Hi!
On Wed, 08 Jan 2020, Andrew C Aitchison via Exim-users wrote:
> I see from your latest message that
> /home/$local_part/... is tainted.
> Would using $home - and check_local_user to set it - do what you need ?
Indeed that seems to work. I change the earlier config thus:
$ diff -Naur exim-old.conf exim.conf
--- exim-old.conf 2020-01-08 10:02:17.450333630 +0100
+++ exim.conf 2020-01-08 10:01:33.290288221 +0100
@@ -103,18 +103,20 @@
extension_user_verify:
driver = accept
local_part_suffix = -*
- require_files = /home/$local_part/.mail-extensions
+ require_files = $home/.mail-extensions
verify_only
- condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
+ check_local_user
+ condition = ${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
extension_user_delivery_f:
driver = redirect
+ check_local_user
local_part_suffix = -*
- require_files = /home/$local_part/.mail-extensions:/home/$local_part/.forward
- condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
+ require_files = $home/.mail-extensions:$home/.forward
+ condition = ${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
user=$local_part
check_ancestor
- file = /home/$local_part/.forward
+ file = $home/.forward
allow_filter
allow_fail
verify=false
@@ -125,8 +127,9 @@
extension_user_delivery:
driver = accept
local_part_suffix = -*
- require_files = /home/$local_part/.mail-extensions
- condition = ${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
+ check_local_user
+ require_files = $home/.mail-extensions
+ condition = ${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
user=$local_part
verify=false
transport = local_delivery
And this seems to work. I'll test it for a bit and report back.
Is the use of $local_part in the transports seen as safe, or
should I cange those to use $home as well?
Best,
Tobias
--
Sent from aboard the Culture ship
GSV Use Psychology
