Of course exim went through an extensive static code analysis by qualys. Here is a you tube podcast regarding that research.

https://youtu.be/5_1tjaVCLPE

Some may point out that postfix has less detected vulnerabilities. I point them to the dykstra quote regarding testing and the existence of bugs versus their absence. You can look it up. Exim is a large complex program and runs 60 percent of exposed MTAs out there. I think if anything, this week lead to more secure software development using spark ada. There are some other tools for doing development in C as well. I believe one is the Ravenscar profile. Yet, i have not looked at it.

On March 3, 2022 9:00:14 AM PST, "Brian E. Lavender" <brian@brie.com> wrote:

How many are still running their own mail server?
It seems that exim combined with sa-exim, and spam assassin nightly rule updates works pretty well. I have to say that this experience installing mailman was enlightening especially when it comes to lmtp.

Brian

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.