| 1 | # Exim test configuration 2610 |
| 2 | |
| 3 | .include DIR/aux-var/std_conf_prefix |
| 4 | |
| 5 | primary_hostname = myhost.test.ex |
| 6 | |
| 7 | # ----- Main settings ----- |
| 8 | |
| 9 | domainlist local_domains = @ |
| 10 | hostlist relay_hosts = net-mysql;select * from them where id='$sender_host_address' |
| 11 | |
| 12 | acl_smtp_rcpt = check_recipient |
| 13 | |
| 14 | PARTIAL = 127.0.0.1::PORT_N |
| 15 | SSPEC = PARTIAL/test/root/ |
| 16 | mysql_servers = SSPEC |
| 17 | |
| 18 | |
| 19 | # ----- ACL ----- |
| 20 | |
| 21 | begin acl |
| 22 | |
| 23 | check_recipient: |
| 24 | # Tainted-data checks |
| 25 | warn |
| 26 | # taint only in lookup string |
| 27 | set acl_m0 = ok: ${lookup mysql {select name from them where id = '$local_part'}} |
| 28 | # option on lookup type unaffected |
| 29 | set acl_m0 = ok: ${lookup mysql,servers=SSPEC {select name from them where id = '$local_part'}} |
| 30 | # partial server-spec, indexing main-option, works |
| 31 | set acl_m0 = ok: ${lookup mysql,servers=PARTIAL {select name from them where id = '$local_part'}} |
| 32 | # oldstyle server spec, prepended to lookup string, fails with taint |
| 33 | set acl_m0 = FAIL: ${lookup mysql {servers=SSPEC; select name from them where id = '$local_part'}} |
| 34 | |
| 35 | # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option |
| 36 | warn set acl_m0 = ok: hostlist |
| 37 | hosts = net-mysql;select * from them where id='$local_part' |
| 38 | # ... but setting a per-query servers spec fails due to the taint |
| 39 | warn set acl_m0 = FAIL: hostlist |
| 40 | hosts = <& net-mysql;servers=SSPEC; select * from them where id='$local_part' |
| 41 | |
| 42 | # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because |
| 43 | # string-expansion is done before list-expansion so the taint contaminates the entire list. |
| 44 | warn set acl_m0 = FAIL: hostlist |
| 45 | hosts = <& net-mysql,servers=SSPEC; select * from them where id='$local_part' |
| 46 | |
| 47 | accept domains = +local_domains |
| 48 | accept hosts = +relay_hosts |
| 49 | deny message = relay not permitted |
| 50 | |
| 51 | |
| 52 | # ----- Routers ----- |
| 53 | |
| 54 | begin routers |
| 55 | |
| 56 | r1: |
| 57 | driver = accept |
| 58 | address_data = ${lookup mysql{select name from them where id='ph10'}} |
| 59 | transport = t1 |
| 60 | |
| 61 | |
| 62 | # ----- Transports ----- |
| 63 | |
| 64 | begin transports |
| 65 | |
| 66 | t1: |
| 67 | driver = appendfile |
| 68 | file = DIR/test-mail/\ |
| 69 | ${lookup mysql{select id from them where id='ph10'}{$value}fail} |
| 70 | user = CALLER |
| 71 | |
| 72 | |
| 73 | # End |