diff --git a/src/sbbs3/readmail.cpp b/src/sbbs3/readmail.cpp
index 543ada4a9b9f01ed4023b558ade30004e7eaf710..2fdd6cff7c9c043cd1241bc2b2a28c967118e8b6 100644
--- a/src/sbbs3/readmail.cpp
+++ b/src/sbbs3/readmail.cpp
@@ -97,7 +97,7 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 		errormsg(WHERE,ERR_OPEN,"MAIL",i);
 		return; 
 	}
-	sprintf(smb.file,"%smail",cfg.data_dir);
+	SAFEPRINTF(smb.file,"%smail",cfg.data_dir);
 	smb.retry_time=cfg.smb_retry_time;
 	smb.subnum=INVALID_SUB;
 	if((i=smb_open(&smb))!=0) {
@@ -273,7 +273,7 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 				if((filedata = smb_getattachment(&msg, txt, filename, &filelen, attachment_index++)) != NULL 
 					&& filename[0] != 0 && filelen > 0) {
 					char tmp[32];
-					sprintf(str3, text[DownloadAttachedFileQ], filename, ultoac(filelen,tmp));
+					SAFEPRINTF2(str3, text[DownloadAttachedFileQ], filename, ultoac(filelen,tmp));
 					if(!noyes(str3)) {
 						char fpath[MAX_PATH+1];
 						SAFEPRINTF2(fpath, "%s%s", cfg.temp_dir, filename);
@@ -317,7 +317,7 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 						&& length/(long)cur_cps>(time_t)timeleft)
 						bputs(text[NotEnoughTimeToDl]);
 					else {
-						sprintf(str3,text[DownloadAttachedFileQ]
+						SAFEPRINTF2(str3,text[DownloadAttachedFileQ]
 							,tp,ultoac(length,tmp));
 						if(length>0L && text[DownloadAttachedFileQ][0] && yesno(str3)) {
 							{	/* Remote User */
@@ -348,7 +348,7 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 											,U_DLB,10,length);
 										bprintf(text[FileNBytesSent]
 											,fd.name,ultoac(length,tmp));
-										sprintf(str3
+										SAFEPRINTF(str3
 											,"downloaded attached file: %s"
 											,fd.name);
 										logline("D-",str3); 
@@ -363,7 +363,7 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 					tp=p+1;
 					while(*tp==' ') tp++; 
 				}
-				sprintf(str,"%sfile/%04u.in",cfg.data_dir,usernumber);
+				SAFEPRINTF2(str,"%sfile/%04u.in",cfg.data_dir,usernumber);
 				rmdir(str); 
 			}
 			if(which==MAIL_YOUR && !(msg.hdr.attr&MSG_READ)) {
@@ -459,15 +459,15 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 				smb_getmsgidx(&smb,&msg);
 
 				if(!stricmp(str2,str))		/* Reply to sender */
-					sprintf(str2,text[Regarding],msg.subj);
+					SAFEPRINTF(str2,text[Regarding],msg.subj);
 				else						/* Reply to other */
-					sprintf(str2,text[RegardingByOn],msg.subj,msg.from
+					SAFEPRINTF3(str2,text[RegardingByOn],msg.subj,msg.from
 						,timestr(msg.hdr.when_written.time));
 
 				p=strrchr(str,'@');
 				if(p) { 							/* name @addr */
 					replied=netmail(str,msg.subj,WM_NONE, &smb, &msg);
-					sprintf(str2,text[DeleteMailQ],msg.from); 
+					SAFEPRINTF(str2,text[DeleteMailQ],msg.from); 
 				}
 				else {
 					if(!msg.from_net.type && !stricmp(str,msg.from))
@@ -478,7 +478,7 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 						replied=email(i,str2,msg.subj,WM_NONE, &smb, &msg);
 					else
 						replied=false;
-					sprintf(str2,text[DeleteMailQ],msg.from); 
+					SAFEPRINTF(str2,text[DeleteMailQ],msg.from); 
 				}
 
 				if(replied==true && !(msg.hdr.attr&MSG_REPLIED)) {
@@ -548,7 +548,7 @@ void sbbs_t::readmail(uint usernumber, int which, long lm_mode)
 				forwardmail(&msg,i);
 				if(msg.hdr.attr&MSG_PERMANENT)
 					break;
-				sprintf(str2,text[DeleteMailQ],msg.from);
+				SAFEPRINTF(str2,text[DeleteMailQ],msg.from);
 				if(!yesno(str2))
 					break;
 				if(msg.total_hfields)
diff --git a/src/sbbs3/readmsgs.cpp b/src/sbbs3/readmsgs.cpp
index 62acdc9453e38771261a4ccbfdc5b20c6b4b4969..a9558a4ef079f7f116864e58fb6d03153ad5f5e1 100644
--- a/src/sbbs3/readmsgs.cpp
+++ b/src/sbbs3/readmsgs.cpp
@@ -555,7 +555,7 @@ int sbbs_t::scanposts(uint subnum, long mode, const char *find)
 		errormsg(WHERE,ERR_OPEN,cfg.sub[subnum]->code,i);
 		return(0); 
 	}
-	sprintf(smb.file,"%s%s",cfg.sub[subnum]->data_dir,cfg.sub[subnum]->code);
+	SAFEPRINTF2(smb.file,"%s%s",cfg.sub[subnum]->data_dir,cfg.sub[subnum]->code);
 	smb.retry_time=cfg.smb_retry_time;
 	smb.subnum=subnum;
 	if((i=smb_open(&smb))!=0) {
@@ -999,7 +999,7 @@ int sbbs_t::scanposts(uint subnum, long mode, const char *find)
 							errormsg(WHERE,ERR_WRITE,smb.file,i,smb.last_error);
 						smb_unlockmsghdr(&smb,&msg);
 						if(i==0 && msg.idx.attr&MSG_DELETE) {
-							sprintf(str,"removed post from %s %s"
+							SAFEPRINTF2(str,"removed post from %s %s"
 								,cfg.grp[cfg.sub[subnum]->grp]->sname,cfg.sub[subnum]->lname);
 							logline("P-",str);
 							center(text[Deleted]);
@@ -1102,7 +1102,7 @@ int sbbs_t::scanposts(uint subnum, long mode, const char *find)
 					&& stricmp(msg.to,useron.name)
 					&& stricmp(msg.to,useron.alias))
 					break;
-				sprintf(str2,text[Regarding]
+				SAFEPRINTF2(str2,text[Regarding]
 					,msg.subj
 					,timestr(msg.hdr.when_written.time));
 				if(msg.from_net.addr==NULL)
@@ -1672,7 +1672,7 @@ int sbbs_t::scanposts(uint subnum, long mode, const char *find)
 		&& !(org_mode&(SCAN_CONST|SCAN_TOYOU|SCAN_FIND|SCAN_POLLS)) && !(cfg.sub[subnum]->misc&SUB_PONLY)
 		&& reads && chk_ar(cfg.sub[subnum]->post_ar,&useron,&client) && text[Post][0]
 		&& !(useron.rest&FLAG('P'))) {
-		sprintf(str,text[Post],cfg.grp[cfg.sub[subnum]->grp]->sname
+		SAFEPRINTF2(str,text[Post],cfg.grp[cfg.sub[subnum]->grp]->sname
 			,cfg.sub[subnum]->lname);
 		if(!noyes(str))
 			postmsg(subnum,0,0);