Hi,
I have a router for using local filter-files that looks like this:
virtual_userfilter:
driver = redirect
domains = lsearch,ret=key;VIRTUAL_DOMAINS_FILE
no_check_local_user
no_verify
no_expn
router_home_directory = LDAP_MAILBOX
transport_home_directory = LDAP_MAILBOX
require_files = exim:${home}/.exim_filter
file = ${home}/.exim_filter
check_ancestor
allow_filter
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply
directory_transport = address_directory
modemask = 002
user = pop
group = exim
And I have in my filter-files this filter which checks if the user has a
blacklist enabled and if the sender-address is in the blacklist:
if "${lookup ldap {LDAPAUTH
LDAPDN?enableBlackList?sub?(mail=${quote_ldap:$local_part@$domain})}{$value}{0}}"
is "1" and "${lookup ldap {LDAPAUTH
LDAPDN?mailBlackList?sub?(&(mail=${quote_ldap:$local_part@$domain})(mailBlackList=${lc:${address:$h_From:}}))}{Yes}{No}}"
is "Yes"
In exim 4.96 I have now the problem that this seems to be considered tainted in
filter-files (or in ldap-queries; I am not sure tbh).
I get this error in the log: tainted search query is not properly quoted
(router virtual_userfilter
, /usr/local/etc/exim/conf/routers.conf 274): LDAPAUTH
LDAPDN?mailBlackList?sub?(&(mail=test-receiver%40domain.tld)([email protected]))
And I get this in a debug session: (tainted, quoted:ldap)
Since I have no_check_local_user set I cannot use local_part_data (it is empty
and according to the documentation it would only be not empty if
check_local_user is set which I don't want here). And domain_data brings up
weird results.
But one step at a time. How do I de-taint in this context?
Best,
Niels
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
