Quoting Lars Nood??n via Dng (dng@???):

> It's probably a time that Procmail be retired, and thus anything based
> on it. There have been a lot of reports in recent years of serious,
> unsafe bugs in its processing. However, there is this comment about it
> from a former Procmail maintainer to consider:
>
> https://marc.info/?l=openbsd-ports&m=141634350915839&w=2

Upon examination, it turns out that the known flaws in Procmail lack any
credible exploitation scenario. The matter was covered on LWN.net a few
years ago, and I'm pretty sure nothing has changed substantively.

(I've gone through this discussion several times since then on mailing
lists, and can dredge up details from those if necessary.)