Question 26770 in CentOS Question posted in
The official documentation can be found here.

Tainted name '/etc/exim/filepath' for file read not permitted – CentOS

Here my filter in centos is not working can anyone help me with it.

[email protected] cannot be resolved at this time: Tainted name '/etc/exim/users/soft/204.compilor.com/soft/filter' for file read not permitted

This is my issue which I get

My router

email_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    no_check_local_user
    domains = lsearch;/etc/userdomains
    require_files = "/etc/exim/users/${lookup{$domain}lsearch{/etc/userdomains}{$value}}/${perl{untaint}{$domain}}/${local_part}/filter"
    condition = "${extract 
        {size} 
        {${stat:/etc/exim/users/${lookup{$domain}lsearch{/etc/userdomains}{$value}}/${perl{untaint}{$domain}}/${local_part}/filter}} 
    }"
    file = /etc/exim/users/${lookup{$domain}lsearch{/etc/userdomains}{$value}}/${perl{untaint}{$domain}}/${local_part}/filter
    file_transport = address_file
    directory_transport = address_directory
    reply_transport = address_reply
    router_home_directory = ${extract 
        {5} 
        {::} 
        {${lookup passwd 
            {${lookup 
                {$domain} 
                lsearch{/etc/userdomains} 
                {$value} 
            }} 
            {$value} 
        }} 
    }
    user = "${lookup 
        {$domain} 
        lsearch{/etc/userdomains} 
        {$value} 
    }"
    group = "${lookup 
        {$domain} 
        lsearch{/etc/userdomains} 
        {$value} 
    }"
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify

So here my filters are not working showing this error to me I am not getting about the tained part I had tried all possible from myself

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    So here I solved this issue by detaining the tained variable.

    Here You can use perl untaint like this

    ${perl{untaint}{$local_part}}

    It is also fine but there might be some security risk so I define this line to detaint my local part and domain

    BADCHARS = N[^A-Za-z0-9_.-]+N
SAFELOCALPART = ${lookup{${sg{$local_part}{BADCHARS}{_}}} lsearch*,ret=key{/etc/userdomains}}
SAFEDOMAIN = ${lookup{${sg{$domain}{BADCHARS}{_}}} lsearch*,ret=key{/etc/userdomains}}

    So after this my router is

    email_filter:
    driver = redirect
    allow_filter
    allow_fail
    forbid_filter_run
    forbid_filter_perl
    forbid_filter_lookup
    forbid_filter_readfile
    forbid_filter_readsocket
    no_check_local_user
    domains = lsearch;/etc/userdomains
    require_files = "/etc/exim/users/${lookup{SAFEDOMAIN}lsearch{/etc/userdomains}{$value}}/SAFEDOMAIN/SAFELOCALPART/filter"
    condition = "${extract 
        {size} 
        {${stat:/etc/exim/users/${lookup{SAFEDOMAIN}lsearch{/etc/userdomains}{$value}}/SAFEDOMAIN/SAFELOCALPART/filter}} 
    }"
    file = /etc/exim/users/${lookup{SAFEDOMAIN}lsearch{/etc/userdomains}{$value}}/SAFEDOMAIN/SAFELOCALPART/filter
    file_transport = address_file
    directory_transport = address_directory
    reply_transport = address_reply
    router_home_directory = ${extract 
        {5} 
        {::} 
        {${lookup passwd 
            {${lookup 
                {$domain} 
                lsearch{/etc/userdomains} 
                {$value} 
            }} 
            {$value} 
        }} 
    }
    user = "${lookup 
        {$domain} 
        lsearch{/etc/userdomains} 
        {$value} 
    }"
    group = "${lookup 
        {$domain} 
        lsearch{/etc/userdomains} 
        {$value} 
    }"
    local_part_suffix = +*
    local_part_suffix_optional
    retry_use_local_part
    no_verify

    Hope anyone facing same issue will be able to now solve this issue


  2. 0

    I found out that in this case the issue seems to be in Exim 4.94 and newer that you need to replace {$domain} with {$domain_data}

    See https://serverfault.com/questions/1025924/exim-tainted-filename-for-search-sender-verify-defer-for-failed-to-expand/1128358#1128358

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search