[exim] Using deliverquota with eximfilter

Top Page
Delete this message
Reply to this message
Author: David Cannings
Date:  
To: exim-users
Subject: [exim] Using deliverquota with eximfilter
I am currently using deliverquota from Courier to drop mails into a
users maildir. However, users who have an eximfilter can currently
bypass the transport that uses deliverquota. The router for "virtual"
forwards is below.

virtualforward:
driver = redirect
domains = ${lookup mysql {MYSQL_VIRTUAL_LOCALUSER}{$value}}
allow_filter
check_ancestor
check_local_user = false
require_files = /home/mail/${domain}/${local_part}/forward
file = /home/mail/${domain}/${local_part}/forward
modemask = 002
file_transport = address_file
pipe_transport = address_pipe
directory_transport = address_directory
reply_transport = address_reply
user = mail
group = mail
no_verify

The users aren't system users, all are "virtual" and stored in a MySQL
database. I cannot see how to implement deliverquota in the transports
that virtualforward calls. For example, the address_directory transport:

address_directory:
driver = appendfile
check_string =
message_prefix = ""
message_suffix = ""
maildir_format

This works very well, to implement deliverquota I assume I could
possibly replace driver = appendfile with:

command = /usr/sbin/deliverquota -c /path/to/maildir

The problem is, where do I get the /path/to/maildir from? In other
transports I use ${domain} and ${local_part}, are these still valid in
the transports that virtualforward calls? I am confused because unlike
every other transport that uses the variables in some way to decide on
file/directory/command name, these ones do not. I assume possibly
because they are given inside the eximfilter file, are the locations the
user gives in here accessible inside the transport?

My end goal is to stop users bypassing their quota by saving mails to
their home directory. As a user could possibly maliciously use an
eximfilter file to save to other users mailboxes (all are owned
mail:mail in /home/mail/domain/localpart) I am considering scrapping
eximfilter except for trusted users but if I can get the above working
my mind may be swayed slightly.

Thanks in advance of any clue,

David