Re: [exim] Problem with lookup an alias for a domain

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMFabio Martins at <-
Heiko Schlittermann at ->
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] Problem with lookup an alias for a domain
On 13/02/2021 14:13, Fabio Martins via Exim-users wrote:
> I have a working exim 4.89 setup on Linux with alias lookup. The same
> setup is not working with 4.94 on OpenBSD.
>
> Did something changed between versions, that I am not aware of?

Yes.

Data supplied by a potential attacker is no longer permitted as
part of a filename. Here's the clue (and, thankyou for
going so far as to get relevant debug info!) :-


> 31068 rda_interpret (string):
> '${lookup{$local_part}lsearch*@{/etc/exim/aliases.d/$domain}}'
> 31068 LOG: MAIN PANIC
> 31068 Tainted filename for search: '/etc/exim/aliases.d/DOMAIN001.COM'

Have a search in the docs concept index for "taint". In short, you
need to validate that domain before using it.
--
Cheers,
Jeremy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Problem with lookup an alias for a domainRe: [exim] Problem with lookup an alias for a domain->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)