Heads-up: Exim 4.96 RC0 may break your Dovecot LDA delivery
Kirill Miazine
km at krot.org
Mon Apr 25 12:36:22 UTC 2022
Hi, all
The just released RC0 for Exim 4.96 will break Dovecot LDA delivery as
described on https://wiki.dovecot.org/LDA/Exim
Here is the relevant ChangeLog entry:
JH/25 Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects "pipe", "lmtp" and
"queryprogram" transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in "preexpand" mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
As of now I don't have a personal working solution to get untained data.
I did try a small hack, but Exim was smart enough to see what I was
doing.
--
-- Kirill Miazine <km at krot.org>
More information about the dovecot
mailing list