Did some more research. Looks like, that the advice changing domain to domain_data is wrong here. So I tried two more solutions. The first was, that I tried to do two independent dsearch to construct an untainted path. My solution looked like: ... AUTH_DOMAIN_DIR = ${lookup {domain:$authenticated_id} dsearch,ret=full {VIRT_ROOT}} AUTH_ACCOUNT_DIR = ${lookup {$authenticated_id} dsearch,ret=full {AUTH_DOMAIN_DIR/conf/SendPermissions}} condition = ${lookup {$sender_address} nwildlsearch {AUTH_ACCOUNT_DIR}{yes}{no}} ...
but that gave an configuration error, "missing or malformed ACL name" but I have nothing changed on the acl name, nor changed something on indents. So I tried to combine both dsearches in the condition line, which looks horrible, but was at least accepted: condition = ${lookup {$sender_address} nwildlsearch {${lookup {$authenticated_id} dsearch,ret=full {${lookup {domain:$authenticated_id} dsearch,ret=full {VIRT_ROOT}}/conf/SendPermissions}}}{yes}{no}} This however leads to the live error-message: "failed to open /conf/SendPermissions for directory search" . So the path-concatenation does not work as I thought. Hopefully my mails are getting through soon, as I am really running out of ideas. Aug 18, 2024, 18:52 by klabauterm...@tutamail.com: > After upgrading to debian bookworm I can't send any longer messages, as my > ACLs are broken. > > I receive the error message: "Tainted filename for search", when doing a > check, if a given Sender address is allowed to be used from an authenticated > sender. > > I have several virtual domains, with users, who have also aliases, they are > allowed to use as Sender addresses. > The condition in the ACL looks like: > >condition = ${lookup {$sender_address} nwildlsearch > >{VIRT_ROOT${domain:$authenticated_id}/conf/SendPermissions/$authenticated_id}{yes}{no}} > > Now I found, that I am no longer allowed, to use $domain in such constructs, > so I replaced it with > >condition = ${lookup {$sender_address} nwildlsearch > >{VIRT_ROOT${domain_data:$authenticated_id}/conf/SendPermissions/$authenticated_id}{yes}{no}} > > But that makes no difference. > > The lookup database is a hierarchical directory structure and looks like: > /var/virtualmailaccounts/DOMAIN> /conf/SendPermissions/LOGINACCOUNT@DOMAIN > <http://wkraft.org/conf/SendPermissions/workstat...@wkraft.org> > so the last directory looks like the mail-address used for login > authentication to exim and contains a list with valid aliases. > > What can I do, that I can get this again working? > > -- > Sent with Tuta; enjoy secure & ad-free emails: > https://tuta.com > -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/