Q0406 - Exim/exim GitHub Wiki
Q0406
Some of my users are using the .forward to pipe to a shell command which appends to the user's INBOX. How can I forbid this?
If you allow your users to run shells in pipes, you cannot control which
commands they run or which files they write to. However, you should
point out to them that writing to an INBOX by arbitrary commands is not
interlocked with the MTA and MUAs, and is liable to mess up the contents
of the file. If a user simply wants to choose a specific file for the
delivery of messages, this can be done by putting a file name in a
.forward file rather than using a pipe, or by using the save command
in an Exim filter file. You can set forbid_pipe on the router, but
that will prevent them from running any pipe commands at all.
Alternatively, you can restrict which commands they may run in their
pipes by setting the allow_commands and/or restrict_to_path options
in the address_pipe transport.