readerror='No such file or directory'
> mainlog:2023-05-09 20:16:14 1pwUHO-0005xx-1O SIGSEGV (fault address: (nil))
> mainlog:2023-05-09 20:16:14 1pwUHO-0005xx-1O SIGSEGV (null pointer indirection)
> mainlog:2023-05-09 20:16:14 1pwUHO-0005xx-1O internal problem in userforward router (recipient is user@host): failure to transfer data from subprocess: status=0100 readerror='No such file or directory'
> mainlog:2023-05-09 20:16:14 1pwUHO-0005xx-1O == user@host <me@mydomain> R=userforward defer (-1): internal problem in userforward router (recipient is user@host): failure to transfer data from subprocess: status=0100 readerror='No such file or directory'
> paniclog:2023-05-09 13:49:51 1pwUHO-0005xx-1O internal problem in userforward router (recipient is user@host): failure to transfer data from subprocess: status=0100 readerror='No such file or directory'
> paniclog:2023-05-09 20:16:14 1pwUHO-0005xx-1O internal problem in userforward router (recipient is user@host): failure to transfer data from subprocess: status=0100 readerror='No such file or directory'
>
>
>
>
>> On May 9, 2023, at 11:00 PM, Robert Nicholson <robert.nicholson@gmail.com> wrote:
>>
>> Furthermore can somebody please confirm that nothing in the .forward can create such an error?
>>
>>> On May 9, 2023, at 6:03 PM, Robert Nicholson <robert.nicholson@gmail.com> wrote:
>>>
>>> Here’s the full message that I’m seeing in the log file.
>>>
>>> failure to transfer data from subprocess: status=0100 readerror='No such file or directory’
>>>
>>> the exim binary does have +s
>>>
>>> -rwsr-xr-x 1 root root 1415656 Jan 7 06:47 /usr/sbin/exim
>>>
>>> exim --version
>>> Exim version 4.96-58-g4e9ed49f8 #2 built 07-Jan-2023 06:47:04
>>> Copyright (c) University of Cambridge, 1995 - 2018
>>> (c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
>>> Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
>>> Support for: crypteq IPv6 Perl OpenSSL TLS_resume move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPECONNECT PRDR Queue_Ramp SPF SRS TCP_Fast_Open
>>> Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
>>> Authenticators: cram_md5 dovecot plaintext spa
>>> Routers: accept dnslookup ipliteral manualroute queryprogram redirect
>>> Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
>>> Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
>>> Fixed never_users: 0
>>> Configure owner: 0:0
>>> Size of off_t: 8
>>> 2023-05-09 16:02:10 cwd=/var/log/exim 2 args: exim --version
>>> Configuration file is /etc/exim.conf
>>>
>>
>


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Wed, May 10, 2023 at 2:04?PM Robert Nicholson via Exim-users <
exim-users@lists.exim.org> wrote:

> Is anybody able to assist with the below issue?
>
> The one thing I can say is that it doesn’t impact all email but it’s not
> clear what the criteria is of what it does impact.
>


You didn't share the userforward router. Can you please do?
Does it refer to some file lookup?
Does that file exist?


--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(?)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 10/05/2023 12:02, Robert Nicholson via Exim-users wrote:
> Exim version 4.96-58-g4e9ed49f8 #2 built 07-Jan-2023 06:47:04

Who built it? What is the provenance of the sourcecode?

> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O SIGSEGV (null pointer indirection)

Definitely a bug; you should not be able to induce this by doing
something odd in a .forward.

For debugging it, it'd help if you could provide the matching .forward
rule (if there is indeed one), and even more if you could get a coredump.

The "failure to transfer data" log is a follow-on resulting from
the transport process dying (and not providing data) not ignore that.

Is the message successfully delivered on a subsequent queue-run
(grep the log for the message ID)? I see several failed tries in
the log extract you gave.

If not, and the message is still queued, please try forcing a delivery
with debug enabled ("exim -d+all -M 1pwUHO-0005xx-1O 2>&1 | tee debuglog")
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

I am not the administrator of the machine so is there any way I can show
you what you are asking for?

On Wed, May 10, 2023 at 6:18?AM Odhiambo Washington <odhiambo@gmail.com>
wrote:

>
>
> On Wed, May 10, 2023 at 2:04?PM Robert Nicholson via Exim-users <
> exim-users@lists.exim.org> wrote:
>
>> Is anybody able to assist with the below issue?
>>
>> The one thing I can say is that it doesn’t impact all email but it’s not
>> clear what the criteria is of what it does impact.
>>
>
>
> You didn't share the userforward router. Can you please do?
> Does it refer to some file lookup?
> Does that file exist?
>
>
> --
> Best regards,
> Odhiambo WASHINGTON,
> Nairobi,KE
> +254 7 3200 0004/+254 7 2274 3223
> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(?)_/¯ :-)
> [How to ask smart questions:
> http://www.catb.org/~esr/faqs/smart-questions.html]
>

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Also I am the owner of the .forward file but do the errors suggest anything
is wrong with the .forward file?

My understanding is the issue is before the .forward file is being
processed but I could be wrong.

On Wed, May 10, 2023 at 6:33?AM Robert Nicholson <robert.nicholson@gmail.com>
wrote:

> I am not the administrator of the machine so is there any way I can show
> you what you are asking for?
>
> On Wed, May 10, 2023 at 6:18?AM Odhiambo Washington <odhiambo@gmail.com>
> wrote:
>
>>
>>
>> On Wed, May 10, 2023 at 2:04?PM Robert Nicholson via Exim-users <
>> exim-users@lists.exim.org> wrote:
>>
>>> Is anybody able to assist with the below issue?
>>>
>>> The one thing I can say is that it doesn’t impact all email but it’s not
>>> clear what the criteria is of what it does impact.
>>>
>>
>>
>> You didn't share the userforward router. Can you please do?
>> Does it refer to some file lookup?
>> Does that file exist?
>>
>>
>> --
>> Best regards,
>> Odhiambo WASHINGTON,
>> Nairobi,KE
>> +254 7 3200 0004/+254 7 2274 3223
>> "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(?)_/¯ :-)
>> [How to ask smart questions:
>> http://www.catb.org/~esr/faqs/smart-questions.html]
>>
>

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 10/05/2023 12:33, Robert Nicholson via Exim-users wrote:
> I am not the administrator of the machine so is there any way I can show
> you what you are asking for?

exim -bP router userforward

But really, you should get the admin involved
for debugging this.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 10/05/2023 12:02, Robert Nicholson via Exim-users wrote:
> Exim version 4.96-58-g4e9ed49f8 #2 built 07-Jan-2023 06:47:04

Who built it? What is the provenance of the sourcecode?

> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O SIGSEGV (null pointer indirection)

Definitely a bug; you should not be able to induce this by doing
something odd in a .forward.

For debugging it, it'd help if you could provide the matching .forward
rule (if there is indeed one), and even more if you could get a coredump.

The "failure to transfer data" log is a follow-on resulting from
the transport process dying (and not providing data) not ignore that.

Is the message successfully delivered on a subsequent queue-run
(grep the log for the message ID)? I see several failed tries in
the log extract you gave.

If not, and the message is still queued, please try forcing a delivery
with debug enabled ("exim -d+all -M 1pwUHO-0005xx-1O 2>&1 | tee debuglog")
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 10/05/2023 12:33, Robert Nicholson via Exim-users wrote:
> I am not the administrator of the machine so is there any way I can show
> you what you are asking for?

exim -bP router userforward

But really, you should get the admin involved
for debugging this.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Here’s the output of that command

exim -bP router userforward
address_data =
address_test
cannot_route_message =
no_caseful_local_part
check_local_user
condition =
debug_print =
no_disable_logging
dnssec_request_domains = *
dnssec_require_domains =
domains =
driver = redirect
no_dsn_lasthop
errors_to =
no_expn
no_fail_verify_recipient
no_fail_verify_sender
fallback_hosts =
group =
headers_add =
headers_remove =
ignore_target_hosts =
no_initgroups
local_part_prefix =
no_local_part_prefix_optional
local_part_suffix =
no_local_part_suffix_optional
local_parts =
no_log_as_local
more
no_pass_on_timeout
pass_router =
redirect_router =
require_files =
retry_use_local_part
router_home_directory =
self = freeze
senders =
set =
transport =
transport_current_directory =
transport_home_directory =
no_unseen
user =
no_verify_only
no_verify_recipient
no_verify_sender
no_allow_defer
no_allow_fail
allow_filter
no_allow_freeze
check_ancestor
no_check_group
check_owner
data =
directory_transport = address_directory
file = $home/.forward
file_transport = address_file
filter_prepend_home
no_forbid_blackhole
no_forbid_exim_filter
no_forbid_file
no_forbid_filter_dlfunc
no_forbid_filter_existstest
no_forbid_filter_logwrite
no_forbid_filter_lookup
no_forbid_filter_perl
no_forbid_filter_readfile
no_forbid_filter_readsocket
no_forbid_filter_reply
no_forbid_filter_run
no_forbid_include
no_forbid_pipe
no_forbid_sieve_filter
no_forbid_smtp_code
no_hide_child_in_errmsg
no_ignore_eacces
no_ignore_enotdir
include_directory =
modemask = 022
no_one_time
owners =
owngroups =
pipe_transport = address_pipe
qualify_domain =
no_qualify_preserve_domain
repeat_use
reply_transport = address_reply
rewrite
sieve_enotify_mailto_owner =
sieve_subaddress =
sieve_useraddress =
sieve_vacation_directory =
no_skip_syntax_errors
syntax_errors_text =
syntax_errors_to =


> On May 10, 2023, at 6:48 AM, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote:
>
> On 10/05/2023 12:33, Robert Nicholson via Exim-users wrote:
>> I am not the administrator of the machine so is there any way I can show
>> you what you are asking for?
>
> exim -bP router userforward
>
> But really, you should get the admin involved
> for debugging this.
> --
> Cheers,
> Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

To answer this question my ISP uses DirectAdmin and I believe exim is packaged with that.

> On May 10, 2023, at 6:52 AM, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote:
>
>
> On 10/05/2023 12:02, Robert Nicholson via Exim-users wrote:
>> Exim version 4.96-58-g4e9ed49f8 #2 built 07-Jan-2023 06:47:04
>
> Who built it? What is the provenance of the sourcecode?
>
>> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O SIGSEGV (null pointer indirection)
>
> Definitely a bug; you should not be able to induce this by doing
> something odd in a .forward.
>
> For debugging it, it'd help if you could provide the matching .forward
> rule (if there is indeed one), and even more if you could get a coredump.
>
> The "failure to transfer data" log is a follow-on resulting from
> the transport process dying (and not providing data) not ignore that.
>
> Is the message successfully delivered on a subsequent queue-run
> (grep the log for the message ID)? I see several failed tries in
> the log extract you gave.
>
> If not, and the message is still queued, please try forcing a delivery
> with debug enabled ("exim -d+all -M 1pwUHO-0005xx-1O 2>&1 | tee debuglog")
> --
> Cheers,
> Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Here is some feedback I received from support for the host I’m using.

I’m not quite sure I follow the significant of what they are pointing out and also it doesn’t look like I have the ability to debug exim myself

The claim below is that it’s my pipe to the perlscript that causes the issues.

Sure, but what does the whole tainted thing have to do with it?

02:19:39 13517 Condition is false: $header_from: matches rss@mydomain.com <mailto:rss@elastica.com>
02:19:39 13517 ?considering: $tod_full running with sa $header_from: to $header_to:
02:19:39 13517
02:19:39 13517 ?considering: running with sa $header_from: to $header_to:
02:19:39 13517
02:19:39 13517 ????????text: running with sa
02:19:39 13517 ?considering: $header_from: to $header_to:
02:19:39 13517
02:19:39 13517 ?considering: to $header_to:
02:19:39 13517
02:19:39 13517 ????????text: to
02:19:39 13517 ?considering: $header_to:
02:19:39 13517
02:19:39 13517 ?considering:
02:19:39 13517
02:19:39 13517 ????????text:
02:19:39 13517
02:19:39 13517 ???expanding: $tod_full running with sa $header_from: to $header_to:
02:19:39 13517
02:19:39 13517 ??????result: Fri, 12 May 2023 02:19:39 -0700 running with sa Firstname Lastname <user@domain.com <mailto:bbarlow@matlensilver.com>> to me@mydomain.com <mailto:robert@elastica.com>
02:19:39 13517
02:19:39 13517 ???(tainted)
02:19:39 13517 writing filter log as euid 1043
02:19:39 13517 Filter: pipe message to: nice -10 $home/perlscripts/filter.pl
02:19:39 13517 LOG: MAIN PANIC
02:19:39 13517 SIGSEGV (fault address: (nil))


as it's basically pipe tu custom extension which is not provided by DA it's not considered as direct exim issue, as it plain simply not parsing correctly.

You can debug variables passed and hot it's processed and guess where it's failing using debug devilry of failing message using etc.:
exim -d+all -M 1pwiuk-0008E9-06

Just a hint:
39 13517 ??????result: sending message 1pwiuk-0008E9-06 from Firstname Lastname <user@domain.com <mailto:bbarlow@matlensilver.com>> to me@mydomain.com <mailto:robert@elastica.com> to pipe
02:19:39 13517
02:19:39 13517 ???(tainted)
02:19:39 13517 writing filter log as euid 1043
02:19:39 13517 ?considering: $header_from:
02:19:39 13517 ???expanding: $header_from:
02:19:39 13517 ??????result: Firstname Lastname <user@domain.com <mailto:bbarlow@matlensilver.com>>
02:19:39 13517 ???(tainted)

which can be a new thing for custom filter in relation to exim changes and how client provided input is treated(basically less/no trust is given):

https://github.com/Exim/exim/blob/master/doc/doc-txt/ChangeLog
"JH/25 Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp" and
"queryprogram" transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in "preexpand" mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.”

exim -bV
Exim version 4.96-58-g4e9ed49f8 #2 built 07-Jan-2023 06:47:04
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq IPv6 Perl OpenSSL TLS_resume move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPECONNECT PRDR Queue_Ramp SPF SRS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
2023-05-12 02:30:58 cwd=/var/log/exim 2 args: exim -bV
Configuration file is /etc/exim.conf

-----

> On May 10, 2023, at 5:31 PM, Robert Nicholson via Exim-users <exim-users@lists.exim.org> wrote:
>
> To answer this question my ISP uses DirectAdmin and I believe exim is packaged with that.
>
>> On May 10, 2023, at 6:52 AM, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote:
>>
>>
>> On 10/05/2023 12:02, Robert Nicholson via Exim-users wrote:
>>> Exim version 4.96-58-g4e9ed49f8 #2 built 07-Jan-2023 06:47:04
>>
>> Who built it? What is the provenance of the sourcecode?
>>
>>> mainlog:2023-05-09 13:49:51 1pwUHO-0005xx-1O SIGSEGV (null pointer indirection)
>>
>> Definitely a bug; you should not be able to induce this by doing
>> something odd in a .forward.
>>
>> For debugging it, it'd help if you could provide the matching .forward
>> rule (if there is indeed one), and even more if you could get a coredump.
>>
>> The "failure to transfer data" log is a follow-on resulting from
>> the transport process dying (and not providing data) not ignore that.
>>
>> Is the message successfully delivered on a subsequent queue-run
>> (grep the log for the message ID)? I see several failed tries in
>> the log extract you gave.
>>
>> If not, and the message is still queued, please try forcing a delivery
>> with debug enabled ("exim -d+all -M 1pwUHO-0005xx-1O 2>&1 | tee debuglog")
>> --
>> Cheers,
>> Jeremy
>>
>>
>> --
>> ## subscription configuration (requires account):
>> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
>> ## unsubscribe (doesn't require an account):
>> ## exim-users-unsubscribe@lists.exim.org
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 13/05/2023 19:51, Robert Nicholson via Exim-users wrote:
> 02:19:39 13517 writing filter log as euid 1043

That tells us it came after handling a "logwrite" in a filter file...

> 02:19:39 13517 ?considering: $header_from:
> 02:19:39 13517 ???expanding: $header_from:
> 02:19:39 13517 ??????result: Firstname Lastname <user@domain.com <mailto:bbarlow@matlensilver.com>>
> 02:19:39 13517 ???(tainted)

This (in fact, expanding anything the results in a tainted value)
isn't necessarily a problem. Using that tainted value in
certain other contexts (basically, expanding *it* or the moral
equivalent, such as using it for a filename) would be a problem.
But even if you tried to do that it should *not* result in
a null-pointer-follow. It's a bug in Exim, even if you've managed
to trigger it with something in your config.

The first debug snippet you showed doesn't have that expansion,
so I'm slightly confused as to the time-sequence.
It has

> 02:19:39 13517 writing filter log as euid 1043
(as above)
> 02:19:39 13517 Filter: pipe message to: nice -10 $home/perlscripts/filter.pl

That was dealing with a "pipe" command in a filter file, after
the "logwrite" above.

Again, we don't really have a location for the null-pointer-follow.
A coredump would be the best way of debugging. If you want to
avoid leaking info, then the stacktrace from a coredump ("bt" in gdb)
would be useful (though, admittedly, a binary with debug-info would be
best - "-ggdb" in CFLAGS).

--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Another thing I don’t quite understand with this is my .forward has something like this before the pipe

save $home/Maildir/.INBOX.intray.backup/

this is catch all to save all mail.

However when I see these errors with the SIGSEGV it’s as if the above step never completed either.

The one characteristic that’s known is that it seems the same email (when it comes back around again) consistently fails over and over whilst many others do not. I still haven’t found what the pattern is yet.

> On May 13, 2023, at 2:29 PM, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote:
>
> On 13/05/2023 19:51, Robert Nicholson via Exim-users wrote:
>> 02:19:39 13517 writing filter log as euid 1043
>
> That tells us it came after handling a "logwrite" in a filter file...
>
>> 02:19:39 13517 ?considering: $header_from:
>> 02:19:39 13517 ???expanding: $header_from:
>> 02:19:39 13517 ??????result: Firstname Lastname <user@domain.com <mailto:bbarlow@matlensilver.com>>
>> 02:19:39 13517 ???(tainted)
>
> This (in fact, expanding anything the results in a tainted value)
> isn't necessarily a problem. Using that tainted value in
> certain other contexts (basically, expanding *it* or the moral
> equivalent, such as using it for a filename) would be a problem.
> But even if you tried to do that it should *not* result in
> a null-pointer-follow. It's a bug in Exim, even if you've managed
> to trigger it with something in your config.
>
> The first debug snippet you showed doesn't have that expansion,
> so I'm slightly confused as to the time-sequence.
> It has
>
>> 02:19:39 13517 writing filter log as euid 1043
> (as above)
>> 02:19:39 13517 Filter: pipe message to: nice -10 $home/perlscripts/filter.pl
>
> That was dealing with a "pipe" command in a filter file, after
> the "logwrite" above.
>
> Again, we don't really have a location for the null-pointer-follow.
> A coredump would be the best way of debugging. If you want to
> avoid leaking info, then the stacktrace from a coredump ("bt" in gdb)
> would be useful (though, admittedly, a binary with debug-info would be
> best - "-ggdb" in CFLAGS).
>
> --
> Cheers,
> Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 13/05/2023 21:42, Robert Nicholson via Exim-users wrote:
> Another thing I don’t quite understand with this is my .forward has something like this before the pipe
>
> save $home/Maildir/.INBOX.intray.backup/
>
> this is catch all to save all mail.
>
> However when I see these errors with the SIGSEGV it’s as if the above step never completed either.

The "save" command only sets up another delivery to be done for the message
(to file) - it's doesn't perform that delivery. The crash is before
we get to that delivery being actioned.


[. Exim version 4.96 will be doing it's best to give a stackdump
of itself, on a SIGSEGV, to the logfiles. I assume you're
running something a bit earlier.
]

--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Which log files since I don’t see anything in mainlog for example.

Looks like I find a backtrace from earlier

2023-04-24 09:24:14 1pqyz8-0006yH-1A SIGSEGV (fault address: 0x30)
2023-04-24 09:24:14 1pqyz8-0006yH-1A SIGSEGV (null pointer indirection)
2023-04-24 09:24:14 1pqyz8-0006yH-1A SIGSEGV (27310 proxying TLS connection for continued transport to complaints.maro
post.com

)
2023-04-24 09:24:14 1pqyz8-0006yH-1A backtrace

2023-04-24 09:24:14 1pqyz8-0006yH-1A ---

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x428e6e]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x428fd3]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /lib64/libpthread.so.0(+0xf630) [0x7fb00f7c9630]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /lib64/libssl.so.10(SSL_read+0) [0x7fb00f1bc680]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x489596]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x4b5fa9]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x425878]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x4164f8]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x42f610]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /lib64/libc.so.6(__libc_start_main+0xf5) [0x7fb00f40e555]

2023-04-24 09:24:14 1pqyz8-0006yH-1A /usr/sbin/exim() [0x40a119]

2023-04-24 09:24:14 1pqyz8-0006yH-1A ---


Don’t seem to see an abundance of backtraces

mainlog-20230430:2023-04-24 09:24:14 1pqyz8-0006yH-1A backtrace
paniclog-20230430:2023-04-24 09:24:14 1pqyz8-0006yH-1A backtrace

> On May 13, 2023, at 3:52 PM, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote:
>
> On 13/05/2023 21:42, Robert Nicholson via Exim-users wrote:
>> Another thing I don’t quite understand with this is my .forward has something like this before the pipe
>> save $home/Maildir/.INBOX.intray.backup/
>> this is catch all to save all mail.
>> However when I see these errors with the SIGSEGV it’s as if the above step never completed either.
>
> The "save" command only sets up another delivery to be done for the message
> (to file) - it's doesn't perform that delivery. The crash is before
> we get to that delivery being actioned.
>
>
> [. Exim version 4.96 will be doing it's best to give a stackdump
> of itself, on a SIGSEGV, to the logfiles. I assume you're
> running something a bit earlier.
> ]
>
> --
> Cheers,
> Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

What would a basic .forward file look like if all I wanted to do is to have a .forward file in place but for everything to go it’s default places?

> On May 13, 2023, at 3:52 PM, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote:
>
> On 13/05/2023 21:42, Robert Nicholson via Exim-users wrote:
>> Another thing I don’t quite understand with this is my .forward has something like this before the pipe
>> save $home/Maildir/.INBOX.intray.backup/
>> this is catch all to save all mail.
>> However when I see these errors with the SIGSEGV it’s as if the above step never completed either.
>
> The "save" command only sets up another delivery to be done for the message
> (to file) - it's doesn't perform that delivery. The crash is before
> we get to that delivery being actioned.
>
>
> [. Exim version 4.96 will be doing it's best to give a stackdump
> of itself, on a SIGSEGV, to the logfiles. I assume you're
> running something a bit earlier.
> ]
>
> --
> Cheers,
> Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Sat, 13 May 2023, Robert Nicholson via Exim-users wrote:

> What would a basic .forward file look like if all I wanted to do is to have a .forward file in place but for everything to go it’s default places?

The single line:
# Exim filter <<== Do not edit or remove this line !

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Do I have to be an administrator in order to be able to debug?

exim -d+all -M $HOME/1pwiuk-0008E9-06

Exim version 4.96-58-g4e9ed49f8 #2 built 07-Jan-2023 06:47:04
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
Berkeley DB: Berkeley DB 5.3.21: (May 11, 2012)
Support for: crypteq IPv6 Perl OpenSSL TLS_resume move_frozen_messages Content_Scanning DKIM DNSSEC Event OCSP PIPECONNECT PRDR Queue_Ramp SPF SRS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb
Authenticators: cram_md5 dovecot plaintext spa
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore/mbx autoreply lmtp pipe smtp
Malware: f-protd f-prot6d drweb aveserver fsecure kavdaemon sophie clamd mksd avast sock cmdline
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
2023-05-19 05:07:03 cwd=/var/log/exim 2 args: exim --version
Configuration file is /etc/exim.conf


——

I’m not seeing any stackdump in any of mainlog, paniclog, process log

Is a config option needed for that?

> On May 13, 2023, at 3:52 PM, Jeremy Harris via Exim-users <exim-users@lists.exim.org> wrote:
>
> On 13/05/2023 21:42, Robert Nicholson via Exim-users wrote:
>> Another thing I don’t quite understand with this is my .forward has something like this before the pipe
>> save $home/Maildir/.INBOX.intray.backup/
>> this is catch all to save all mail.
>> However when I see these errors with the SIGSEGV it’s as if the above step never completed either.
>
> The "save" command only sets up another delivery to be done for the message
> (to file) - it's doesn't perform that delivery. The crash is before
> we get to that delivery being actioned.
>
>
> [. Exim version 4.96 will be doing it's best to give a stackdump
> of itself, on a SIGSEGV, to the logfiles. I assume you're
> running something a bit earlier.
> ]
>
> --
> Cheers,
> Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 19/05/2023 13:08, Robert Nicholson via Exim-users wrote:
> Do I have to be an administrator in order to be able to debug?

The docs say "is restricted to admin users".
https://exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html#SECID39

--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2023-05-19 13:28, Jeremy Harris via Exim-users wrote:
> On 19/05/2023 13:08, Robert Nicholson via Exim-users wrote:
>> Do I have to be an administrator in order to be able to debug?
>
> The docs say "is restricted to admin users".
> https://exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html#SECID39
>
Which of the ACLs should this actually be in? I tried (though I may have
made typos) each of check_mail, check_rcpt, and check_data but it didn't
trigger at all.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 22/05/2023 02:47, Alexander Carver via Exim-users wrote:
> Which of the ACLs should this actually be in? I tried (though I may have made typos) each of check_mail, check_rcpt, and check_data but it didn't trigger at all.

I'm unclear what "this" refers to here.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/