Mailing List Archive

On Thu, 4 Aug 2022, jacob dahl pind via Exim-users wrote:

> using the example at https://github.com/Exim/exim/wiki/SimpleGreylisting
>
> with 4.96 the following line throws an error
>
> set acl_m_dontcare = ${lookup sqlite {INSERT INTO greylist \VALUES (
> '$acl_m_greyident', \
> '${eval10:$tod_epoch+300}', \
> '$sender_host_address', \
> '${quote_sqlite:$sender_helo_name}' );}}
>
>
>
> 2022-08-04 15:03:17 tainted search query is not properly quoted (ACL
> warn, /etc/exim/configure_496 622): INSERT INTO greylist VALUES (
> 'gFhKiD0bZ8K21WkyYuCq', '1659618497',
> '209.85.166.69', 'mail-io1-f69.google.com' )
>
> but what is not being quoted right in that line ?

Earlier in that page acl_m_greyident is defined as:
# Generate a hashed 'identity' for the mail, as described above.
warn set acl_m_greyident = ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
I don't know whether hash untaints ... but as I read the spec,
if $sender_address$recipients$h_message-id: is less than 20 characters
the hash returns this string, which should still be tainted.
Other hash functions (md5, sha1, sha256 etc) which appear never to return
the original string, and thus *may* not be tainted, are available.

> Thought the only change was this
>
> JH/21 Remove the "allow_insecure_tainted_data" main config option and
> the "taint" log_selector. These were previously deprecated.
>
> but given I have not been using that , is there some other change I am
> not aware of ?

New stuff we've added since 4.95:
... ...
- Query-style lookups are now checked for quoting, if the query string is
built using untrusted data ("tainted"). For now lack of quoting is
merely logged; a future release will upgrade this to an error.
... ...

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 8/4/22 18:56, Andrew C Aitchison via Exim-users wrote:

>
> Earlier in that page acl_m_greyident is defined as:
>   # Generate a hashed 'identity' for the mail, as described above.
>   warn set acl_m_greyident =
> ${hash{20}{62}{$sender_address$recipients$h_message-id:}}
> I don't know whether hash untaints ... but as I read the spec,
> if $sender_address$recipients$h_message-id: is less than 20 characters
> the hash returns this string, which should still be tainted.
> Other hash functions (md5, sha1, sha256 etc) which appear never to
> return the original string, and thus *may* not be tainted, are available.
>

You where right, I looked at source and the hash doesnt seem to have any
untaint , unlike the sha etc.

Change the line to
warn set acl_m_greyident =
${sha256:{$sender_address$recipients$h_message-id:}}

which did the trick.

regards

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/