Commit 33d97665 authored by Paul Cammish's avatar Paul Cammish
Browse files

Update mail/exim4/sympl.d/10-acl/60-acl-check-data/05-mailbox-ratelimit, mail/debian/postinst files

parent 5a1b47ae
......@@ -108,6 +108,14 @@ if [ -e /etc/exim4/Makefile ]; then
cd /etc/exim4 && make exim4.conf
fi
#
# Create detaint workaround
# This should only be used as a last resort
#
echo '*' > /etc/exim4/detaint
chmod 400 /etc/exim4/detaint
chown Debian-exim:Debian-exim /etc/exim4/detaint
#
# Dovecot ships with its own config.
#
......
......@@ -15,10 +15,16 @@ deny authenticated = *
{exists{VHOST_DIR/${domain:$authenticated_id}/VHOST_MAILBOX_DIR/${local_part:$authenticated_id}/ratelimit}}\
}}\
}}
ratelimit = ${if match{\
${if exists{VHOST_DIR/${domain:$authenticated_id}/VHOST_MAILBOX_DIR/${local_part:$authenticated_id}/ratelimit}\
{${readfile{VHOST_DIR/${domain:$authenticated_id}/VHOST_MAILBOX_DIR/${local_part:$authenticated_id}/ratelimit}}}\
{${readfile{VHOST_DIR/${domain:$authenticated_id}/VHOST_CONFIG_DIR/mailbox-ratelimit}}}\
}\
}{([0-9]+)}{$1}{100}} / 1h / strict / $authenticated_id
# if the user mailbox has a ratelimit file, then read that, else read the
# ratelimit from the domain, and default to 100 if the file is empty
# the below is a horrible hack, and not a good way to do this, but there appears to
# be no other option at present as $authenticated_id is considered tainted, and
# theres apparently nowhere else to get it in an ACL
ratelimit = ${if match{\
${if exists \
{VHOST_DIR/${domain:$authenticated_id}/VHOST_MAILBOX_DIR/${local_part:$authenticated_id}/ratelimit}\
{${readfile{VHOST_DIR/${domain:${lookup{$authenticated_id} lsearch*,ret=key{/etc/exim4/detaint}}}/VHOST_MAILBOX_DIR/${local_part:${lookup{$authenticated_id} lsearch*,ret=key{/etc/exim4/detaint}}}/ratelimit}}}\
{${readfile{VHOST_DIR/${domain:${lookup{$authenticated_id} lsearch*,ret=key{/etc/exim4/detaint}}}/VHOST_CONFIG_DIR/mailbox-ratelimit}}}\
}\
}{([0-9]+)}{$1}{100}} / 1h / strict / $authenticated_id
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment