Mailing List Archive

Use in transport same lookup as in a router:

  driver = pipe
  command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
${lookup ldap{...}{$value}fail}"

08.11.23 22:11, Johnnie W Adams via Exim-users:
> I believe I understand what I'm to do here--use LDAP to look up the
> $local_part and return it, thus untainting it--but I'm finding the examples
> in the documentation less than clear. Can someone point me elsewhere?
>
> On Wed, Nov 8, 2023 at 8:44?AM Kurt Jaeger <exim-users@opsec.eu> wrote:
>
>> Hi!
>>
>>> I applied 4.96-1 to our test systems and routing to the LISTSERVer
>>> began to fail with "*Tainted arg 2* for listserv_transport transport
>>> command:<name of LISTSERV>
>>>
>>> The transport is quite simple:
>>>
>>> # Hand off to LISTSERV lsv_admin script
>>>
>>> listserv_transport:
>>>
>>> driver = pipe
>>>
>>> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
>>> $local_part"
>>>
>>> return_output
>>>
>>> What changed? And how do I fix it?
>> Exim is now checking data from external sources much more rigerous
>> and does not longer trust it. For the concept behind this:
>>
>>
>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
>>
>> Search in that index for the keyword 'de-tainting'.
>>
>> In your case: "$local_part" is tainted, and has to be changed
>> so that it can be considered trustworthy.
>>
>> --
>> pi@opsec.eu +49 171 3101372 Now what ?
>>
>


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Thanks! That's got me almost there. This works when I test with exim -be,
but in exim.conf, it fails with missing lookup type:

command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
${lookup ldap{ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
}"



On Thu, Nov 9, 2023 at 5:50?AM Oleksandr Kryvulia via Exim-users <
exim-users@lists.exim.org> wrote:

> Use in transport same lookup as in a router:
>
> driver = pipe
> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> ${lookup ldap{...}{$value}fail}"
>
> 08.11.23 22:11, Johnnie W Adams via Exim-users:
> > I believe I understand what I'm to do here--use LDAP to look up the
> > $local_part and return it, thus untainting it--but I'm finding the
> examples
> > in the documentation less than clear. Can someone point me elsewhere?
> >
> > On Wed, Nov 8, 2023 at 8:44?AM Kurt Jaeger <exim-users@opsec.eu> wrote:
> >
> >> Hi!
> >>
> >>> I applied 4.96-1 to our test systems and routing to the
> LISTSERVer
> >>> began to fail with "*Tainted arg 2* for listserv_transport transport
> >>> command:<name of LISTSERV>
> >>>
> >>> The transport is quite simple:
> >>>
> >>> # Hand off to LISTSERV lsv_admin script
> >>>
> >>> listserv_transport:
> >>>
> >>> driver = pipe
> >>>
> >>> command = "/opt/lsoft/listserv/bin/lsv_amin
> /opt/lsoft/listserv/spool
> >>> $local_part"
> >>>
> >>> return_output
> >>>
> >>> What changed? And how do I fix it?
> >> Exim is now checking data from external sources much more rigerous
> >> and does not longer trust it. For the concept behind this:
> >>
> >>
> >>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
> >>
> >> Search in that index for the keyword 'de-tainting'.
> >>
> >> In your case: "$local_part" is tainted, and has to be changed
> >> so that it can be considered trustworthy.
> >>
> >> --
> >> pi@opsec.eu +49 171 3101372 Now what ?
> >>
> >
>
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Try to use quotes around the lookup:

command = /opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
"${lookup
ldap{ldap://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn(mail=${quote_ldap:$local_part@$domain})}fail}"

09.11.23 18:29, Johnnie W Adams via Exim-users:
> Thanks! That's got me almost there. This works when I test with exim -be,
> but in exim.conf, it fails with missing lookup type:
>
> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> ${lookup ldap{ldap://
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
> }"
>
>
>
> On Thu, Nov 9, 2023 at 5:50?AM Oleksandr Kryvulia via Exim-users <
> exim-users@lists.exim.org> wrote:
>
>> Use in transport same lookup as in a router:
>>
>> driver = pipe
>> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
>> ${lookup ldap{...}{$value}fail}"
>>
>> 08.11.23 22:11, Johnnie W Adams via Exim-users:
>>> I believe I understand what I'm to do here--use LDAP to look up the
>>> $local_part and return it, thus untainting it--but I'm finding the
>> examples
>>> in the documentation less than clear. Can someone point me elsewhere?
>>>
>>> On Wed, Nov 8, 2023 at 8:44?AM Kurt Jaeger <exim-users@opsec.eu> wrote:
>>>
>>>> Hi!
>>>>
>>>>> I applied 4.96-1 to our test systems and routing to the
>> LISTSERVer
>>>>> began to fail with "*Tainted arg 2* for listserv_transport transport
>>>>> command:<name of LISTSERV>
>>>>>
>>>>> The transport is quite simple:
>>>>>
>>>>> # Hand off to LISTSERV lsv_admin script
>>>>>
>>>>> listserv_transport:
>>>>>
>>>>> driver = pipe
>>>>>
>>>>> command = "/opt/lsoft/listserv/bin/lsv_amin
>> /opt/lsoft/listserv/spool
>>>>> $local_part"
>>>>>
>>>>> return_output
>>>>>
>>>>> What changed? And how do I fix it?
>>>> Exim is now checking data from external sources much more rigerous
>>>> and does not longer trust it. For the concept behind this:
>>>>
>>>>
>>>>
>> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
>>>> Search in that index for the keyword 'de-tainting'.
>>>>
>>>> In your case: "$local_part" is tainted, and has to be changed
>>>> so that it can be considered trustworthy.
>>>>
>>>> --
>>>> pi@opsec.eu +49 171 3101372 Now what ?
>>>>
>>
>> --
>> ## subscription configuration (requires account):
>> ##
>> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
>> ## unsubscribe (doesn't require an account):
>> ## exim-users-unsubscribe@lists.exim.org
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

No luck:

2023-11-09 12:14:40 1r17tu-000X39-23 == *johnnie*
s-test-list-2@lists.test.ualr.edu R=listserv T=listserv_transport defer (0)
DT=0s: Expansion of "${lookup ldap{ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail}"
from command "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
"${lookup ldap{ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail}""
in listserv_transport transport failed: lookup of "ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=
*johnnie*s-test-list-2%40lists.test.ualr.edu)" gave DEFER: ldap_url_parse:
(error 8) parsing "ldap://
ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=
*johnnie*s-test-list-2%40lists.test.ualr.edu)"\n

On Thu, Nov 9, 2023 at 12:13?PM Oleksandr Kryvulia via Exim-users <
exim-users@lists.exim.org> wrote:

> Try to use quotes around the lookup:
>
> command = /opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> "${lookup
> ldap{ldap://
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn(mail=${quote_ldap:$local_part@$domain})}fail
> <http://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn(mail=$%7Bquote_ldap:$local_part@$domain%7D)%7Dfail>
> }"
>
> 09.11.23 18:29, Johnnie W Adams via Exim-users:
> > Thanks! That's got me almost there. This works when I test with exim -be,
> > but in exim.conf, it fails with missing lookup type:
> >
> > command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> > ${lookup ldap{ldap://
> >
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
> <http://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=$%7Bquote_ldap:$local_part@$domain%7D)%7Dfail>
> > }"
> >
> >
> >
> > On Thu, Nov 9, 2023 at 5:50?AM Oleksandr Kryvulia via Exim-users <
> > exim-users@lists.exim.org> wrote:
> >
> >> Use in transport same lookup as in a router:
> >>
> >> driver = pipe
> >> command = "/opt/lsoft/listserv/bin/lsv_amin
> /opt/lsoft/listserv/spool
> >> ${lookup ldap{...}{$value}fail}"
> >>
> >> 08.11.23 22:11, Johnnie W Adams via Exim-users:
> >>> I believe I understand what I'm to do here--use LDAP to look up the
> >>> $local_part and return it, thus untainting it--but I'm finding the
> >> examples
> >>> in the documentation less than clear. Can someone point me elsewhere?
> >>>
> >>> On Wed, Nov 8, 2023 at 8:44?AM Kurt Jaeger <exim-users@opsec.eu>
> wrote:
> >>>
> >>>> Hi!
> >>>>
> >>>>> I applied 4.96-1 to our test systems and routing to the
> >> LISTSERVer
> >>>>> began to fail with "*Tainted arg 2* for listserv_transport transport
> >>>>> command:<name of LISTSERV>
> >>>>>
> >>>>> The transport is quite simple:
> >>>>>
> >>>>> # Hand off to LISTSERV lsv_admin script
> >>>>>
> >>>>> listserv_transport:
> >>>>>
> >>>>> driver = pipe
> >>>>>
> >>>>> command = "/opt/lsoft/listserv/bin/lsv_amin
> >> /opt/lsoft/listserv/spool
> >>>>> $local_part"
> >>>>>
> >>>>> return_output
> >>>>>
> >>>>> What changed? And how do I fix it?
> >>>> Exim is now checking data from external sources much more rigerous
> >>>> and does not longer trust it. For the concept behind this:
> >>>>
> >>>>
> >>>>
> >>
> http://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html
> >>>> Search in that index for the keyword 'de-tainting'.
> >>>>
> >>>> In your case: "$local_part" is tainted, and has to be changed
> >>>> so that it can be considered trustworthy.
> >>>>
> >>>> --
> >>>> pi@opsec.eu +49 171 3101372 Now what ?
> >>>>
> >>
> >> --
> >> ## subscription configuration (requires account):
> >> ##
> >>
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> >> ## unsubscribe (doesn't require an account):
> >> ## exim-users-unsubscribe@lists.exim.org
> >> ## Exim details at http://www.exim.org/
> >> ## Please use the Wiki with this list - http://wiki.exim.org/
> >>
> >
>
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Thu, Nov 09, 2023 at 10:29:46AM -0600, Johnnie W Adams via Exim-users wrote:
> Thanks! That's got me almost there. This works when I test with exim -be,
> but in exim.conf, it fails with missing lookup type:
>
> command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> ${lookup ldap{ldap://
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
> }"

I suspect this lookup statement can't even be parsed due to invalid syntax:
1. the is no scope definition ("base" or "sub"), 2. there is one result
field (fail), while lookup sybtax requires zero or two fields.

Parsing should become successful with changes like that:

command="/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool ${lookup ldap{ldap://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?sub?(mail=${quote_ldap:$local_part@$domain})}{$value}fail}"

> On Thu, Nov 9, 2023 at 5:50?AM Oleksandr Kryvulia via Exim-users <
> exim-users@lists.exim.org> wrote:
>
> > Use in transport same lookup as in a router:
> >
> > driver = pipe
> > command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> > ${lookup ldap{...}{$value}fail}"
> >
--
Eugene Berdnikov

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Parsing did become successful with that change--thanks! It works now in
exim -be when I hardcode $local_part and $domain. But I'm still failing
when I put it into exim.conf. Oddly, it does work when I put in the
hardcoded values. I've tried moving the quotes around (including removing
them). What am I missing?

On Thu, Nov 9, 2023 at 12:38?PM Evgeniy Berdnikov via Exim-users <
exim-users@lists.exim.org> wrote:

> On Thu, Nov 09, 2023 at 10:29:46AM -0600, Johnnie W Adams via Exim-users
> wrote:
> > Thanks! That's got me almost there. This works when I test with exim -be,
> > but in exim.conf, it fails with missing lookup type:
> >
> > command = "/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> > ${lookup ldap{ldap://
> >
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=${quote_ldap:$local_part@$domain})}fail
> <http://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?(mail=$%7Bquote_ldap:$local_part@$domain%7D)%7Dfail>
> > }"
>
> I suspect this lookup statement can't even be parsed due to invalid
> syntax:
> 1. the is no scope definition ("base" or "sub"), 2. there is one result
> field (fail), while lookup sybtax requires zero or two fields.
>
> Parsing should become successful with changes like that:
>
> command="/opt/lsoft/listserv/bin/lsv_amin /opt/lsoft/listserv/spool
> ${lookup ldap{ldap://
> ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?sub?(mail=${quote_ldap:$local_part@$domain})}{$value}fail
> <http://ldap.test.ualr.edu/ou=Lists,ou=Local,o=test.ualr.edu,dc=mail,dc=test,dc=ualr,dc=edu?cn?sub?(mail=$%7Bquote_ldap:$local_part@$domain%7D)%7D%7B$value%7Dfail>
> }"
>
> > On Thu, Nov 9, 2023 at 5:50?AM Oleksandr Kryvulia via Exim-users <
> > exim-users@lists.exim.org> wrote:
> >
> > > Use in transport same lookup as in a router:
> > >
> > > driver = pipe
> > > command = "/opt/lsoft/listserv/bin/lsv_amin
> /opt/lsoft/listserv/spool
> > > ${lookup ldap{...}{$value}fail}"
> > >
> --
> Eugene Berdnikov
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 09/11/2023 19:03, Johnnie W Adams via Exim-users wrote:
> Parsing did become successful with that change--thanks! It works now in
> exim -be when I hardcode $local_part and $domain. But I'm still failing
> when I put it into exim.conf. Oddly, it does work when I put in the
> hardcoded values. I've tried moving the quotes around (including removing
> them). What am I missing?

Run it with deubg enabled to see what it is doing. Read
https://exim.org/exim-html-current/doc/html/spec_html/ch-the_pipe_transport.html#SECThowcommandrun
to work out why.
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On Thu, Nov 09, 2023 at 01:03:50PM -0600, Johnnie W Adams via Exim-users wrote:
> Parsing did become successful with that change--thanks! It works now in
> exim -be when I hardcode $local_part and $domain. But I'm still failing
> when I put it into exim.conf. Oddly, it does work when I put in the
> hardcoded values. I've tried moving the quotes around (including removing
> them). What am I missing?

Nice, you can run Exim with "-d+expand" and compare arguments for lookup,
to locate the place where expansion became different to hardcoded value.
--
Eugene Berdnikov

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

So I got this, and I find it puzzling:

8155 ???expanding: $local_part@$domain

8155 ??????result: johnnies-test-list-2@lists.test.ualr.edu

8155 ???(tainted)

8155 ??????op-res: johnnies-test-list-2%40lists.test.ualr.edu

8155 ???(tainted, quoted:ldap)

The value for $domain should be test.ualr.edu, not lists.test.ualr.edu, and
I'm unsure where the bad value is coming from.


On Thu, Nov 9, 2023 at 1:27?PM Evgeniy Berdnikov via Exim-users <
exim-users@lists.exim.org> wrote:

> On Thu, Nov 09, 2023 at 01:03:50PM -0600, Johnnie W Adams via Exim-users
> wrote:
> > Parsing did become successful with that change--thanks! It works now in
> > exim -be when I hardcode $local_part and $domain. But I'm still failing
> > when I put it into exim.conf. Oddly, it does work when I put in the
> > hardcoded values. I've tried moving the quotes around (including removing
> > them). What am I missing?
>
> Nice, you can run Exim with "-d+expand" and compare arguments for lookup,
> to locate the place where expansion became different to hardcoded value.
> --
> Eugene Berdnikov
>
> --
> ## subscription configuration (requires account):
> ##
> https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@lists.exim.org
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>


--
John Adams
Senior Linux/Middleware Administrator | Information Technology Services
+1-501-916-3010 | jxadams@ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder: IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts. For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 09/11/2023 19:55, Johnnie W Adams via Exim-users wrote:
> The value for $domain should be test.ualr.edu, not lists.test.ualr.edu, and
> I'm unsure where the bad value is coming from.

So, work backwards in the debug output from there
--
Cheers,
Jeremy


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

On 2023-11-09, Johnnie W Adams via Exim-users <exim-users@lists.exim.org> wrote:
> No luck:

basically tainted data is a case of you can't get there from here.

There's no way to de-taint data. You have to start with untainted data.

So given tainted data what you do is make some kind of lookup that
returns an untainted datum that matches the tainted datum, and then
use that copy.

De-tainting is a sleight of hand where you substitute a known safe
string to replace an identical looking untrusted string.

--
Jasen.
???????? ????? ???????

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/