Hi,
we deliver locally mails to adresses like my_user/somefolder@ourdomain.com
In the past this would deliver the mail to the folder "somefolder" of the user "my_user" without using any filters.
We found out that this is broken nowadays because of taint.
The involved router is:
virtual_localuser_folder:
driver = accept
transport = local_virtualfolder_delivery
# domains = dbm;VIRTUAL_DOMAINS_DBFILE
domains = lsearch,ret=key;VIRTUAL_DOMAINS_FILE
caseful_local_part = true
local_part_suffix = /*
require_files = pop:+${home}
address_data = ${lookup ldap{LDAP_AUTH ldap:///LDAP_USER_DN?mail?sub?(mail=${quote_ldap:$local_part@$domain_data})}{$value}fail}
transport_home_directory = LDAP_MAILBOX/.${tr{${substr_1:$local_part_suffix}}{.}{:}}
router_home_directory = LDAP_MAILBOX/.${tr{${substr_1:$local_part_suffix}}{.}{:}}
And the transport is:
local_virtualfolder_delivery:
driver = appendfile
maildir_format
delivery_date_add
envelope_to_add
return_path_add
directory = ${home}
quota = ${if exists {LDAP_TMAILBOX/.exim_quota} {${lookup {quotasize} lsearch {LDAP_TMAILBOX/.exim_quota} {$value} {1000M}}} {${lookup {$domain:quotasize} lsearch {VIRTUAL_DOMAINS_FILE} {$value} {1000M}}}}
quota_filecount = 400000
quota_is_inclusive = false
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
maildir_use_size_file = true
user = pop
group = exim
mode = 0660
directory_mode = 0770
#headers_add = ${if $h_}
headers_remove = "x-uidl:x-status:status"
headers_add = X-VISP-UniqueID: ${lc:${sha1:$local_part@$domain|$message_id|$sender_address|$tod_full}}
The error I get is:
LOG: MAIN PANIC
== my_user@domain.com <my_user/somefolder@ourdomain.com> R=virtual_localuser_folder T=local_virtualfolder_delivery defer (-1): Tainted '/users/ou/ourdomain.com/my/my_user/pobox/.somefolder' (file or directory name for local_virtualfolder_delivery transport) not permitted
I figure that it is tainted because the folder comes from the incoming mail-address. The mail is sent by the local exim and received by the local exim.
I cannot use "local_part_data" because then exim tries to deliver to a user "my_user/somefolder@ourdomain.com" and not to the folder. I have no idea how to de-taint this part because I guess ".${tr{${substr_1:$local_part_suffix}}" is the tainted part in the router.
Any help would be appreciated.
Best,
Niels
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
we deliver locally mails to adresses like my_user/somefolder@ourdomain.com
In the past this would deliver the mail to the folder "somefolder" of the user "my_user" without using any filters.
We found out that this is broken nowadays because of taint.
The involved router is:
virtual_localuser_folder:
driver = accept
transport = local_virtualfolder_delivery
# domains = dbm;VIRTUAL_DOMAINS_DBFILE
domains = lsearch,ret=key;VIRTUAL_DOMAINS_FILE
caseful_local_part = true
local_part_suffix = /*
require_files = pop:+${home}
address_data = ${lookup ldap{LDAP_AUTH ldap:///LDAP_USER_DN?mail?sub?(mail=${quote_ldap:$local_part@$domain_data})}{$value}fail}
transport_home_directory = LDAP_MAILBOX/.${tr{${substr_1:$local_part_suffix}}{.}{:}}
router_home_directory = LDAP_MAILBOX/.${tr{${substr_1:$local_part_suffix}}{.}{:}}
And the transport is:
local_virtualfolder_delivery:
driver = appendfile
maildir_format
delivery_date_add
envelope_to_add
return_path_add
directory = ${home}
quota = ${if exists {LDAP_TMAILBOX/.exim_quota} {${lookup {quotasize} lsearch {LDAP_TMAILBOX/.exim_quota} {$value} {1000M}}} {${lookup {$domain:quotasize} lsearch {VIRTUAL_DOMAINS_FILE} {$value} {1000M}}}}
quota_filecount = 400000
quota_is_inclusive = false
maildir_tag = ,S=$message_size
quota_size_regex = ,S=(\d+)
maildir_use_size_file = true
user = pop
group = exim
mode = 0660
directory_mode = 0770
#headers_add = ${if $h_}
headers_remove = "x-uidl:x-status:status"
headers_add = X-VISP-UniqueID: ${lc:${sha1:$local_part@$domain|$message_id|$sender_address|$tod_full}}
The error I get is:
LOG: MAIN PANIC
== my_user@domain.com <my_user/somefolder@ourdomain.com> R=virtual_localuser_folder T=local_virtualfolder_delivery defer (-1): Tainted '/users/ou/ourdomain.com/my/my_user/pobox/.somefolder' (file or directory name for local_virtualfolder_delivery transport) not permitted
I figure that it is tainted because the folder comes from the incoming mail-address. The mail is sent by the local exim and received by the local exim.
I cannot use "local_part_data" because then exim tries to deliver to a user "my_user/somefolder@ourdomain.com" and not to the folder. I have no idea how to de-taint this part because I guess ".${tr{${substr_1:$local_part_suffix}}" is the tainted part in the router.
Any help would be appreciated.
Best,
Niels
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@lists.exim.org
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/