On 23/07/16 17:19, Andy Bennett wrote:
> I've been running exim 4.72 for some time and last night I upgraded to 4.80.
You do realise 4.80 is well out-of-date now?
> failed to expand ACL string "${if
> !match_address{$h_From:}{${lookup{$sender_ident}lsearch{/etc/exim4/local_senders}}}}":
> missing or misplaced { or }
> LOCAL_SENDERS = ${lookup{$sender_ident}lsearch{/etc/exim4/local_senders}}
> condition = ${if !match_address{$h_From:}{LOCAL_SENDERS}}
> This has been working fine in 4.76 but now the expansion seems to fail
> and it's not obvious to me as to why.
>
> I've read the ChangeLog
> Does anyone have any idea where I'm going wrong and what I can change to
> make it work again?
PP/11 match_* no longer expand right-hand-side by default.
New compile-time build option, EXPAND_LISTMATCH_RHS.
New expansion conditions, "inlist", "inlisti".
+# It has proven too easy in practice for administrators to configure
security
+# problems into their Exim install, by treating match_domain{}{} and
friends
+# as a form of string comparison, where the second string comes from
untrusted
+# data. Because these options take lists, which can include
lookup;LOOKUPDATA
+# style elements, a foe can then cause Exim to, eg, execute an
arbitrary MySQL
+# query, dropping tables.
+# From Exim 4.77 onwards, the second parameter is not expanded; it can
still
+# be a list literal, or a macro, or a named list reference. There is also
+# the new expansion condition "inlisti" which does expand the second
parameter,
+# but treats it as a list of strings; also, there's "eqi" which is probably
+# what is normally wanted.
--
Cheers,
Jeremy
