At 16:05 -0000 Philip Hazel wrote:
>> If a user filter file contains a vacation command (or a mail.. expand
>> file.. command), the expansions are allowed to perform lookups, eg:
>> ${lookup{powerusers}nis{netgroup}}
[snip]
>> I'd like to enable expand for my users, but not allow this sort of thing!
>
>RTFM forbid_filter_lookup.
Thanks for the pointer. D'Oh! I'd clearly spent too long looking at the
filter spec rather than the main spec. Sorry to be a bother..
However, it doesn't appear to work. My director now looks like this:
userforward:
driver = forwardfile
file = /coppermail/forward_files/forward.${local_part}.copper
no_verify
no_expn
check_ancestor
filter
forbid_filter_existstest
forbid_filter_lookup
file_transport = address_file
# the address_pipe transport only lets you run /usr/local/sbin/mail/holiday
pipe_transport = address_pipe
reply_transport = address_reply
group = www
..but (even after giving the listener SIGHUP) I can still get a vacation
message to do a NIS lookup.
Matt
