Philip Hazel writes ("Exim 0.50"):
...
> (3) There is no change to the main documentation, other than to add
> NetBSD to the list of supported OS. However, I have edited the filter
> document because it was pointed out that the pipe example, which read
>
> pipe "$home/bin/countmail $sender_address"
>
> was not something to be encouraged. RFC 822 addresses are so exceedingly
> generously specified that the following SMTP command is perfectly legal:
>
> MAIL FROM: |/home/baddie/@???
>
> and even with sender_verify set, that will get into $sender_address, so
> a malefactor with an account on the same machine could disrupt the
> delivery. The solution is to use quotes:
>
> pipe "$home/bin/countmail \"$sender_address\""
>
> and I have put in a general warning paragraph which I will probably
> expand even more in the next edition.
I'd like to point out that this revised version won't work either.
Backquotes are legal, are they not, for example ?
What you need is a mechanism for supplying the address to the command
as one argument - *without running a shell*.
Perhaps the best way to do this is with a Tcl-like approach to
parsing: split the command line into words *before* variable
substitution, and pass each word as one argument. If people want sh
they can say
sh -c <whatever>
Ian.
