Hi
> 1) address_data = ${lookup{$local_part@$domain}lsearch*@{FILE
> }{$value}fail}
> 2) server_secret =
${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}
> 3) server_condition = "${if
> eq{$2}{${extract{pass}{${lookup{$1}lsearch{FILE}{$value}fail}}}}{1}{0}}"
> 4) driver = redirect data = ${expand:${extract{forward}{$address_data}}}
Sorry, I forgot one case:
5) driver = pipe command = /folder/${extract{trigger}{$address_data}}.sh
${extract{trigger_param}{$address_data}{$value}{}}
While I know that "trigger" will always contain safe data, I cannot be sure
about trigger_param.
I am not using a shell from the exim side, but the targets are .sh-scripts,
implicitly invoking a shell.
What do I have to do to make those arguments safe?
Against exim string expansion and against shell expansion (I am not sure, if
it applies in this scenario anyways).
Regards,
Steffen
smime.p7s
Description: S/MIME cryptographic signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
