[exim] tainted search query is not properly quoted (router l…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Luca Bertoncello
Date:  
À: Exim-Users
Sujet: [exim] tainted search query is not properly quoted (router localWrite_gw, /etc/exim/configure 914)


Hi list!

I'm porting the "old" configuration from 4.94.2 to 4.98.
First I had to change somethings due to SRS, but now I get a strange
error...

My Router:

localWrite_gw:
driver = redirect
allow_filter
domains = +local_domains
user = ${lookup mysql {select case count(*) when 0 then DEFAULT_UID
else case uid when 0 then DEFAULT_UID else uid end end from aliases left
outer join account using (accountname) left join domain using
(domainname) where lower(aliasname) =
lower('${quote_mysql:$local_part}') and lower(domainname) =
lower('$domain')}}
group = users
data = ${lookup mysql {select concat('# EXIM Filter\n\n',
replace(concat(concat(case hasAutoresponder when 'f' then '' else
replace(replace('if not error_message and \$message_headers does not
contain "\\\\nX-SPAM:" and \$message_headers does not contain
"\\\\nX-Infected:" then if personal then mail text "%%TEXT%%" from
"$local_part@$domain" subject "%%SUBJ%%" extra_headers "MIME-Version:
1.0\\\\nContent-Type: text/plain; charset=ISO-8859-15" endif endif',
'%%SUBJ%%', autoresponderSubject), '%%TEXT%%', autoresponderText) end,
'\n\n'), case when filters is not null then concat(filters, "\n",
dataHam) else dataHam end), '%%FINALDEST%%', finaldest)) from aliases
left join account using (accountname) left join domain using
(domainname) where lower(aliasname) =
lower('${quote_mysql:$local_part}') and lower(domainname) =
lower('$domain')}}
redirect_router = loopbackRouter
reply_transport = autoresponder
pipe_transport = address_pipe
file_transport = address_file
directory_transport = address_file
headers_remove = ${if def::h_X-DefSubject {Subject}}:X-DefSubject:
headers_add = ${if def:h_X-DefSubject {Subject: $h_X-DefSubject:}}
no_more

Now I try to check what Exim does to handle an E-Mail to
lucabert@???:

lucabert@root2507:~$ /opt/exim/bin/exim -bt lucabert@???
LOG: MAIN PANIC
tainted search query is not properly quoted (router localWrite_gw,
/etc/exim/configure 914): select case count(*) when 0 then 1005 else
case uid when 0 then 1005 else uid end end from aliases left outer join
account using (accountname) left join domain using (domainname) where
lower(aliasname) = lower('lucabert') and lower(domainname) =
lower('lucabert.de')
LOG: MAIN PANIC
tainted search query is not properly quoted (router localWrite_gw,
/etc/exim/configure 914): select concat('# EXIM Filter

', replace(concat(concat(case hasAutoresponder when 'f' then '' else
replace(replace('if not error_message and $message_headers does not
contain "\\nX-SPAM:" and $message_headers does not contain
"\\nX-Infected:" then if personal then mail text "%%TEXT%%" from
"lucabert@???" subject "%%SUBJ%%" extra_headers "MIME-Version:
1.0\\nContent-Type: text/plain; charset=ISO-8859-15" endif endif',
'%%SUBJ%%', autoresponderSubject), '%%TEXT%%', autoresponderText) end, '

'), case when filters is not null then concat(filters, "
", dataHam) else dataHam end), '%%FINALDEST%%', finaldest)) from aliases
left join account using (accountname) left join domain using
(domainname) where lower(aliasname) = lower('lucabert') and
lower(domainname) = lower('lucabert.de')
lucabert@??? -> /var/spool/mail/lucabert/Maildir
transport = address_file

I cannot understand "tainted search query is not properly quoted"...
Can someone help me and say what I'm doing wrong?

Thanks
Luca Bertoncello
(lucabert@???)

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/