Well, we could as well discuss editors or shells. But, referring to the original question: Could anybody please point us to a security problem in sendmail during the last 2.5 years, please?
Kernel capabilities bug was exploitable through sendmail. But not postfix (and I doubt qmail but I'm not 100% sure). Hell, postfix is faster, when I moved my old mailing list server from sendmail to postfix it took 15 minutes instead of 2 hours to delivery 90% of the list and system load stayed below 0.1 (used to hit 2-3). I remember seeing that and thinkging "huh. Why the hell have I been using sendmail?". If a problem is found in sendmail it is probably "fatal" die to it's design, whereas postfix/qmail are much more forgiving (30odd k runs as root, the rest doesn't). Unfortunately Qmail's license sucks. Kurt Seifried: "Postfix - the Sendmail replacement". Kurt's Closet, September 1999. http://www.securityportal.com/closet/closet19990915.html Kurt Seifried: "Postfix - The Sendmail Replacement, Part II". Kurt's Closet, November 2000. http://securityportal.com/closet/closet20001122.html
Thanks, Roman.
-Kurt