Otávio,
> I'm developing an different purpose application based on Amavisd-New
> with Amavisd::Custom and my own modules. But, I would like to change
> the "delivery_method" on the fly, and I'm having some trouble with
> Taint Mode:
>
> i.e:
>
> sub before_send {
[...]
> my $ip_addr_received_hdr = parse_ip_address_from_received( $msginfo, 1
[...]
> $msginfo->delivery_method(
> $ip_addr_received_hdr
> ? "smtp:[$ip_addr_received_hdr]:25"
> : c('notify_method')
> Feb 4 20:42:58 bsd amavis[19521]: (19521-01) mail_via_smtp: session
> failed: Insecure dependency in connect while running with -T switch at
> /usr/local/lib/perl5/5.8.9/mach/IO/Socket.pm line 114, <GEN21> line
> 44.
A result from parse_ip_address_from_received comes tainted, which is
to be expected as it is derived from untrustworthy data. If you want
to use it for setting up e.g. a delivery method, you need to untaint
it, after first checking that the value is sane.
There is a function untaint(), which can be imported from Amavis::Util,
the same module you import a do_log from.
.< ? "smtp:[$ip_addr_received_hdr]:25"
.> ? untaint("smtp:[$ip_addr_received_hdr]:25")
Mark
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
AMaViS-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/
