Re: [exim] Exim 4.94 - Virtual domains

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeremy Harris
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Exim 4.94 - Virtual domains
On 02/06/2020 19:06, Patrick Boutilier via Exim-users wrote:
> This router no longer works:
>
> virtual:
>   driver = redirect
>   domains = dsearch;/etc/mail/virtual
>   data = ${lookup{$local_part}lsearch{/etc/mail/virtual/$domain}}
>   no_more
>
>
> Testing with -bh I get "Tainted filename for search" :


Yes: the content of $domain is provided by a potential attacker.
Validate it before using it.
--
Cheers,
Jeremy