Re: [exim] Taint mismatch in spam checking

Αρχική Σελίδα
Delete this message
Reply to this message
Συντάκτης: James
Ημερομηνία:  
Προς: exim-users
Αντικείμενο: Re: [exim] Taint mismatch in spam checking
On 03/06/2020 18:03, Jeremy Harris via Exim-users wrote:
> It's a "spam=" ACL condition, and you're feeding it a tainted
> string on the right of the =.


It is however it is authenticated before use so surely can't be rouge
else "authenticated = *" is not true. I can untaint it by doing:

     ${lookup pgsql{SELECT domain FROM domains WHERE domain = 
'${lc:$sender_address_domain}'}}



Thank you.