1and1 Help Centre Categories

print article

Qmail Vulnerability

Qmail contains a known vulnerability which could potentially lead to massive abuse of the mail system and your server.

Qmail accepts E-mails addressed to individuals such as "administrator", but when Qmail recognises that the address is not valid, a non-delivery report is sent back to the sender of the E-mail.
In cases where a malicious users connects to your mail server, the owner of the random E-mail address may thousands of non-delivery reports.

If your mail server ends up being used for such a malicious attack, your account may be temporarily locked to prevent further abuse. We suggest to switch your mail server from Qmail to Postfix to avoid this vulnerability.

For additional information, you may want to reference: