[exim] 4.94 - De-tainting without lookup?

Pàgina inicial
Delete this message
Reply to this message
Autor: Alexander Hoff
Data:  
A: exim-users
Assumpte: [exim] 4.94 - De-tainting without lookup?
I have heard of the problem with this tainted function many times. Configurations that worked for a long time are now broken due to the minor update.

Above all, I have the impression that the documentation is not sufficient. I think it would be a good idea if one of the developers would be able to publish solutions for a migration from typical configurations that were previously valid to the configurations currently required.

Let's take a typical transport such as:

local_delivery:
driver = appendfile
directory = /home/$▶local_part{/.maildir

or a router with multi-domain support like

virtual_aliases:
driver = redirect
domains = lsearch; /etc/exim/virtual_domains
data = $ {lookup{$ local_part}lsearch{/etc/exim/$domain/aliases}}
no_more

This router will no longer work with Exim 4.94, too (IMHO).

What's about a transport for procmail, for example:

procmail:
driver = pipe
command = "/ usr / bin / procmail -d $ local_part"
return_path_add
delivery_date_add
envelope_to_add
user = $ local_part
initgroups
return_output

Or the example of Matthias?

Best regards,

Alex