.code
local_delivery:
driver = appendfile
- file = /var/mail/$local_part_verified
+ file = /var/mail/$local_part_data
delivery_date_add
envelope_to_add
return_path_add
.new
We prefer to avoid using &$local_part$& directly to define the mailbox filename,
as it is provided by a potential bad actor.
-Instead we use &$local_part_verified$&,
+Instead we use &$local_part_data$&,
the result of looking up &$local_part$& in the user database
(done by using &%check_local_user%& in the the router).
.wen
for file access.
This presents issues for users' &_.forward_& and filter files.
For traditional full user accounts, use &%check_local_users%& and the
-&$local_part_verified$& variable rather than this one.
+&$local_part_data$& variable rather than this one.
For virtual users, store a suitable pathname component in the database
which is used for account name validation, and use that retrieved value
rather than this variable.
to a transport, the value is available in that transport. If the transport is
handling multiple addresses, the value from the first address is used.
+.new
+The &%check_local_user%& router option also sets this variable.
+.wen
+
&$local_part_data$& is also set when the &%local_parts%& condition in an ACL
matches a local part by means of a lookup. The data read by the lookup is
available during the rest of the ACL statement. In all other situations, this
used. For example:
.code
require_files = mail:/some/file
-require_files = $local_part_verified:$home/.procmailrc
+require_files = $local_part_data:$home/.procmailrc
.endd
If a user or group name in a &%require_files%& list does not exist, the
&%require_files%& condition fails.
# This transport overrides the group
group_delivery:
driver = appendfile
- file = /var/spool/mail/$local_part_verified
+ file = /var/spool/mail/$local_part_data
group = mail
.endd
If &%user%& is set for a transport, its value overrides what is set in the
way of handling this requirement:
.code
file = ${if eq{$address_file}{inbox} \
- {/var/mail/$local_part_verified} \
+ {/var/mail/$local_part_data} \
{${if eq{${substr_0_1:$address_file}}{/} \
{$address_file} \
{$home/mail/$address_file} \
path. The most common settings of this option are variations on one of these
examples:
.code
-file = /var/spool/mail/$local_part_verified
-file = /home/$local_part_verified/inbox
+file = /var/spool/mail/$local_part_data
+file = /home/$local_part_data/inbox
file = $home/inbox
.endd
.cindex "&""sticky""& bit"
folders. Consider this example:
.code
maildir_format = true
-directory = /var/mail/$local_part_verified\
+directory = /var/mail/$local_part_data\
${if eq{$local_part_suffix}{}{}\
{/.${substr_1:$local_part_suffix}}}
maildirfolder_create_regex = /\.[^/]+$
# transport
procmail_pipe:
driver = pipe
- command = /usr/local/bin/procmail -d $local_part
+ command = /usr/local/bin/procmail -d $local_part_data
return_path_add
delivery_date_add
envelope_to_add
check_string = "From "
escape_string = ">From "
umask = 077
- user = $local_part
+ user = $local_part_data
group = mail
# router
check_local_user
driver = redirect
domains = +local_domains
- file = /central/filters/$local_part_verified
+ file = /central/filters/$local_part_data
no_verify
allow_filter
allow_freeze
userforward:
driver = redirect
check_local_user
- file = $home/.forward$local_part_suffix
local_part_suffix = -*
local_part_suffix_optional
+ file = ${lookup {.forward$local_part_suffix} dsearch,ret=full {$home} {$value}fail}
allow_filter
.endd
If there is no suffix, &_.forward_& is used; if the suffix is &'-special'&, for
5. Server-side support in the gsasl authenticator for encrypted passwords, as
an alternate for the existing plaintext.
- 6. Variable $local_part_verified, set by the router check_local_part condition
- with untainted data.
+ 6. Variable $local_part_data now also set by router check_local_user option,
+ with an de-tainted version of $local_part.
7. Named-list definitions can now be prefixed "hide" so that "-bP" commands do
not output the content. Previously this could only be done on options.
local_delivery:
driver = appendfile
- file = /var/mail/$local_part_verified
+ file = /var/mail/$local_part_data
delivery_date_add
envelope_to_add
return_path_add
address_item *addr_orig;
deliver_localpart = addr->local_part;
- deliver_localpart_verified = addr->local_part_verified;
deliver_localpart_prefix = addr->prefix;
deliver_localpart_prefix_v = addr->prefix_v;
deliver_localpart_suffix = addr->suffix;
{ "local_part_prefix_v", vtype_stringptr, &deliver_localpart_prefix_v },
{ "local_part_suffix", vtype_stringptr, &deliver_localpart_suffix },
{ "local_part_suffix_v", vtype_stringptr, &deliver_localpart_suffix_v },
- { "local_part_verified", vtype_stringptr, &deliver_localpart_verified },
#ifdef HAVE_LOCAL_SCAN
{ "local_scan_data", vtype_stringptr, &local_scan_data },
#endif
CUSS &deliver_domain_orig,
CUSS &deliver_domain_parent,
CUSS &deliver_localpart,
- CUSS &deliver_localpart_verified,
CUSS &deliver_localpart_data,
CUSS &deliver_localpart_orig,
CUSS &deliver_localpart_parent,
uschar *deliver_localpart_prefix_v = NULL;
uschar *deliver_localpart_suffix = NULL;
uschar *deliver_localpart_suffix_v = NULL;
-uschar *deliver_localpart_verified = NULL;
uschar *deliver_out_buffer = NULL;
int deliver_queue_load_max = -1;
address_item *deliver_recipients = NULL;
extern uschar *deliver_in_buffer; /* Buffer for copying file */
extern ino_t deliver_inode; /* Inode for appendfile */
extern uschar *deliver_localpart; /* The local part for delivery */
-extern uschar *deliver_localpart_data; /* From local part lookup */
+extern uschar *deliver_localpart_data; /* From local part lookup (de-tainted) */
extern uschar *deliver_localpart_orig; /* The original local part for delivery */
extern uschar *deliver_localpart_parent; /* The parent local part for delivery */
extern uschar *deliver_localpart_prefix; /* The stripped prefix, if any */
extern uschar *deliver_localpart_prefix_v; /* The stripped-prefix variable portion, if any */
extern uschar *deliver_localpart_suffix; /* The stripped suffix, if any */
extern uschar *deliver_localpart_suffix_v; /* The stripped-suffix variable portion, if any */
-extern uschar *deliver_localpart_verified; /* de-tainted by check_local_part */
extern uschar *deliver_out_buffer; /* Buffer for copying file */
extern int deliver_queue_load_max; /* Different value for queue running */
extern address_item *deliver_recipients; /* Current set of addresses */
login of a local user. Note: the third argument to route_finduser() must be
NULL here, to prevent a numeric string being taken as a numeric uid. If the
user is found, set deliver_home to the home directory, and also set
-local_user_{uid,gid} and local_part_verified. */
+local_user_{uid,gid} and local_part_data. */
if (r->check_local_user)
{
r->name, addr->local_part);
return SKIP;
}
- addr->local_part_verified =
- deliver_localpart_verified = string_copy(US (*pw)->pw_name);
+ addr->prop.localpart_data =
+ deliver_localpart_data = string_copy(US (*pw)->pw_name);
deliver_home = string_copy(US (*pw)->pw_dir);
local_user_gid = (*pw)->pw_gid;
local_user_uid = (*pw)->pw_uid;
uschar *cc_local_part; /* caseful local part */
uschar *lc_local_part; /* lowercased local part */
uschar *local_part; /* points to cc or lc version */
- uschar *local_part_verified; /* result from check_local_user */
uschar *prefix; /* stripped prefix of local part */
uschar *prefix_v; /* variable part of above */
uschar *suffix; /* stripped suffix of local part */
driver = appendfile
delivery_date_add
envelope_to_add
- file = DIR/test-mail/$local_part_verified
+ file = DIR/test-mail/$local_part_data
headers_add = "X-body-linecount: $body_linecount\n\
X-message-linecount: $message_linecount\n\
X-received-count: $received_count"
local_delivery:
driver = appendfile
- file = DIR/test-mail/$local_part_verified
+ file = DIR/test-mail/$local_part_data
# End
-# $local_part_verified, multi-rcpt message
+# $local_part_data, multi-rcpt message
#
exim -bs -odi
mail from:<someone@some.domain>
git://git.exim.org / exim.git / commitdiff