Loading ...
Sorry, an error occurred while loading the content.

244155Re: trivial-rewrite regular expression substitution

Expand Messages
  • David DeFranco
    Sep 30 8:51 PM
      I need data that's in the user part of the address to determine the nexthop.  Obviously doing this dynamically is easier that maintaining a huge map file.

      My server is an internal mail router and only one recipient domain would be subject to this transport.

      Just out of curiosity, what kind of security hole are we talking about?

      On Tue, Sep 30, 2008 at 9:31 PM, Victor Duchovni <Victor.Duchovni@...> wrote:
      On Tue, Sep 30, 2008 at 09:27:59PM -0600, David DeFranco wrote:

      > According to the man page I can't do regular expression substitution in
      > transport maps with Postfix 2.3 or later.
      > The trivial-rewrite(8) server disallows regular expression
      > substitution  of  $1  etc.  in  regular  expression lookup
      > tables, because that could open a security  hole  (Postfix
      > version 2.3 and later).
      > Is there a way to override this setting or am I stuck running Postfix 2.2?

      Are you using regexp keys to resolve to a *fixed* transport:nexthop or
      regexp keys with sub-patterns to resolve to a dynamic transport:nexthop?

      The latter is not safe, and is far too likely to lead to security issues.
      So if you really need substitutions, you are out of luck.


      Disclaimer: off-list followups get on-list replies or get ignored.
      Please do not ignore the "Reply-To" header.

      To unsubscribe from the postfix-users list, visit
      http://www.postfix.org/lists.html or click the link below:

      If my response solves your problem, the best way to thank me is to not
      send an "it worked, thanks" follow-up. If you must respond, please put
      "It worked, thanks" in the "Subject" so I can delete these quickly.

    • Show all 11 messages in this topic