They actually had a few really bad code execution bugs in a tight space of time a few years ago when someone was auditing it. It's a good idea to subscribe to announce@openbsd.org if you run this daemon to get notified of issues.
I was running it out of ports on FreeBSD at that time, and wound up patching from source because i didn't want to wait for the ports tree to update.
I still see attempts to exploit these bugs in my logs. Even though
they've been patched for years.
That said, it's good that these were exposed and fixed, as opposed to not found. It's a relatively new daemon compared to other mail servers and it was still ironing things out.
I was running it out of ports on FreeBSD at that time, and wound up patching from source because i didn't want to wait for the ports tree to update.
I still see attempts to exploit these bugs in my logs. Even though they've been patched for years.
That said, it's good that these were exposed and fixed, as opposed to not found. It's a relatively new daemon compared to other mail servers and it was still ironing things out.