On 09/04/2020 14:58, Pascal Rolle via Exim-users wrote:
> warn hosts = <; ${expand:${if exists {PATH/ip_wl/$domain} \
> {PATH/ip_wl/$domain}{}}}
> add_header = X-wh_IP_: Yes
You didn't say which ACL you're doing this in. I hope it is
the smtp rcpt ACL, because $domain isn't useful to you in
most others.
Secondly, trusting $domain in constructing a filename is unwise,
it being under the control of a potential attacker. Validate it
first, and use the validated version (from a different variable).
This becomes an enforced requirement in more recent Exim versions
(you didn't say what you are running).
--
Cheers,
Jeremy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
