On 19/06/2020 17:33, Patrick Porteous via Exim-users wrote: > I'm having the same problem as Vladislav Georgiev after upgrading from > 4.93.3 to 4.94-1. After applying the update, I receive the following > error when trying to send from any of my domains. Is this a bug or is > this something I need to change in my config file for the new version?
> 2020-06-19 07:54:17 H=mail.example.com ([192.168.1.###]) [##.###.###.##] > sender verify defer for <[email protected]>: failed to expand > "${extract{1}{:}{${lookup{$local_part@$domain}lsearch{/etc/exim/domains/$domain/aliases}}}}": > NULL It is something you need to change in your configuration. You are using an unsafe construction for the file in which you are doing an lsearch. Consider that the domain, the result of expanding $domain, is fully under the control of a potential attacker. It could, for example, contain the letter sequence "../". -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
