comments.
.new
+.cindex "tainted data" "in filenames"
+.cindex redirect "tainted data"
+Tainted data may not be used for a filename.
+
&*Warning*&: It is unwise to use &$local_part$& or &$domain$&
directly for redirection,
as they are provided by a potential attacker.
.code
list1: :include:/opt/lists/list1
.endd
+.new
+.cindex "tainted data" "in filenames"
+.cindex redirect "tainted data"
+Tainted data may not be used for a filename.
+.wen
.next
.cindex "address redirection" "to black hole"
.cindex "delivery" "discard"
used to determine the file or directory name for the delivery. Normally, the
contents of &$address_file$& are used in some way in the string expansion.
.endlist
+.new
+.cindex "tainted data" "in filenames"
+.cindex appendfile "tainted data"
+Tainted data may not be used for a file or directory name.
+This means that, for instance, &$local_part$& cannot be used directly
+as a component of a path. It can however be used as the key for a lookup
+which returns a path (or component).
+.wen
.cindex "Sieve filter" "configuring &(appendfile)&"
details of the local delivery environment and chapter &<<CHAPbatching>>&
for a discussion of local delivery batching.
+.new
+.cindex "tainted data" "in pipe command"
+.cindex pipe "tainted data"
+Tainted data may not be used for the command name.
+.wen
+
.section "Concurrent delivery" "SECID140"
If two messages arrive at almost the same time, and both are routed to a pipe