Defect-free software does not exist.
One bug in an SMTP server can open up the whole machine for intrusion.
Sure, but competition is good for the user.
The challenge with Postfix, or with any piece of software, is to update software without introducing problems.
Adding functionality is not just a matter of adding code.
I want to avoid locking people into solutions that work only with Postfix. People should have a choice in what software they want to use with Postfix, be it anti-virus or otherwise.
However, writing software without defects is not sufficient. In my experience, it is at least as difficult to write software that is safe - that is, software that behaves reasonably under adverse conditions.
In a previous life I wrote the software that controlled my physics experiments. That software had to deal with all kinds of possible failures in equipment. That is probably where I learned to rely on multiple safety nets inside and around my systems.
As of today, the Postfix mail transport agent has almost 50,000 lines of code, comments not included.
Lack of documentation is becoming a problem for acceptance.