244155Re: trivial-rewrite regular expression substitution
- Sep 30, 2008I need data that's in the user part of the address to determine the nexthop. Obviously doing this dynamically is easier that maintaining a huge map file.
My server is an internal mail router and only one recipient domain would be subject to this transport.
Just out of curiosity, what kind of security hole are we talking about?On Tue, Sep 30, 2008 at 9:31 PM, Victor Duchovni <Victor.Duchovni@...> wrote:Are you using regexp keys to resolve to a *fixed* transport:nexthop orOn Tue, Sep 30, 2008 at 09:27:59PM -0600, David DeFranco wrote:
> According to the man page I can't do regular expression substitution in
> transport maps with Postfix 2.3 or later.
> The trivial-rewrite(8) server disallows regular expression
> substitution of $1 etc. in regular expression lookup
> tables, because that could open a security hole (Postfix
> version 2.3 and later).
> Is there a way to override this setting or am I stuck running Postfix 2.2?
regexp keys with sub-patterns to resolve to a dynamic transport:nexthop?
The latter is not safe, and is far too likely to lead to security issues.
So if you really need substitutions, you are out of luck.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
- << Previous post in topic Next post in topic >>