Mutt gets so close that I decided to check
Mutt does almost everything by delegating the task to some other program selected in the ~/.muttrc file. For example, sending and email is controlled by a setting like this:
set sendmail=“/usr/sbin/sendmail -oem -oi”
man muttrc for the sendmail variable says:
"Mutt expects that the specified program interprets additional arguments as recipient addresses."
When you reply to an email, mutt creates a string by appending the recipient addresses to the sendmail variable, then getting the user's shell (probably bash) to interpret the result.
I tried changing the reply address in an email to things like $(hostname)@localhost and replying. Mutt kept sanitizing the reply address so bash never saw anything dangerous.
I had to hunt through muttrc's man page for about quarter of an hour before I found a way to get the reply address into a command line. Mutt lets you put all sorts of things into command lines, for example %h is replaced by the local hostname. The list of substitutions is different for each variable. I did not find any remotely generated strings available as substitutions in shell commands. Someone thought carefully about blocking advanced users so they cannot accidently reconfigure remote execution flaws into their mail reader.
I was surprised to find mutt was using bash. I expected it to use the 'system' function which calls /bin/sh which (on Debian systems) is a link to dash, not bash. It probably found bash in the SHELL environment variable, which defaults to bash on most Linux distributions.
Linux is covered in places where every detail can be reconfigured with a shell script. The mail system is often extremely flexible, with support for different delivery and transport agents, and multiple spam and virus checkers on incoming, outgoing and forwarded messages. I am not surprised that crackers are looking weaknesses here. There might even be one to exploit (on systems where a half-competent sysadmin has failed to do something clever).
Updating to a recent bash will block this exploit search, so if you haven't already, do it now.