>> cleanstrcpy(), referred to several times above, is like strcpy, but >> it strips newlines and copies only a restricted set of characters: >> letters, digits, and !#$%&'*+-./^_`{|}~ > The reason for that set of characters are that it is the characters > that "divide" input into tokens in /bin/sh. > CERT once recommended me to use the following set of filtered > characters "\"*&|$;'\\=?<>!()\n{}[]^`" I don't quite understand what you mean. The list I quoted is characters that cleanstrcpy() _is_ willing to copy. Neither the set sendmail copies nor the set sendmail refuses to copy contains all the token delimiters in any shell I am aware of - for example, . is copied and @ isn't, but both are plain characters in every shell I know of; and ' is copied but " isn't, and both are special in every shell I know of. This is why I found the choice of characters hard to understand. I would almost think it is excluding some list of mail-addressing characters, except that it copies ! and %.... der Mouse mouse@collatz.mcrcim.mcgill.edu