headers
Ross Boylan | 2 Oct 2011 23:53
Picon

inappropriate result caching in router?

exim 4.69 reports it can't route lmtpbouncelong-ross <at> betterworld.us,
despite this router:
lmtp_bounce_long:
  debug_print = "R: lmtp_bounce_long for $local_part <at> $domain"
  driver = accept
  local_part_prefix = lmtpbouncelong-
  local_parts = +imap_users
  transport = cyrus_fail_long

If I comment out the local_parts test, routing succeeds.  ross is in
+imap_users.  Routing appears to fail because the result of a previous
local_parts test (with different affixes) is used.

Is this a bug?  Is there anything I can do about it?

The larger scheme is that I'm trying to send myself a notice if the lmtp
delivery fails.  To do that I plan to rewrite the envelope sender to,
e.g., lmtpbouncelong-xxx and then intercept the bounce with a special
router and autoreply transport.  I don't want to use a regular bounce
because the notice needs to avoid having any of the potentially
problematic characters from the original message in it.

DETAILS
The debug log of the failure shows (in part)
--------> local_long router <--------
local_part=lmtpbouncelong-ross domain=betterworld.us
checking local_parts
lmtpbouncelong-ross in "ross:karen:kelsey"? no (end of list)
lmtpbouncelong-ross in "+imap_users"? no (end of list)
local_long router skipped: local_parts mismatch
(Continue reading)

Permalink | Reply | 1 comment |
headers
Phil Pennock | 3 Oct 2011 04:31

Re: inappropriate result caching in router?

On 2011-10-02 at 14:53 -0700, Ross Boylan wrote:
> exim 4.69 reports it can't route lmtpbouncelong-ross <at> betterworld.us,
  ^^^^^^^^^

> If I comment out the local_parts test, routing succeeds.  ross is in
> +imap_users.  Routing appears to fail because the result of a previous
> local_parts test (with different affixes) is used.

ChangeLog lists as one of the items fixed in Exim 4.70:

----------------------------8< cut here >8------------------------------
TF/03 Bugzilla 615: When checking the local_parts router precondition
      after a local_part_suffix or local_part_prefix option, Exim now
      does not use the address's named list lookup cache, since this
      contains cached lookups for the whole local part.
----------------------------8< cut here >8------------------------------

I'm going to start cutting the first release candidate for Exim 4.77
later this evening, in case that helps you decide to upgrade.

-Phil

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 0 comments |
headers
Phil Pennock | 3 Oct 2011 14:41
Favicon
Gravatar

Exim 4.77 RC1 uploaded (hurried schedule)

I have uploaded Exim 4.77 RC1 to:
	ftp://ftp.exim.org/pub/exim/exim4/test/

Most pressingly, we have made a backwards-incompatible change to the
match_* expansion conditions, for which I've sent mail to exim-announce
with the gory details; we believe that a number of folks have created
Exim configurations which are subject to SQL injection attacks.  Those
using GnuTLS may start sending with TLS 1.2 or TLS 1.1 with this
release, where previously you were limited to just TLS 1.0 and SSL 3.0.

ChangeLog can be found at:
	http://git.exim.org/exim.git/blob_plain/0d0e445543703d3294a16a17a4606c9eade7afcb:/doc/doc-txt/ChangeLog

The files are signed with the PGP key 0x3903637F, which has a uid
"Phil Pennock <pdp <at> exim.org>".  Please use your own discretion in
assessing what trust paths you might have to this uid.

I am abandoning the use of wiki pages for collecting feedback on Release
Candidates, to determine which OSes shall be first-class supported, as
roughly nobody was updating the wiki pages.  We shall have to find
another way to balance RC testing vs OS support.

Checksums below.  Detached PGP signatures in .asc files.

Please report issues in reply to this email, on exim-users.

We have provided mitigation options for the misconfigurations, but it is
easier to deal with some scenarios with this release's inlisti{}{}
condition, so we'd like to push that through fairly rapidly, to assist
folks in fixing their configurations.  Barring major incident, at the
(Continue reading)

Permalink | Reply | 7 comments |
headers
Frank Elsner | 3 Oct 2011 15:15
Picon
Favicon

Re: Exim 4.77 RC1 uploaded (hurried schedule)

On Mon, 3 Oct 2011 08:41:33 -0400 Phil Pennock wrote:
> I have uploaded Exim 4.77 RC1 to:
> 	ftp://ftp.exim.org/pub/exim/exim4/test/


Compiles and builds perfect under Fedora 14, but install complains:

root <at> seymour: /usr/local/exim/src/exim-4.77_RC1<87> make install
`Makefile' is up to date.

make[1]: Entering directory `/usr/local/exim/src/exim-4.77_RC1/build-Linux-i386'
../scripts/reversion: line 9: .: version.sh: file not found
*** Your copy of Exim lacks any version information.
make[1]: *** [version.h] Error 1
make[1]: Leaving directory `/usr/local/exim/src/exim-4.77_RC1/build-Linux-i386'
make: *** [all] Error 2
root <at> seymour: /usr/local/exim/src/exim-4.77_RC1<88> find . -name version.sh
./src/version.sh
./build-Linux-i386/version.sh
root <at> seymour: /usr/local/exim/src/exim-4.77_RC1<89>

Just my 0.02 €, Frank

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 0 comments |
headers
Graeme Fowler | 3 Oct 2011 15:52

Re: Exim 4.77 RC1 uploaded (hurried schedule)

On Mon, 2011-10-03 at 15:15 +0200, Frank Elsner wrote:
> Compiles and builds perfect under Fedora 14, but install complains:

Confirmed; tarball version fails, but source pulled from git repo builds
and installs normally.

Looks like something isn't quite right in the RC packaging, because that
version check should be handled by git automatically on creation of a
release (as far as I recall).

Graeme

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 1 comment |
headers
Phil Pennock | 4 Oct 2011 00:00

Re: Exim 4.77 RC1 uploaded (hurried schedule)

On 2011-10-03 at 14:52 +0100, Graeme Fowler wrote:
> On Mon, 2011-10-03 at 15:15 +0200, Frank Elsner wrote:
> > Compiles and builds perfect under Fedora 14, but install complains:
> 
> Confirmed; tarball version fails, but source pulled from git repo builds
> and installs normally.

Oh pox.  I installed from tarball on my own machine, as part of the
final testing before release.

We'll look into this.

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 0 comments |
headers
Matt Justin | 3 Oct 2011 22:55

Re: Exim 4.77 RC1 uploaded (hurried schedule)

I don't see http://bugs.exim.org/show_bug.cgi?id=1141 on the list of changes for 4.77..

does that mean it wasn't fixed and is not making 4.77 ?

Matt Justin 

This message is for the addressee's use only and may contain confidential, proprietary or legally
privileged information. Unauthorized forwarding, copying, printing, distribution, or any other
unauthorized use of the information in this message is prohibited. If you believe you are not the intended
recipient of the message, please notify the sender and delete the message. No confidentiality or
privilege is waived or lost by any mistransmission.
  _____  

From: Phil Pennock [mailto:pdp <at> exim.org]
To: exim-users <at> exim.org
Sent: Mon, 03 Oct 2011 12:41:33 +0000
Subject: [exim] Exim 4.77 RC1 uploaded (hurried schedule)

I have uploaded Exim 4.77 RC1 to:
   ftp://ftp.exim.org/pub/exim/exim4/test/
  
  Most pressingly, we have made a backwards-incompatible change to the
  match_* expansion conditions, for which I've sent mail to exim-announce
  with the gory details; we believe that a number of folks have created
  Exim configurations which are subject to SQL injection attacks.  Those
  using GnuTLS may start sending with TLS 1.2 or TLS 1.1 with this
  release, where previously you were limited to just TLS 1.0 and SSL 3.0.

  ChangeLog can be found at:
   http://git.exim.org/exim.git/blob_plain/0d0e445543703d3294a16a17a4606c9eade7afcb:/doc/doc-txt/ChangeLog
(Continue reading)

Permalink | Reply | 5 comments |
headers
Phil Pennock | 4 Oct 2011 01:13
Favicon
Gravatar

Re: Exim 4.77 RC1 uploaded (hurried schedule)

On 2011-10-03 at 15:15 +0200, Frank Elsner wrote:
> On Mon, 3 Oct 2011 08:41:33 -0400 Phil Pennock wrote:
> > I have uploaded Exim 4.77 RC1 to:
> > 	ftp://ftp.exim.org/pub/exim/exim4/test/
> 
> 
> Compiles and builds perfect under Fedora 14, but install complains:
> 
> root <at> seymour: /usr/local/exim/src/exim-4.77_RC1<87> make install
> `Makefile' is up to date.
>  
> make[1]: Entering directory `/usr/local/exim/src/exim-4.77_RC1/build-Linux-i386'
> ../scripts/reversion: line 9: .: version.sh: file not found

Ahah.

  8 if   [ -f version.sh ]
  9 then .    version.sh
 10 elif [ -f ../src/version.sh ]
 11 then .    ../src/version.sh
 12 fi

On BSD, /bin/sh's "." command will look in cwd if the command is not
found in $PATH, thus it working for me and presumably why it worked for
the original author.

I'll change it to: ./version.h

-Phil
(Continue reading)

Permalink | Reply | 0 comments |
headers
Phil Pennock | 4 Oct 2011 01:18
Favicon
Gravatar

Re: Exim 4.77 RC1 uploaded (hurried schedule)

On 2011-10-03 at 20:55 +0000, Matt Justin wrote:
> I don't see http://bugs.exim.org/show_bug.cgi?id=1141 on the list of changes for 4.77..
> 
> does that mean it wasn't fixed and is not making 4.77 ?

Yes, maybe.

It slipped my mind, I'm looking at it now, even though we're now in RC
status -- this is an important fix and worth bending the rules for.

-Phil

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 4 comments |
headers
Phil Pennock | 4 Oct 2011 11:30
Favicon
Gravatar

Re: Exim 4.77 RC1 uploaded (hurried schedule)

On 2011-10-03 at 19:18 -0400, Phil Pennock wrote:
> On 2011-10-03 at 20:55 +0000, Matt Justin wrote:
> > I don't see http://bugs.exim.org/show_bug.cgi?id=1141 on the list of changes for 4.77..
> > 
> > does that mean it wasn't fixed and is not making 4.77 ?
> 
> Yes, maybe.
> 
> It slipped my mind, I'm looking at it now, even though we're now in RC
> status -- this is an important fix and worth bending the rules for.

The change is sufficiently invasive that it would be more than bending
the rules.  I've updated bug 1141 with what I believe needs to be done,
but am not willing to make such a change without more substantial
testing long before a release, so am not prepared to add it now.

Sorry.

There's also a log-via-SQL change which was supposed to happen before
this release, but didn't happen, and I'm sorry about both omissions.

-Phil

--

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Permalink | Reply | 3 comments |

Gmane