Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery
Aki Tuomi
aki.tuomi at open-xchange.com
Mon Apr 25 13:56:13 UTC 2022
You could also just switch to LMTP instead of LDA.
Aki
> On 25/04/2022 16:47 Kirill Miazine <km at krot.org> wrote:
>
>
> So my workaround was to create a simple wrapper and call it, instead of
> dovecot-lda:
>
> $ cat /local/bin/dovecot-lda-wrapper
> #!/bin/sh
> exec /usr/local/libexec/dovecot/dovecot-lda \
> -d "${LOCAL_PART}@${DOMAIN}" \
> -a "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
> -r "${LOCAL_PART}${LOCAL_PART_SUFFIX}@${DOMAIN}" \
> -f "${SENDER}"
>
> Here's how it is called from Exim:
>
> dovecot_pipe:
> driver = pipe
> command = /local/bin/dovecot-lda-wrapper
> # command = /usr/local/libexec/dovecot/dovecot-lda \
> # -d $local_part@$domain \
> # -a $local_part$local_part_suffix@$domain \
> # -r $local_part$local_part_suffix@$domain \
> # -r $local_part$local_part_suffix@$domain \
> # -f $return_path
>
> • Kirill Miazine [2022-04-25 14:36]:
> > Hi, all
> >
> > The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
> > described on https://wiki.dovecot.org/LDA/Exim
> >
> > Here is the relevant ChangeLog entry:
> >
> > JH/25 Taint-check exec arguments for transport-initiated external processes.
> > Previously, tainted values could be used. This affects "pipe", "lmtp" and
> > "queryprogram" transport, transport-filter, and ETRN commands.
> > The ${run} expansion is also affected: in "preexpand" mode no part of
> > the command line may be tainted, in default mode the executable name
> > may not be tainted.
> >
> > As of now I don't have a personal working solution to get untained data.
> > I did try a small hack, but Exim was smart enough to see what I was
> > doing.
> >
> > --
> > -- Kirill Miazine <km at krot.org>
>
> --
> -- Kirill Miazine <km at krot.org>
More information about the dovecot
mailing list