Re: [exim] Problem with lookup an alias for a domain

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Jeremy Harris
Dátum:  
Címzett: exim-users
Tárgy: Re: [exim] Problem with lookup an alias for a domain
On 13/02/2021 14:13, Fabio Martins via Exim-users wrote:
> I have a working exim 4.89 setup on Linux with alias lookup. The same
> setup is not working with 4.94 on OpenBSD.
>
> Did something changed between versions, that I am not aware of?


Yes.

Data supplied by a potential attacker is no longer permitted as
part of a filename. Here's the clue (and, thankyou for
going so far as to get relevant debug info!) :-


> 31068 rda_interpret (string):
> '${lookup{$local_part}lsearch*@{/etc/exim/aliases.d/$domain}}'
> 31068 LOG: MAIN PANIC
> 31068 Tainted filename for search: '/etc/exim/aliases.d/DOMAIN001.COM'


Have a search in the docs concept index for "taint". In short, you
need to validate that domain before using it.
--
Cheers,
Jeremy