The configuration for our outbound server that used to work under 4.96.2 now has a broken router and I am trying to figure out how to fix it. Any help would be appreciated!
The broken router:
system_aliases:
driver = redirect
allow_fail
allow_defer
data = $local_part@$domain, ${lookup mysql{MYSQL_ALIASES}}
file_transport = address_file
pipe_transport = address_pipe
where MYSQL_ALIASES was initially defined as:
MYSQL_ALIASES = select XXX_GetForwardingAddress('$local_part')
I partially addressed the issues by quoting the local_part in my function call:
MYSQL_ALIASES = select XXX_GetForwardingAddress('${quote_mysql:$local_part }')
Also tried:
MYSQL_ALIASES = select XXX_GetForwardingAddress('${quote_mysql:$local_part_data }')
But this did not fully fix the issue (tainted local_part still taints the SQL function result?):
2023-11-15 07:18:57 1r3HVG-000000010zZ-K8b5 ** krisosa1234567@intelliwebservices.com<mailto:krisosa1234567@intelliwebservices.com> R=dbmailuser T=transport_dbmail: Tainted arg 2 for transport_dbmail transport command: 'krisosa1234567'
How do I de-taint / trust the result from my own database here?
-Kris O
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
The broken router:
system_aliases:
driver = redirect
allow_fail
allow_defer
data = $local_part@$domain, ${lookup mysql{MYSQL_ALIASES}}
file_transport = address_file
pipe_transport = address_pipe
where MYSQL_ALIASES was initially defined as:
MYSQL_ALIASES = select XXX_GetForwardingAddress('$local_part')
I partially addressed the issues by quoting the local_part in my function call:
MYSQL_ALIASES = select XXX_GetForwardingAddress('${quote_mysql:$local_part }')
Also tried:
MYSQL_ALIASES = select XXX_GetForwardingAddress('${quote_mysql:$local_part_data }')
But this did not fully fix the issue (tainted local_part still taints the SQL function result?):
2023-11-15 07:18:57 1r3HVG-000000010zZ-K8b5 ** krisosa1234567@intelliwebservices.com<mailto:krisosa1234567@intelliwebservices.com> R=dbmailuser T=transport_dbmail: Tainted arg 2 for transport_dbmail transport command: 'krisosa1234567'
How do I de-taint / trust the result from my own database here?
-Kris O
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/