Implementation
The Postfix implementation uses safe subsets of the C language and of the POSIX system API. These subsets are buried under an abstraction layer that contains about 50% of all Postfix source code, and that provides the foundation on which all Postfix programs are built. For example, the "vstring" primitive makes Postfix code resistant to buffer overflow attacks, and the "safe open" primitive makes Postfix code resistant to race condition attacks on systems that implement the POSIX file system API. This abstraction layer does not affect the attack resistance of non-Postfix code, such as code in system libraries or in third-party libraries.
Read more about this topic: Postfix (software)