On 2020-09-17 07:55, Yves Goergen wrote:
> That link would work for PAM, but my custom PAM module sends the
> request to a local backend server that does the actual work. And to
> distinguish services (it also handles FTP users which come from
> another table), it uses the service name.
>
> OK, s
On 2020-09-22 18:10, Christian Eyrich wrote:
> BTW: Yes, mails from other systems arrive without problems. So that
> looks like a general GMX error to me. But GMX is a quite large
> provider here in Germany and the problem persists since begin of
> September now—shouldn’t somebody have noticed tha
Where can I find a list of possible $event_data values for this event?
I realize that the list may not be fixed or guaranteed stable. Just give
me a starting point.
--
Ian
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please
On 2020-09-30 09:23, Jeremy Harris wrote:
> > Where can I find a list of possible $event_data values for this
> > event?
> >
> > I realize that the list may not be fixed or guaranteed stable. Just
> > give me a starting point.
>
> There's no formal list. It's a string intended to give a hint to
On 2020-10-07 15:14, Yves Goergen wrote:
> I'm setting up a new mail server with Exim and try to get the Sieve
> filter working as it does on another server. But it doesn't. And I
> don't know why.
>
> Here's a sieve script for demo@test.local:
>
> if header :contains ["Subject"] "Newsletter" {
On 2020-10-07 10:33, Victor Sudakov wrote:
> > However, look & feel of Exim's API leaves much to be desired... I
> > would prefer C/Perl style (without numerous {}), which does not
> > require syntax-highlighting editor to be managed even for simple
> > expressions. Say, || instead of
> >
Have you tried
LDFLAGS += -lspf2
This is what the sample Makefile recommends.
--
Ian
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
On 2020-11-11 13:16, Jeremy Harris wrote:
> > Semi-radical: provide an ACL, router, and transport modifier that
> > checks some variable or content for dangerous contents
> We have that. All data provided by an untrusted source, described
> as "tainted" for a shorthand.
I will not argue with th
On 2020-11-11 18:14, Jeremy Harris wrote:
> > I will not argue with the rest of your post, but it is not a _modifier_
> > if it is always on.
>
> Ah. Would an expansion condition be sufficient? So you could write
>
> ${if tainted{my_suspect_expansion} {expand_this} {expand_that}}
>
> That
On 2020-11-18 10:25, James Strother wrote:
> I'm getting errors when I try to send outgoing emails that I don't
> have permission to access the dkim private key. If I set the key to be
> world-readable, then everything works perfectly. Setting the file to
> be world-readable is okay temporarily (t
The Spec discusses this in chapter 42. However, it depends on general
certificate verification, which is discussed in 43.7, and so on the
tls_verify_certificates main configuration item. Reading the
documentaion for that,
The value of this option is expanded, and must then be either the word
On Thu, Feb 16, 2023 at 09:29:20AM -0500, Viktor Dukhovni via Exim-users wrote:
> On the other hand, much better to simply maintain an explicit table of
> trusted client public keys and match these (by SHA256 fingerprint
> perhaps). Use a lookup table to check whether the client is authorised
> or
On 2018-02-13 02:21, Andreas Bauer via Exim-users wrote:
> First, thanks to everyone contributing and sorry I did not have time
> to more deeply troubleshoot the SSL issue.
> My previous assesment was wrong: even when exim was compiled with
> OpenSSL instead of GnuTLS the error did occur, albeit
I note with horror that now I am also a 'via Exim-users' despite
intentionally NOT using DKIM for list messages, including this one.
Why? Is the rewriting now done regardless?
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To
On 2018-02-12 22:50, Viktor Dukhovni via Exim-users wrote:
> > My server runs in a KVM. Doesn't that rule out hardware TCP
> > offloading as the culprit?
>
> No, it rather makes the problem more likely. Virtual machines are
> often behind NAT, which can be incompatible with TCP offload, and
> t
On 2018-02-12 20:57, Ian Zimmerman via Exim-users wrote:
> Ok, it was on, I disabled it. We'll see soon enough if your
> hypothesis is right :-)
No change :-(
But in my case, all the messages actually make it through. Also, I
checked my old logfiles, and this was the case even
On 2018-03-01 17:23, Brian Spraker wrote:
> I realize I may need to provide my ACLs for this question - but I have
> seen where emails are being sent from the server (from websites) and
> they are not going through any of the checks.
acl_not_smtp
--
Please don't Cc: me privately on mailing list
On 2018-03-01 19:51, Brian Spraker wrote:
>> acl_not_smtp
> I can use the typical SpamAssassin checks in here without needing exiscan?
The spec says: (Section 43.3)
The acl_not_smtp ACL is run just before the local_scan() function.
I take that to mean that you can do anything there that you c
On 2018-03-01 21:55, Brian Spraker wrote:
> Went through and had to do quite a bit of removal of some ACLs for
> that to work. the acl_not_smtp cannot check for authentication
> (duh..), cannot check receipients (which is odd?), and can't check for
> invalid local_parts (which is odd?).
How did y
I just turned on callout sender verify with the random option.
Strangely, the first (and only the first) connect from many domains
after that is temporarily rejected, although the callout seems to
succeed with a 250 status code. The log lines look like this:
2018-05-29 12:25:26 acl_check_connect:
On 2018-05-30 09:16, Ian Zimmerman wrote:
> 2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 sender verify
> defer for : Could not complete
> sender verify callout: mail.haskell.org [23.253.242.70] :
> response to "RCPT TO:" was: 250
> 2.1.5 Ok
> 2018-05-29 12:25:40 H=haskell.org [23.253.
On 2018-06-07 16:44, Jeremy Harris wrote:
> >> 2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 sender verify
> >> defer for : Could not complete
> >> sender verify callout: mail.haskell.org [23.253.242.70] :
> >> response to "RCPT TO:" was: 250
> >> 2.1.5 Ok
> >> 2018-05-29 12:25:40 H=ha
It seems the only way to make exim with the -bd option _not_ become a
daemon, and _not_ disconnect from the controlling terminal, is to also
give it a -d option.
I need the foreground behavior to run exim under the supervisor daemon,
but I don't care for the verbose debugging output. How can I li
On 2018-06-08 08:02, Heiko Schlittermann wrote:
> exim -bdf
Thanks, I knew there was a specific option for that! I just forgot what
it was.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Use
On 2018-06-08 18:34, Heiko Schlittermann wrote:
> > > >> 2018-05-29 12:25:40 H=haskell.org [23.253.242.70]:51176 sender verify
> > > >> defer for : Could not complete
> > > >> sender verify callout: mail.haskell.org [23.253.242.70] :
> > > >> response to "RCPT TO:" was:
> > > >> 250 2.1.5 Ok
> >
A rare piece of spam was able to get through my exim based defenses.
It was DKIM signed, and the log entry when it was received looks like
this:
2018-07-13 15:46:16 1fe6pM-0007WY-7X PDKIM: d=wallstreetinsider.org s=mail
[failed key import]
2018-07-13 15:46:16 1fe6pM-0007WY-7X <= i...@wallstreeti
On 2018-07-15 09:30, Jeremy Harris wrote:
> You don't say what Exim version, and it may matter.
Sorry about that, it's 4.91
> Look for $dkim_verify_status in the docs; it should be available in
> the data ACL.
The doc paragraph mentioning this variable and its friends starts:
"Inside the acl
On 2018-07-19 13:27, Phil Pennock wrote:
> I seriously messed up and didn't test enough scenarios when making a
> change to Exim configs for exim.org on Tuesday. I then spent
> yesterday heads-down on work and didn't see Jeremy's report to me.
>
> I broke things such that sender verification fai
After reading the chapter on events in the Spec, I thought it was too
hairy even for my baroque taste, so I tried to compile without it. I
got this:
smtp.c:1626:34: error: ‘transport_instance {aka struct
transport_instance}’ has no member named ‘event_action’ (void)
event_raise(sx->tblo
In the ${acl {FOO}} construction, does (the expansion of) FOO have to be
strictly an ACL name, or is an algorithm like the one in acl_smtp_rcpt =
FOO followed? In particular can FOO expand to "/etc/exim/foo.acl" ?
If it's not possible now, would a feature request (or a patch) be
accepted?
--
Pl
On 2018-07-31 09:47, Sebastian Arcus wrote:
> I post messages from time to time to Spamassassin mailing list, and
> several members have been complaining about my DKIM setup - they say
> they can't receive my emails because of it. Specifically, the
> complaint is that my Exim signs the List-* head
On 2018-10-16 15:40, Graeme Fowler via Exim-users wrote:
> > I agreed that systemd should allow exim to work on current rules. But I
> > don know how can I argue to Lennart Poettering to change his mind.
>
> You can't :)
>
> What you've shown us is (in my opinion) an incredibly niche case which
On 2018-10-26 15:37, Mauritz Swanepoel via Exim-users wrote:
> # LOGS FROM EXIM WHERE THE MAIL WAS FORWARDED TO THE VACATION MAILBOX (BUT
> FROM SAME ACCOUNT)
>
> 2018-10-26 15:27:41 1gG29N-0007ZG-1F DKIM: d=*** s=default c=relaxed/relaxed
> a=rsa-sha256 b=2048 [verification succeeded]
>
> 2018-
Does Exim ever change messages with respect to the MIME encoding of
parts, if the MIME ACL is not used? That is, can it take an encoded
message, take it apart, and re-encode it (possibly changing the
message's bit representation)?
The context is the link below and down the thread from there. I h
On 2018-10-28 17:48, Jeremy Harris wrote:
> > Does Exim ever change messages with respect to the MIME encoding of
> > parts, if the MIME ACL is not used? That is, can it take an encoded
> > message, take it apart, and re-encode it (possibly changing the
> > message's bit representation)?
>
> I d
I am very much afraid that this is a FAQ, and in fact I may have asked
it myself once. Please forgive me, my memory definitely isn't what it
used to be.
What is the recommended/canonical way to run an arbitrary external
process on a mail that is being processed and capture the output of the
proce
On 2018-11-11 17:49, Jeremy Harris wrote:
> > What is the recommended/canonical way to run an arbitrary external
> > process on a mail that is being processed and capture the output of
> > the process so it can be used for expansion?
>
> The malware ACL condition, with your choice of scanner type
On 2018-11-11 19:22, Jeremy Harris wrote:
> >> The malware ACL condition, with your choice of scanner type "sock"
> >> or "cmdline".
> >
> > Yea, I thought about that too. Feels like the cleanest solution,
> > but ... it is too early. I need to delay the program until delivery
> > time.
>
> Th
Apparently they are not expanded. Is there a good reason? I just had a
case where it would have been convenient, although I quickly found a
work around.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only
On 2018-11-16 23:08, Jeremy Harris wrote:
> Whether something is expanded depend on where it is used, which
> you don't say. The documentation for each option should make it clear.
What I wanted to write was more like "time-valued configuration options
are not expanded" but then I would have bee
On 2018-11-18 11:50, Aki Kyo wrote:
> I want to run something like rspamd and apply per-user spam filtering,
> which means multiple recipients might have different spam scoring
> results or different white/black list results on the same message. I
> know it depends when it's done, like during the
On 2018-11-28 15:31, Jeremy Harris wrote:
> > DKIM signatures are not a problem, as incoming mail are validated
> > Before applying any rules
>
> ... except for MUAs that do their own DKIM-checking
And spamassassin if it is plugged somewhere betwixt exim and the MUA.
--
Please don't Cc: me pri
On 2018-11-28 18:18, Bill Cole wrote:
> Using the MIME::Tools modules should make it pretty painless.
[...]
> But, as others have said: you shouldn't.
An extra warning to anyone thinking about this: if you let Perl regenerate
the _entire message_ (including the body), you'll be sorry.
http://l
On 2018-11-30 01:00, Jay Gairson wrote:
> To manage my virtual users (and the domains they are associated with),
> I have used a variety of solutions over the years -- flat files, SMAD,
> VEXIM, etc. It appears most of these solutions, except flat files,
> are increasingly outdated or nonfunction
What happens if the right hand side for headers_add option is empty
after expansion? Clearly I would rather not add an empty header line
;-)
Right now I am most interested in the answer for the generic transport
option, but I don't expect it to differ in all the other places where
this option is
Filtering spec Section 3.15:
It is possible to have more than one logfile command, to specify
writing to different log files in different circumstances.
But the logwrite command has no explicit file argument, so it is not
clear how to split the logs in this way. Maybe the logwrite goes to the
On 2019-01-16 14:45, Mike Tubby wrote:
> *1. Double increment of build numbers*
>
> I only get even-numbered compile numbers due to what looks like a
> double increment:
>
> root@relay1:~/exim-4.91# make install
> /bin/sh scripts/source_checks
> `Makefile' is up to date.
>
> make[1]: Entering d
Three possibilities, I don't know which one would work:
$h_x-foo: matches \N"foo[.]? bar$"\N
$h_x-foo: matches "\Nfoo[.]? bar$\N"
$h_x-foo: matches \Nfoo[.]? bar$\N
The documentation, alas, doesn't help.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the follow
> On 19/01/2019 00:49, Ian Zimmerman via Exim-users wrote:
> > Three possibilities, I don't know which one would work:
> >
> > $h_x-foo: matches \N"foo[.]? bar$"\N
> >
> > $h_x-foo: matches "\Nfoo[.]? bar$\N"
> >
> > $h_x-f
On 2019-01-19 19:20, Jeremy Harris wrote:
> The docs give examples which appear to cover your needs:
> quotes on the outside and you don't appear to need \N
> (but you'd have to write it with doubled \ and within
> the quotes, if you did need it eg. to manage $-signs).
>
> I'm looking at
>
> htt
On 2019-01-19 21:37, Jeremy Harris wrote:
> True, the examples did not contain any spaces. The text however said:
>
> "If the regular expression is given in quotes (mandatory only if it
> contains white space)"
Score: Jeremy 1, Ian 0 ... but the examples immediately following
certainly show wha
It is unclear to me how I can yield any "interesting" string from a
${dlfunc ..} expansion, because apparently the main exim program doesn't
try to free the store to which the _yield_ variable points. The only
example I have seen of actual dlfunc use is [1], and it only yields
constant strings. S
On 2019-01-24 20:44, Jeremy Harris wrote:
> string_sprintf()
> string_copy()
> string_copyn()
Exactly what I was hoping for! Thanks.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet a
On 2019-01-24 14:10, Ian Zimmerman wrote:
> On 2019-01-24 20:44, Jeremy Harris wrote:
>
> > string_sprintf()
> > string_copy()
> > string_copyn()
>
> Exactly what I was hoping for! Thanks.
A follow-up question. Can I do the analogue of realloc()?
I am trying to construct a list (in the
I do this in acl_smtp_mail:
ASN_DOMAIN = asn.routeviews.org
warn
condition = ${lookup dnsdb{>;
txt=${reverse_ip:$sender_host_address}.ASN_DOMAIN}}
set acl_c_sender_asn = $value
and later on, I check acl_c_sender_asn, but it seems to be empty. I
peeked in my named log and I see the qu
On 2019-01-31 19:00, Jeremy Harris wrote:
> > Does it only last till the end of the current expansion? That is not
> > the sense I got from the documentation.
> >
>
> The docs say, regarding ${lookup } :-
>
> If the lookup succeeds, is expanded and replaces the entire
> item. During its exp
What is the preferred way thse days? Pull request on github? A mail to
the dev list with the patch attached? Or?
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which r
On 2019-02-06 09:47, Klaus Ethgen wrote:
> did anybody already debug and fix the problem in debian that exim is
> not stopped with stop action anymore?
I run debian on my server but I compile exim from upstream source, so I
had to write my own initscript. I append it below; it seems to work
fine
As an alternative to geolocation of IP addresses, consider
asn.routeviews.org.
--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for
On 2019-03-23 12:31, jan-jun.2019--- via Exim-users wrote:
> But, any attempt to import the needed module fails when trying
> 'require "reject";'
Are you sure exim even implements this feature? The Filter Spec says at
the beginning of Chapter 2: [1]
> The Exim Sieve implementation offers the co
An unwanted message arrived to my mailbox with the following Subject:
Subject:
=?UTF-8?B?VXMgY29uZ3Jlc3MgaGVhcmluZyBvZiBtYWFuIGFsc2FhbiBNb25leSBsYXVuZHJ5INmC?=
=?UTF-8?B?2LbZitipINin2YTZg9mI2YbYutis2LHYsyDZhNi62LPZitmEINin2YTYo9mF2YjYp9mEINmE2YTZhdmE?=
=?UTF-8?B?2YrYp9iv2YrYs
On 2019-04-17 16:50, Mathieu wrote:
> > In Case you need such a tool:
> Or simply use Perl:
Yeah. I knew perfectly well what the decoded text was; perhaps I didn't
make that clear enough. My problem was - and is - that the filter rule
didn't match, despite one of the alternatives in the regexp
On 2019-04-17 15:30, Lena--- wrote:
> check_rfc2047_length = false
Thanks, Lena.
If I leave it as true (the default), and $h_subject: turns out to
contain "=?UTF-8?B?", can I assume (not with certainty, but with a high
likelihood) the message violates the RFC?
--
Please don't Cc: me privately
When is the file specified by tls_privatekey read, in a daemon exim?
Once at startup, or every time a TLS connection is made?
IOW, does exim need to be SIGHUPed when the file changes? And does the
file need to be readable by the exim user or group id?
Thanks.
--
Please don't Cc: me privately o
On 2019-05-19 16:05, Arno Thuber wrote:
> Exim uses my certificate and it's private key. Those data (at least
> the private key) is precious and therefore not world readable on my
> host. The file access rights are 640 with u=root and
> g=privkey_users. The group privkey_users is an additional gro
On 2019-05-21 14:09, Mike Brudenell wrote:
> Given that most email clients only offer *Reply* or *Reply to all*
> then if we do want people to reply to the list perhaps the Reply-to
> header should be set to the list's address?
Most email clients? I don't know. The ones I know about (mutt, claw
On 2019-05-24 08:59, Jeremy Harris wrote:
> deny sender_domains = spammy.dom.ain
>
> (and you can do it in the mail-from ACL, and save resources. No need
> to wait until the data ACL)
Doesn't that break some RFC, if postmater is the recipient?
--
Please don't Cc: me privately on mailing lists
On 2019-06-14 12:07, Aki Kyo wrote:
> Hello, can someone help guide me what the best way is to grab copies
> of one of our users outgoing mails and bcc to another address?
I would use the "system filter" feature of exim (specification in Chapter 46).
--
Please don't Cc: me privately on mailing
On 2019-06-23 23:52, Cyborg wrote:
> Anyone who used this restricted chars patch:
>
> deny message = Restricted characters in address
> domains = +local_domains
> local_parts = ^[.] : ^.*[\$@%!/|]
>
> should update to this ruleset :
>
> deny message
On 2019-06-24 17:23, Jeremy Harris wrote:
> > I just want to prohibit any backslashes in local parts. I know this is
> > totally safe to do im my case. So what it the appropriate number of
> > backslashes to put in the regexp? Will this work:
> >
> > deny message = Restricted characters in add
On 2019-06-24 20:35, Cyborg wrote:
> Am 24.06.19 um 19:55 schrieb Ian Zimmerman via Exim-users:
> > On 2019-06-24 17:23, Jeremy Harris wrote:
> > For instance, if I say this in the -bh dialog:
> >
> > RCPT TO:
> >
> > the local part being tested, ac
On 2019-06-25 09:26, Bill Cole wrote:
> > PS: I do not need an additional copy of list emails. I get
> > very tired of getting them. If your MUA does not have
> > a "reply to list" button, please get a better one.
> > I swear, I'm going to start deliberately ignoring anyone
> >
On 2019-07-03 21:42, Jeremy Harris wrote:
> > \\x24 should match the literal \x24, which may be used to encode the
> > dollar sign for the unintended local_part expansion in the vulnerable
> > code.
After your important discovery that escaping is done on local parts as
part of SMTP (at least that
On 2019-07-16 15:03, David Purton wrote:
> 2019-07-16 14:23:14 Start queue run: pid=12322 -qf
> 2019-07-16 14:23:14 1hnFQ2-000379-9I no IP address found for host
> smtp.gmail.com
> 2019-07-16 14:23:14 1hnFQ2-000379-9I == exam...@hotmail.com R=smarthost
> defer (-1): lookup failed for
Is acl_smtp_mime (or acl_not_smtp_mime) called at all for non-MIME
messages, ie. those encoded as us-ascii with no MIME-Version: and
Content-Type: headers? I expected they would be (with the whole body
treated as a single text/plain part) but now I found a message of this
type in my store which ap
On 2019-09-21 00:05, Heiko Schlittermann wrote:
> No, *mime_acl is for MIME. Plain text body is not MIME.
> But actually I do not understand why we don't have acl_not_smtp_data.
> Ah, because we got acl_not_smtp.
>
> So, probably you want
>
>
> acl_smtp_mime = check_mime
> acl_not_s
On 2019-09-21 08:15, Heiko Schlittermann wrote:
> But the message gets written to the scan/ dir if you request content
> inspection (demime, or malware condition), and demime gives you access
> to $mime_decoded_filename.
Well, isn't this my point? How can I do these things if none the mime
acls
On 2019-09-21 22:07, Jeremy Harris wrote:
> > Well, isn't this my point? How can I do these things if none the
> > mime acls is called? Can I do it from the data acls? If so I think
> > this is not at all clear from the doc.
>
> Does malware= with either the cmdline or sock scanner type do wha
There is still a shade of uncertainty, though. (I could look at the
code to clear it up, and I'll accept a suggestion to do just that, but
first I'll try my luck here.)
The text of the spec says:
Additional ACL conditions and modifiers: decode, malware, mime_regex,
regex, and spam. These can
On 2019-09-24 07:10, Heiko Schlittermann wrote:
> > * Additional ACL conditions and modifiers: decode, malware,
> > mime_regex, regex , and spam. These can be used in the ACL that is
> > run at the end of message reception (the acl_smtp_data ACL).
>
> I'll change this, removing the latter afte
On 2019-09-24 09:08, Jeremy Harris wrote:
> Don't try to be too clever, it'll break later. Use the interfaces
> provided.
If I use the malware condition, I have to write a whole program to
handle the other end. I have a choice:
- Write in in C, and deal with the usual memory management nightma
On 2019-09-24 13:51, Heiko Schlittermann wrote:
> Isn't that well defined enough?
> /scan//.eml
>
> It gets created on the first malware condition.
Are you sure?
I have no malware= condition in my configuration now. I had one until
yesterday, but for a different and unrelated purpose, and I re
On 2019-09-24 11:43, Ian Zimmerman wrote:
> I have no malware= condition in my configuration now. I had one until
> yesterday, but for a different and unrelated purpose, and I removed
> it. Nevertheless, my dlexpand module, which is called from the MIME
> acl with $mime_decoded_filename is an ar
On 2019-09-25 07:21, Dennis Davis wrote:
> Chapter 14 of the manual. The main option message_body_visible:
>
> message_body_visible Use: main Type: integer Default: 500
Yes, thanks. I'll leave it at the default until I get a spam message
because of it :-)
--
Please don't Cc: me priv
On 2019-11-04 18:13, Odhiambo Washington wrote:
> True, I do not have gcc installed anywhere. FreeBSD uses clang and that is
> referenced from /etc/make.conf:
> CC=clang
> CXX=clang++
> CPP=clang-cpp
If the Makefile itself has a setting for CC, the Makefile value will
take precedence over /etc/ma
On 2019-11-06 14:07, Jeremy Harris wrote:
> >> I can only conclude that the taint-checking is broken
> >> in your build. If you do "make FULLECHO=''" do the
> >> cc lines have "-DTAINT_CHECK_SLOW" ?
>
> Apparently not. Somehow, your build has not used
> the OS/Makefile-FreeBSD file - or you ha
On 2019-11-07 20:04, Odhiambo Washington wrote:
> If anything, I am entirely blank about what would cause the
> replacement of in Makefile-FreeBSD or even how to preserve anything
> from it in my env.
The main makefile which drives the build process "includes" both
Local/Makefile and one of the s
On 2019-11-08 20:45, Jeremy Harris wrote:
> f3facb664c added:
> +CFLAGS += -DTAINT_CHECK_SLOW
>
> That precedes exim-4.93-RC0, so should be in your sources.
> I've just downloaded RC1 to check, and it is there too.
>
> Ian, please doublecheck.
Yeah, I had a different branch checked out. It's t
On 2019-11-12 15:20, Lars Schimmer wrote:
> I do run a exim4 host (debian), and I want to forward all emails
> incoming for 3-5 Emails to another host (NOT a different domain)
This is confusing. Have you meant "3-5 days" or something like that?
> Has anyone a example for such a router wiht a co
On 2019-12-08 22:33, Heiko Schlittermann wrote:
> Today we released Exim 4.93.
> For a more detailed list of changes that might affect an unchanged
> runtime configuration (e.g. some defaults changed (regarding DANE,
> DNSSec, TLS)):
> ... ChangeLog
The apparent change to store_get() signature
On 2019-12-10 08:55, Jeremy Harris wrote:
> > The apparent change to store_get() signature - taking an extra
> > argument related to taint checking - isn't documented in the
> > ChangeLog, or in the Specification document either. I expect this
> > breaks any local_scan() or dlexpand code.
>
> st
On 2019-12-10 19:47, Jeremy Harris wrote:
> I'll get that chapter touched up for the new interface, and
> also add the prototype to local_scan.h
No need for the second part, as it's already declared indirectly via
store.h, as noted in the other subthread.
Thanks for the help!
--
Please don't C
I get these:
Dec 10 11:49:07 ahiker exim: 2019-12-10 11:49:07 1ielVK-00047P-Ll DKIM:
validation error: error:04091068:rsa routines:int_rsa_verify:bad signature
Dec 10 11:49:07 ahiker exim: 2019-12-10 11:49:07 1ielVK-00047P-Ll attempt to
expand tainted string '${exim_version}'
--
Dec 10 11:50:19
On 2019-12-10 21:08, Jeremy Harris wrote:
> Doublecheck with:
> $ exim -bP config_file
> $ exim -bP config | grep version
I see now - I call expand_string programatically in my dlexpand
modules.
So, next question: is the result of expand_string _always_ tainted? And
is there a way to get the ve
On 2019-12-11 09:55, Jeremy Harris wrote:
> So: what sort of memory were you expanding, and what string was in it
> (just "${exim_version}" ? That plus something else (what)? )?
It was just like this:
const uschar* exim_version = expand_string(US "${exim_version}");
if (Ustrcmp(exim_versio
On 2019-12-11 14:20, Ian Zimmerman wrote:
> const uschar* exim_version = expand_string(US "${exim_version}");
> if (Ustrcmp(exim_version, EXIM_VERSION_STR)) {
So, I have rewritten it as follows, and there is no more noise. Is this
now the expected usage of constant strings?
uschar *my_exp
On 2019-12-14 17:44, Jeremy Harris wrote:
> >> const uschar* exim_version = expand_string(US "${exim_version}");
> >> if (Ustrcmp(exim_version, EXIM_VERSION_STR)) {
> >
> > So, I have rewritten it as follows, and there is no more noise. Is this
> > now the expected usage of constant strings?
On 2019-12-15 14:13, Jeremy Harris wrote:
> >> devuan linux "ascii", kernel 4.9.0-9-amd64, libc 2.24-11+deb9u4,
> >> exim self-built from 4.93 source.
>
> We encourage users of less-common platforms/cpus/distributions
> to consider operating a buildfarm animal.
>
> Doing so will mean that the pr
On 2019-12-15 11:31, Jeremy Harris wrote:
> > devuan linux "ascii", kernel 4.9.0-9-amd64, libc 2.24-11+deb9u4, exim
> > self-built from 4.93 source.
> >
> > Looking how is_tainted is implemented, I see that its answer on
> > constant strings would in any case depend on the order of heap
> > versus
On 2020-01-16 16:00, Jeremy Harris wrote:
> I'm going for the alternate method of checking at runtime.
> See 36eb5d3d77.
Looking at this, I see there is no longer a way to disable the
optimization completely at compile-time (ie. -DTAINT_CHECK_SLOW). May I
respectfully request that it be added ba
1 - 100 of 113 matches
Mail list logo
