Bug#1140099: exim4-daemon-heavy: regression in 4.98.2-1+deb13u3 - bare filename in router domains condition no longer treated as implicit lsearch
Andreas Metzler
ametzler at bebt.de
Sat Jun 20 15:41:17 BST 2026
On 2026-06-15 Terry Roy via Pkg-exim4-maintainers <pkg-exim4-maintainers at alioth-lists.debian.net> wrote:
> Package: exim4-daemon-heavy
> Version: 4.98.2-1+deb13u3
> Severity: important
> Dear Maintainer,
> The security update to exim4 4.98.2-1+deb13u3 (trixie-security, installed
> 2026-06-15) introduced a regression in virtual alias routing for sites using
> a bare filename in the `domains` condition of Exim routers.
> ** Symptoms
> Virtual alias addresses are rejected with:
> 550 5.1.1 Bad destination mailbox address
> `exim4 -d -bt user at domain` shows the virtual_aliases router being skipped
> with "domains mismatch" despite the domain being present in the domains file.
> ** Configuration
> The virtual_aliases router had:
> domains = VIRTDIR/domains
> where VIRTDIR expands to /etc/exim4/virtual. This configuration worked
> correctly under all previous versions of exim4 in trixie.
> ** Root cause
> In 4.98.2-1+deb13u3, a bare filename in a domains list is no longer treated
> as an implicit lsearch. The string is matched literally, so no domain ever
> matches. The debug trace confirms this:
> cfsg.net in domains?
> list element: /etc/exim4/virtual/domains
> cfsg.net in domains? no (end of list)
> virtual_aliases router skipped: domains mismatch
> Note that the domainlist declaration for local_domains in the same config
> uses the explicit prefix and was unaffected:
> domainlist local_domains = @ : localhost : lsearch;/etc/exim4/virtual/domains
> ** Workaround
> Adding the explicit lsearch; prefix to the router domains condition restores
> correct behavior:
> domains = lsearch;VIRTDIR/domains
[...]
Hello Terry,
using a literal filename and lsearch-ing it are not equivalent, see
https://www.exim.org/exim-html-current/doc/html/spec_html/ch-domain_host_address_and_local_part_lists.html
2.2 and 2.3.
Trivial example:
ametzler at argenau:/tmp$ head /tmp/inputforlsearch /tmp/exim4.conf.test
==> /tmp/inputforlsearch <==
ubuntu.com:
debian.org:
==> /tmp/exim4.conf.test <==
domainlist works_b = lsearch;/tmp/inputforlsearch
domainlist fails_b = /tmp/inputforlsearch
ametzler at argenau:/tmp$ /usr/sbin/exim4 -C /tmp/exim4.conf.test -be '${if match_domain{debian.org}{+works_b}{yes}{no}}'
yes
ametzler at argenau:/tmp$ /usr/sbin/exim4 -C /tmp/exim4.conf.test -be '${if match_domain{debian.org}{+fails_b}{yes}{no}}'
no
A file used as literal filename would use a different format:
ametzler at argenau:/tmp$ head /tmp/inclusionasfilename /tmp/exim4.conf.test
==> /tmp/inclusionasfilename <==
ubuntu.com
debian.org
==> /tmp/exim4.conf.test <==
domainlist works_a = /tmp/inclusionasfilename
ametzler at argenau:/tmp$ /usr/sbin/exim4 -C /tmp/exim4.conf.test -be '${if match_domain{debian.org}{+works_a}{yes}{no}}'
yes
cu Andreas
More information about the Pkg-exim4-maintainers
mailing list