I wrote a few days ago:
> after upgrading to exim 4.93.0.4 it complains about
>
> 2020-02-24 11:08:47 1j6AfP-002SAT-9R Taint mismatch, string_vformat: spam 404
>
> in SMTP DATA ACL. The config looks like this:
>
> deny message = This message was classified as SPAM
> spam = nobody/defer_ok
It was completely my mistake and caused by a local modification which
I have done many years ago and forgot about but rebased on it.
Our spam scanning solution (cyren eXpurgate) makes use of the sender
address, therefore spam.c was patched to provide it using SPAMC version 1.3:
--- a/src/src/spam.c
+++ b/src/src/spam.c
@@ -398,9 +398,10 @@ else
{ /* spamassassin variant */
(void)string_format(spamd_buffer,
sizeof(spamd_buffer),
- "REPORT SPAMC/1.2\r\nUser: %s\r\nContent-length: %ld\r\n\r\n",
+ "REPORT SPAMC/1.3\r\nUser: %s\r\nContent-length: %ld\r\nSender: %s\r\n\r\n",
user_name,
- mbox_size);
+ mbox_size,
+ sender_address);
/* send our request */
wrote = send(spamd_cctx.sock, spamd_buffer, Ustrlen(spamd_buffer), 0);
}
But sender_address is tainted which is correct. Please ignore my previous
mails.
I'm really sorry for the confusion.
Regards,
Heiko
Heiko Schlichting Freie Universität Berlin
heiko.schlichting@??? Zentraleinrichtung für Datenverarbeitung
Telefon +49 30 838-54327 Fabeckstraße 32
Telefax +49 30 838454327 14195 Berlin
