Upgraded to 4.93.0.4, and got the following:
<21>1 2020-02-24T12:59:20.956095-06:00 thebighonker.lerctr.org exim
24803 - - [1\83] 1j6Iwq-0006S3-LL H=malur.postgresql.org
[2a02:16a8:dc51::56]:59940 I=[2001:470:1f0f:3ad:bb:dcff:fe50:d900]:25
X=TLS1.2:ECDHE-RSA-AES256-SHA:256 CV=yes DN="/CN=lists.postgresql.org"
F=<pgsql-hackers-owner+M2386-215359@???> temporarily
rejected during MIME ACL checks: failed to expand ACL string
"${lookup{${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}}lsearch{/usr/local/etc/exim/checkfiles/bad-exts}{yes}{no}}":
attempt to expand tainted string '$1'
which came from this (uncommented):
+#FILENAME_EXT =
${lc:${sg{$mime_filename}{^.+\\.([a-zA-Z0-9]+)\$}{\$1}}}
+ #deny message = This message contains an unwanted file extension
($mime_filename)
+ # log_message = MALWARE: unwanted extension ($mime_filename)
+ # condition =
${lookup{FILENAME_EXT}lsearch{BLACKLIST_FILES}{yes}{no}}
I'm not sure how to make the taint stuff happy here.
What's a good work-around for this?
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 214-642-9640 E-Mail: ler@???
US Mail: 5708 Sabbia Dr, Round Rock, TX 78665-2106
