Commit | Line | Data |
---|---|---|
ba0e37b1 | 1 | # Exim test configuration 2610 |
afda344b | 2 | |
d4dc049f JH |
3 | .include DIR/aux-var/std_conf_prefix |
4 | ||
afda344b | 5 | primary_hostname = myhost.test.ex |
afda344b PH |
6 | |
7 | # ----- Main settings ----- | |
8 | ||
9 | domainlist local_domains = @ | |
10 | hostlist relay_hosts = net-mysql;select * from them where id='$sender_host_address' | |
11 | ||
12 | acl_smtp_rcpt = check_recipient | |
13 | ||
0b4dfe7a JH |
14 | PARTIAL = 127.0.0.1::PORT_N |
15 | SSPEC = PARTIAL/test/root/ | |
16 | mysql_servers = SSPEC | |
afda344b PH |
17 | |
18 | ||
19 | # ----- ACL ----- | |
20 | ||
21 | begin acl | |
22 | ||
23 | check_recipient: | |
0b4dfe7a JH |
24 | # Tainted-data checks |
25 | warn | |
26 | # taint only in lookup string | |
27 | set acl_m0 = ok: ${lookup mysql {select name from them where id = '$local_part'}} | |
28 | # option on lookup type unaffected | |
29 | set acl_m0 = ok: ${lookup mysql,servers=SSPEC {select name from them where id = '$local_part'}} | |
30 | # partial server-spec, indexing main-option, works | |
31 | set acl_m0 = ok: ${lookup mysql,servers=PARTIAL {select name from them where id = '$local_part'}} | |
32 | # oldstyle server spec, prepended to lookup string, fails with taint | |
33 | set acl_m0 = FAIL: ${lookup mysql {servers=SSPEC; select name from them where id = '$local_part'}} | |
34 | ||
35 | # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option | |
36 | warn set acl_m0 = ok: hostlist | |
37 | hosts = net-mysql;select * from them where id='$local_part' | |
38 | # ... but setting a per-query servers spec fails due to the taint | |
39 | warn set acl_m0 = FAIL: hostlist | |
40 | hosts = <& net-mysql;servers=SSPEC; select * from them where id='$local_part' | |
41 | ||
42 | # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because | |
43 | # string-expansion is done before list-expansion so the taint contaminates the entire list. | |
44 | warn set acl_m0 = FAIL: hostlist | |
45 | hosts = <& net-mysql,servers=SSPEC; select * from them where id='$local_part' | |
46 | ||
afda344b PH |
47 | accept domains = +local_domains |
48 | accept hosts = +relay_hosts | |
49 | deny message = relay not permitted | |
50 | ||
51 | ||
52 | # ----- Routers ----- | |
53 | ||
54 | begin routers | |
55 | ||
56 | r1: | |
57 | driver = accept | |
58 | address_data = ${lookup mysql{select name from them where id='ph10'}} | |
59 | transport = t1 | |
60 | ||
61 | ||
62 | # ----- Transports ----- | |
63 | ||
64 | begin transports | |
65 | ||
66 | t1: | |
67 | driver = appendfile | |
68 | file = DIR/test-mail/\ | |
69 | ${lookup mysql{select id from them where id='ph10'}{$value}fail} | |
70 | user = CALLER | |
71 | ||
72 | ||
73 | # End |