當我進行/var/mail備份時,我搞砸了並且沒有正確複製權限。
現在我在日誌中看到以下訊息:
2023-09-17 03:10:26 1qhiB0-000Jx1-CI == [email protected]
R=dovecot_user T=dovecot_delivery defer (-1):
Tainted '/var/spool/mail/domain.com/username'
(file or directory name for dovecot_delivery transport) not permitted
我的/etc/exim4/conf.d/transport/30_exim4-config_dovecot傳輸配置如下圖所示:
dovecot_delivery:
driver = appendfile
maildir_format = true
directory = /var/spool/mail/$domain/$local_part
create_directory = true
directory_mode = 0770
mode_fail_narrower = false
message_prefix =
message_suffix =
delivery_date_add
envelope_to_add
return_path_add
user = mail
group = mail
mode = 0660
allow_symlink = true
以及實際郵箱的權限:
/var/mail/domain.com# getfacl username
# file: username
# owner: mail
# group: mail
# flags: -s-
user::rwx
group::rwx
other::---
此時我只是在 exim 和 dovecot mans 之間搖擺,但我找不到一個好的答案。這s看起來有點令人擔憂,但據我了解,它只是表明應該為該群組繼承權限。
我想我需要找出dovecot_user檔案系統使用者的映射方式,但這就是我遇到的問題。它應該是用戶mail,但我想是錯的。
有什麼建議要閱讀/檢查嗎?
答案1
事實證明,Exim 4.94 中引入了有關受污染變數管理的重大變更。
從技術上講,應該有辦法將變數標記為已驗證,但我沒有時間閱讀無休止且不可思議的複雜手冊。
因此我最終得到了 hacky 解決方案:
dovecot_delivery:
driver = appendfile
maildir_format = true
create_directory = true
directory_mode = 0770
directory = ${lookup mysql{SELECT CONCAT('/var/mail/',domains.fqdn, '/', mailboxes.local_part) AS directory FROM domains,mailboxes WHERE \
mailboxes.local_part='${quote_mysql:$local_part}' AND \
mailboxes.active=1 AND \
mailboxes.domain_id=domains.id AND \
domains.fqdn='${quote_mysql:$domain}' AND \
domains.active=1}}
mode_fail_narrower = false
delivery_date_add = true
envelope_to_add = true
return_path_add = true
group = mail
mode = 0660
allow_symlink = true