[exim-dev] [Bug 2609] exim dkim stopped signing emails
https://bugs.exim.org/show_bug.cgi?id=2609 --- Comment #5 from bagas --- Problem resolved. cat /usr/local/etc/exim/dkim_domains dom.ru: key=/usr/local/etc/exim/dom.ru.key dom1.ru: key=/usr/local/etc/exim/dom1.ru.key dom2.ru: key=/usr/local/etc/exim/dom2.key In exim config /usr/local/etc/exim/configure DKIM_DOMAIN = ${lookup{$sender_address_domain}lsearch*@{/usr/local/etc/exim/dkim_domains}{$sender_address_domain}{}} DKIM_PRIVATE_KEY = ${extract{key}{${lookup{$sender_address_domain}lsearch*@{/usr/local/etc/exim/dkim_domains}}}{$value}{}} Why was it necessary to change awl on soap! Only inconvenience and annoyance because of this! -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2609] exim dkim stopped signing emails
https://bugs.exim.org/show_bug.cgi?id=2609 --- Comment #4 from bagas --- (In reply to Jeremy Harris from comment #3) > The same way you were, only using an untainted value for that file name. Confused. I reviewed the https://www.exim.org/exim-html-current/doc/html/spec_html/index.html documentation and did not find a solution. Can you show in an example? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2609] exim dkim stopped signing emails
https://bugs.exim.org/show_bug.cgi?id=2609 --- Comment #3 from Jeremy Harris --- The same way you were, only using an untainted value for that file name. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2609] exim dkim stopped signing emails
https://bugs.exim.org/show_bug.cgi?id=2609 --- Comment #2 from bagas --- (In reply to Jeremy Harris from comment #1) > This is a configuration issue. You may not use $sender_address_domain > directly > as part of the filename because it is supplied by a potential attacker. > You need to validate and de-taint this value first. Generally this means > using > it as a key for lookup in some trusted information (database, file, > filesystem). > > Search in the docs Concept Index for de-tainting. Not understood. How do I set up signatures then? -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[exim-dev] [Bug 2609] exim dkim stopped signing emails
https://bugs.exim.org/show_bug.cgi?id=2609 Jeremy Harris changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Jeremy Harris --- This is a configuration issue. You may not use $sender_address_domain directly as part of the filename because it is supplied by a potential attacker. You need to validate and de-taint this value first. Generally this means using it as a key for lookup in some trusted information (database, file, filesystem). Search in the docs Concept Index for de-tainting. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##