著者: Gregory Edigarov 日付: To: exim-users 題目: Re: [exim] De-taint data
On 10/26/20 12:22 PM, Jeremy Harris via Exim-users wrote: > On 26/10/2020 09:53, Gregory Edigarov via Exim-users wrote:
>> Having this in config, exim-4.94
>>
>> local_copy_incoming:
>> driver = appendfile
>> directory = /var/vmail/backup/$domain/$local_part/incoming
>
> Most of this info is in the documentation.
>
> You need to deliberately check that those variable
> values, which have been supplied by a potential
> attacker, are actually valid on your system. This has to
> be done in a way that Exim knows a validated version
> of the data that you can use in that "directory" option.
>
> If the local_part is a real user on the system then
> the "check_local_user" option on the router selecting
> this transport is the simplest way for this component.
> A success for that check fills in $local_part_data
> with an untainted version of $local_part.
>
> For virtual users (not existing in the password file),
> and for domains, you have to do deliberate lookups
> in other local sources of data. You might, for example,
> have a Postgres DB with your list of locally-serviced
> domains. Commonly your router will be checking for these
> domains using a "domains" condition. If this condition
> uses a lookup then it will populate $domain_data
> with an untainted result from the lookup. Likewise, the
> "local_parts" option can populate $local_part_data from
> a lookup result.
Well, in my use case, this local_copy_incoming transport
is chained to virtual_delivery transport, via the
virtual_delivery:
driver = appendfile
envelope_to_add
return_path_add
mode = 0600
maildir_format = true
create_directory = true
directory = ${extract{smtp}{$address_data}}
user = mail
#${extract{uid}{$address_data}}
group = mail
#${extract{gid}{$address_data}}
quota = ${extract{quota}{$address_data}{${value}M}}
quota_is_inclusive = false
#quota_size_regex = ,S=(\d+):
quota_warn_threshold = 75%
maildir_use_size_file = false
quota_warn_message = "To: $local_part@$domain\n\
Subject: Mailbox quota warning\n\n\
This message was automatically generated by the
mail delivery software.\n\n\
You are now using over 75% of your allocated
mail storage quota.\n\n\
If your mailbox fills completely, further
incoming messages will be automatically\n\
returned to their senders.\n\n\
Please take note of this and remove unwanted
mail from your mailbox.\n"
shadow_transport = local_copy_incoming
which resolves from this router:
virtual_domains:
driver = redirect
domains = +local_domains
address_data = ${lookup mysql{\
select smtp, users.sa_tag*10 AS sa_tag, users.on_spamassassin
AND domains.spamassassin AS on_spamassassin, \
users.uid AS uid, users.gid AS gid, quota \
from users,domains \
where localpart = '${quote_mysql:$local_part}' \
and domain = '${quote_mysql:$domain}' \
and domains.enabled = '1' \
and users.enabled = '1' \
and users.domain_id = domains.domain_id}{$value}fail}
allow_fail
data = ${extract{smtp}{$address_data}}
headers_add = ${if and { \
{match{$domain}{$original_domain}} \
{match{$local_part}{$original_local_part}} \
{>={$spam_score_int}{${extract{sa_tag}{$address_data}}}} \
{eq{1}{${extract{on_spamassassin}{$address_data}}}} \
} {X-Spam-Flag: YES\nX-Spam-Score:
$acl_m_spam_score\nX-Spam-Report: $acl_m_spam_report}{} }
local_part_suffix = +*
local_part_suffix_optional
retry_use_local_part
file_transport = virtual_delivery
reply_transport = address_reply
pipe_transport = address_pipe
this router and virtual_delivery transport work just ok.
So the question is how to correctly connect shadow transport to this
processing in case of 4.94?