Otávio, > I'm developing an different purpose application based on Amavisd-New > with Amavisd::Custom and my own modules. But, I would like to change > the "delivery_method" on the fly, and I'm having some trouble with > Taint Mode: > > i.e: > > sub before_send { [...] > my $ip_addr_received_hdr = parse_ip_address_from_received( $msginfo, 1 [...] > $msginfo->delivery_method( > $ip_addr_received_hdr > ? "smtp:[$ip_addr_received_hdr]:25" > : c('notify_method')
> Feb 4 20:42:58 bsd amavis[19521]: (19521-01) mail_via_smtp: session > failed: Insecure dependency in connect while running with -T switch at > /usr/local/lib/perl5/5.8.9/mach/IO/Socket.pm line 114, <GEN21> line > 44. A result from parse_ip_address_from_received comes tainted, which is to be expected as it is derived from untrustworthy data. If you want to use it for setting up e.g. a delivery method, you need to untaint it, after first checking that the value is sane. There is a function untaint(), which can be imported from Amavis::Util, the same module you import a do_log from. .< ? "smtp:[$ip_addr_received_hdr]:25" .> ? untaint("smtp:[$ip_addr_received_hdr]:25") Mark ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/