Dear List, I think, that the way qmailadmin handels the the vacation/autorespond is not safe.
Since autorespond sends back per default the original message as well, it can be used as a spam relay. When the spammer fakes the From: field, autorespond will send the respond and the original spam to the faked address. This way a mail server can be used to spread spam. I was looking for a way to set the autorespond flag 1 (default) to 0, but did not find anything on google. Please correct me if I am wrong. When I am not wrong, this could be handled as: - feature request (ability to turn off appending the original mail to the vacation reply) - security vulnerability report. If there is a way to change this behaviour in a working system please let me know. Thank you, best regards, Peter Lendvai !DSPAM:49b59aee32683388343877!
