Anirban Mukherjee writes:

There's nothing like this in the INSTALL file. If you wrote the above all by yourself, then you must know how the vdelivermail and vuserinfo tools work, so you should be able to figure it out yourself. If you're just following someone else's instructions, they are the ones you should ask for help. If vdelivermail and vuserinfo return wrong information, and maildrop is unable to deliver to the indicated mailbox, then there's nothing that maildrop can do about it. Fix your vpopmail configuration.

Furthermore, it's fairly that whoever wrote the above knows absolutely nothing about system security. I wonder what would happen if someone were to send an email addressed to:

To: "p0wned" <|| rm -rf $HOME ||@domain.com>

Presuming that you have domain.com configured in Qmail as a virtual domain. Your maildrop recipe would likely, essentially, end up executing, in a subshell:

/home/vpopmail/bin/vuserinfo -d || rm -rf $HOME || @$HOST

Why don't you try running that in shell, and see what happens to your home directory.

Congratulations, anyone can now wipe out your home directory, just by sending you an E-mail message.

The problem with all those canned FAQs you read on the Internet, from self-appointed experts, on how to do this or the other, is that they are rarely written by someone who understands system security. There is no substitute for learning how software works by yourself, and understanding it, instead of relying on some half-baked recipe that popped out of a Google search.

You should read INSTALL, and the maildropfilter man page, and learn how maildrop really works, instead of blindly loading some code you found somewhere on the Internet, that you do not understand.