I think, that the way qmailadmin handels the the vacation/autorespond is
not safe.
Since autorespond sends back per default the original message as well, it
can be used as a spam relay.
When the spammer fakes the From: field, autorespond will send the respond
and the original spam to the faked address. This way a mail server can be
used to spread spam.
I was looking for a way to set the autorespond flag 1 (default) to 0, but
did not find anything on google.
Please correct me if I am wrong.
When I am not wrong, this could be handled as:
- feature request (ability to turn off appending the original mail to the
vacation reply)
- security vulnerability report.
If there is a way to change this behaviour in a working system please let
me know.
Delicious
Digg
reddit
Facebook
StumbleUpon
