Re: Making pglister work with exim 4.96+

On 17.06.24 12:57, Célestin Matte wrote:
> Update:
> Fix for pgarchives' load_message.py is pretty straightforward: exim 
> provides the untainted version of $local_part, $local_part_data. Same 
> for $domain and $domain_data.
> Pglister's inject.py is a tougher situation. I can't seem to get an 
> untainted version of $sender_address and $header_message-id.
> 
> However, replacing them with fake values does get things delivered 
> properly. I'm starting to wonder if we really need these values. Why 
> does inject.py need them for exactly? Header-message-id seems to only be 
> displayed in the moderation queue, and sender address is correctly 
> retrieved anyway (or is it just for the "envelope:" field of the 
> moderation queue?).
> 
>> Maybe we could have a switch to inject that picks these up from the 
>> environment: I *think* most of those are actually made available by 
>> default as environment variables in exim if I understand 
>> https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_pipe_transport.html
<https://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_pipe_transport.html>point 4 correct. Or would those
havethe same problems with tainting?
 
>>
>> AIUI the only thing we couldn't get that way might be the message-id? 
>> The question is, can we add that to the environment without getting 
>> into taint problems?
> 
> Can't get that to work (${env{SENDER_ADDRESS}} or SENDER is replaced by 
> an empty value). I could keep trying, but that still wouldn't solve the 
> problem for $header_message-id.

SENDER_ADDRESS is not among the default set of environment variables - 
did you actually add them in the pipe transport using an environment = 
stanza?



Stefan