Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. users
4.94 router configuration
exim-users at exim
May 17, 2021, 11:31 AM
Post #1 of 3 (369 views)
Permalink
Hello,

I hope I can get some help with the router configuration. This
configuration worked for previous versions of exim but not with the current
one.

I have been working on it for the past two weeks since updating the mail
server and have no success in finding more information of examples with
sender_address, sender_address_domains that I could work with.

The purpose of the router would be to send a copy of the email if a
forwarder with the suffix archive. (e.g.: archive.user@domain.tld) is
present in the domain's aliases file (e.g.: etc/valiases/domain.tld).

archive_out:
driver = redirect
senders = ! :
data = ${if
exists{/etc/valiases/$sender_address_domain}{${lookup{archive.$sender_address}lsearch{/etc/valiases/${sender_address_domain}}}}}
unseen
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: 4.94 router configuration [ In reply to ]
exim-users at exim
May 18, 2021, 1:26 AM
Post #2 of 3 (369 views)
Permalink
On 17/05/2021 19:31, a. roars via Exim-users wrote:
> data = ${if
> exists{/etc/valiases/$sender_address_domain}{${lookup{archive.$sender_address}lsearch{/etc/valiases/${sender_address_domain}}}}}

The usual methods of getting an untainted value for the filename apply.
It's been discussed multiple times here, and the base information is
in the documentation.
--
Cheers,
Jeremy

--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
Re: 4.94 router configuration [ In reply to ]
exim-users at exim
May 18, 2021, 11:26 AM
Post #3 of 3 (369 views)
Permalink
Hi,

a. roars via Exim-users <exim-users@exim.org> (Mo 17 Mai 2021 20:31:30 CEST):
> Hello,
>
> I hope I can get some help with the router configuration. This
> configuration worked for previous versions of exim but not with the current
> one.

Variables populated with "external" data are not trusted anymore.
Their values are considered "tainted", and are insecure.

Tainted values can not be used to construct file paths anymore.

You need to rework the configuration to make it secure. (As a mitigation
the "allow_insecure_tainted_data" main config option might help, if your
copy of Exim includes the relevant patch (SuSE and Debian do include
it)).

> archive_out:
> driver = redirect
> senders = ! :

> data = ${if exists{/etc/valiases/$sender_address_domain}{${lookup{archive.$sender_address}lsearch{/etc/valiases/${sender_address_domain}}}}}
> unseen

After playing around a while I came up with the following:

archive_out:
driver = redirect
address_data = ${lookup{$sender_address_domain}dsearch,ret=full{$config_dir/valiases}{$value}fail}
data = ${lookup{archive.$sender_address}lsearch{$address_data}}

I'm pretty sure there are more elegant ways to achive the same result.

Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal