Over the years procmail has only had 3 vulnerabilities found and it still does what is was inteded for. As such it is considered by many to be a "finished" product that does not require any more maintenance. It is still packaged in many major distributions.