Taint: reject or log more tainted list metadata elements
authorJeremy Harris <jgh146exb@wizmail.org>
Tue, 19 Nov 2024 18:30:03 +0000 (18:30 +0000)
committerJeremy Harris <jgh146exb@wizmail.org>
Tue, 19 Nov 2024 20:06:08 +0000 (20:06 +0000)
doc/doc-docbook/spec.xfpt
doc/doc-txt/ChangeLog
src/src/expand.c
src/src/match.c
src/src/string.c
test/confs/2202
test/stderr/0632
test/stderr/2202
test/stderr/5410
test/stderr/5420

index ae30cb88653a9c77f03df2c1b2036084e0f92df6..c8f7659051212ab3964da12d4022aa3bcabf2742 100644 (file)
@@ -8635,6 +8635,11 @@ domainlist  dom2 = !a.b : *.b
 where &'x.y'& does not match. It's best to avoid negation altogether in
 referenced lists if you can.
 
 where &'x.y'& does not match. It's best to avoid negation altogether in
 referenced lists if you can.
 
+.new
+The list item which references a named list (&"+<listname>"&)
+may not be tainted.
+.wen
+
 .cindex "hiding named list values"
 .cindex "named lists" "hiding value of"
 Some named list definitions may contain sensitive data, for example, passwords for
 .cindex "hiding named list values"
 .cindex "named lists" "hiding value of"
 Some named list definitions may contain sensitive data, for example, passwords for
@@ -8739,6 +8744,9 @@ possible to use the same configuration file on several different hosts that
 differ only in their names.
 
 The value for a match will be the primary host name.
 differ only in their names.
 
 The value for a match will be the primary host name.
+.new
+The pattern may not be tainted.
+.wen
 
 
 .next
 
 
 .next
@@ -8754,6 +8762,9 @@ In today's Internet, the use of domain literals is controversial;
 see the &%allow_domain_literals%& main option.
 
 The value for a match will be the string &`@[]`&.
 see the &%allow_domain_literals%& main option.
 
 The value for a match will be the string &`@[]`&.
+.new
+The pattern may not be tainted.
+.wen
 
 
 .next
 
 
 .next
@@ -8770,6 +8781,10 @@ local host, and the second only when no primary MX target is the local host,
 but a secondary MX target is. &"Primary"& means an MX record with the lowest
 preference value &-- there may of course be more than one of them.
 
 but a secondary MX target is. &"Primary"& means an MX record with the lowest
 preference value &-- there may of course be more than one of them.
 
+.new
+The pattern may not be tainted.
+.wen
+
 The MX lookup that takes place when matching a pattern of this type is
 performed with the resolver options for widening names turned off. Thus, for
 example, a single-component domain will &'not'& be expanded by adding the
 The MX lookup that takes place when matching a pattern of this type is
 performed with the resolver options for widening names turned off. Thus, for
 example, a single-component domain will &'not'& be expanded by adding the
@@ -9605,6 +9620,12 @@ lower case. However, although independent matches on the domain alone are still
 performed caselessly, regular expressions that match against an entire address
 become case-sensitive after &"+caseful"& has been seen.
 
 performed caselessly, regular expressions that match against an entire address
 become case-sensitive after &"+caseful"& has been seen.
 
+.new
+This string may not be tainted.
+To do caseful matching on list elements whic are tainted,
+place them in a named list.
+.wen
+
 
 
 .section "Local part lists" "SECTlocparlis"
 
 
 .section "Local part lists" "SECTlocparlis"
@@ -9622,6 +9643,12 @@ matching in the local part list, but not elsewhere in the router. If
 &%caseful_local_part%& is set true in a router, matching in the &%local_parts%&
 option is case-sensitive from the start.
 
 &%caseful_local_part%& is set true in a router, matching in the &%local_parts%&
 option is case-sensitive from the start.
 
+.new
+This string may not be tainted.
+To do caseful matching on list elements whic are tainted,
+place them in a named list.
+.wen
+
 If a local part list is indirected to a file (see section &<<SECTfilnamlis>>&),
 comments are handled in the same way as address lists &-- they are recognized
 only if the # is preceded by white space or the start of the line.
 If a local part list is indirected to a file (see section &<<SECTfilnamlis>>&),
 comments are handled in the same way as address lists &-- they are recognized
 only if the # is preceded by white space or the start of the line.
index c9f7a4375711bc8dcdde36402d200f6ed6297620..37cc3b77dfd2b6bff2cb401e5de909b78128d09e 100644 (file)
@@ -67,7 +67,18 @@ JH/14 Bug 3116: Fix crash in dkim signing.  On kernels supporting immutable
       memory segments, a write was done into one when a constant string was
       configured for a transport's dkim private key.
 
       memory segments, a write was done into one when a constant string was
       configured for a transport's dkim private key.
 
-JH/15 Disallow tainted change-of-separator on lists
+JH/15 Disallow tainted metadata in lists.
+      - Change-of-separator prefixes are handled specially when they are
+      explicit text; only the remainder of the list is expanded. A change-of-
+      separator resulting from expansion will not take effect if tainted.
+      - Elements starting with a plus-sign (named-list inclusion,
+      case-interpretation etc) and (hostlist) @[] (et al) are not handled
+      specially and are still operative at this time - but warnings are logged;
+      if any of these are needed in a list with a tainted element (which taints
+      the entire list at string-expansion time) then a named-list can be used
+      for that element.
+      - Exclamation-marks ("!" signifying negation) are not checked for taint
+      at this time.
 
 Exim version 4.98
 -----------------
 
 Exim version 4.98
 -----------------
index 052c059e8264c3be67840c936fb557a0c9f0d0d2..3e8f73d89d0b7f23b5bcc717479131a3997b2643 100644 (file)
@@ -4548,7 +4548,7 @@ for (int fill = 11 - Ustrlen(what); fill > 0; fill--)
   debug_printf("%V", "-");
 
 debug_printf("%s: %.*W\n", what, nchar, value);
   debug_printf("%V", "-");
 
 debug_printf("%s: %.*W\n", what, nchar, value);
-if (is_tainted(value))
+if (nchar > 0 && is_tainted(value))
   debug_printf_indent("%V          %V(tainted)\n",
     flags & ESI_SKIPPING ? "|" : " ", "\\__");
 }
   debug_printf_indent("%V          %V(tainted)\n",
     flags & ESI_SKIPPING ? "|" : " ", "\\__");
 }
index 5670388eaa1ebf55c2558a9a41d1f981241c9cb9..636ccc203214db8b21494bbaf0cdd56a10b3b399 100644 (file)
@@ -36,6 +36,16 @@ typedef struct check_address_block {
 
 
 
 
 
 
+static BOOL
+is_tainted_metadata(const uschar * s)
+{
+/* Not enforcing for now, only logging; will enforce in a future release */
+if (is_tainted(s))
+  log_write(0, LOG_MAIN|LOG_PANIC,
+           "attempt to use tainted list metadata %s", s);
+return FALSE;
+}
+
 /*************************************************
 *           Generalized string match             *
 *************************************************/
 /*************************************************
 *           Generalized string match             *
 *************************************************/
@@ -170,6 +180,9 @@ just fall through - the match will fail. */
 
 if (cb->flags & MCS_AT_SPECIAL && pattern[0] == '@')
   {
 
 if (cb->flags & MCS_AT_SPECIAL && pattern[0] == '@')
   {
+  if (is_tainted_metadata(pattern))
+    return DEFER;
+
   if (pattern[1] == 0)
     {
     pattern = primary_hostname;
   if (pattern[1] == 0)
     {
     pattern = primary_hostname;
@@ -572,10 +585,12 @@ while ((sss = string_nextinlist(&list, &sep, NULL, 0)))
     {
     if (Ustrcmp(ss, "+caseful") == 0)
       {
     {
     if (Ustrcmp(ss, "+caseful") == 0)
       {
-      check_address_block *cb = (check_address_block *)arg;
-      uschar *at = Ustrrchr(cb->origaddress, '@');
+      check_address_block * cb = (check_address_block *)arg;
+      uschar * at;
+
+      if (is_tainted_metadata(ss)) goto BAD_TAINT;
 
 
-      if (at)
+      if ((at = Ustrrchr(cb->origaddress, '@')))
         Ustrncpy(cb->address, cb->origaddress, at - cb->origaddress);
       cb->flags &= ~MCS_CASELESS;
       continue;
         Ustrncpy(cb->address, cb->origaddress, at - cb->origaddress);
       cb->flags &= ~MCS_CASELESS;
       continue;
@@ -588,7 +603,8 @@ while ((sss = string_nextinlist(&list, &sep, NULL, 0)))
     {
     if (Ustrcmp(ss, "+caseful") == 0)
       {
     {
     if (Ustrcmp(ss, "+caseful") == 0)
       {
-      check_string_block *cb = (check_string_block *)arg;
+      check_string_block * cb = (check_string_block *)arg;
+      if (is_tainted_metadata(ss)) goto BAD_TAINT;
       Ustrcpy(US cb->subject, cb->origsubject);
       cb->flags &= ~MCS_CASELESS;
       continue;
       Ustrcpy(US cb->subject, cb->origsubject);
       cb->flags &= ~MCS_CASELESS;
       continue;
@@ -601,6 +617,7 @@ while ((sss = string_nextinlist(&list, &sep, NULL, 0)))
 
   else if (type == MCL_HOST && *ss == '+')
     {
 
   else if (type == MCL_HOST && *ss == '+')
     {
+    if (is_tainted_metadata(ss)) goto BAD_TAINT;
     if (Ustrcmp(ss, "+include_unknown") == 0)
       {
       include_unknown = TRUE;
     if (Ustrcmp(ss, "+include_unknown") == 0)
       {
       include_unknown = TRUE;
@@ -628,7 +645,16 @@ while ((sss = string_nextinlist(&list, &sep, NULL, 0)))
     }
 
   /* Starting with ! specifies a negative item. It is theoretically possible
     }
 
   /* Starting with ! specifies a negative item. It is theoretically possible
-  for a local part to start with !. In that case, a regex has to be used. */
+  for a local part to start with !. In that case, a regex has to be used.
+
+  XXX It would be good to disallow a tainted ! here, but the sequence
+  "! $tainted_var" is liable to be frequently used, and requiring a
+  named-list as a workaround would mean a lot of churn. Unfortunately,
+  some attacker can feed "!badthing" into a variable that some overworked
+  admin has used in a list...
+  Maybe we could intro another meta prefix char, which does not negate the
+  element match result (but still protects against a ! in $tainted_var) ?
+  Of course, this would still require churn in configs. */
 
   if (*ss == '!')
     {
 
   if (*ss == '!')
     {
@@ -775,6 +801,7 @@ while ((sss = string_nextinlist(&list, &sep, NULL, 0)))
     HDEBUG(D_lists)
       { debug_printf_indent(" start sublist %s\n", ss+1); expand_level += 2; }
 
     HDEBUG(D_lists)
       { debug_printf_indent(" start sublist %s\n", ss+1); expand_level += 2; }
 
+    if (is_tainted_metadata(ss)) goto BAD_TAINT;
     if (!(t = tree_search(*anchorptr, ss+1)))
       {
       log_write(0, LOG_MAIN|LOG_PANIC, "unknown named%s list \"%s\"",
     if (!(t = tree_search(*anchorptr, ss+1)))
       {
       log_write(0, LOG_MAIN|LOG_PANIC, "unknown named%s list \"%s\"",
@@ -963,6 +990,7 @@ return yield == OK ? FAIL : OK;
  
 /* Something deferred */
 
  
 /* Something deferred */
 
+BAD_TAINT:
 DEFER_RETURN:
   HDEBUG(D_any)
     {
 DEFER_RETURN:
   HDEBUG(D_any)
     {
index b370cfacc87fdf9c88c5853b7ae62ad2177257f4..4c582c65d2237e42ba564608d7f44784fb7cce2c 100644 (file)
@@ -952,7 +952,7 @@ if (!*s) return NULL;
 sep_is_special = iscntrl(sep);
 
 /* Handle the case when a buffer is provided. */
 sep_is_special = iscntrl(sep);
 
 /* Handle the case when a buffer is provided. */
-/*XXX need to also deal with qouted-requirements mismatch */
+/*XXX need to also deal with quoted-requirements mismatch */
 
 if (buffer)
   {
 
 if (buffer)
   {
index 64c638d9a9c34f64f829b7e0c1975e6e082a1ef3..7a1ddcbc85ea3295ee24faca2e89c79e1b121085 100644 (file)
@@ -10,6 +10,10 @@ acl_smtp_vrfy = vrfy
 acl_smtp_rcpt = rcpt
 disable_ipv6
 
 acl_smtp_rcpt = rcpt
 disable_ipv6
 
+# need to use this sublist due to taint
+hostlist goodhosts = *.$sender_address_domain : $sender_address_domain : \
+                     ${lookup dnsdb{>:defer_never,mxh=$sender_address_domain}}
+
 .ifdef DNS_RECURSE
 hosts_treat_as_local =         test.again.dns
 domainlist try_again_dns_list =        @mx_any
 .ifdef DNS_RECURSE
 hosts_treat_as_local =         test.again.dns
 domainlist try_again_dns_list =        @mx_any
@@ -29,9 +33,6 @@ vrfy:
 .endif
 
 rcpt:
 .endif
 
 rcpt:
-  accept hosts = +ignore_unknown : \
-    *.$sender_address_domain : \
-    $sender_address_domain : \
-    ${lookup dnsdb{>:defer_never,mxh=$sender_address_domain}}
+  accept hosts = +ignore_unknown : +goodhosts
 
 # End
 
 # End
index 8855f4e385a41717c34a63f7b40df7ff0241b877..339bca7b6e376ea9459dc2fc19fb8d003d486874 100644 (file)
@@ -377,7 +377,6 @@ p1235   ├───expanded: ░($tls_in_ver)
 p1235   ├─────result:  ◀skipped▶
 p1235   ╰───skipping: result is not used
 p1235  ├───item-res: 
 p1235   ├─────result:  ◀skipped▶
 p1235   ╰───skipping: result is not used
 p1235  ├───item-res: 
-p1235             ╰──(tainted)
 p1235  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
 p1235  ␉}}(Exim░$version_number)↩
 p1235  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
 p1235  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
 p1235  ␉}}(Exim░$version_number)↩
 p1235  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -414,7 +413,6 @@ p1235   ␉
 p1235   ├─────result:  ◀skipped▶
 p1235   ╰───skipping: result is not used
 p1235  ├───item-res: 
 p1235   ├─────result:  ◀skipped▶
 p1235   ╰───skipping: result is not used
 p1235  ├───item-res: 
-p1235             ╰──(tainted)
 p1235  ├considering: (Exim░$version_number)↩
 p1235  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
 p1235  ␉}}id░$message_exim_id${if░def:received_for░{↩
 p1235  ├considering: (Exim░$version_number)↩
 p1235  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
 p1235  ␉}}id░$message_exim_id${if░def:received_for░{↩
@@ -854,7 +852,6 @@ p1236   ├───expanded: ░($tls_in_ver)
 p1236   ├─────result:  ◀skipped▶
 p1236   ╰───skipping: result is not used
 p1236  ├───item-res: 
 p1236   ├─────result:  ◀skipped▶
 p1236   ╰───skipping: result is not used
 p1236  ├───item-res: 
-p1236             ╰──(tainted)
 p1236  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
 p1236  ␉}}(Exim░$version_number)↩
 p1236  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
 p1236  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
 p1236  ␉}}(Exim░$version_number)↩
 p1236  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -891,7 +888,6 @@ p1236   ␉
 p1236   ├─────result:  ◀skipped▶
 p1236   ╰───skipping: result is not used
 p1236  ├───item-res: 
 p1236   ├─────result:  ◀skipped▶
 p1236   ╰───skipping: result is not used
 p1236  ├───item-res: 
-p1236             ╰──(tainted)
 p1236  ├considering: (Exim░$version_number)↩
 p1236  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
 p1236  ␉}}id░$message_exim_id${if░def:received_for░{↩
 p1236  ├considering: (Exim░$version_number)↩
 p1236  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
 p1236  ␉}}id░$message_exim_id${if░def:received_for░{↩
index 12b9bbf5dd163f15da7e5d1361cf4ade2d3a4a95..d6e38f3a86c3c0643bbeb7358d9380b5f3a24b65 100644 (file)
@@ -38,69 +38,73 @@ log directory space = nnnnnK inodes = nnnnn check_space = 10240K inodes = 100
 SMTP>> 250 OK
 SMTP<< rcpt to:<a@b>
 using ACL "rcpt"
 SMTP>> 250 OK
 SMTP<< rcpt to:<a@b>
 using ACL "rcpt"
-processing ACL rcpt "accept" (TESTSUITE/test-config 35)
-check hosts = +ignore_unknown : *.$sender_address_domain : $sender_address_domain : ${lookup dnsdb{>:defer_never,mxh=$sender_address_domain}}
- search_open: dnsdb "NULL"
- search_find: file="NULL"
-   key=">:defer_never,mxh=cioce.test.again.dns" partial=-1 affix=NULL starflags=0 opts=NULL
- LRU list:
- internal_search_find: file="NULL"
-   type=dnsdb key=">:defer_never,mxh=cioce.test.again.dns" opts=NULL
- database lookup required for >:defer_never,mxh=cioce.test.again.dns
-                              (tainted)
- dnsdb key: cioce.test.again.dns
- DNS lookup of cioce.test.again.dns (MX) using fakens
- DNS lookup of cioce.test.again.dns (MX) gave TRY_AGAIN
- cioce.test.again.dns in dns_again_means_nonexist?
-  list element: *
-  cioce.test.again.dns in dns_again_means_nonexist? yes (matched "*")
- cioce.test.again.dns is in dns_again_means_nonexist: returning DNS_NOMATCH
- DNS: couldn't fake dnsa len
- DNS: no SOA record found for neg-TTL
-  writing neg-cache entry for cioce.test.again.dns-MX-xxxx, ttl -1
- creating new cache entry
- lookup failed
-host in "+ignore_unknown : *.cioce.test.again.dns : cioce.test.again.dns : "?
+processing ACL rcpt "accept" (TESTSUITE/test-config 36)
+check hosts = +ignore_unknown : +goodhosts
+host in "+ignore_unknown : +goodhosts"?
  list element: +ignore_unknown
  list element: +ignore_unknown
- list element: *.cioce.test.again.dns
- sender host name required, to match against *.cioce.test.again.dns
-  looking up host name for ip4.ip4.ip4.ip4
-   DNS lookup of ip4-reverse.in-addr.arpa (PTR) using fakens
-   DNS lookup of ip4-reverse.in-addr.arpa (PTR) succeeded
-   Reverse DNS security status: unverified
-   IP address lookup yielded "the.local.host.name"
-   check dnssec require list
-   ╎the.local.host.name not in empty list (option unset? cannot trace name)
-   check dnssec request list
-   ╎the.local.host.name not in empty list (option unset? cannot trace name)
-   DNS lookup of the.local.host.name (A) using fakens
-   DNS lookup of the.local.host.name (A) succeeded
-   local host found for non-MX address
-   the.local.host.name ip4.ip4.ip4.ip4 mx=-1 sort=xx 
-   checking addresses for the.local.host.name
-   Forward DNS security status: unverified
+ list element: +goodhosts
+  start sublist goodhosts
+   ╎search_open: dnsdb "NULL"
+   ╎search_find: file="NULL"
+   ╎  key=">:defer_never,mxh=cioce.test.again.dns" partial=-1 affix=NULL starflags=0 opts=NULL
+   ╎LRU list:
+   ╎internal_search_find: file="NULL"
+   ╎  type=dnsdb key=">:defer_never,mxh=cioce.test.again.dns" opts=NULL
+   ╎database lookup required for >:defer_never,mxh=cioce.test.again.dns
+   ╎                             (tainted)
+   ╎dnsdb key: cioce.test.again.dns
+   ╎DNS lookup of cioce.test.again.dns (MX) using fakens
+   ╎DNS lookup of cioce.test.again.dns (MX) gave TRY_AGAIN
+   ╎cioce.test.again.dns in dns_again_means_nonexist?
+   ╎ list element: *
+   ╎ cioce.test.again.dns in dns_again_means_nonexist? yes (matched "*")
+   ╎cioce.test.again.dns is in dns_again_means_nonexist: returning DNS_NOMATCH
+   ╎DNS: couldn't fake dnsa len
+   ╎DNS: no SOA record found for neg-TTL
+   ╎ writing neg-cache entry for cioce.test.again.dns-MX-xxxx, ttl -1
+   ╎creating new cache entry
+   ╎lookup failed
+  host in "*.cioce.test.again.dns : cioce.test.again.dns : "?
+   ╎list element: *.cioce.test.again.dns
+   ╎sender host name required, to match against *.cioce.test.again.dns
+   ╎ looking up host name for ip4.ip4.ip4.ip4
+   ╎  DNS lookup of ip4-reverse.in-addr.arpa (PTR) using fakens
+   ╎  DNS lookup of ip4-reverse.in-addr.arpa (PTR) succeeded
+   ╎  Reverse DNS security status: unverified
+   ╎  IP address lookup yielded "the.local.host.name"
+   ╎  check dnssec require list
+   ╎   the.local.host.name not in empty list (option unset? cannot trace name)
+   ╎  check dnssec request list
+   ╎   the.local.host.name not in empty list (option unset? cannot trace name)
+   ╎  DNS lookup of the.local.host.name (A) using fakens
+   ╎  DNS lookup of the.local.host.name (A) succeeded
+   ╎  local host found for non-MX address
+   ╎  the.local.host.name ip4.ip4.ip4.ip4 mx=-1 sort=-151 
+   ╎  checking addresses for the.local.host.name
+   ╎  Forward DNS security status: unverified
   ip4.ip4.ip4.ip4 OK
   ip4.ip4.ip4.ip4 OK
- sender_fullhost = the.local.host.name (test) [ip4.ip4.ip4.ip4]
- sender_rcvhost = the.local.host.name ([ip4.ip4.ip4.ip4] helo=test)
- list element: cioce.test.again.dns
- using host_fake_gethostbyname for cioce.test.again.dns (IPv4)
- DNS lookup of cioce.test.again.dns (A) using fakens
- DNS lookup of cioce.test.again.dns (A) gave TRY_AGAIN
- cioce.test.again.dns in dns_again_means_nonexist?
-  list element: *
-  cioce.test.again.dns in dns_again_means_nonexist? yes (matched "*")
- cioce.test.again.dns is in dns_again_means_nonexist: returning DNS_NOMATCH
- DNS: couldn't fake dnsa len
- DNS: no SOA record found for neg-TTL
-  writing neg-cache entry for cioce.test.again.dns-A-xxxx, ttl -1
- host_fake_gethostbyname(af=inet) returned 1 (HOST_NOT_FOUND)
- no IP address found for host cioce.test.again.dns (during SMTP connection from the.local.host.name (test) [ip4.ip4.ip4.ip4])
  ╎sender_fullhost = the.local.host.name (test) [ip4.ip4.ip4.ip4]
  ╎sender_rcvhost = the.local.host.name ([ip4.ip4.ip4.ip4] helo=test)
  ╎list element: cioce.test.again.dns
  ╎using host_fake_gethostbyname for cioce.test.again.dns (IPv4)
  ╎DNS lookup of cioce.test.again.dns (A) using fakens
  ╎DNS lookup of cioce.test.again.dns (A) gave TRY_AGAIN
  ╎cioce.test.again.dns in dns_again_means_nonexist?
+   ╎ list element: *
+   ╎ cioce.test.again.dns in dns_again_means_nonexist? yes (matched "*")
  ╎cioce.test.again.dns is in dns_again_means_nonexist: returning DNS_NOMATCH
  ╎DNS: couldn't fake dnsa len
  ╎DNS: no SOA record found for neg-TTL
+   ╎ writing neg-cache entry for cioce.test.again.dns-A-xxxx, ttl -1
  ╎host_fake_gethostbyname(af=inet) returned 1 (HOST_NOT_FOUND)
  ╎no IP address found for host cioce.test.again.dns (during SMTP connection from the.local.host.name (test) [ip4.ip4.ip4.ip4])
 LOG: host_lookup_failed MAIN
   no IP address found for host cioce.test.again.dns (during SMTP connection from the.local.host.name (test) [ip4.ip4.ip4.ip4])
 LOG: host_lookup_failed MAIN
   no IP address found for host cioce.test.again.dns (during SMTP connection from the.local.host.name (test) [ip4.ip4.ip4.ip4])
- failed to find IP address for cioce.test.again.dns: item ignored by +ignore_unknown
-host in "+ignore_unknown : *.cioce.test.again.dns : cioce.test.again.dns : "? no (end of list)
-accept: condition test failed in ACL rcpt
-end of ACL rcpt: implicit DENY
+   ╎host in "*.cioce.test.again.dns : cioce.test.again.dns : "? no (failed to find IP address for cioce.test.again.dns)
+   end sublist goodhosts
+  host in "+ignore_unknown : +goodhosts"? no (end of list)
+ accept: condition test failed in ACL rcpt
+ end of ACL rcpt: implicit DENY
 SMTP>> 550 Administrative prohibition
 LOG: MAIN REJECT
   H=the.local.host.name (test) [ip4.ip4.ip4.ip4] F=<xx@cioce.test.again.dns> rejected RCPT <a@b>
 SMTP>> 550 Administrative prohibition
 LOG: MAIN REJECT
   H=the.local.host.name (test) [ip4.ip4.ip4.ip4] F=<xx@cioce.test.again.dns> rejected RCPT <a@b>
@@ -108,7 +112,7 @@ SMTP<< quit
 SMTP>> 221 myhost.test.ex closing connection
 LOG: smtp_connection MAIN
   SMTP connection from the.local.host.name (test) [ip4.ip4.ip4.ip4] D=qqs closed by QUIT
 SMTP>> 221 myhost.test.ex closing connection
 LOG: smtp_connection MAIN
   SMTP connection from the.local.host.name (test) [ip4.ip4.ip4.ip4] D=qqs closed by QUIT
-search_tidyup called
+ search_tidyup called
 >>>>>>>>>>>>>>>> Exim pid=p1234 (fresh-exec) terminating with rc=0 >>>>>>>>>>>>>>>>
 Exim version x.yz ....
 Hints DB:
 >>>>>>>>>>>>>>>> Exim pid=p1234 (fresh-exec) terminating with rc=0 >>>>>>>>>>>>>>>>
 Exim version x.yz ....
 Hints DB:
@@ -140,7 +144,7 @@ host in smtp_accept_max_nonmail_hosts?
  list element: *
   host in smtp_accept_max_nonmail_hosts? yes (matched "*")
 using ACL "vrfy"
  list element: *
   host in smtp_accept_max_nonmail_hosts? yes (matched "*")
 using ACL "vrfy"
-processing ACL vrfy "warn" (TESTSUITE/test-config 28)
+processing ACL vrfy "warn" (TESTSUITE/test-config 32)
 check domains = +try_again_dns_list
 test.again.dns in "+try_again_dns_list"?
  list element: +try_again_dns_list
 check domains = +try_again_dns_list
 test.again.dns in "+try_again_dns_list"?
  list element: +try_again_dns_list
index dce73fa674947bbdf503bb86af5ac90fe94b74c3..bd1e5d26f282d0ab4cbae2c389ff38ae39030c22 100644 (file)
@@ -531,7 +531,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -568,7 +567,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
@@ -1158,7 +1156,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -1195,7 +1192,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
@@ -1785,7 +1781,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -1822,7 +1817,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
index b96d91defb0baa9383ef13ece7f26407efc5b2a1..6fad569adb44d01d88aecfd9f40deb48a6d61e51 100644 (file)
@@ -31,6 +31,7 @@ try option acl_smtp_helo
  list element: *
   in limits_advertise_hosts? yes (matched "*")
  in dsn_advertise_hosts? no (option unset)
  list element: *
   in limits_advertise_hosts? yes (matched "*")
  in dsn_advertise_hosts? no (option unset)
+try option acl_smtp_atrn
 try option acl_smtp_etrn
 try option acl_smtp_vrfy
 try option acl_smtp_expn
 try option acl_smtp_etrn
 try option acl_smtp_vrfy
 try option acl_smtp_expn
@@ -530,7 +531,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -567,7 +567,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
@@ -708,6 +707,7 @@ try option acl_smtp_helo
  list element: *
   in limits_advertise_hosts? yes (matched "*")
  in dsn_advertise_hosts? no (option unset)
  list element: *
   in limits_advertise_hosts? yes (matched "*")
  in dsn_advertise_hosts? no (option unset)
+try option acl_smtp_atrn
 try option acl_smtp_etrn
 try option acl_smtp_vrfy
 try option acl_smtp_expn
 try option acl_smtp_etrn
 try option acl_smtp_vrfy
 try option acl_smtp_expn
@@ -1156,7 +1156,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -1193,7 +1192,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
@@ -1334,6 +1332,7 @@ try option acl_smtp_helo
  list element: *
   in limits_advertise_hosts? yes (matched "*")
  in dsn_advertise_hosts? no (option unset)
  list element: *
   in limits_advertise_hosts? yes (matched "*")
  in dsn_advertise_hosts? no (option unset)
+try option acl_smtp_atrn
 try option acl_smtp_etrn
 try option acl_smtp_vrfy
 try option acl_smtp_expn
 try option acl_smtp_etrn
 try option acl_smtp_vrfy
 try option acl_smtp_expn
@@ -1782,7 +1781,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ├considering: ${if░def:tls_in_cipher_std░{░tls░$tls_in_cipher_std↩
  ␉}}(Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
@@ -1819,7 +1817,6 @@ try option received_header_text
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
   ├─────result:  ◀skipped▶
   ╰───skipping: result is not used
  ├───item-res: 
-            ╰──(tainted)
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩
  ├considering: (Exim░$version_number)↩
  ␉${if░def:sender_address░{(envelope-from░<$sender_address>)↩
  ␉}}id░$message_exim_id${if░def:received_for░{↩