Re: [exim] Another strange log about tainting

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MIan Zimmerman at <-
MIan Zimmerman at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Another strange log about tainting
On 10/12/2019 20:35, Ian Zimmerman via Exim-users wrote:
> Dec 10 12:30:38 ahiker exim: 2019-12-10 12:30:38 1iem9U-00049d-TP attempt to expand tainted string '${exim_version}'
>
> The thing is ${exim_version} doesn't even occur in my configfile ...

Doublecheck with:
$ exim -bP config_file
$ exim -bP config | grep version

but given the correlation with DKIM fails, I wonder if someone's trying
a sneaky trick to return (via a DNS lookup?) the exim version number to
them? If so, well, we just defeated the attempt.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Another strange log about taintingRe: [exim] localhost [reverse] lookup reaches external/global DNS->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)