Re: [exim] Tainted filename for search in Exim 4.94-1

Página Inicial
Delete this message
Reply to this message
Autor: Patrick Porteous
Data:  
Para: Exim-users
Assunto: Re: [exim] Tainted filename for search in Exim 4.94-1
Hello,

I'm having the same problem as Vladislav Georgiev after upgrading from
4.93.3 to 4.94-1.  After applying the update, I receive the following
error when trying to send from any of my domains.  Is this a bug or is
this something I need to change in my config file for the new version? 
Please be as specific as possible in your reply if this is something I
need to change because I read your response to Vladislav Georgiev and I
wasn't able to follow your suggestion. Appreciate the clarification. 
This is the error I am seeing for all my virtual domains in my log file:

2020-06-19 07:54:17 H=mail.example.com ([192.168.1.###]) [##.###.###.##]
sender verify defer for <sender@???>: failed to expand
"${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}":
NULL

2020-06-19 07:54:17 H=mail.example.com ([192.168.1.###]) [##.###.###.##]
F=<sender@???> A=dovecot_plain:sender@??? temporarily
rejected RCPT <recipient@???>: Could not complete sender verify

From exim.conf

aliases:
  driver = redirect
  headers_add = X-redirected: yes
  data =
${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}
  require_files = /etc/exim/domains/$domain/aliases
  redirect_router = dnslookup
  pipe_transport = address_pipe
  unseen

dnslookup:
  driver = dnslookup
  domains = !+local_domains
  transport = remote_smtp
  no_more



On 2020-06-19 12:29, Jeremy Harris wrote:
> On 18/06/2020 13:43, Vladislav Georgiev | NS1.bg via Exim-users wrote:
> > 2020-06-18 15:26:49 Tainted filename for search:

'/etc/valiases/domain.com'
>
> Docs, concept index, de-tainting.
> --
> Cheers,
> Jeremy
>
>


--
Thank you,


Patrick Porteous
ATAP, Inc.
256-362-2221 x 152

**CONFIDENTIALITY NOTICE**
This information contained in this e-mail transmittal is privileged and confidential, intended for the addressee only. If you are neither the intended recipient nor the employee or agent responsible for delivering this e-mail to the intended recipient, any disclosure of this information in any way or taking of any action in reliance on this information is strictly prohibited. If you have received this e-mail in error, please notify the person transmitting the information immediately.

Please consider the environment before printing this email.