[exim] Re: Tainted search

Pàgina inicial
Delete this message
Reply to this message
Autor: Mark Elkins via Exim-users
Data:  
A: exim-users
Assumpte: [exim] Re: Tainted search
Fixed by adding brackets - etc...

  dkim_domain = ${lookup mysql {select domain from admin WHERE
domain='${quote_mysql:${domain:$h_from:}}' limit 1}}

Whether this is correct or not - it works. I needed the domain of the
sender so I can provide the correct DKIM data. This was somewhat easier
before Tainted Data controls though in this case - all I'm looking for
is finding the correct DKIM records which only exist for Domains that I
manage... so is somewhat self-controlled already.

On 2023/06/13 16:06, Jeremy Harris via Exim-users wrote:
> On 13/06/2023 14:41, Mark Elkins via Exim-users wrote:
>> This does not work:    domain='${quote_mysql:domain:$h_from:}'
>
> That would be quoting a string starting "domain:" and then
> having the content of the From: header - which probably isn't
> what you wanted.
>
> Read the docs on string-expansions (and then worry if
> the *header* data is what you should be starting from, too).
>
> https://exim.org/exim-html-current/doc/html/spec_html/ch-string_expansions.html
>
>
>> This currently works: domain='${domain:$h_from:}'   -  but gives the
>> tainted search error ... but at least the DKIM part works.
>
> If you really do want that source data, then you need two expansions:
> an inner one to get the domain, and an outer one to do the quoting.

--

Mark James ELKINS  -  Posix Systems - (South) Africa
mje@??? Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
<https://ftth.posix.co.za>



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/