Re: [exim] Taint mismatch in spam checking

Top Page
Delete this message
Reply to this message
Author: James
Date:  
To: exim-users
Subject: Re: [exim] Taint mismatch in spam checking
On 03/06/2020 18:03, Jeremy Harris via Exim-users wrote:
> It's a "spam=" ACL condition, and you're feeding it a tainted
> string on the right of the =.


It is however it is authenticated before use so surely can't be rouge
else "authenticated = *" is not true. I can untaint it by doing:

     ${lookup pgsql{SELECT domain FROM domains WHERE domain = 
'${lc:$sender_address_domain}'}}



Thank you.