diff -Naur fetchmail-6.2.0.orig/sink.c fetchmail-6.2.0/sink.c
--- fetchmail-6.2.0.orig/sink.c	Wed Jan  8 11:07:13 2003
+++ fetchmail-6.2.0/sink.c	Wed Jan  8 11:36:41 2003
@@ -215,12 +215,11 @@
 }
 
 static void sanitize(char *s)
-/* replace unsafe shellchars by an _ */
+/* replace ' by _ */
 {
-    const static char *ok_chars = " 1234567890!(_at_)%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
     char *cp;
 
-    for (cp = s; *(cp += strspn(cp, ok_chars)); /* NO INCREMENT */)
+    for (cp = s; (cp = strchr (cp, '\'')); cp++)
     	*cp = '_';
 }
 
@@ -1056,7 +1055,6 @@
 	    names[--nameslen] = '\0';	/* chop trailing space */
 	}
 
-	/* sanitize names in order to contain only harmless shell chars */
 	sanitize(names);
     }
 
@@ -1065,7 +1063,6 @@
     {
 	from = xstrdup(msg->return_path);
 
-	/* sanitize from in order to contain *only* harmless shell chars */
 	sanitize(from);
 
 	fromlen = strlen(from);
@@ -1079,17 +1076,17 @@
 	/* find length of resulting mda string */
 	sp = before;
 	while ((sp = strstr(sp, "%s"))) {
-	    length += nameslen - 2;	/* subtract %s */
+	    length += nameslen;	/* subtract %s and add '' */
 	    sp += 2;
 	}
 	sp = before;
 	while ((sp = strstr(sp, "%T"))) {
-	    length += nameslen - 2;	/* subtract %T */
+	    length += nameslen;	/* subtract %T and add '' */
 	    sp += 2;
 	}
 	sp = before;
 	while ((sp = strstr(sp, "%F"))) {
-	    length += fromlen - 2;	/* subtract %F */
+	    length += fromlen;	/* subtract %F and add '' */
 	    sp += 2;
 	}
 
@@ -1102,13 +1099,17 @@
 	    /* need to expand? BTW, no here overflow, because in
 	    ** the worst case (end of string) sp[1] == '\0' */
 	    if (sp[1] == 's' || sp[1] == 'T') {
+		*dp++ = '\'';
 		strcpy(dp, names);
 		dp += nameslen;
+		*dp++ = '\'';
 		sp++;	/* position sp over [sT] */
 		dp--;	/* adjust dp */
 	    } else if (sp[1] == 'F') {
+		*dp++ = '\'';
 		strcpy(dp, from);
 		dp += fromlen;
+		*dp++ = '\'';
 		sp++;	/* position sp over F */
 		dp--;	/* adjust dp */
 	    }