The most popular MTA for Linux is Sendmail, which had a lot of security issues including buffer overruns that could be remotely exploited to compromise the MTA server.Popular alternatives to Sendmail are Postix, Qmail, Exim, and Courier-MTA.
MTAs’ most popular problems are the following:
- Vulnerabilities such as buffer overruns, heap overlows, etc., which can be used by remote or local attackers to compromise the server running the MTA.
- Missconfiguration of the MTA allowing everyone to use it for sending mail. This is called open relay. Missconfigured MTAs as open relays immediately fall in the hands of spammers, which may cause big damages to your company by having your email server in one of the many email servers blacklists, plus the fact that all the spam consumes your bandwidth. You can check your mail server to see if it is an open relay at http://www.abuse.net/relay.html, which runs a set of tests to see if there’s any way for a spammer to use your email server to send mail to other people.
- User-account database disclosure vulnerabilities