Recommended changes for delivery from Exim

[jgh at exim.org]

Hi,

Security changes to Exim have invalidated certain suggested configurations
in the Dovecot wiki.

As I do not have a Dovecot installation to test, I am not going to write
any updates there.  It would be good if someone would test these suggestions
and then make updates as needed.

1) The use of $local_part and $domain in commands run by the "pipe"
    transport will be disallowed in the upcoming Exim release.
    These are currently noted as optional, with the "-m" flag to
    dovecot-lda.  They should be replaced with validated (untainted)
    versions, commonly $local_part_data and $domain_data, developed via
    one of the several de-taint methods documented for Exim.

    The same applies to $original_local_part and $original_domain.

2) The use of $sender_address will likewise be disallowed.  This
    and the "-f" flag can be dropped from the dovecot-lda command line,
    and the specification of a null "message_prefix" option removed.

    The defaults for a pipe transport will then prefix the message
    with a suitable Mbox "From " header line, which dovecot-lda is
    documented to extract the sender from.

Both of these suggestions are back-compatible to the current 4.95
release of Exim, and will be required with the 4.96 release.
-- 
Cheers,
   Jeremy

Refs:
- https://wiki.dovecot.org/LDA/Exim
- https://doc.dovecot.org/configuration_manual/protocols/lda/