.code
local_delivery:
driver = appendfile
- file = /var/mail/$local_part
+ file = /var/mail/$home
delivery_date_add
envelope_to_add
return_path_add
those headers that contain lists of addresses, a comma is also inserted at the
junctions between headers. This does not happen for the &%rheader%& expansion.
+.new
+.cindex "tainted data"
+When the headers are from an incoming message,
+the result of expanding any of these variables is tainted.
+.wen
+
.vitem &*${hmac{*&<&'hashname'&>&*}{*&<&'secret'&>&*}{*&<&'string'&>&*}}*&
.cindex "expansion" "hmac hashing"
the complete argument of the ETRN command (see section &<<SECTETRN>>&).
.endlist
+.new
+.cindex "tainted data"
+If the origin of the data is an incoming message,
+the result of expanding this variable is tainted.
+.wen
+
.vitem &$domain_data$&
.vindex "&$domain_data$&"
because a message may have many recipients and the system filter is called just
once.
+.new
+.cindex "tainted data"
+If the origin of the data is an incoming message,
+the result of expanding this variable is tainted.
+
+&*Warning*&: the content of this variable is usually provided by a potential attacker.
+Consider carefully the implications of using it unvalidated as a name
+for file access.
+This presents issues for users' &_.forward_& and filter files.
+For traditional full user accounts, use &%check_local_users%& and the &$home$&
+variable rather than this one.
+For virtual users, store a suitable pathname component in the database
+which is used for account name validation, and use that retrieved value
+rather than this variable.
+.wen
+
.vindex "&$local_part_prefix$&"
.vindex "&$local_part_suffix$&"
.cindex affix variables
yield empty addresses, for example, items containing only RFC 2822 address
comments.
+.new
+&*Warning*&: It is unwise to use &$local_part$& or &$domain$&
+directly for redirection,
+as they are provided by a potential attacker.
+In the examples above, &$local_part$& is used for looking up data held locally
+on the system, and not used directly (the second example derives &$home$& via
+the passsword file or database, using &$local_part$&).
+.wen
+
.section "Forward files and address verification" "SECID125"