Re: [exim] 4.94 router configuration

Góra strony
Delete this message
Reply to this message
Autor: Heiko Schlittermann
Data:  
Dla: exim-users
Temat: Re: [exim] 4.94 router configuration
Hi,

a. roars via Exim-users <exim-users@???> (Mo 17 Mai 2021 20:31:30 CEST):
> Hello,
>
> I hope I can get some help with the router configuration. This
> configuration worked for previous versions of exim but not with the current
> one.


Variables populated with "external" data are not trusted anymore.
Their values are considered "tainted", and are insecure.

Tainted values can not be used to construct file paths anymore.

You need to rework the configuration to make it secure. (As a mitigation
the "allow_insecure_tainted_data" main config option might help, if your
copy of Exim includes the relevant patch (SuSE and Debian do include
it)).

> archive_out:
> driver = redirect
> senders = ! :


> data = ${if exists{/etc/valiases/$sender_address_domain}{${lookup{archive.$sender_address}lsearch{/etc/valiases/${sender_address_domain}}}}}
> unseen


After playing around a while I came up with the following:

    archive_out:
        driver = redirect
        address_data = ${lookup{$sender_address_domain}dsearch,ret=full{$config_dir/valiases}{$value}fail}
        data = ${lookup{archive.$sender_address}lsearch{$address_data}}


I'm pretty sure there are more elegant ways to achive the same result.

    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
--
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -