Re: [exim] Taint mismatch in spam checking

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
M 
Delete this message
Reply to this message
Author: James
Date:  
To: exim-users
Subject: Re: [exim] Taint mismatch in spam checking
On 03/06/2020 18:03, Jeremy Harris via Exim-users wrote:
> It's a "spam=" ACL condition, and you're feeding it a tainted
> string on the right of the =.

It is however it is authenticated before use so surely can't be rouge
else "authenticated = *" is not true. I can untaint it by doing: 

     ${lookup pgsql{SELECT domain FROM domains WHERE domain = 
'${lc:$sender_address_domain}'}}



Thank you.

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Taint mismatch, string_nextinlist: acl_check_condition 3675[exim] [ADMIN] Couple of points->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)