Hi,
I have a router for using local filter-files that looks like this:
virtual_userfilter:
driver = redirect
domains = lsearch,ret=key;VIRTUAL_DOMAINS_FILE
no_check_local_user
no_verify
no_expn
router_home_directory = LDAP_MAILBOX
transport_home_directory = LDAP_MAILBOX
require_files = exim:${home}/.exim_filter
file = ${home}/.exim_filter
check_ancestor
allow_filter
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
modemask = 002
user = pop
group = exim
And I have in my filter-files this filter which checks if the user has a blacklist enabled and if the sender-address is in the blacklist:
if "${lookup ldap {LDAPAUTH LDAPDN?enableBlackList?sub?(mail=${quote_ldap:$local_part@$domain})}{$value}{0}}" is "1" and "${lookup ldap {LDAPAUTH LDAPDN?mailBlackList?sub?(&(mail=${quote_ldap:$local_part@$domain})(mailBlackList=${lc:${address:$h_From:}}))}{Yes}{No}}" is "Yes"
In exim 4.96 I have now the problem that this seems to be considered tainted in filter-files (or in ldap-queries; I am not sure tbh).
I get this error in the log: tainted search query is not properly quoted (router virtual_userfilter
, /usr/local/etc/exim/conf/routers.conf 274): LDAPAUTH LDAPDN?mailBlackList?sub?(&(mail=test-receiver%40domain.tld)(mailBlackList=test-blacklist@???))
And I get this in a debug session: (tainted, quoted:ldap)
Since I have no_check_local_user set I cannot use local_part_data (it is empty and according to the documentation it would only be not empty if check_local_user is set which I don't want here). And domain_data brings up weird results.
But one step at a time. How do I de-taint in this context?
Best,
Niels
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/