Am Sonntag, 2. Mai 2021, 11:56:34 CEST schrieb Fabian Groffen:
> Title: Exim >=4.94 disallows tainted variables in transport
> configurations Author: Fabian Groffen <grobian@gentoo.org>
> Posted: 2021-05-??
> Revision: 1
> News-Item-Format: 2.0
> Display-If-Installed: mail-mta/exim
> 
> Since the release of Exim-4.94, transports refuse to use tainted
> data in constructing a delivery location.  If you use this in your
> transports, your configuration will break, causing errors and
> possible downtime.
> 
> Particularly, the use of $local_part in any transport, should likely
> be updated with $local_part_data.  Check your local_delivery
> transport, which historically used $local_part.
> 
> Unfortunately there is not much documentation on "tainted" data for
> Exim[1], and to resolve this, non-official sources need to be used,
> such as [2] and [3].

This is a safety mechanism that is part of Perl (essentially a way of 
tracking data that is derived from "insecure" sources).

So it probably would make sense to at least point towards that concept 
in Perl.

https://perldoc.perl.org/perlsec



-- 
Andreas K. Hüttel
dilfridge@gentoo.org
Gentoo Linux developer
(council, toolchain, base-system, perl, libreoffice)