On 02/03/2022 22:37, Alain D D Williams via Exim-users wrote:
> The transport works by running a command of which an argument is extracted (the
> line starting .dir) from a file /etc/exim/file_domains/$local_part
That's a valid case for using dsearch, as you're looking into,
so long as the existence of the file by that name is sufficient
to validate the local_part. Effectively, the filesystem is your
database and you are doing a lookup in it for existence of the key.
> The transport is taint safe if the router de-taints $local_part
>
> I think that I should be using dsearch but the documentation about dsearch does
> not help -- not enough for me to understand it.
>
> My transport & router are below, how should I modify them to do what I want.
>
> Thanks in advance
>
>
> # Look in /etc/exim/file_domains/$local_part for the sender address
> mail_to_url_router:
> driver = accept
> domains = +file_domains
add a local_parts= condition here. Being a condition, it means the router
will not run if the condition is false. Use a dsearch.
Your dsearch needs to be looking for "$local_part" (the key) in
"some fixed directory" (the database). If you use a list-lookup syntax
then the key is implicit; for a local_parts= condition it is $local_part.
Also, for a list-lookup syntax, the only primary result is the yes/no
"did the lookup succeed" - unlike a string-expansion syntax lookup you
do not have a free choice in manipulating the result. But the yes/no
is what the local_parts= condition needs.
The useful part for de-tainting is the side-effect of doing a lookup
in a local_parts= condition; it sets $local_part_data. For a plain
dsearch it sets that to the requested key (but as untainted data).
So:
local_parts = dsearch;/etc/exim/file_domains
> condition = ${if exists {/etc/exim/file_domains/$local_part}{1}{0}}
that line is now redundant; the local_parts= test did that job.
> require_files = /etc/exim/file_domains/$local_part
ditto
> senders = ${if exists {/etc/exim/file_domains/$local_part} {lsearch;/etc/exim/file_domains/$local_part}{*}}
a) and that test...
b) replace $local_part with $local_part_data
> transport = mail_to_url_transport
> no_more
>
> mail_to_url_transport:
> driver = pipe
> command = /usr/bin/MailToUrl $local_part $sender_address $header_subject ${lookup{.dir}lsearch{/etc/exim/file_domains/$local_part}}
and here too, for the lsearch (the first one can be either)
> user = mail
> group = apache
> return_fail_output = true
You could cut down on verbiage slightly by using a "ret=full" option on the dsearch,
but that's a style choice.
--
Cheers,
Jeremy
