Re: [AMaViS-user] Change "delivery_method" on Amavis-Custom

Sun, 07 Feb 2010 05:26:55 -0800 

On Fri, Feb 5, 2010 at 08:46, Mark Martinec <mark.martinec+ama...@ijs.si> wrote:
> Otávio,
>
>> I'm developing an different purpose application based on Amavisd-New
>> with Amavisd::Custom and my own modules. But, I would like to change
>> the "delivery_method" on the fly, and I'm having some trouble with
>> Taint Mode:
>>
>> i.e:
>>
>> sub before_send {
> [...]
>> my $ip_addr_received_hdr = parse_ip_address_from_received( $msginfo, 1
> [...]
>>     $msginfo->delivery_method(
>>         $ip_addr_received_hdr
>>         ? "smtp:[$ip_addr_received_hdr]:25"
>>         : c('notify_method')
>
>
>> Feb  4 20:42:58 bsd amavis[19521]: (19521-01) mail_via_smtp: session
>> failed: Insecure dependency in connect while running with -T switch at
>> /usr/local/lib/perl5/5.8.9/mach/IO/Socket.pm line 114, <GEN21> line
>> 44.
>
> A result from parse_ip_address_from_received comes tainted, which is
> to be expected as it is derived from untrustworthy data. If you want
> to use it for setting up e.g. a delivery method, you need to untaint
> it, after first checking that the value is sane.
>
> There is a function untaint(), which can be imported from Amavis::Util,
> the same module you import a do_log from.
>
>  .<  ? "smtp:[$ip_addr_received_hdr]:25"
>  .>  ? untaint("smtp:[$ip_addr_received_hdr]:25")
>
>
> Mark
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> AMaViS-user mailing list
> AMaViS-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/amavis-user
>  AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
>  AMaViS-HowTos:http://www.amavis.org/howto/

Hello Mark,

Work's pretty well!

thank you indeed.

-- 
Otávio Fernandes <otaviof at gmail.com>
http://blog.emresumo.com

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
AMaViS-user mailing list
AMaViS-user@lists.sourceforge.net 
https://lists.sourceforge.net/lists/listinfo/amavis-user 
 AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 
 AMaViS-HowTos:http://www.amavis.org/howto/

Reply via email to