On Sun, May 1, 2022 at 12:46 PM Jeremy Harris via Exim-users < [email protected]> wrote:
> On 01/05/2022 09:55, Odhiambo Washington via Exim-users wrote: > > dovecot_virtual_delivery: > > driver = pipe > > return_output > > command = /usr/local/libexec/dovecot/deliver -d $local_part@$domain > -f > > $sender_address > > message_prefix = > > > How do I need to de-taint the arg 2? > > The same way as you de-taint local_part and domain for other uses, > as has been discussed here many time and is documented. > > There are multiple ways and which one is best depends on your situation. > > > Once you've done that, you'll run into arg 4 also being tainted; > drop the "-f $sender_address" from the command line and remove > the > message_prefix = > option setting. The default for message_prefix is an mbox "From " > line, and Dovecot should take the sender from that. > > (I am assuming that "dovecot/deliver" is the same as the > "dovecot/dovecot_lda" > documented by the dovecot project). > Yes, /usr/local/libexec/dovecot/deliver is a symlink to dovecot_lda. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
