2023-07-17    EXIM SYSADMINS BEWARE, DEBIAN BOOKWORM IS A
                             MAJOR UPDATE

A warning for all sysadmin using Exim on Debian Bullseye, don't switch
to Debian Bookworm just yet.

The changelog will tell you that, for Exim 4.96-15 in Debian Bookworm:

,----
| The allow_insecure_tainted_data main config option and the "taint"
| log_selector were removed
`----

However, if you run Debian Bullseye, you never get the warning. Those
might have come with Exim in unstable/bullseye-backports:

,----
| Please consider exim 4.93/4.94 a *major* exim upgrade. It introduces the
| concept of tainted data read from untrusted sources, like e.g. message
| sender or recipient. This tainted data (e.g. $local_part or $domain)
| cannot be used among other things as a file or directory name or command
| name.
`----


,----
| This WILL BREAK configurations which are not updated accordingly.
`----

That version at least came with a quick fix:

,----
| .ifdef _OPT_MAIN_ALLOW_INSECURE_TAINTED_DATA
|  allow_insecure_tainted_data = yes
| .endif
`----

Which is not available in Bookworm.

You are viewing proxied material from gopher.hillenius.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.