if (!s || !*s)
log_write(0, LOG_MAIN|LOG_PANIC,
"Failed to expand %s: '%s'\n", varname, filename);
-else if (*s != '/' || is_tainted(s))
- log_write(0, LOG_MAIN|LOG_PANIC,
- "%s is not %s after expansion: '%s'\n",
- varname, *s == '/' ? "untainted" : "absolute", s);
+else if (*s != '/')
+ log_write(0, LOG_MAIN|LOG_PANIC, "%s is not absolute after expansion: '%s'\n",
+ varname, s);
+else if (is_tainted2(s, LOG_MAIN|LOG_PANIC, "Tainted %s after expansion: '%s'\n", varname, s))
+ ;
else if (!(fp = Ufopen(s, "rb")))
log_write(0, LOG_MAIN|LOG_PANIC, "Failed to open %s for %s "
"message texts: %s", s, reason, strerror(errno));
{
uschar *tmp = expand_string(tpname);
address_file = address_pipe = NULL;
+ uschar *m;
if (!tmp)
p->message = string_sprintf("failed to expand \"%s\" as a "
"system filter transport name", tpname);
- if (is_tainted(tmp))
- p->message = string_sprintf("attempt to used tainted value '%s' for"
- "transport '%s' as a system filter", tmp, tpname);
+ if (is_tainted2(tmp, 0, m = string_sprintf("Tainted values '%s' "
+ "for transport '%s' as a system filter", tmp, tpname)))
+ p->message = m;
tpname = tmp;
}
else
/* If this is a run to continue deliveries to an external channel that is
-already set up, defer any local deliveries. */
+already set up, defer any local deliveries.
-if (continue_transport)
+jgh 2020/12/20: I don't see why; locals should be quick.
+The defer goes back to version 1.62 in 1997. A local being still deliverable
+during a continued run might result from something like a defer during the
+original delivery, eg. in a DB lookup. Unlikely but possible.
+
+To avoid delaying a local when combined with a callout-hold for a remote
+delivery, test continue_sequence rather than continue_transport. */
+
+if (continue_sequence > 1 && addr_local)
{
+ DEBUG(D_deliver|D_retry|D_route)
+ debug_printf("deferring local deliveries due to continued-transport\n");
if (addr_defer)
{
address_item *addr = addr_defer;