I'm currently running exim 4.92 and having no taint issues, the moment I
update to 4.96 I get the below message in the logs and messages bounce.
I understand the tainting and not trusting 3rd party entered data but
I'm looking to fix this the right way, as google has presented a few
hacks and that's not how I'd like to go.
1qJtZ6-0004kS-1z ** steve@??? R=mysql_user
T=local_dovecot_lda: Tainted arg 2 for local_dovecot_lda transport
command: 'steve@???'
My understanding is that this comes from my transport
(local_dovecot_lda) and some documentation states I can use
${domain_data} and ${local_part_data}, however local_part_data doesn't
seem available for the transport.
Should I be doing a mysql lookup for local_parts in the router or is
there a better way to simplify my config?
Router:
mysql_user:
driver = accept
domains = +local_domains
condition = ${lookup mysql{ \
SELECT CONCAT(username,'@',domain) AS
email \
FROM user \
WHERE
username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' \
}{true}{false}}
local_part_suffix = +* : -* : _*
local_part_suffix_optional
transport = ${if
exists{/home/vpopmail/domains/${domain}/${local_part}/.mailfilter}
{local_mysql_maildrop} {local_dovecot_lda} }
Transport:
local_dovecot_lda:
driver = pipe
path = "/bin:/usr/bin:/usr/local/bin"
environment =
"HOME=/home/vpopmail/domains/${quote_mysql:domain}/${quote_mysql:$local_part}/;ORIG_LHS=${original_local_part};ORIG_RHS=${original_domain}"
home_directory =
"/home/vpopmail/domains/${quote_mysql:$domain}/${quote_mysql:$local_part}/"
current_directory =
"/home/vpopmail/domains/${quote_mysql:$domain}/${quote_mysql:$local_part}/"
command = "/usr/libexec/dovecot/deliver -d
${quote_mysql:$local_part}@${quote_mysql:$domain}"
log_output
delivery_date_add
envelope_to_add
return_path_add
message_suffix =
temp_errors = 64 : 69 : 70: 71 : 72 : 73 : 74 : 75 : 78
user = vpopmail
group = vpopmail
local_domains is defined as:
domainlist local_domains = ${lookup mysql {\
SELECT domain FROM user WHERE
domain='${quote_mysql:$domain}' \
UNION \
SELECT domain FROM alias WHERE
domain='${quote_mysql:$domain}' \
UNION \
SELECT domain FROM catchall WHERE
domain='${quote_mysql:$domain}'\
}}
Am I correct in thinking I should add a local_parts lookup to the router
as below or is there a more elegant way to get the $*_data variables to
the transport?
local_parts = ${lookup mysql{ SELECT username \
FROM user \
WHERE
username='${quote_mysql:$local_part}' \
AND domain='${quote_mysql:$domain}' \
AND SMTP_allowed='YES' }}
Looking at my current config it's been in place since 2010 with minor
updates, I've spent hours trying to get my head round what needs doing
and would appreciate any available advice.
Regards
Steve.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
