[exim] Re: Fwd: Upon applying 4.96-1 on test, "Tainted arg 2…

Góra strony
Delete this message
Reply to this message
Autor: Johnnie W Adams
Data:  
Dla: Oleksandr Kryvulia
CC: exim-users
Temat: [exim] Re: Fwd: Upon applying 4.96-1 on test, "Tainted arg 2" appears
Thanks! That's got me almost there. This works when I test with exim -be,
but in exim.conf, it fails with missing lookup type:

command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
${lookup ldap{ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
}"



On Thu, Nov 9, 2023 at 5:50 AM Oleksandr Kryvulia via Exim-users <
exim-users@???> wrote:

> Use in transport same lookup as in a router:
>
>    driver = pipe
>    command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> ${lookup ldap{...}{$value}fail}"
>
> 08.11.23 22:11, Johnnie W Adams via Exim-users:
> > I believe I understand what I'm to do here--use LDAP to look up the
> > $local_part and return it, thus untainting it--but I'm finding the
> examples
> > in the documentation less than clear. Can someone point me elsewhere?
> >
> > On Wed, Nov 8, 2023 at 8:44 AM Kurt Jaeger <exim-users@???> wrote:
> >
> >> Hi!
> >>
> >>>       I applied 4.96-1 to our test systems and routing to the
> LISTSERVer
> >>> began to fail with "*Tainted arg 2* for listserv_transport transport
> >>> command:<name of LISTSERV>
> >>>
> >>>       The transport is quite simple:
> >>>
> >>> # Hand off to LISTSERV lsv_admin script
> >>>
> >>> listserv_transport:
> >>>
> >>>    driver = pipe
> >>>
> >>>    command = "/opt/lsoft/listserv/bin/lsv_amin
> /opt/lsoft/listserv/spool
> >>> $local_part"
> >>>
> >>>    return_output
> >>>
> >>>       What changed? And how do I fix it?
> >> Exim is now checking data from external sources much more rigerous
> >> and does not longer trust it. For the concept behind this:
> >>
> >>
> >>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
> >>
> >> Search in that index for the keyword 'de-tainting'.
> >>
> >> In your case: "$local_part" is tainted, and has to be changed
> >> so that it can be considered trustworthy.
> >>
> >> --
> >> pi@???            +49 171 3101372                    Now what ?
> >>
> >
>
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ##   exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>



--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@??? | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/