[exim] Tainted filename on DKIM signing in 4.94

Top Page
Delete this message
Reply to this message
Author: Max Kostikov
Date:  
To: exim-users
Subject: [exim] Tainted filename on DKIM signing in 4.94
I found one more issue found after upgrade to latest Exim 4.94.
Now this is related to outgoing messages DKIM signing.

Jun 6 12:17:04 beta exim[11180]: 1jhVss-000ORe-45 Tainted filename
'/usr/local/etc/exim/dkim/kostikov.co.key0'
Jun 6 12:17:04 beta exim[11180]: 1jhVss-000ORe-45 unable to open file
for reading: /usr/local/etc/exim/dkim/kostikov.co.key0

In Exim configuration it defined using global variabled at the start of
transports section

begin transports

   SENDER_DOMAIN         = ${if 
def:h_from:{${lc:${domain:${address:$h_from:}}}}{$qualify_domain}}
   KEYNAME               = key${eval10:${substr{4}{2}{$tod_logfile}}%2}
   DKIM_FILE             = /usr/local/etc/exim/dkim/SENDER_DOMAIN.KEYNAME
   DKIM_DEFAULT          = 
/usr/local/etc/exim/dkim/$qualify_domain.KEYNAME


remote_smtp:
   driver                = smtp
   dkim_domain           = SENDER_DOMAIN
   dkim_selector         = KEYNAME
   dkim_private_key      = ${if exists{DKIM_FILE}{DKIM_FILE}{}}
   arc_sign              = $primary_hostname : KEYNAME : DKIM_DEFAULT : 
timestamps
   ...


How can I fix this?

--
With best regards,
Max Kostikov

W: https://kostikov.co | DeltaChat: mk@???