So which of the suggested alternatives (fdm, sieved, ???) have undergone a security audit or at least can claim that no problems were found when using some of those "fuzzing" tools?
Before switching from procmail to something else it would be nice to know if that alternative is (more) secure.