You could break the glass and roll back the year numbers on this comment, switch the "Exim" badge to "Sendmail", and sell this as an authentic comp.security.unix post circa 1996. I think we can see in retrospect what an absolute debacle that was for the Internet. The difference is that today we have better options. Postfix is written in C, and none of us should be comfortable with that, but it's not macraméd out of heap overflows, and its heap doesn't start with a blob that will shell-expand to system commands.
> what an absolute debacle that was for the Internet
You make it sound like it ended the Internet or something. One could also argue (with only similar level of hyperbole) that it was sendmail which made the Internet a success. Obviously the truth is in between, but lets give credit where credit is due. Sendmail served us well in its time. It's not inherently the fault of its developers, that the Internet evolved to a much darker place over time.
We disagree on how big of a deal pervasive serverside memory corruption vulnerabilities have been. Easily a bigger problem than early-1990s congestion collapse.
64-bit qmail was remotely exploitable. The author believes a small address space (below 4 GB) was an adequate mitigation, but the code was confused and trying to do something unsafe.
