Daniel Bernstein: ten years of qmail security

This.

I don't claim to be a mail expert by any means, but having recently entered the vast and
potentially scary world of open source mail servers, I was given to doing my fair share of
research on what was out there these days.  I'd run into qmail in a previous job, so it wasn't
entirely foreign to me.  Its age and blatant lack of modern features made it a non-option as
far as I was concerned.  Even the most common extentions like STARTTLS are nowhere present,
and as far as I'm concerned, that's required security these days.  Of course it's much easier
to write secure -code- when it's completely minimal, but like someone posted recently in
another article (OpenBSD maybe?), there's a decent and widening gap between
secure-by-any-means and practical-for-daily-use.