While looking at the code of nbsmtp I ran into a format string issue that can potentially allow malicious servers to compromise the nbsmtp process when its running in debug mode. The problem is in util.c and the following patch fixes it: --- util.orig Tue Jul 12 11:43:06 2005 +++ util.c Tue Jul 12 11:43:32 2005 @@ -187,7 +187,7 @@ if (debug==0 || debug==1) { openlog("nbSMTP", LOG_PID, LOG_MAIL); - syslog(priority,buffer); + syslog(priority,"%s",buffer); closelog(); } else /* if (debug==2) */ I also noticed that versions older then 0.99 can be caused to crash when the SMTP server returns large strings. This seems to be fixed in 0.99.