mail/mailman: 2.1.38 security fixing CSRF vuln

While here, fix pkg-message to mention -exim4 and -postfix
derived ports that override the default MTA.

Security: 0d6efbe3-52d9-11ec-9472-e3667ed6088e
Security: CVE-2021-44227
MFH: 2021Q4