[exim.git] / test / confs / 2620

# Exim test configuration 2620

PARTIAL=localhost::PORT_N
SERVERS=PARTIAL/test/CALLER/

.include DIR/aux-var/std_conf_prefix

primary_hostname = myhost.test.ex

# ----- Main settings -----

domainlist local_domains = @
hostlist   relay_hosts = net-pgsql;select * from them where \
                                     id='$sender_host_address'

acl_smtp_rcpt = check_recipient

pgsql_servers = SERVERS


# ----- ACL -----

begin acl

check_recipient:
	  # Tainted-data checks
  warn
	  # taint only in lookup string
	  set acl_m0 =	ok:   ${lookup pgsql                    {select name from them where id = '$local_part'}}
	  # option on lookup type unaffected
	  set acl_m0 =	ok:   ${lookup pgsql,servers=SSPEC      {select name from them where id = '$local_part'}}
	  # partial server-spec, indexing main-option, works
	  set acl_m0 =	ok:   ${lookup pgsql,servers=PARTIAL    {select name from them where id = '$local_part'}}
	  # oldstyle server spec, prepended to lookup string, fails with taint
	  set acl_m0 =	FAIL: ${lookup pgsql     {servers=SSPEC; select name from them where id = '$local_part'}}

	  # In list-stle lookup, tainted lookup string is ok if server spec comes from main-option
  warn	  set acl_m0 =	ok:   hostlist
	  hosts =	net-pgsql;select * from them where id='$local_part'
	  # ... but setting a per-query servers spec fails due to the taint
  warn	  set acl_m0 =	FAIL: hostlist
	  hosts =	<& net-pgsql;servers=SSPEC; select * from them where id='$local_part'

	  # The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because
	  # string-expansion is done before list-expansion so the taint contaminates the entire list.
  warn	  set acl_m0 =	FAIL: hostlist
	  hosts =	<& net-pgsql,servers=SSPEC; select * from them where id='$local_part'

  accept  domains = +local_domains
  accept  hosts = +relay_hosts
  deny    message = relay not permitted


# ----- Routers -----

begin routers

r1:
  driver = accept
  address_data = ${lookup pgsql{select name from them where id='ph10'}}
  transport = t1


# ----- Transports -----

begin transports

t1:
  driver = appendfile
  file = DIR/test-mail/\
    ${lookup pgsql{select id from them where id='ph10'}{$value}fail}
  user = CALLER


# End
Commit	Line	Data
0972d4d7	1	# Exim test configuration 2620
afda344b	2
0b4dfe7a JH	3	PARTIAL=localhost::PORT_N
0b4dfe7a JH	4	SERVERS=PARTIAL/test/CALLER/
afda344b	5
d4dc049f JH	6	.include DIR/aux-var/std_conf_prefix
d4dc049f JH	7
afda344b	8	primary_hostname = myhost.test.ex
afda344b PH	9
	10	# ----- Main settings -----
	11
	12	domainlist local_domains = @
	13	hostlist relay_hosts = net-pgsql;select * from them where \
	14	id='$sender_host_address'
	15
	16	acl_smtp_rcpt = check_recipient
	17
	18	pgsql_servers = SERVERS
	19
	20
	21	# ----- ACL -----
	22
	23	begin acl
	24
	25	check_recipient:
0b4dfe7a JH	26	# Tainted-data checks
	27	warn
	28	# taint only in lookup string
	29	set acl_m0 = ok: ${lookup pgsql {select name from them where id = '$local_part'}}
	30	# option on lookup type unaffected
	31	set acl_m0 = ok: ${lookup pgsql,servers=SSPEC {select name from them where id = '$local_part'}}
	32	# partial server-spec, indexing main-option, works
	33	set acl_m0 = ok: ${lookup pgsql,servers=PARTIAL {select name from them where id = '$local_part'}}
	34	# oldstyle server spec, prepended to lookup string, fails with taint
	35	set acl_m0 = FAIL: ${lookup pgsql {servers=SSPEC; select name from them where id = '$local_part'}}
	36
	37	# In list-stle lookup, tainted lookup string is ok if server spec comes from main-option
	38	warn set acl_m0 = ok: hostlist
	39	hosts = net-pgsql;select * from them where id='$local_part'
	40	# ... but setting a per-query servers spec fails due to the taint
	41	warn set acl_m0 = FAIL: hostlist
	42	hosts = <& net-pgsql;servers=SSPEC; select * from them where id='$local_part'
	43
	44	# The newer server-list-as-option-to-lookup-type is not a solution to tainted data in the lookup, because
	45	# string-expansion is done before list-expansion so the taint contaminates the entire list.
	46	warn set acl_m0 = FAIL: hostlist
	47	hosts = <& net-pgsql,servers=SSPEC; select * from them where id='$local_part'
	48
afda344b PH	49	accept domains = +local_domains
	50	accept hosts = +relay_hosts
	51	deny message = relay not permitted
	52
	53
	54	# ----- Routers -----
	55
	56	begin routers
	57
	58	r1:
	59	driver = accept
	60	address_data = ${lookup pgsql{select name from them where id='ph10'}}
	61	transport = t1
	62
	63
	64	# ----- Transports -----
	65
	66	begin transports
	67
	68	t1:
	69	driver = appendfile
	70	file = DIR/test-mail/\
	71	${lookup pgsql{select id from them where id='ph10'}{$value}fail}
	72	user = CALLER
	73
	74
	75	# End