Part of the reason sendmail has a bad rep is bugs discovered because it is
widely used. However, many would argue that those bugs (particularly the
security compromising variety) arise from the monolithic design, which is
therefore difficult to audit and verify.

Other mailers (notably zmailer, the one I mentioned before) designed a modular
system which is easier to audit & verify, and thus easier to have confidence
in.

The single biggest worry in any network daemon is bugs in the part that talks
to the net, because if someone can compromise you remotely (i.e. send some
arbitrary string of bits at your daemon that would cause it to do things you
don't want), the jig is up. It's a lot easier to verify an SMTP server that
is *just* an SMTP server with a simple queueing mechanism, than a larger
monolithic program which is an all-singing, and all-dancing MTA.

	small is beautiful,

	Erik E. Fair    fair@clock.org