Re: [exim] problem Tainted permission to file autoreply once

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Cyborg
Datum:  
To: exim-users
Betreff: Re: [exim] problem Tainted permission to file autoreply once
Hi,

Am 27.09.22 um 11:54 schrieb Sławomir Dworaczek via Exim-users:
> heloo
> Yeah ! maybe not elegant, but it works!,
> once     = /var/spool/db/autoreply_${lookup mysql{select localpart
> from users,domains where domain='${quote_mysql:$domain}' and
> localpart='${quote_mysql:$local_part}' and
> users.domain_id=domains.domain_id}}_${lookup mysql{select domain from
> users,domains where domain='${quote_mysql:$domain}' and
> localpart='${quote_mysql:$local_part}' and
> users.domain_id=domains.domain_id}}.db
>
> create file autoreply_username_domain.com.db
>


from variouse points of views, this suggestion is the worst one you can
have.


a) you have a shitload of files laying around if more than a handfull of
users is involved

b) it's unclear, what happens, if the file needed has not been created.

c) but worst of all: it's producing a filename to a filebased db file,
from a mysql database select, which could do all of this in a query and
an insert....

skip responder if true:

...
condition = check if respondertext exists at all for $header_to
condition = ${lockup mysql{select '1' from responsedb where ( rcpt
='${quote_mysql:$header_to)' and '
sender='${quote_mysql:$local_part}@${quote_mysql:$domain} and now() < (
lasttime + 7*86400 ) ) }}
< this part depends on how you implemented it. It could be i.e. filling
a variable to reuse its content in the responder router >
...

continue with

warn condition = check if respondertext exists at all for $header_to
         condition = ${lockup mysql{insert into responsedb set rcpt
='${quote_mysql:$header_to)' , sender =
'${quote_mysql:$local_part}@${quote_mysql:$domain}'  , lasttime = now();
select '1';}}
         log_message = "adding .... to responder database"

This does not involve any further files and just needs the database, you
already have in use, which is way faster.