dovecot - Apr 2022 - Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery

Hi, all

The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
described on https://wiki.dovecot.org/LDA/Exim

Here is the relevant ChangeLog entry:

JH/25 Taint-check exec arguments for transport-initiated external processes.
      Previously, tainted values could be used.  This affects "pipe",
"lmtp" and
      "queryprogram" transport, transport-filter, and ETRN commands.
      The ${run} expansion is also affected: in "preexpand" mode no
part of
      the command line may be tainted, in default mode the executable name
      may not be tainted.

As of now I don't have a personal working solution to get untained data.
I did try a small hack, but Exim was smart enough to see what I was
doing.

-- 
    -- Kirill Miazine <km at krot.org>

So my workaround was to create a simple wrapper and call it, instead of
dovecot-lda:

$ cat /local/bin/dovecot-lda-wrapper
#!/bin/sh
exec /usr/local/libexec/dovecot/dovecot-lda \
  -d "${LOCAL_PART}@${DOMAIN}" \
  -a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
  -r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
  -f "${SENDER}"

Here's how it is called from Exim:

dovecot_pipe:
    driver = pipe
    command = /local/bin/dovecot-lda-wrapper
#    command = /usr/local/libexec/dovecot/dovecot-lda \
#                -d $local_part@$domain \
#                -a $local_part$local_part_suffix@$domain \
#                -r $local_part$local_part_suffix@$domain \
#                -r $local_part$local_part_suffix@$domain \
#                -f $return_path

? Kirill Miazine [2022-04-25 14:36]:
> Hi, all
> 
> The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
> described on https://wiki.dovecot.org/LDA/Exim
> 
> Here is the relevant ChangeLog entry:
> 
> JH/25 Taint-check exec arguments for transport-initiated external
processes.
>       Previously, tainted values could be used.  This affects
"pipe", "lmtp" and
>       "queryprogram" transport, transport-filter, and ETRN
commands.
>       The ${run} expansion is also affected: in "preexpand" mode
no part of
>       the command line may be tainted, in default mode the executable name
>       may not be tainted.
> 
> As of now I don't have a personal working solution to get untained
data.
> I did try a small hack, but Exim was smart enough to see what I was
> doing.
> 
> -- 
>     -- Kirill Miazine <km at krot.org>
-- 
    -- Kirill Miazine <km at krot.org>