Try to use quotes around the lookup:
command = /opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
"${lookup
ldap{ldap://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn(mail=${quote_ldap:$local_part@$domain})}fail}"
09.11.23 18:29, Johnnie W Adams via Exim-users:
Thanks! That's got me almost there. This works when I test with exim -be,
but in exim.conf, it fails with missing lookup type:
command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
${lookup ldap{ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
}"
On Thu, Nov 9, 2023 at 5:50 AM Oleksandr Kryvulia via Exim-users <
[email protected]> wrote:
Use in transport same lookup as in a router:
driver = pipe
command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
${lookup ldap{...}{$value}fail}"
08.11.23 22:11, Johnnie W Adams via Exim-users:
I believe I understand what I'm to do here--use LDAP to look up the
$local_part and return it, thus untainting it--but I'm finding the
examples
in the documentation less than clear. Can someone point me elsewhere?
On Wed, Nov 8, 2023 at 8:44 AM Kurt Jaeger <[email protected]> wrote:
Hi!
I applied 4.96-1 to our test systems and routing to the
LISTSERVer
began to fail with "*Tainted arg 2* for listserv_transport transport
command:<name of LISTSERV>
The transport is quite simple:
# Hand off to LISTSERV lsv_admin script
listserv_transport:
driver = pipe
command = "/opt/lsoft/listserv/bin/lsv_amin
/opt/lsoft/listserv/spool
$local_part"
return_output
What changed? And how do I fix it?
Exim is now checking data from external sources much more rigerous
and does not longer trust it. For the concept behind this:
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
Search in that index for the keyword 'de-tainting'.
In your case: "$local_part" is tainted, and has to be changed
so that it can be considered trustworthy.
--
[email protected] +49 171 3101372 Now what ?
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
