Sendmail
Sendmail is a popular mail transport agent (MTA - Mail Transport Agent) on the Internet, whose task is to route messages or emails so that they reach their destination. It supports many types of delivery methods, including the Simple Mail Transfer Protocol (SMTP) used to transport email over the Internet.
It is a successor to delivermail, a program written by Eric Allman. Sendmail is a project well known to the free and open source software and Unix communities. It exists in free and proprietary software version.
Overview
Allman wrote delivermail for the ARPANET which was included in BSD version 4.0 and 4.1 in 1979. Allman wrote Sendmail as a derivative of delivermail in the early 1980s for the University of California at Berkeley and was included with BSD 4.1c in 1983, the first BSD version to include TCP/IP protocols.
In 1996, approximately 80% of publicly reachable email servers were running Sendmail. More recent surveys have suggested a decline. As of August 2019, only 4.18% of email servers run Sendmail according to a study conducted by E-Soft, Inc.
Other surveys have suggested a smaller decline, with 24% of email servers running Sendmail as of August 2015, according to a study conducted by Mail Radar.
Allman designed Sendmail to have a lot of flexibility but can be daunting for beginners to configure. The standard configuration packages shipped with the source code require the use of the M4 macro language which hides much of the configuration complexity. The configuration defines the email delivery options, its access parameters and the mechanism for forwarding emails to remote sites as well as setting parameters of the application.
Sendmail supports a variety of transfer protocols including SMTP, ESMTP, DECnet Mail-11, HylaFax, QuickPage, and UUCP. Additionally, Sendmail v8.12 in September 2001 introduced support for milters - external email filtering programs that can participate in every step of the SMTP conversation.
Acquisition by Proofpoint, Ic
According to an announcement on October 1, 2013 Sendmail, Inc was acquired by Proofpoint, Inc.
Sendmail 8 Releases
- Sendmail-8.15.2 2015-07-03 Release Notes
- Sendmail-8.15.1 2014-12-06
- Sendmail-8.14.9 2014-05-21
- Sendmail-8.14.8 2014-01-26
- Sendmail-8.14.7 2013-04-21
- Sendmail-8.14.6 2012-12-23
- Sendmail-8.14.5 2011-05-17
- Sendmail-8.14.4 2009-12-30
- Sendmail-8.14.3 2008-05-03
- Sendmail-8.14.2 2007-11-01
- Sendmail-8.14.1 2007-04-03
- Sendmail-8.14.0 2007-01-31
- Sendmail-8.13.0 2004-06-20
- Sendmail-8.12.0 2001-09-08
- Sendmail-8.11.0 2000-07-19
- Sendmail-8.10.0 2000-03-01
- Sendmail-8.9.0 1998-05-19
- Sendmail-8.8.0 1996-09-26
- Sendmail-8.7 1995-09-16
- Sendmail-8.6 1993-10-05
- ...
- Sendmail-8.1 1993-06-07 - 4.4BSD freeze. No semantic changes.
The information is derived from the RELEASE_NOTES file of the sendmail distribution.
Security
Sendmail originated in the early days of the Internet, an era where security considerations did not play a primary role in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that were fixed over the years.
Sendmail itself built in a certain amount of privilege separation to avoid exposing security issues. For the 2009 releases of Sendmail, like other modern MTAs, incorporate many security enhancements and optional features that can be configured to improve security and prevent abuse.
History of vulnerabilities
Sendmail vulnerabilities in CERT notices and alerts.
- «TA06-081A Sendmail Race Condition Vulnerability».
- «CA-2003-25 Buffer Overflow in Sendmail». Sec Lists. Consultation on 22 June 2020.
- «CA-2003-12 Buffer Overflow in Sendmail». lwn.net. Consultation on 22 June 2020.
- «CA-2003-07 Remote Buffer Overflow in Sendmail». lwn.net. Consultation on 22 June 2020.
- «CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4». 1997 CERT Advisories - CMU. Consultation on 22 June 2020.
- «CA-1996-25 Sendmail Group Permissions Vulnerability». 1996 CERT Advisories - CMU. Consultation on 22 June 2020.
- «CA-1996-24 Sendmail Daemon Mode Vulnerability». 1996 CERT Advisories - CMU. Consultation on 22 June 2020.
- «CA-1996-20 Sendmail Vulnerabilities». 1996 CERT Advisories - CMU. Consultation on 22 June 2020.
Contenido relacionado
Digital Network of integrated services
Electronic warfare
IEEE 1394