Hi,
Matthias Hörmann via Exim-users <exim-users@???> (Fr 26 Jun 2020 09:50:08 CEST):
> We tried to re-write things to conform to the new severely restricted
> Exim config language but some parts are giving us trouble.
>
> One bit is this transport which we have been using for years now for debugging
> purposes (we mostly run webservers using exim to send mails from websites we
> develop).
>
> > # save copy of outgoing messages
> > traffic_tap_save_copy:
> > driver = appendfile
> > delivery_date_add
> > envelope_to_add
> > return_path_add
> > maildir_format = true
> > create_directory = true
> > directory = /var/mailarchive/outgoing/$sender_address_domain/$sender_address_local_part/$domain/$local_part/
> > user = mail
> > group = mail
>
> We also have similar transports for storing incoming mail for virtual users.
>
> Search/Replace does not lead to de-tainting. Calling external programs to
> filter the data (bad as that would be for performance anyway) does not seem to
> de-taint data.
Lookup leads to de-taining (Exim version 4.94-10-g3fe5ec41e #2 built 11-Jun-2020 20:59:26)
> I obviously can not build a lookup table for any possible domain and local part
> in the entire internet to de-taint this.
You can.
> On a side-note, to the best of my knowledge other than slash and the null byte
> on Linux at least all characters are safe for use in filenames anyway though I
> could see how you want to avoid the risk of them being fed into other tools
> indirectly that way.
Yes. IMHO we need to re-think the tainting a bit. But this is my private
opinion, not syncronized yet with people who do most of the development.
Try if this helps you.... Here is a working example:
begin routers
example:
driver = accept
address_data = ${lookup{$sender_address_domain/$sender_address_local_part/$domain/$local_part}lsearch*,ret=key{$config_dir/detaint}}
transport = example
begin transports
example:
driver = appendfile
create_directory
file = /tmp/mh/$address_data
And the "detaint" file contains:
*
Yes, only the asterisk, a newline and that's it.
Alternativly you can use a single caret (^) and change the
"lsearch*" into "wildlsearch" and enjoy more control using regular
expressions.
Please do not tell anybody if this works, as it invalidates the taint
checks completly and puts you back at the risk of getting a "pathname
attack" with an invalid domain name, or local part.
You should make sure to test all the components in advance,
or use a more sophisticated pattern in the detaint file.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
