This is a good question. Ideally (given the existing model) they would template an execv argv array, rather than a string to pass to sh(1), and execv() the MDA directly. It does not seem like the full generality of a shell is needed for pointing an smtpd at an MDA.
Of course, the reason they're invoking an external MDA is because this is classically how smptds and local mail delivery is separated. Is there a great reason for that? Not really. The MDA could be embedded in the smtpd.
Of course, the reason they're invoking an external MDA is because this is classically how smptds and local mail delivery is separated. Is there a great reason for that? Not really. The MDA could be embedded in the smtpd.