Commit | Line | Data |
---|---|---|
0972d4d7 | 1 | # Exim test configuration 2620 |
afda344b | 2 | |
0b4dfe7a JH |
3 | PARTIAL=localhost::PORT_N |
4 | SERVERS=PARTIAL/test/CALLER/ | |
afda344b | 5 | |
d4dc049f JH |
6 | .include DIR/aux-var/std_conf_prefix |
7 | ||
afda344b | 8 | primary_hostname = myhost.test.ex |
afda344b PH |
9 | |
10 | # ----- Main settings ----- | |
11 | ||
12 | domainlist local_domains = @ | |
13 | hostlist relay_hosts = net-pgsql;select * from them where \ | |
14 | id='$sender_host_address' | |
15 | ||
16 | acl_smtp_rcpt = check_recipient | |
17 | ||
18 | pgsql_servers = SERVERS | |
19 | ||
20 | ||
21 | # ----- ACL ----- | |
22 | ||
23 | begin acl | |
24 | ||
25 | check_recipient: | |
0b4dfe7a JH |
26 | # Tainted-data checks |
27 | warn | |
28 | # taint only in lookup string | |
29 | set acl_m0 = ok: ${lookup pgsql {select name from them where id = '$local_part'}} | |
30 | # option on lookup type unaffected | |
31 | set acl_m0 = ok: ${lookup pgsql,servers=SSPEC {select name from them where id = '$local_part'}} | |
32 | # partial server-spec, indexing main-option, works | |
33 | set acl_m0 = ok: ${lookup pgsql,servers=PARTIAL {select name from them where id = '$local_part'}} | |
34 | # oldstyle server spec, prepended to lookup string, fails with taint | |
35 | set acl_m0 = FAIL: ${lookup pgsql {servers=SSPEC; select name from them where id = '$local_part'}} | |
36 | ||
37 | # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option | |
38 | warn set acl_m0 = ok: hostlist | |
39 | hosts = net-pgsql;select * from them where id='$local_part' | |
40 | # ... but setting a per-query servers spec fails due to the taint | |
41 | warn set acl_m0 = FAIL: hostlist | |
42 | hosts = <& net-pgsql;servers=SSPEC; select * from them where id='$local_part' | |
43 | ||
44 | # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because | |
45 | # string-expansion is done before list-expansion so the taint contaminates the entire list. | |
46 | warn set acl_m0 = FAIL: hostlist | |
47 | hosts = <& net-pgsql,servers=SSPEC; select * from them where id='$local_part' | |
48 | ||
afda344b PH |
49 | accept domains = +local_domains |
50 | accept hosts = +relay_hosts | |
51 | deny message = relay not permitted | |
52 | ||
53 | ||
54 | # ----- Routers ----- | |
55 | ||
56 | begin routers | |
57 | ||
58 | r1: | |
59 | driver = accept | |
60 | address_data = ${lookup pgsql{select name from them where id='ph10'}} | |
61 | transport = t1 | |
62 | ||
63 | ||
64 | # ----- Transports ----- | |
65 | ||
66 | begin transports | |
67 | ||
68 | t1: | |
69 | driver = appendfile | |
70 | file = DIR/test-mail/\ | |
71 | ${lookup pgsql{select id from them where id='ph10'}{$value}fail} | |
72 | user = CALLER | |
73 | ||
74 | ||
75 | # End |