Page 1 of 9

Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 9:53 am
by peters
Hi,

after upgrading to the newest epel release exim-4-94-1.el7 exim stops working and starts complaining in the log.

Sending email:
sender verify defer for <peter@myfancydomain.com>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL

Receiving email:
2020-06-18 11:47:08 Tainted filename for search: '/etc/exim/domains/myfancydomain.com/aliases'
2020-06-18 11:47:08 H=stp.vestacp.com [188.226.163.96] X=TLS1.2:DHE-RSA-AES128-SHA:128 CV=no F=<forum@stp.vestacp.com> temporarily rejected RCPT <peter@myfancydomain.com>: failed to expand "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": NULL

Is there any solution to fix the config? As far as I found out this is caused by exim 4.94 that stops using tainted $local_part variable as local filename for delivery. This seems to be already fixed on Debian accordingly to https://launchpad.net/debian/+source/exim4/+changelog but now it´s live on Epel and there is no availability to downgrade to the older version via Epel.

If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:
wget https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 10:13 am
by peters
Additional Info:

https://git.exim.org/exim.git/blob/HEAD ... E.UPDATING

29 Exim version 4.94
30 -----------------
31
32 Some Transports now refuse to use tainted data in constructing their delivery
33 location; this WILL BREAK configurations which are not updated accordingly.
34 In particular: any Transport use of $local_part which has been relying upon
35 check_local_user far away in the Router to make it safe, should be updated to
36 replace $local_part with $local_part_data.
37
38 Attempting to remove, in router or transport, a header name that ends with
39 an asterisk (which is a standards-legal name) will now result in all headers
40 named starting with the string before the asterisk being removed. We recommend
41 staying away from such names, if they are private ones (and in case of future
42 enhancements, alao header names that look like REs).

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 1:02 pm
by servtelecom
Today epel has updated exim to 4.94-1.el7 and this has blocked my exim server with the following errors!

I have made a downgrade and it works perfect but I would like to be able to use the new version of exim;
These are the errors that it gives when updating, what parameters does exim.con come with by default in vestacp?

error next update 4.94-1:

-Tainted filename '/etc/exim/domains/domain.com/dkim.pem

-Tainted filename for search: '/etc/exim/domains/domain.com/aliases

-failed to expand "$ {extract {1} {:} {$ {lookup {$ local_part @ $ domain} lsearch {/ etc / exim / domains / $ domain / aliases}}}}": NULL

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 3:16 pm
by edica
I also have the same problem.

How to downgrade?
This did not work:
yum history undo 59

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 3:18 pm
by peters
If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:

wget https://ca1.dynanode.net/exim-4.93-3.el7.x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm

However this is only a workaround. I´m not sure if there will be a fixed exim version available or how the provided config from VestaCP should be changed to fix this problem. Any ideas?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 3:21 pm
by edica
Very good. It worked. Thanks.

Unfortunately I don't know how to make it work in version 4.94.
peters wrote:
Thu Jun 18, 2020 3:18 pm
If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:

wget ftp://ftp.pbone.net/mirror/download.fed ... x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm

However this is only a workaround. I´m not sure if there will be a fixed exim version available or how the provided config from VestaCP should be changed to fix this problem. Any ideas?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 5:54 pm
by RodolfoSouza
It worked. Thanks.
peters wrote:
Thu Jun 18, 2020 3:18 pm
If you want to downgrade on CentOS 7 and get back the working version exim-4.93-3.el7.x86_64.rpm do the following:

wget ftp://ftp.pbone.net/mirror/download.fed ... x86_64.rpm
rpm -Uvh --oldpackage exim-4.93-3.el7.x86_64.rpm

However this is only a workaround. I´m not sure if there will be a fixed exim version available or how the provided config from VestaCP should be changed to fix this problem. Any ideas?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Thu Jun 18, 2020 9:28 pm
by peters
For your information this issue has been reported today on bugzilla. Let's hope that they can fix the next version and exim 4.94 will work.

https://bugzilla.redhat.com/show_bug.cgi?id=1848283

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Fri Jun 19, 2020 5:22 pm
by compiz
I got the same problem too, any way to fix it or we wait for a new update?

Re: Problem after upgrade to exim-4.94-1.el7 on CentOS 7

Posted: Fri Jun 19, 2020 10:09 pm
by Savet
This is affecting me too. It's disappointing that they would push such a breaking change without better documentation how to correct config files.

For anybody trying to find a copy of the old 49.3-3 package which has now been replaced with 49.4 on all of the mirrors, you can get the package below if you choose to downgrade.

https://koji.fedoraproject.org/koji/bui ... ID=1507634