Re: [exim] $dnslist_domain tainted

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJeremy Harris at <-
MJeremy Harris at ->
Delete this message
Reply to this message
Author: Martin Clayton
Date:  
To: exim-users
Subject: Re: [exim] $dnslist_domain tainted
On 17/11/2022 15:12, Martin Clayton wrote:
> On 17/11/2022 13:49, Jeremy Harris via Exim-users wrote:
>> On 16/11/2022 14:06, Martin Clayton via Exim-users wrote:
>>> Removing the rhsbl services (i.e, $sender_address_domain) and all is
>>> well.
>>>
>> [...]
>> dbl.spamhaus.org!=127.0.1.255,127.255.255.252,127.255.255.254,127.255.255.255/$sender_address_domain
>>
>> because it uses $sender_address_domain (which is tainted), taints the
>> entire string

Ah, so it's unexpectedly expected behaviour ;)

So, sorry to be a tainted dummy, but I'm still left wondering how to
deal with this.

The dns query runs without issue, log messages, etc, all good. It's only
the $dnslist_domain based file lookup to define the action to take.

It sounds like dnslists using rhsbl services have to be tainted. (I'm
assuming that attempting to detaint $sender_address_domain isn't
sensible when it could legitimately be anything protocol-valid).

So, can $dnslist_domain be detainted? We know it lives in a pre-defined
list. The parent (dnslists) may be tainted but the child is reliable,
innocent and completely immune to anything in $sender_address_domain

Rabbit holes :)

Cheers,
Martin







This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] $dnslist_domain taintedRe: [exim] $dnslist_domain tainted->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)