On 26/10/2020 09:53, Gregory Edigarov via Exim-users wrote:
Having this in config, exim-4.94local_copy_incoming: driver = appendfile directory = /var/vmail/backup/$domain/$local_part/incoming
Most of this info is in the documentation. You need to deliberately check that those variable values, which have been supplied by a potential attacker, are actually valid on your system. This has to be done in a way that Exim knows a validated version of the data that you can use in that "directory" option. If the local_part is a real user on the system then the "check_local_user" option on the router selecting this transport is the simplest way for this component. A success for that check fills in $local_part_data with an untainted version of $local_part. For virtual users (not existing in the password file), and for domains, you have to do deliberate lookups in other local sources of data. You might, for example, have a Postgres DB with your list of locally-serviced domains. Commonly your router will be checking for these domains using a "domains" condition. If this condition uses a lookup then it will populate $domain_data with an untainted result from the lookup. Likewise, the "local_parts" option can populate $local_part_data from a lookup result. -- Cheers, Jeremy
OpenPGP_0xBCE58C8CE41F32DF.asc
Description: application/pgp-keys
OpenPGP_signature
Description: OpenPGP digital signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
