Bug#989260: exim4-config: Default configuration enables sieve filters but cannot deliver from them

Sun, 30 May 2021 09:15:15 -0700 

Package: exim4-config
Version: 4.94.2-6

The default configuration provided by exim4-config allows for sieve
filters to be used in ~/.forward, but if a user attempts to configure
such a filter their mail delivery will most likely break.

More specifically, the keep action (including the default "keep" when
nothing matches the filter) will fail to deliver mail with an error
along the lines of

  2021-05-30 15:17:10 1lnNBd-0000rr-U4 == save inbox <test@localhost> 
R=userforward T=address_file defer (-21): appendfile: file or directory name 
"inbox" is not absolute

Most uses of a fileinto action will do the same, unless the user
specifies an absolute path to the desired mailbox file rather than the
plain mailbox name that the sieve specification calls for.

This can be tested as follows, using `docker run --rm -it debian:sid`:

  # Install exim
  apt-get update
  apt-get -y install dialog
  apt-get -y install exim4

  # Create test user and .forward file
  useradd --create-home test
  touch /home/test/.forward
  chown test.test /home/test/.forward
  chmod 0644 /home/test/.forward

  # Test 1: Default "keep", should deliver to /var/mail/test but fails
  echo '# Sieve filter' > /home/test/.forward
  mail test@localhost <<<"Testing"
  sleep 1

  # Test 2: Relative folder name, should deliver to /home/test/mail/testing but 
fails
  echo '# Sieve filter' > /home/test/.forward
  echo 'require "fileinto";' >> /home/test/.forward
  echo 'fileinto "testing";' >> /home/test/.forward
  mail test@localhost <<<"Testing 2"
  sleep 1

  # Test 3: Absolute path, will deliver to /home/test/somefile
  echo '# Sieve filter' > /home/test/.forward
  echo 'require "fileinto";' >> /home/test/.forward
  echo 'fileinto "/home/test/somefile";' >> /home/test/.forward
  mail test@localhost <<<"Testing 3"
  sleep 1

  # Show logs
  cat /var/log/exim4/mainlog

Adding the following to the "address_file" transport seems to fix it:

  group = mail
  file = ${if eq{$address_file}{inbox} \
           {/var/mail/$local_part_data} \
           {${if eq{${substr_0_1:$address_file}}{/} \
             {$address_file} \
             {$home/mail/$address_file} \
           }} \
         }

Or if you'd rather just disable sieve filters by default (so manual
configuration is needed to enable them), you might set
`forbid_sieve_filter` in the "userforward" router.

P.S. README.SIEVE.gz needs updating for the taint change in 4.94-18, it
uses $local_part rather than $local_part_data.

Reply via email to