Hey,
(sorry for starting a new thread - I was not subscribed previously so I could
not reply in the old thread).
After upgrading to 4.94 I got the ominous error message:
Tainted filename for search: 'select'
As far as I understood "sqlite_dbfile" should solve the problem for me but it
does not.
This is likely the important part of my configuration
sqlite_dbfile = /path/to/user.db
domainlist local_domains = sqlite;select DISTINCT domain from users where
domain='${quote_sqlite:$domain}' and is_enabled=1;
...
acl_check_rcpt:
...
require domains = +local_domains :
message = relay not permitted
Still exim 4.94 complains:
SMTP<< rcpt TO:<[email protected]>
using ACL "acl_check_rcpt"
processing "require" (…)
message: relay not permitted
check domains = +local_domains :
╭considering: sqlite;select DISTINCT domain from users where
domain='${quote_sqlite:$domain}' and is_enabled=1;
╭considering: $domain}' and is_enabled=1;
├──expanding: $domain
╰─────result: site.example
╰──(tainted)
├──expanding: sqlite;select DISTINCT domain from users where
domain='${quote_sqlite:$domain}' and is_enabled=1;
╰─────result: sqlite;select DISTINCT domain from users where
domain='site.example' and is_enabled=1;
╰──(tainted)
LOG: MAIN PANIC
Tainted filename for search: 'select'
I assumed that "quote_sqlite" would untain the $domain value but it does not?
How can I retrieve the
Felix
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
