Security problems in UNIX come in two flavors:

1. You can do it to it completely remotely.

2. You've got to get a shell first.

I'd argue that type 1 is the more serious of the two, and that careful
design (and some inspection) can help you avoid most of that category. All
network daemons can give us problems of both types, which is why they
deserve special scrutiny.

Sendmail suffers from type 1 problems mostly because it is monolithic;
there is no *separate* SMTP daemon. This complicates any code audit, a lot.
This is not to say you can't have security problems with the non-network
parts of a mailer, but they do tend to be of type 2.

Zmailer might have problems. However, its design is such that I am less
worried about it - there is a small, separate SMTP daemon that is easy to
audit and verify.

	Erik <fair@clock.org>