Dan Egli via Exim-users <exim-users@exim.org> (Mi 05 Mai 2021 02:41:38 CEST): > I just upgraded to 4.94.2, and most everything is working fine. But I'm > getting an issue on DKIM signings with tainted filename. I looked over the > list and tried to apply the same fix I've seen used before, but I guess I'm > not understanding it. Here's my dkim_private_key statement: > > dkim_private_key = ${if > exists{/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}\ > {/etc/exim/DKIM/${lc:$sender_address_domain}/dkim.private.key.pem}{0}} > > So how do I correct this? Thanks!
You didn't run 4.94 before, did you? The $sender_address_domain is considered tainted. Now (since >= 4.94) Exim refused to use tainted data for filenames. The "exists" doesn't de-taint the data. You need to perform a kind of lookup first, to "clean"/"de-taint" the data. # determine the domain to be used for signing (use the rfc5322.From # or schlittermann.de as a fallback dkim_domain = ${lookup{${domain:${address:$h_from:}}}dsearch{$config_dir/dkim}{$value}{schlittermann.de}} dkim_selector = ${lookup{$dkim_domain}lsearch{$config_dir/dkim/selector}} # use the found signing domain and it's selector to get # the private key dkim_private_key = $config_dir/dkim/$dkim_domain/$dkim_selector.pem -- Heiko
signature.asc
Description: PGP signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/