Bug#1101837: /usr/sbin/exim4: Segfault (SIGSEGV, SEGV_MAPERR) only when sending to icloud.com domains and on a blacklist

James Lawrie debian-bugs at silvermouse.net
Tue Apr 1 15:13:20 BST 2025 

Package: exim4-daemon-light
Version: 4.96-15+deb12u7
Severity: normal
File: /usr/sbin/exim4
X-Debbugs-Cc: team at security.debian.org

Dear Maintainer,

We had a strange issue where sending email to *@icloud.com emails caused
a segfault if we were rejected by Proof Point blocklist.

This was only happening for icloud.com, and as soon as we were off the
blacklist the segfault issue went away,

Given difficulty to replicate this scenario (blacklist addition) I
cannot provide further debug output/investigation - I'm only reporting
because of the errors looking like a possible overflow.

2025-04-01 13:04:39 1tyEsu-002hOZ-2M Unfrozen by forced delivery
2025-04-01 13:04:41 1tyEsu-002hOZ-2M H=mx01.mail.icloud.com [17.57.152.5]: SMTP error from remote mail server after RCPT TO:<REMOVED at icloud.com>: 554 5.7.0 Blocked - see https://support.proofpoint.com/dnsbl-lookup.cgi?ip=XX.XX.XX.XX
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SIGSEGV (fault address: 0x17c)
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SIGSEGV (fault address: 0x17c)
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SEGV_MAPERR
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SEGV_MAPERR
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SIGSEGV (null pointer indirection)
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SIGSEGV (null pointer indirection)
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SIGSEGV (2042910 delivering 1tyEsu-002hOZ-2M to mx01.mail.icloud.com [17.57.155.25] (REMOVED at icloud.com)
)
2025-04-01 13:04:42 1tyEsu-002hOZ-2M SIGSEGV (2042910 delivering 1tyEsu-002hOZ-2M to mx01.mail.icloud.com [17.57.155.25] (REMOVED at icloud.com)
)
2025-04-01 13:04:42 1tyEsu-002hOZ-2M Delivery status for REMOVED at icloud.com: got 0 of 7 bytes (pipeheader) from transport process 2042910 for transport smtp

2025-04-01 13:04:42 1tyEsu-002hOZ-2M Delivery status for REMOVED at icloud.com: got 0 of 7 bytes (pipeheader) from transport process 2042910 for transport smtp

2025-04-01 13:04:42 1tyEsu-002hOZ-2M == REMOVED at icloud.com R=dnslookup T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000b: terminated by signal 11
2025-04-01 13:04:42 1tzaME-008ZSC-1F <= <> R=1tyEsu-002hOZ-2M U=Debian-exim P=local S=773
2025-04-01 13:04:42 1tyEsu-002hOZ-2M Frozen

All other emails went out (or bounced) fine.

-- Package-specific info:
Exim version 4.96 #2 built 22-Mar-2025 10:25:14
Copyright (c) University of Cambridge, 1995 - 2018
(c) The Exim Maintainers and contributors in ACKNOWLEDGMENTS file, 2007 - 2022
Berkeley DB: Berkeley DB 5.3.28: (September  9, 2013)
Support for: crypteq iconv() IPv6 GnuTLS TLS_resume move_frozen_messages DANE DKIM DNSSEC Event I18N OCSP PIPECONNECT PRDR Queue_Ramp SOCKS SRS TCP_Fast_Open
Lookups (built-in): lsearch wildlsearch nwildlsearch iplsearch cdb dbm dbmjz dbmnz dnsdb dsearch nis nis0 passwd
Authenticators: cram_md5 external plaintext
Routers: accept dnslookup ipliteral manualroute queryprogram redirect
Transports: appendfile/maildir/mailstore autoreply lmtp pipe smtp
Fixed never_users: 0
Configure owner: 0:0
Size of off_t: 8
Configuration file search path is /etc/exim4/exim4.conf:/var/lib/exim4/config.autogenerated
Configuration file is /var/lib/exim4/config.autogenerated
# /etc/exim4/update-exim4.conf.conf
#
# Edit this file and /etc/mailname by hand and execute update-exim4.conf
# yourself or use 'dpkg-reconfigure exim4-config'
#
# Please note that this is _not_ a dpkg-conffile and that automatic changes
# to this file might happen. The code handling this will honor your local
# changes, so this is usually fine, but will break local schemes that mess
# around with multiple versions of the file.
#
# update-exim4.conf uses this file to determine variable values to generate
# exim configuration macros for the configuration file.
#
# Most settings found in here do have corresponding questions in the
# Debconf configuration, but not all of them.
#
# This is a Debian specific file

dc_eximconfig_configtype='internet'
dc_other_hostnames='delkevic'
dc_local_interfaces='127.0.0.1 ; ::1'
dc_readhost=''
dc_relay_domains=''
dc_minimaldns='false'
dc_relay_nets=''
dc_smarthost=''
CFILEMODE='644'
dc_use_split_config='false'
dc_hide_mailname=''
dc_mailname_in_oh='true'
dc_localdelivery='mail_spool'
mailname:delwoo.servers.silvermouse.net
# /etc/default/exim4
EX4DEF_VERSION=''

# 'combined' -	 one daemon running queue and listening on SMTP port
# 'no'       -	 no daemon running the queue
# 'separate' -	 two separate daemons
# 'ppp'      -   only run queue with /etc/ppp/ip-up.d/exim4.
# 'nodaemon' - no daemon is started at all.
# 'queueonly' - only a queue running daemon is started, no SMTP listener.
# setting this to 'no' will also disable queueruns from /etc/ppp/ip-up.d/exim4
QUEUERUNNER='combined'
# how often should we run the queue
QUEUEINTERVAL='30m'
# options common to quez-runner and listening daemon
COMMONOPTIONS=''
# more options for the daemon/process running the queue (applies to the one
# started in /etc/ppp/ip-up.d/exim4, too.
QUEUERUNNEROPTIONS=''
# special flags given to exim directly after the -q. See exim(8)
QFLAGS=''
# Options for the SMTP listener daemon. By default, it is listening on
# port 25 only. To listen on more ports, it is recommended to use
# -oX 25:587:10025 -oP /run/exim4/exim.pid
SMTPLISTENEROPTIONS=''

-- System Information:
Debian Release: 12.10
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-32-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages exim4-daemon-light depends on:
ii  debconf [debconf-2.0]  1.5.82
ii  exim4-base             4.96-15+deb12u7
ii  libc6                  2.36-9+deb12u10
ii  libcrypt1              1:4.4.33-2
ii  libdb5.3               5.3.28+dfsg2-1
ii  libgnutls-dane0        3.7.9-2+deb12u4
ii  libgnutls30            3.7.9-2+deb12u4
ii  libidn12               1.41-1
ii  libidn2-0              2.3.3-1+b1
ii  libnsl2                1.3.0-2
ii  libpcre2-8-0           10.42-1

exim4-daemon-light recommends no packages.

exim4-daemon-light suggests no packages.

-- debconf information:
  exim4-daemon-light/drec:

More information about the Pkg-exim4-maintainers mailing list