Agreed - this was problematic for me, since I use .forward files for
vmail users. I ended up solving it with:
local_parts =
${lookup{${lc:$local_part}}dsearch{/var/mail/vmail}}
require_files = +/var/mail/vmail/${local_part_data}/.forward
file = /var/mail/vmail/${local_part_data}/.forward
Basically local_parts does a lookup, which detaints the output since
it's looked up not input. Then local_part_data is used for the actual
path.
Improved documentation around this would have been useful, but I don't
know exactly what we'd want it to say. :-)
ScottE
On Fri, Jun 19, 2020 at 10:35 AM Jeremy Harris via Exim-users
<exim-users@???> wrote:
>
> On 19/06/2020 17:33, Patrick Porteous via Exim-users wrote:
> > I'm having the same problem as Vladislav Georgiev after upgrading from
> > 4.93.3 to 4.94-1. After applying the update, I receive the following
> > error when trying to send from any of my domains. Is this a bug or is
> > this something I need to change in my config file for the new version?
>
> > 2020-06-19 07:54:17 H=mail.example.com ([192.168.1.###]) [##.###.###.##]
> > sender verify defer for <sender@???>: failed to expand
> > "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}":
> > NULL
>
> It is something you need to change in your configuration.
>
> You are using an unsafe construction for the
> file in which you are doing an lsearch.
>
> Consider that the domain, the result of expanding $domain,
> is fully under the control of a potential attacker.
> It could, for example, contain the letter sequence "../".
> --
> Cheers,
> Jeremy
>
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
