Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with ta…

Página Inicial
Delete this message
Reply to this message
Autor: Mike Tubby
Data:  
Para: exim-users
Assunto: Re: [exim] Exim 4.94.0.4 works where Exim 4.94 fails with tainted path 'not permitted'
Ok,

I think I have have gotten my head around this now ...

I have a global domain list:

#
# local_domains -> domains that land here
#
domainlist local_domains = ${lookup mysql{SELECT domain FROM domains
WHERE type='local' AND active='1'}{${sg{$value}{\\n}{ : }} }}

which I already use for routing non-local domains to our outgoing relays
(smart hosts).  I can reference this in again in each router.


I can re-write each of my routers something like:

#
# Normal local delivery
#
local_delivery:
        driver = accept
        domains = +local_domains
        local_parts = ${lookup mysql{SELECT users.username AS username
FROM \
                users LEFT JOIN domains ON users.domain_id=domains.id
WHERE \
                users.username='${quote_mysql:$local_part}' AND \
                domains.domain='${quote_mysql:$domain}' AND \
                users.active=1 AND domains.active=1}}
        transport = local_delivery
        user = mail
        group = mail

... and I don't need a 'condition' since the router will only match and
call the transport if the domains and local_parts are both non-empty. I
just have to remember to do the full cross table query (JOIN) otherwise
I end up with unintended aliasing with the local part existing in every
one of my local domains.


Then my transport can be something like this:

#
# This transport delivers to local users with virtual mailboxes in Maildir
# format into the primary Maildir/virtual INBOX
#
local_delivery:
        driver = appendfile
        maildir_format = true
        directory = /srv/mail/$domain_data/$local_part_data/Maildir
        create_directory = true
        directory_mode = 0770
        mode_fail_narrower = false
        message_prefix =
        message_suffix =
        delivery_date_add
        envelope_to_add
        return_path_add
        user = mail
        group = mail
        mode = 0660

using the non-tainted $domain_data and $local_part_data as they have
both been set up.


This appears to pass "exim -d -bt mail.user@???" at least but I
now think that I have issues with by aliases, vacations and other
special responders to resolve.


Mike