Re: [exim] Ip whitelist per domain

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPascal Rolle at <-
 
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Ip whitelist per domain
On 09/04/2020 14:58, Pascal Rolle via Exim-users wrote:
>   warn    hosts         = <; ${expand:${if exists {PATH/ip_wl/$domain} \
>                              {PATH/ip_wl/$domain}{}}}
>           add_header    = X-wh_IP_: Yes

You didn't say which ACL you're doing this in. I hope it is
the smtp rcpt ACL, because $domain isn't useful to you in
most others.

Secondly, trusting $domain in constructing a filename is unwise,
it being under the control of a potential attacker. Validate it
first, and use the validated version (from a different variable).
This becomes an enforced requirement in more recent Exim versions
(you didn't say what you are running).


--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] How to check all options can be set?Re: [exim] How to check all options can be set?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)