Dňa 23. 8. o 0:55 Marco Gaiarin via Exim-users napísal(a):
DKIM_DOMAIN = ${lc:${domain:$h_from:}}
The $h_from is untrusted, thus tainted, anything directly derived
(expanded) from it will be tainted too and you need to detaint it.
To detaint filename, the ${if exists ...} is not enough and in this case
is pointless, in your case you can simply use dsearch, something as:
dkim_private_key = ${lookup{DKIM_DOMAIN-DKIM_SELECTOR-private.pem} \
dsearch,ret=full,filter=file {/etc/exim4/dkim/}}
It will search filename DKIM_DOMAIN-DKIM_SELECTOR-private.pem in
directory /etc/exim4/dkim/ and return its full path (if exists) or empty
string.
You can test that lookup expansion with -be command line option.
regards
--
Slavko
https://www.slavino.sk/
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscr...@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
