Szerző: Jeremy Harris Dátum: Címzett: exim-users Tárgy: Re: [exim] Problem with lookup an alias for a domain
On 13/02/2021 14:13, Fabio Martins via Exim-users wrote: > I have a working exim 4.89 setup on Linux with alias lookup. The same
> setup is not working with 4.94 on OpenBSD.
>
> Did something changed between versions, that I am not aware of?
Yes.
Data supplied by a potential attacker is no longer permitted as
part of a filename. Here's the clue (and, thankyou for
going so far as to get relevant debug info!) :-
> 31068 rda_interpret (string):
> '${lookup{$local_part}lsearch*@{/etc/exim/aliases.d/$domain}}'
> 31068 LOG: MAIN PANIC
> 31068 Tainted filename for search: '/etc/exim/aliases.d/DOMAIN001.COM'
Have a search in the docs concept index for "taint". In short, you
need to validate that domain before using it.
--
Cheers,
Jeremy