Re: [exim] Auto Responder Problem

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Todd Lyons
Datum:  
To: Shaun Glass - Business Connexion
CC: exim-users@exim.org
Betreff: Re: [exim] Auto Responder Problem
On Wed, Dec 12, 2012 at 10:53 PM, Shaun Glass - Business Connexion
<Shaun.Glass@???> wrote:
> mysql_autorespond:
> driver = accept
> condition = ${if eq{} {${lookup mysql{SELECT on_vacation \
>                FROM Viz.MailAddresses WHERE on_vacation = '1' \
>            AND localpart='$local_part' }}}{0}{1}}

<snip>

> address_mysql:
> driver                = autoreply
> from                  = "${local_part}@${domain}"
> reply_to              = "${local_part}@${domain}"
> to                    = ${sender_address}
> headers               = "X-Script: Exim Auto Responder \nPrecedence: bulk"
> return_message        = false
> subject               = "Out of Office"
> text                  = ${lookup mysql{SELECT vacation from Viz.MailAddresses WHERE localpart = "$local_part"}}


In both cases, you look up only the localpart. You do need to include
the domain. Looking at your table construction:

> mysql> explain MailAddresses;
> +-------------+---------------------------------------+------+-----+-------------------+-------+
> | Field       | Type                                  | Null | Key | Default           | Extra |
> +-------------+---------------------------------------+------+-----+-------------------+-------+
> | UserID      | int(16) unsigned                      | NO   |     | NULL              |       |
> | domain_id   | mediumint(8) unsigned                 | NO   | PRI | NULL              |       |
> | localpart   | varchar(192)                          | NO   | PRI |                   |       |


You merely need to join the domain table. I'll assume that it is
named "MailDomains" and that domain_id field is the same in that
table, and the the domain name field is just "domain". Change it to
suit your installation. The basic query is this:

SELECT ma.on_vacation
FROM Viz.MailAddresses AS ma
JOIN Viz.MailDomains AS md ON md.domain_id=ma.domain_id
WHERE ma.on_vacation = '1'
AND ma.localpart='${quote_mysql:${local_part}}'
AND md.domain='${quote_mysql:${domain}}'

and

SELECT ma.vacation
FROM Viz.MailAddresses AS ma
JOIN Viz.MailDomains AS md ON md.domain_id=ma.domain_id
WHERE ma.localpart = "${quote_mysql:${local_part}}"
AND md.domain = "${quote_mysql:${domain}}"

Note that I also modified it to use quote_mysql to protect against SQL
Injection Attacks. I *STRONGLY* urge you to change your exim.conf
(and any included files) to use quote_mysql or some malfeasant could
send an email to:

john';DROP DATABASE blah;@example.com

then take a wild guess what will happen. Protect yourself, wrap every
value that comes from outside of exim with the appropriate quote
function.

...Todd
--
The total budget at all receivers for solving senders' problems is $0.
If you want them to accept your mail and manage it the way you want,
send it the way the spec says to. --John Levine