Kirill Miazine
2022-Apr-25 13:47 UTC
Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery
So my workaround was to create a simple wrapper and call it, instead of
dovecot-lda:
$ cat /local/bin/dovecot-lda-wrapper
#!/bin/sh
exec /usr/local/libexec/dovecot/dovecot-lda \
-d "${LOCAL_PART}@${DOMAIN}" \
-a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
-r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
-f "${SENDER}"
Here's how it is called from Exim:
dovecot_pipe:
driver = pipe
command = /local/bin/dovecot-lda-wrapper
# command = /usr/local/libexec/dovecot/dovecot-lda \
# -d $local_part@$domain \
# -a $local_part$local_part_suffix@$domain \
# -r $local_part$local_part_suffix@$domain \
# -r $local_part$local_part_suffix@$domain \
# -f $return_path
? Kirill Miazine [2022-04-25 14:36]:> Hi, all
>
> The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
> described on https://wiki.dovecot.org/LDA/Exim
>
> Here is the relevant ChangeLog entry:
>
> JH/25 Taint-check exec arguments for transport-initiated external
processes.
> Previously, tainted values could be used. This affects
"pipe", "lmtp" and
> "queryprogram" transport, transport-filter, and ETRN
commands.
> The ${run} expansion is also affected: in "preexpand" mode
no part of
> the command line may be tainted, in default mode the executable name
> may not be tainted.
>
> As of now I don't have a personal working solution to get untained
data.
> I did try a small hack, but Exim was smart enough to see what I was
> doing.
>
> --
> -- Kirill Miazine <km at krot.org>
--
-- Kirill Miazine <km at krot.org>
Aki Tuomi
2022-Apr-25 13:56 UTC
Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery
You could also just switch to LMTP instead of LDA. Aki> On 25/04/2022 16:47 Kirill Miazine <km at krot.org> wrote: > > > So my workaround was to create a simple wrapper and call it, instead of > dovecot-lda: > > $ cat /local/bin/dovecot-lda-wrapper > #!/bin/sh > exec /usr/local/libexec/dovecot/dovecot-lda \ > -d "${LOCAL_PART}@${DOMAIN}" \ > -a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \ > -r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \ > -f "${SENDER}" > > Here's how it is called from Exim: > > dovecot_pipe: > driver = pipe > command = /local/bin/dovecot-lda-wrapper > # command = /usr/local/libexec/dovecot/dovecot-lda \ > # -d $local_part@$domain \ > # -a $local_part$local_part_suffix@$domain \ > # -r $local_part$local_part_suffix@$domain \ > # -r $local_part$local_part_suffix@$domain \ > # -f $return_path > > ? Kirill Miazine [2022-04-25 14:36]: > > Hi, all > > > > The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as > > described on https://wiki.dovecot.org/LDA/Exim > > > > Here is the relevant ChangeLog entry: > > > > JH/25 Taint-check exec arguments for transport-initiated external processes. > > Previously, tainted values could be used. This affects "pipe", "lmtp" and > > "queryprogram" transport, transport-filter, and ETRN commands. > > The ${run} expansion is also affected: in "preexpand" mode no part of > > the command line may be tainted, in default mode the executable name > > may not be tainted. > > > > As of now I don't have a personal working solution to get untained data. > > I did try a small hack, but Exim was smart enough to see what I was > > doing. > > > > -- > > -- Kirill Miazine <km at krot.org> > > -- > -- Kirill Miazine <km at krot.org>