Hi all,
I am deploying a new mailserver and applying an existing configuration
to it (non split config),
Original Debian version: 11
Previous Exim version: 4.94.2
New Debian vesion: Debian 12
New Exim version: 4.96
It is working so far as expected, I've not received any parts of the
config not working because of tainting. I run in debug mode as below as
part of my testing:
exim -bd -d+all 2>&1 | tee "$(date +"%Y_%m_%d_%I_%M_%p").out"
I have noticed that it shows on a number of occasions were the result is
tainted, for example:
╭considering:
${lookup{$sender_address}nwildlsearch{/etc/exim4/sender-whitelist}{1}}}{1}}}{0}}
╎╭considering:
$sender_address}nwildlsearch{/etc/exim4/sender-whitelist}{1}}}{1}}}{0}}
╎├considering: }nwildlsearch{/etc/exim4/sender-whitelist}{1}}}{1}}}{0}}
╎├──expanding: $sender_address
╎╰─────result: <sender_email_address>
╎ ╰──(tainted)
This is the actual config for the above:
acl_check_data:
accept
condition = ${if exists{CONFDIR/sender-whitelist}{${if
eq{${lookup{$sender_address}nwildlsearch{CONFDIR/sender-whitelist}{1}}}{1}}}{0}}
log_message = $sender_address matching a sender-whitelist entry
add_header = X-Data: $sender_address matching a sender-whitelist entry
My understanding of tainting and experience so far is that it will stop
your configuration from working until you resolve the tainted data?
For the above I've read alot of examples and the docs, I'm unsure how I
would resolve it when you can't do a lookup on sender_address because
you don't know the data that will be provided.
Thanks for Exim and any assistance you can offer, it's a great MTA,
which I enjoy learning but I'm unsure on this issue.
Many thanks
Daniel
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
