Hmm, this turns out to be slightly more subtle than I thought.
widen_domains is OK in a sender address if the current address is a child
of the actual sender address, because in that case the address that is
being widened doesn't appear in the message header. For example, if I send
a message from tony.finch@??? and the following redirections
occur, this should be permitted. This happens a lot in our current setup.
Sigh.
fanf2@???
<-- fanf2@???
<-- fanf2@cam
<-- fanf2@???
<-- tony.finch@???
Tony.
--
<fanf@???> <dot@???>
http://dotat.at/ ${sg{\N${sg{\
N\}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}\
\N}{([^N]*)(.)(.)(.*)}{\$1\$3\$2\$1\$3\n\$2\$3\$4\$3\n\$3\$2\$4}}
