When I first got into computer security, I remember sendmail being the joke of the industry. Sendmail has a very spotty past in the computer security world. It's reputation then is probably comparable to IIS's reputation today. Lots of people use it, but no one ever really trusts it. In the past few years, though, it seemed like the folks who develop sendmail had learned from past mistakes and sendmail was actually beginning to look like a fairly secure product. Then someone went and found two serious exploits in under a month and any illusions I had were shattered. I guess it's time for me to take another look at Qmail et al.