The real fix is not to process the above commands with the shell.
Thanks for these tips too.I decided to popen() directly to sendmail without saving a message to tmp file. Unfortunately I don't see any php function allowing to popen without executing a command with the shell.
What do you think would be the best solution? Switch to another scripting language?Switch to "advanced content filter" like described at http://www.postfix.org/FILTER_README.html ?
-- Marcin Szymonik szymoni...@gmail.com
