On 17/11/2022 15:12, Martin Clayton wrote:
On 17/11/2022 13:49, Jeremy Harris via Exim-users wrote:
On 16/11/2022 14:06, Martin Clayton via Exim-users wrote:
Removing the rhsbl services (i.e, $sender_address_domain) and all is
well.
[...]
dbl.spamhaus.org!=127.0.1.255,127.255.255.252,127.255.255.254,127.255.255.255/$sender_address_domain
because it uses $sender_address_domain (which is tainted), taints the
entire string
Ah, so it's unexpectedly expected behaviour ;)
So, sorry to be a tainted dummy, but I'm still left wondering how to
deal with this.
The dns query runs without issue, log messages, etc, all good. It's only
the $dnslist_domain based file lookup to define the action to take.
It sounds like dnslists using rhsbl services have to be tainted. (I'm
assuming that attempting to detaint $sender_address_domain isn't
sensible when it could legitimately be anything protocol-valid).
So, can $dnslist_domain be detainted? We know it lives in a pre-defined
list. The parent (dnslists) may be tainted but the child is reliable,
innocent and completely immune to anything in $sender_address_domain
Rabbit holes :)
Cheers,
Martin
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
