Dan Egli via Exim-users <[email protected]> (Mi 05 Mai 2021 02:41:38 CEST): > I just upgraded to 4.94.2, and most everything is working fine. But I'm > getting an issue on DKIM signings with tainted filename. I looked over the > list and tried to apply the same fix I've seen used before, but I guess I'm > not understanding it. Here's my dkim_private_key statement: > > dkim_private_key = ${if > exists{/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}\ > {/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}{0}} > > So how do I correct this? Thanks!
You didn't run 4.94 before, did you?
The $sender_address_domain is considered tainted. Now (since >= 4.94)
Exim refused to use tainted data for filenames. The "exists" doesn't
de-taint the data. You need to perform a kind of lookup first, to
"clean"/"de-taint" the data.
# determine the domain to be used for signing (use the rfc5322.From
# or schlittermann.de as a fallback
dkim_domain =
${lookup{${domain:${address:$h_from:}}}dsearch{$config_dir/dkim}{$value}{schlittermann.de}}
dkim_selector = ${lookup{$dkim_domain}lsearch{$config_dir/dkim/selector}}
# use the found signing domain and it's selector to get
# the private key
dkim_private_key = $config_dir/dkim/$dkim_domain/$dkim_selector.pem
--
Heiko
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
