World Library  
Flag as Inappropriate
Email this Article

Sendmail

Article Id: WHEBN0000048600
Reproduction Date:

Title: Sendmail  
Author: World Heritage Encyclopedia
Language: English
Subject: Delivermail, MX record, Proprietary software, Simple Mail Transfer Protocol, Morris worm
Collection:
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Sendmail

Sendmail
Developer(s) Sendmail Consortium, Sendmail, Inc.
Stable release 8.14.9 Release Notes / May 21, 2014 (2014-05-21)
Preview release MeTA1 1.0.0.0 / May 25, 2014 (2014-05-25)
Operating system Cross-platform
Type Mail transfer agent
License Sendmail License
Website http://www.sendmail.org/

Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.

A descendant of the delivermail program written by Eric Allman, Sendmail is a well-known project of the free and open source software and Unix communities. It has spread both as free software and proprietary software.

Overview

Allman had written the original ARPANET delivermail which shipped in 1979 with 4.0 and 4.1 BSD. He wrote Sendmail as a derivative of delivermail in the early 1980s at UC Berkeley. It shipped with BSD 4.1c in 1983, the first BSD version that included TCP/IP protocols.

In 2001, approximately 42% of the publicly reachable mail-servers on the Internet ran Sendmail.[1] More recent surveys have suggested a decline, with 10.09% of mail servers in August 2013 detected as running Sendmail in a study performed by E-Soft, Inc.[2]

Allman designed Sendmail to incorporate great flexibility, but it can be daunting to configure for novices.[3] Standard configuration packages delivered with the source code distribution require the use of the M4 macro language which hides much of the configuration complexity. The configuration defines the site-local mail delivery options and their access parameters, the mechanism of forwarding mail to remote sites, as well as many application tuning parameters.

Sendmail supports a variety of mail transfer protocols, including SMTP, ESMTP, DECnet's Mail-11, HylaFax, QuickPage and UUCP. Additionally, Sendmail v8.12 as of September 2001 introduced support for milters - external mail filtering programs that can participate in each step of the SMTP conversation.

New development

The next generation of Sendmail was initially called Sendmail X; it was previously called Sendmail 9, but it does not derive from the Sendmail version 8 code base. However, the development of Sendmail X was stopped in favor of a new project called MeTA1.

The first release of Sendmail X (smX-0.0.0.0) was made available on October 30, 2005. The final release was smX-1.0.PreAlpha7.0., released on May 20, 2006, under the same license used by Sendmail 8.

MeTA1 1.0.0.0 was released on May 25, 2014.

Acquisition by Proofpoint, Inc.

Sendmail, Inc was acquired by Proofpoint, Inc. This announcement was released on 1 October 2013.

Sendmail 8 releases

  • Sendmail-8.14.9 2014-05-21 Release Notes
  • Sendmail-8.14.8 2014-01-26
  • Sendmail-8.14.7 2013-04-21
  • Sendmail-8.14.6 2012-12-23
  • Sendmail-8.14.5 2011-05-17
  • Sendmail-8.14.4 2009-12-30
  • Sendmail-8.14.3 2008-05-03
  • Sendmail-8.14.2 2007-11-01
  • Sendmail-8.14.1 2007-04-03
  • Sendmail-8.14.0 2007-01-31
  • Sendmail-8.13.0 2004-06-20
  • Sendmail-8.12.0 2001-09-08
  • Sendmail-8.11.0 2000-07-19
  • Sendmail-8.10.0 2000-03-01
  • Sendmail-8.9.0 1998-05-19
  • Sendmail-8.8.0 1996-09-26
  • Sendmail-8.7 1995-09-16
  • Sendmail-8.6 1993-10-05
  • ...
  • Sendmail-8.1 1993-06-07 - 4.4BSD freeze. No semantic changes.

The information derives from RELEASE_NOTES file from sendmail distribution.

Security

Sendmail originated in the early days of the Internet, an era when considerations of security did not play a primary role in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that have been corrected over the years.

Sendmail itself incorporated a certain amount of privilege separation in order to avoid exposure to security issues. As of 2009, current versions of Sendmail, like other modern MTAs, incorporate a number of security improvements and optional features that can be configured to improve security and help prevent abuse.

History of vulnerabilities

Sendmail vulnerabilities in CERT advisories and alerts:

  • "TA06-081A Sendmail Race Condition Vulnerability". US-CERT Alerts. 
  • "CA-2003-25 Buffer Overflow in Sendmail". CERT Advisories. Retrieved January 7, 2005. 
  • "CA-2003-12 Buffer Overflow in Sendmail". CERT Advisories. Retrieved January 7, 2005. 
  • "CA-2003-07 Remote Buffer Overflow in Sendmail". CERT Advisories. Retrieved January 7, 2005. 
  • "CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4". CERT Advisories. Retrieved January 7, 2005. 
  • "CA-1996-25 Sendmail Group Permissions Vulnerability". CERT Advisories. Retrieved January 7, 2005. 
  • "CA-1996-24 Sendmail Daemon Mode Vulnerability". CERT Advisories. Retrieved January 7, 2005. 
  • "CA-1996-20 Sendmail Vulnerabilities". CERT Advisories. Retrieved January 7, 2005. 

The UNIX-HATERS Handbook dedicated an entire chapter to perceived problems and weaknesses of sendmail.

Implementation

As of sendmail release 8.12.0 the default implementation of sendmail runs as the Unix user smmsp[4] — the sendmail message submission program.

See also

Notes

  1. ^ D. J. Bernstein (2001-10-04). "Internet host SMTP server survey". 
  2. ^ "E-Soft MX survey". 
  3. ^ "Sendmail Installation and Operations Guide". 
  4. ^ "Sendmail release notes". sendmail.org. The Sendmail Consortium. Retrieved 2009-08-30. 

References

External links

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.