As long as your dedicated Thunderbird VM has internet connection (which it needs to receive email) an attacker can get any data out of it using Thunderbird exploits, whether you set up outgoing mail server or not.

Kind regards,

On 8/7/19 4:18 AM, V C wrote:
Couldn't you just use a dedicated VM and thunderbird, don't set up outbound in thunderbird?

On Tuesday, August 6, 2019 at 1:11:32 AM UTC-5, wrote:
Some time ago there was a post on reddit ( that described setting up an offline mail vm. Just kill the "send" part there and you'll get a mail black hole that receivs but never sends. Seems like this is more or less what you want.

On Tuesday, August 6, 2019 at 5:06:54 AM UTC+3, wrote:

In Qubes, is it possible to set up a VM that can receive email, but not send information out, via email or otherwise?

The motivation is: Many online accounts rely on an email address to reset passwords. However, the VM that handles inbound emails, processes a lot of untrusted input. If the VM gets compromised by an attacker, the attacker can then send password reset emails and read them. So to defend against this, I want to prevent the compromised VM from communicating out the contents of these password reset e

You received this message because you are subscribed to the Google Groups "qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
To view this discussion on the web visit

Reply via email to