[exim] Does this look right? ("Tainted filename" fix)

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Russell Clemings
Dátum:  
Címzett: exim-users
Tárgy: [exim] Does this look right? ("Tainted filename" fix)
A recent cPanel update left me facing the dreaded "Tainted filename for
search" issue.

My system automatically generates a custom aliases file via cron. This was
implemented more than 10 years ago. It required two modifications to the
Exim config. Those failed after the update. I was able to put a manual
workaround in place but would like to find a workable replacement for the
original modifications.

After reading the documentation and past posts to this list, among other
sources, I've come up with the following. But my understanding of this is
still pretty thin. I'd feel better if someone a lot smarter than me could
look at it before I try to install it.

Thanks in advance for any comments or suggestions.

---

PREVALIASSTAR

old:

custom_aliases:
driver = redirect
allow_defer
allow_fail
data = ${if exists{/etc/valiases/$domain}{${lookup{$local_part@
$domain}lsearch{/etc/valiases/custom_aliases}}}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part

new:

custom_aliases:
driver = redirect
allow_defer
allow_fail
domains = dsearch;/etc/valiases
data = ${if exists{/etc/valiases/$domain_data}{${lookup{$local_part@
$domain_data}lsearch{/etc/valiases/custom_aliases}}}}
file_transport = address_file
pipe_transport = address_pipe
retry_use_local_part

---

PREVALIASNOSTAR

old:

virtual_aliases_nostar1:
driver = redirect
allow_defer
allow_fail
require_files = "+/etc/valiases/$domain"
address_data = ${lookup{$local_part@
$domain}lsearch{/etc/valiases/$domain}}
data = $address_data
file_transport = address_file
group = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
user = "${lookup{$domain}lsearch* {/etc/userdomains}{$value}}"
pipe_transport = ${if
forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if
match{${extract{6}{:}{${lookup
passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}}{\N(jail|no)shell\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}
retry_use_local_part


new:

virtual_aliases_nostar1:
driver = redirect
allow_defer
allow_fail
domains = !$primary_hostname : dsearch;/etc/valiases
require_files = "+/etc/valiases/$domain_data"
address_data = ${lookup{$local_part@
$domain_data}lsearch{/etc/valiases/$domain_data}}
data = $address_data
file_transport = address_file
group = "${lookup{$domain_data}lsearch* {/etc/userdomains}{$value}}"
user = "${lookup{$domain_data}lsearch* {/etc/userdomains}{$value}}"
pipe_transport = ${if
forall{/bin/cagefs_enter:/usr/sbin/cagefsctl}{exists{$item}}{cagefs_virtual_address_pipe}{${if
match{${extract{6}{:}{${lookup
passwd{${lookup{$domain_data}lsearch*{/etc/userdomains}{$value}}}{$value}}}}}{\N(jail|no)shell\N}{jailed_virtual_address_pipe}{virtual_address_pipe}}}}
retry_use_local_part


--
===============================================
Russell Clemings
<russell@???>
===============================================