Re: [exim] Sieve filters broken due to tainted expansions?

Wed, 08 Jan 2020 01:16:14 -0800 

Hi! 

On Wed, 08 Jan 2020, Andrew C Aitchison via Exim-users wrote:
> I see from your latest message that
>       /home/$local_part/... is tainted.
> Would using $home - and check_local_user to set it - do what you need ?

Indeed that seems to work. I change the earlier config thus:

  $ diff -Naur exim-old.conf exim.conf 
  --- exim-old.conf       2020-01-08 10:02:17.450333630 +0100
  +++ exim.conf   2020-01-08 10:01:33.290288221 +0100
  @@ -103,18 +103,20 @@
   extension_user_verify:
     driver = accept
     local_part_suffix = -*
  -  require_files = /home/$local_part/.mail-extensions
  +  require_files = $home/.mail-extensions
     verify_only
  -  condition = 
${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
  +  check_local_user
  +  condition = 
${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
   
   extension_user_delivery_f:
     driver = redirect
  +  check_local_user
     local_part_suffix = -*
  -  require_files =  
/home/$local_part/.mail-extensions:/home/$local_part/.forward
  -  condition = 
${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
  +  require_files =  $home/.mail-extensions:$home/.forward
  +  condition = 
${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
     user=$local_part
     check_ancestor
  -  file = /home/$local_part/.forward
  +  file = $home/.forward
     allow_filter
     allow_fail
     verify=false
  @@ -125,8 +127,9 @@
   extension_user_delivery:
     driver = accept
     local_part_suffix = -*
  -  require_files =  /home/$local_part/.mail-extensions
  -  condition = 
${lookup{$local_part_suffix}lsearch{/home/$local_part/.mail-extensions}{yes}{no}}
  +  check_local_user
  +  require_files =  $home/.mail-extensions
  +  condition = 
${lookup{$local_part_suffix}lsearch{$home/.mail-extensions}{yes}{no}}
     user=$local_part
     verify=false
     transport = local_delivery

And this seems to work. I'll test it for a bit and report back.

Is the use of $local_part in the transports seen as safe, or
should I cange those to use $home as well?

Best,
Tobias

-- 
Sent from aboard the Culture ship
        GSV Use Psychology

-- 
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to