On 30/04/2022 00:54, Slavko (tblt) via Exim-users wrote:
Yes, as i wrote the same already some time ago, some generic
${detaint:...} expansion is missing.
That would be instantly abused.
verify recipients from my MX to my other MTA (where local DB are
stored) by callout. But that doey not detaint recipient address nor
domain,
That's worthy of consideration; thank you for the idea.
Essentially, it would be treating a backend MTA as a trusted DB
for lookup.
As redis support is not full (and on Debian is missing at all) i use
${run ...} to communicate with redis and i afraid, that i will have
problems to use it in new version,
Volunteers to work on any aspect, including redis support, are
always welcome. It really needs someone who uses it and finds
a facility lacking (meaning: not me).
In the meantime, the ${run } expansion is not taint-checked
(and therefore still fertile ground for security breaches).
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
