Author: Jethro R Binks Date: To: exim-users Subject: Re: [Exim] Does Exim have security problems?
> Yes, but it seems that DJ barnstein criticised the design of exim, in the > original message that I quoted.
Bernstein is critical of anything that he didn't invent. He has very
narrow sight, and sees only what he wants to see. Potential security
issues are not the same as real security issues.
The colleagues who laughed ... ask them to produce an exploit for a recent
version of exim. They will find it difficult to so do; none are known.
None have been known for a long long time now, and in the history of exim,
there have only been a handful. They laugh at exim because they do not
know it, and because they have been duped by Bernstein and his supporters
into believing that QMail's method is the Only Secure Way of doing things.
This is simply not true. A monolithic program can be secure, if done
carefully.
However, an independent audit of exim would be a good thing, if it would
lay to rest such misconceptions.