[exim] Re: Tainted search

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Odhiambo Washington
Data:  
Para: mje, Mark Elkins
CC: exim-users
Asunto: [exim] Re: Tainted search
On Tue, Jun 13, 2023 at 4:43 PM Mark Elkins via Exim-users <
exim-users@???> wrote:

> Hi all,
>
> I'm running Exim version 4.96 #2 built 06-Jun-2023. I recently started
> to see errors in my logfile of:  "tainted search query is not properly
> quoted"
>
> I've got rid of all but one by adding "quote_mysql:" to the search. I'm
> stuck on one though...
>
> remote_smtp:
>    driver = smtp
>    dnssec_request_domains = *
>    hosts_try_dane = *
>    return_path = ${address:$reply_address}
> #  interface = 160.124.208.1 : 2001:42a0:1:208::1 # if required
>    # MJE - for now # message_size_limit = ${if >
> {$max_received_linelength}{998} {1}{0} }
>    #dkim_domain = ${lookup mysql {select domain from admin WHERE
> domain='${quote_mysql:domain:$h_from:}' limit 1}}
>    dkim_domain = ${lookup mysql {select domain from admin WHERE
> domain='${domain:$h_from:}' limit 1}}
>    dkim_selector = ${substr_2_4:$tod_zulu}
>    dkim_private_key = ${if
>
> exists{/etc/exim/dkim/$dkim_domain-$dkim_selector.pem}{/etc/exim/dkim/$dkim_domain-$dkim_selector.pem}{0}}
>    dkim_canon=relaxed
>
> This does not work:    domain='${quote_mysql:domain:$h_from:}'
>
> This currently works:   domain='${domain:$h_from:}'   -  but gives the
> tainted search error ... but at least the DKIM part works.
>
> I run multiple domains so the code is to pick up the correct
> domain-name's DKIM record - etc.
>
> Can someone please give me a simple answer? I don't know the proper
> syntax... or even what "${domain:$h_from:}'" does... apart from picking
> up the Domain from the senders address. Do I add more brackets perhaps?
>


What I do:

dkim_domain        = ${if
exists{/etc/exim/DKIM/${lc:$sender_address_domain}}{${lc:$sender_address_domain}}{}}
dkim_selector        = key1
dkim_private_key   = ${lookup {${sender_address_domain}} \
                       dsearch,ret=full {/etc/exim/DKIM} \
                       {$value/dkim.priv.key} {false}}




-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/