[exim] Re: Tainted filename after update to debian bookworm

Góra strony
Delete this message
Reply to this message
Autor: klabautermann--- via Exim-users
Data:  
Dla: Jeremy Harris, exim-users
Temat: [exim] Re: Tainted filename after update to debian bookworm
I have now a subdomain routed to my new server, while the old server is back. 

I have now solutions, for looking up sender data in an ACL and setting acl variables, for later, when this information is needed.
set acl_c_authdomain_dir = ${lookup {${domain:$authenticated_id}} dsearch,filter=dir,ret=full {VIRT_ROOT} {$value} fail}
set acl_c_authaccount_dir = ${lookup {$authenticated_id} dsearch,ret=full {$acl_c_auth_sdomain_dir/conf/permissions} {$value} fail}

I concatenate two lookups, as I need the domain and the complete address in different parts of my path.

But now I am stuck with similar things for the receiving domain in the RCPT-ACL

When I do:
set acl_m_domain_conf = ${lookup {${domain}} dsearch,filter=dir,ret=full {VIRT_ROOT} {$value} fail} 
the variable keeps emtpy. My plan was again to use this acl variable for the condition, but unfortunately
I am unable to de-taint a path, containing the recipient domain.
In my old system  a condition like:
${lookup{$local_part}nwildlsearch{VIRT_ROOT${domain}/conf/blockedLocals}{yes}{no}}
works fine!

What can I do here, to get the recipient domain de-tainted in a path?


--
Sent with Tuta; enjoy secure & ad-free emails:
https://tuta.com


Aug 20, 2024, 20:38 by exim-users@???:

> On 19/08/2024 13:38, klabautermann--- via Exim-users wrote:
>
>> My solution looked like:
>>     ...
>>     AUTH_DOMAIN_DIR  = ${lookup {domain:$authenticated_id} dsearch,ret=full {VIRT_ROOT}}
>>     AUTH_ACCOUNT_DIR = ${lookup {$authenticated_id} dsearch,ret=full {AUTH_DOMAIN_DIR/conf/SendPermissions}}
>>     condition = ${lookup {$sender_address} nwildlsearch {AUTH_ACCOUNT_DIR}{yes}{no}}
>>
>
> https://exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_runtime_configuration_file.html
>
> Section 4:
> "If a line in the main part of the configuration (that is, before the first “begin” line) begins with an upper case letter, it is taken as a macro definition"
>
> I'm betting you were trying to define macros within the ACL section of your config.
> --
> Cheers,
> Jeremy
>
>
> --
> ## subscription configuration (requires account):
> ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
> ## unsubscribe (doesn't require an account):
> ## exim-users-unsubscribe@???
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
>



--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/