-----Original Message----- From: Nigel Metheringham [mailto:Nigel.Metheringham@VData.co.uk] Sent: Thursday, June 29, 2000 2:00 AM To: Chuq Von Rospach Cc: J C Lawrence; Derek Simkowiak; Gary Wilson; mailman-users@python.org Subject: Re: [Mailman-Users] Extremely High Membership lists

[snip]

Exim has the severe disadvantage that it runs setuid root and is a big lump of code. It has the advantage of sendmail that it was written later and in a consistant style which should protect it against buffer overruns. Downside is that it has not had as much testing as sendmail in the wild, neither has it been formally audited to my knowledge.

Hmm, OpenBSD ships with sendmail, so it's certainly possible to secure it. My understanding was that the OpenBSD people have done a complete security audit on all of their code, but I'm not sure that this includes Sendmail. Greg