Try to use quotes around the lookup:
command = /opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
"${lookup
ldap{ldap://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn(mail=${quote_ldap:$local_part@$domain})}fail}"
09.11.23 18:29, Johnnie W Adams via Exim-users:
> Thanks! That's got me almost there. This works when I test with exim -be,
> but in exim.conf, it fails with missing lookup type:
>
> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> ${lookup ldap{ldap://
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
> }"
>
>
>
> On Thu, Nov 9, 2023 at 5:50 AM Oleksandr Kryvulia via Exim-users <
> exim-users@???> wrote:
>
>> Use in transport same lookup as in a router:
>>
>> driver = pipe
>> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
>> ${lookup ldap{...}{$value}fail}"
>>
>> 08.11.23 22:11, Johnnie W Adams via Exim-users:
>>> I believe I understand what I'm to do here--use LDAP to look up the
>>> $local_part and return it, thus untainting it--but I'm finding the
>> examples
>>> in the documentation less than clear. Can someone point me elsewhere?
>>>
>>> On Wed, Nov 8, 2023 at 8:44 AM Kurt Jaeger <exim-users@???> wrote:
>>>
>>>> Hi!
>>>>
>>>>> I applied 4.96-1 to our test systems and routing to the
>> LISTSERVer
>>>>> began to fail with "*Tainted arg 2* for listserv_transport transport
>>>>> command:<name of LISTSERV>
>>>>>
>>>>> The transport is quite simple:
>>>>>
>>>>> # Hand off to LISTSERV lsv_admin script
>>>>>
>>>>> listserv_transport:
>>>>>
>>>>> driver = pipe
>>>>>
>>>>> command = "/opt/lsoft/listserv/bin/lsv_amin
>> /opt/lsoft/listserv/spool
>>>>> $local_part"
>>>>>
>>>>> return_output
>>>>>
>>>>> What changed? And how do I fix it?
>>>> Exim is now checking data from external sources much more rigerous
>>>> and does not longer trust it. For the concept behind this:
>>>>
>>>>
>>>>
>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
>>>> Search in that index for the keyword 'de-tainting'.
>>>>
>>>> In your case: "$local_part" is tainted, and has to be changed
>>>> so that it can be considered trustworthy.
>>>>
>>>> --
>>>> pi@??? +49 171 3101372 Now what ?
>>>>
>>
>> --
>> ## subscription configuration (requires account):
>> ##
>> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
>> ## unsubscribe (doesn't require an account):
>> ## exim-users-unsubscribe@???
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
