https://bugs.exim.org/show_bug.cgi?id=2623
--- Comment #1 from Jeremy Harris <jgh146exb@???> ---
That exact lookup is used in a testcase, and passes. I realise now that it's
not a good case, because IP addresses are regarded as being too hard for
attackers to manipulate, hence not tainted. Tested with $domain instead
(a nonsensical thing in that context, but useful for testing) it does indeed
fail.
I suspect you had something other than $sender_host_address there. But it is
a bug.
--
You are receiving this mail because:
You are on the CC list for the bug.
