[tptacek]

Every mail server I've ever run has been qmail, including my current company's current mail server, which backs a relatively popular blog and a pretty healthy number of press hits with @matasano.com mail addresses, along with several decently active open mailing lists, and I simply don't have any of these problems you're talking about.

If you took a class with Bernstein, you might be familiar with the ISP whose entire mail operation, including customer POP and virtual hosting, I ran on qmail --- that'd be EnterAct. So yeah, I'm not buying your "qmail is too simple to matter" argument. If you want to chase it down, I'll be happy to show you where the last few Sendmail vulnerabilities were found. Clue: not in the crazy Sendmail features that qmail lacks.

But that's besides the point. You didn't answer my question.

Name a piece of code of comparable complexity to qmail that's never had an integer overflow. Here's another hint: Perl isn't one of them.