Re: [exim] Exim relaying but shouldn't

Góra strony
Delete this message
Reply to this message
Autor: Jasen Betts
Data:  
Dla: exim-users
Temat: Re: [exim] Exim relaying but shouldn't
On 2022-09-28, Lena--- via Exim-users <exim-users@???> wrote:
>> From: Eric Grammatico
>
>> In fact I tried to implement the wiki:
>> https://github.com/Exim/exim/wiki/AuthenticatedSmtpUsingPwauth
>
> I edited that wiki: changed
>
> server_condition = ${run{/bin/bash -c "echo -e '$auth2\n$auth3' | /usr/local/bin/pwauth"}{1}{0}}
>
> to
>
> server_condition = ${and {\
>  {!match{$auth2$auth3}{[\x27\r\n]}}\
>  {bool{${run{/bin/bash -c "echo -e '$auth2\n$auth3' | /usr/local/bin/pwauth"}{1}{0}}}}\
>                     }}


Does that still work in recent versions?

The documentation for ${run gives conflicting guidance on tainted values.

"Note: if tainted arguments are used, they are supplied by a potential
attacker; a careful assessment for security vulnerabilities should be
done. "

and

"Neither the command nor any argument may be tainted."



It would be nice to have a ${readpipe expansion somewhat analogous to
${readsocket but connects to a pipe process instead of a socket.
parhaps put the return code in $0

--
Jasen.