Re: [exim] Another strange log about tainting

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Another strange log about tainting
On 10/12/2019 20:35, Ian Zimmerman via Exim-users wrote:
> Dec 10 12:30:38 ahiker exim: 2019-12-10 12:30:38 1iem9U-00049d-TP attempt to expand tainted string '${exim_version}'
>
> The thing is ${exim_version} doesn't even occur in my configfile ...


Doublecheck with:
$ exim -bP config_file
$ exim -bP config | grep version

but given the correlation with DKIM fails, I wonder if someone's trying
a sneaky trick to return (via a DNS lookup?) the exim version number to
them? If so, well, we just defeated the attempt.
--
Cheers,
Jeremy