This seems pretty classic:

* Five years ago a change causes a logic bug in a not super critical section of code.

* Three and a half years later a change in an entirely different section of code makes the section of code super critical at the same time it makes it exploitable.

Bugs can happen in any of the places you are not looking without actually changing anything in those places. Your code is full of trip mines and you don't know where any of the wires are.

The real question is why the fuck does mail delivery need to happen as root in the first place?

On OpenBSD, mailboxes are mode 600. So, only root can write to them. On Debian with exim4, they are mode 660 -- writable by group "mail." So the MDA only needs to run as group mail, not user root.

Is there some reason why OpenBSD is not doing the same thing?

The "no mail to root" would be a major change. I generally put a .forward to a common sysadmin account, so I guess I would be curious their solution.

undefined

It seems very simple for a MTA to be unprivileged: they can join us in the 21st century and drop the whole UNIX maildir, "login into the central terminal server with your UNIX account to read mail" thing. Write mail into a database or something, like every other goddamn service out there.