https://bugs.exim.org/show_bug.cgi?id=2609
Jeremy Harris <jgh146...@wizmail.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Jeremy Harris <jgh146...@wizmail.org> --- This is a configuration issue. You may not use $sender_address_domain directly as part of the filename because it is supplied by a potential attacker. You need to validate and de-taint this value first. Generally this means using it as a key for lookup in some trusted information (database, file, filesystem). Search in the docs Concept Index for de-tainting. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##