Postfix has shipped 12 security advisories since 2020 ( source ). Each one needs a patch, a daemon restart, and a smoke test to confirm mail still flows. Twelve interruptions to ship, for a sub-system that exists to do one thing: hand a string to a smarter mail provider 50ms later. If your only outbound need is "send a templated email from a script", you do not need an SMTP daemon. You need a function call. What an "SMTP server" actually does in 2026 For most workloads, the local Postfix instance: Accepts mail from sendmail -t or mail Queues it Hands it to a smart relay (SES, SendGrid, Mailgun, or your provider of choice) Logs the result Steps 1, 2, 4 are infrastructure. Step 3 is the work. Removing 1, 2, 4 means you trade five files in /etc/postfix and a queue daemon for a single command: nylas email send \ --to ops@yourcompany.com \ --subject "Build #4129 failed" \ --body "See https://ci.example.com/4129 for details." Enter fullscreen mode Exit fullscreen mode That is it.…