On 2025-10-27 Paul Muster via Exim-users <[email protected]> wrote:
> Hi there,
> also upgraded to Debian 12 Bookworm with Exim 4.94 and got in touch with
> tainting. With "allow_insecure_tainted_data = yes" I'm just getting warnings
> while mail delivery still works properly. :-)
> So I'm going to *use* this new feature starting with the alias file lookup:
> virtual:
[...]
> data = ${lookup{$local_part}lsearch*{CONFDIR/aliases/$domain}}
> domains = lsearch;CONFDIR/localdomains
[...]
> There are files in CONFDIR/aliases/ with the domain name as file name. These
> files contain lists of
> localpart: [email protected]
> (as alias files do).
> As far as I understand I need to replace
> data = ${lookup{$local_part}lsearch*{CONFDIR/aliases/$domain}}
> My first attempt is now:
> data = ${lookup{$local_part_data}lsearch*${lookup{$domain}
> dsearch,ret=full,filter=file {CONFDIR/aliases/}}}
[...]
Hello,
You are changing the wrong thing. exim is perfectly fine with looking up
an arbitrary tainted string ($local_part), it does not like using using a
tainted string ($domain) directly as filename.
You will probably be fine if you use $domain_data instead of $domain.
(With "domains = dsearch; CONFDIR/aliases" you could get rid of the
CONFDIR/localdomains file)
cu Andreas
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
