• Odhiambo Washington via Exim-users [2022-05-03 15:22]:
[...]
> Sanity check!
>
> In my router, I have the following query:
>
> address_data = ${lookup mysql{ \
> select smtp, username, users.sa_tag*10 AS sa_tag,
> users.on_spamassassin AS on_spamassassin, \
> domains.spamassassin AS spamassassin, \
> users.uid AS uid, users.gid AS gid, users.quota AS
> quota from users,domains \
> where localpart = '${quote_mysql:$local_part}' \
> and domain = '${quote_mysql:$domain}' \
> and domains.enabled = '1' \
> and users.enabled = '1' \
> and users.domain_id = domains.domain_id}{$value}fail}
>
> And I have modified my transport to:
>
> dovecot_virtual_delivery:
> driver = pipe
> return_output
> command = /usr/local/libexec/dovecot/deliver -d
> ${extract{username}{$address_data}}
> message_suffix =
> delivery_date_add
> envelope_to_add
> return_path_add
> log_output
> user = mailnull
> temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
>
> And deliveries seem to be working without any errors,
>
> Question is whether I am creating a security loophole by doing the above.
Looks like you're doing it exactly the way it was intended.
