On 02/06/2020 19:06, Patrick Boutilier via Exim-users wrote: > This router no longer works:
>
> virtual:
> driver = redirect
> domains = dsearch;/etc/mail/virtual
> data = ${lookup{$local_part}lsearch{/etc/mail/virtual/$domain}}
> no_more
>
>
> Testing with -bh I get "Tainted filename for search" :
Yes: the content of $domain is provided by a potential attacker.
Validate it before using it.
--
Cheers,
Jeremy
