From 06734e1e382c84d18ba2b4f6e2d42400f955c3c3 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 29 Dec 2020 14:52:38 +0000 Subject: [PATCH] Untaint mailman lookup domains --- master | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/master b/master index 3b54158..97af95e 100644 --- a/master +++ b/master @@ -6,10 +6,12 @@ # For doing VERP on outgoing list traffic. Only if we actually do mailman on this host. .ifdef MAILMAN_HOME +MAILMAN_UNTAINT_DOMAIN = ${lookup{$domain}dsearch{CLUSTER/mailman}{$value}fail} +MAILMAN_UNTAINT_SENDER_DOMAIN = ${lookup{$sender_address_domain}dsearch{CLUSTER/mailman}{$value}fail} REMOTE_OR_VERP_SMTP = ${if and { {match_domain{$sender_address_domain}{+raw_mailman_domains}} \ {match{$sender_address_local_part}{^(.*)-bounces\$}} \ } \ - {${lookup{$1}lsearch{CLUSTER/mailman/$sender_address_domain}{verp_smtp}{remote_smtp}}} \ + {${lookup{$1}lsearch{CLUSTER/mailman/MAILMAN_UNTAINT_SENDER_DOMAIN}{verp_smtp}{remote_smtp}}} \ {remote_smtp} \ } .else @@ -252,7 +254,7 @@ mailman_bogus_bounces: driver = redirect senders = : domains = +mailman_mx_domains - local_parts = lsearch;CLUSTER/mailman/$domain + local_parts = lsearch;CLUSTER/mailman/MAILMAN_UNTAINT_DOMAIN allow_fail data = :fail: Lists do not send messages and should not receive bounces @@ -264,12 +266,12 @@ mailman_bogus_bounces: mailman_redirect: driver = redirect domains = +mailman_mx_domains - local_parts = lsearch;CLUSTER/mailman/$domain + local_parts = lsearch;CLUSTER/mailman/MAILMAN_UNTAINT_DOMAIN local_part_suffix_optional local_part_suffix = -bounces : -bounces+* : \ -confirm+* : -join : -leave : \ -owner : -request : -admin - data = ${quote_local_part:$local_part$local_part_suffix}@${lookup{$local_part}lsearch{CLUSTER/mailman/$domain}} + data = ${quote_local_part:$local_part$local_part_suffix}@${lookup{$local_part}lsearch{CLUSTER/mailman/MAILMAN_UNTAINT_DOMAIN}} .ifdef DNS_VIRTUAL .include CONFDIR/include/routers-dns-virtual -- 2.49.0