We have used sendmail for years, and work to keep it up to date for security. It's like any kind of software or program, it needs to be maintained. Here are some of the more recent issues we are working on:

http://www.cert.org/advisories/CA-2003-07.html

http://www.cert.org/advisories/CA-2003-12.html

The problem being that with any of these alerts, we have to investigate and test the solution before we roll out into production and have to be especially weary of any patches that would overwrite sendmail.cf (HPUX) as we have modified that file for our use.

Also - these are listed in the advisories, but in case you just want these links and don't have them:

http://www.sendmail.com/security/

http://www.sendmail.org

Sendmail is a target, but it has worked for us since at least '96 so again, not the best, but it can be fixed... and fixed... and fixed.