CUMES is (or will be) a free and secure MTA, partially inspired by qmail.
- Under construction
- Unrestricted: CUMES is not Free, but with restrictions, Software, but MIT-Licensed. You can do (almost) everything with the code.
Every few months, or even days, another security hole shows up in sendmail, postfix, exim and other mailers. There are many more holes waiting to be discovered. Sendmail for example had and has many security vulnerabilities, see Sendmail Disaster and the actual table of CVE-Details.
A list of my favorite CVEs so far:
- CVE-2002-1337: A flaw in headers.c f#cks up sendmail
- CVE-2003-0161: A flaw in prescan() in parseaddr.c f#cks up sendmail
- CVE-2003-0694: A flaw in prescan() in parseaddr.c f#cks up sendmail on more time
- CVE-2010-4344: A flaw in string_vformat in string.c f#cks up exim