+#!/bin/sh
+#
+# ack-recipients – require double-checking of some recipients
+#
+# refuse to send a mail as long as recipients listed in
+# ~/.config/mutt/ack-recipients are not individually "signed-off" by adding
+# their e-mail addresses to the X-Acked header. This header is removed from
+# the mail before it is sent.
+#
+# The file ~/.config/mutt/ack-recipients stores sha256sums of lower-cased
+# e-mail addresses (no newline) instead of the addresses themselves as a
+# measure to protect privacy. You can get new lines like this:
+#
+# printf my.new@e-mail.addre.ss | tr '[[:upper:]]' '[[:lower:]]' \
+# | sha256sum | sed -e 's, .*,,'
+#
+# E.g. my address (see below) will become
+# 84d5b33c9376f67274c2ec9ce0e03b6973fb8bc943ebd7abb470c903c47e00f4
+#
+# Copyright © 2010 martin f. krafft <madduck@madduck.net>
+# Released under the terms of the Artistic Licence 2.0
+#
+set -eu
+
+CHECKLIST="$HOME/.config/mutt/ack-recipients"
+HEADER=X-Acked
+ACKED_RCPTS=$(formail -czx ${HEADER}: < $1 | sed -re 's/,\s*/ /g' | tr '[[:upper:]]' '[[:lower:]]')
+MAILFILE="$1"; shift
+
+ret=0
+for r in $@; do
+ ack=0
+ # check if this recipient is in the list of acked recipients
+ rl=$(printf $r | tr '[[:upper:]]' '[[:lower:]]')
+ for a in $ACKED_RCPTS; do [ $a = $rl ] && ack=1 && break; done
+ rs=$(printf $rl | sha256sum)
+ # now check if this unacked recipient needs to be acked
+ if [ $ack -eq 0 ] && grep -q "^${rs%% *}$" "$CHECKLIST"; then
+ echo >&2 "E: will not send mail until $r has been added to the $HEADER header"
+ ret=1
+ fi
+done
+
+[ $ret -eq 0 ] || exit $ret
+
+# now remove the X-Acked header from the mail
+TMPFILE=$(mktemp --tmpdir mutt-sendmail.XXXXXXXXXX.msg)
+settrap () { trap "$@" 0 1 2 3 4 5 6 7 8 10 11 12 13 14 15; }
+cleanup () { rm -f "$TMPFILE"; settrap -; }
+settrap cleanup
+formail -I ${HEADER}: < "$MAILFILE" > "$TMPFILE"
+mv "$TMPFILE" "$MAILFILE"
+settrap -