skip to Main Content

Here my filter in centos is not working can anyone help me with it.

[email protected] cannot be resolved at this time: Tainted name '/etc/exim/users/soft/204.compilor.com/soft/filter' for file read not permitted

This is my issue which I get

My router

email_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    no_check_local_user
    domains = lsearch;/etc/userdomains
    require_files = "/etc/exim/users/${lookup{$domain}lsearch{/etc/userdomains}{$value}}/${perl{untaint}{$domain}}/${local_part}/filter"
    condition = "${extract 
        {size} 
        {${stat:/etc/exim/users/${lookup{$domain}lsearch{/etc/userdomains}{$value}}/${perl{untaint}{$domain}}/${local_part}/filter}} 
    }"
    file = /etc/exim/users/${lookup{$domain}lsearch{/etc/userdomains}{$value}}/${perl{untaint}{$domain}}/${local_part}/filter
    file_transport = address_file
    directory_transport = address_directory
    reply_transport = address_reply
    router_home_directory = ${extract 
        {5} 
        {::} 
        {${lookup passwd 
            {${lookup 
                {$domain} 
                lsearch{/etc/userdomains} 
                {$value} 
            }} 
            {$value} 
        }} 
    }
    user = "${lookup 
        {$domain} 
        lsearch{/etc/userdomains} 
        {$value} 
    }"
    group = "${lookup 
        {$domain} 
        lsearch{/etc/userdomains} 
        {$value} 
    }"
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify

So here my filters are not working showing this error to me I am not getting about the tained part I had tried all possible from myself

2

Answers


  1. Chosen as BEST ANSWER

    So here I solved this issue by detaining the tained variable.

    Here You can use perl untaint like this

    ${perl{untaint}{$local_part}}
    

    It is also fine but there might be some security risk so I define this line to detaint my local part and domain

    BADCHARS = N[^A-Za-z0-9_.-]+N
    SAFELOCALPART = ${lookup{${sg{$local_part}{BADCHARS}{_}}} lsearch*,ret=key{/etc/userdomains}}
    SAFEDOMAIN = ${lookup{${sg{$domain}{BADCHARS}{_}}} lsearch*,ret=key{/etc/userdomains}}
    

    So after this my router is

    email_filter:
        driver = redirect
        allow_filter
        allow_fail
        forbid_filter_run
        forbid_filter_perl
        forbid_filter_lookup
        forbid_filter_readfile
        forbid_filter_readsocket
        no_check_local_user
        domains = lsearch;/etc/userdomains
        require_files = "/etc/exim/users/${lookup{SAFEDOMAIN}lsearch{/etc/userdomains}{$value}}/SAFEDOMAIN/SAFELOCALPART/filter"
        condition = "${extract 
            {size} 
            {${stat:/etc/exim/users/${lookup{SAFEDOMAIN}lsearch{/etc/userdomains}{$value}}/SAFEDOMAIN/SAFELOCALPART/filter}} 
        }"
        file = /etc/exim/users/${lookup{SAFEDOMAIN}lsearch{/etc/userdomains}{$value}}/SAFEDOMAIN/SAFELOCALPART/filter
        file_transport = address_file
        directory_transport = address_directory
        reply_transport = address_reply
        router_home_directory = ${extract 
            {5} 
            {::} 
            {${lookup passwd 
                {${lookup 
                    {$domain} 
                    lsearch{/etc/userdomains} 
                    {$value} 
                }} 
                {$value} 
            }} 
        }
        user = "${lookup 
            {$domain} 
            lsearch{/etc/userdomains} 
            {$value} 
        }"
        group = "${lookup 
            {$domain} 
            lsearch{/etc/userdomains} 
            {$value} 
        }"
        local_part_suffix = +*
        local_part_suffix_optional
        retry_use_local_part
        no_verify
    

    Hope anyone facing same issue will be able to now solve this issue


  2. I found out that in this case the issue seems to be in Exim 4.94 and newer that you need to replace {$domain} with {$domain_data}

    See https://serverfault.com/questions/1025924/exim-tainted-filename-for-search-sender-verify-defer-for-failed-to-expand/1128358#1128358

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search