Autor: Mike Tubby Data: Para: exim-users Assunto: Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted
path 'not permitted'
Ok,
I think I have have gotten my head around this now ...
I have a global domain list:
#
# local_domains -> domains that land here
#
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains
WHERE type='local' AND active='1'}{${sg{$value}{\\n}{ : }} }}
which I already use for routing non-local domains to our outgoing relays
(smart hosts). I can reference this in again in each router.
I can re-write each of my routers something like:
#
# Normal local delivery
#
local_delivery:
driver = accept
domains = +local_domains
local_parts = ${lookup mysql{SELECT users.username AS username
FROM \
users LEFT JOIN domains ON users.domain_id=domains.id
WHERE \
users.username='${quote_mysql:$local_part}' AND \
domains.domain='${quote_mysql:$domain}' AND \
users.active=1 AND domains.active=1}}
transport = local_delivery
user = mail
group = mail
... and I don't need a 'condition' since the router will only match and
call the transport if the domains and local_parts are both non-empty. I
just have to remember to do the full cross table query (JOIN) otherwise
I end up with unintended aliasing with the local part existing in every
one of my local domains.
Then my transport can be something like this:
#
# This transport delivers to local users with virtual mailboxes in Maildir
# format into the primary Maildir/virtual INBOX
#
local_delivery:
driver = appendfile
maildir_format = true
directory = /srv/mail/$domain_data/$local_part_data/Maildir
create_directory = true
directory_mode = 0770
mode_fail_narrower = false
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 0660
using the non-tainted $domain_data and $local_part_data as they have
both been set up.
This appears to pass "exim -d -bt mail.user@???" at least but I
now think that I have issues with by aliases, vacations and other
special responders to resolve.