[tptacek]

Not by AI, but by humans awhile ago. I think Qualys weaponized a wontfix LP64 integer overflow in it just a couple years ago?

[rs_rs_rs_rs_rs]

The Calif people found a nice bug in a qmail fork(what I consider usable qmail) some weeks ago.

[tptacek]

Right, and that fork is the only version of qmail people still run, and the bug they found was extremely funny given Bernstein's original qmail design (it was, if I remember right, a popen(3) vulnerability --- something that never would have showed up in Bernstein's code, but that's what happens when code gets abandoned, it gets picked up by people who don't really understand it). But it's hard to charge that vulnerability against the original qmail design.

(I don't think anyone should run qmail.)

[adrian_b]

Actually the original qmail still works fine.

However it has some compatibility problems with modern practices, the most significant being that it does not know TLS.

Having to use TLS is the main reason for running a qmail fork instead of the original.

[eqvinox]

"works fine" and "has some compatibility problems" is a little bit of an oxymoron... I understand what you're trying to say, but that does mean it's essentially unusable, despite "working fine".