Brian Candler wrote:
>
> 4. Set up my filter router with directory_transport pointing to a
> dedicated router, which refuses to deliver if the directory contains
> .. or is not underneath $home. That would allow me to remove
> forbid_file and enable the 'save' operation, but still has the
> problem of unforeseen holes as in (1)
I don't know about how to solve the rest of your security concerns, but
for at least the issue of constraining mail to being written below
$home, create_file is the option you're looking for:
http://exim.org/exim-html-4.50/doc/html/spec_26.html#IX1994
- Marc