- Sendmail
-
Sendmail Developer(s) Sendmail Consortium, Sendmail, Inc. Stable release 8.14.5 / May 17, 2011 Preview release MeTA1 1.0.Alpha1.0 / April 30, 2011 Operating system Cross-platform Type Mail transfer agent License Sendmail License Website http://www.sendmail.org/ Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and -delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.
A descendant of the delivermail program written by Eric Allman, Sendmail is a well-known project of the free and open source software and Unix communities, and has spread both as free software and proprietary software. Greg Olson incorporated the company and drove sales in the early years. When sales went flat in Europe, he took charge of the territory and European sales resumed their brisk pace. He served as Sendmail's CEO for a time.
Contents
Overview
Allman had written the original ARPANET delivermail which shipped in 1979 with 4.0 and 4.1 BSD. He wrote Sendmail as a derivative of delivermail early in the 1980s at UC Berkeley. It shipped with BSD 4.1c in 1983, the first BSD version that included TCP/IP protocols.
In 2001, approximately 42% of the publicly-reachable mail-servers on the Internet ran Sendmail.[1] More recent surveys have suggested a decline, with 29.4% of mail servers in August 2007 detected as running Sendmail in a study performed by E-Soft, Inc.[2] Sendmail is trailed by Microsoft Exchange Server, Exim, and Postfix; these four being the only mail servers with more than 10% of the total.
Allman designed Sendmail to incorporate great flexibility, but it can be daunting to configure for novices.[3] Standard configuration packages delivered with the source code distribution require the use of the M4 macro language which hides much of the configuration complexity. The configuration defines the site-local mail delivery options and their access parameters, the mechanism of forwarding mail to remote sites, as well as many application tuning parameters.
Sendmail supports a variety of mail transfer protocols, including SMTP, ESMTP, DECnet's Mail-11, HylaFax, QuickPage and UUCP. Additionally, Sendmail v8.12 as of September 2001[update] introduced support for milters - external mail filtering programs that can participate in each step of the SMTP conversation.
New development
The next generation of Sendmail was initially called Sendmail X, previously it was called Sendmail 9, but it does not derive from the Sendmail version 8 code base. However, the development of Sendmail X was stopped in favor of a new project called MeTA1.
The first release of Sendmail X (smX-0.0.0.0) was made available on October 30, 2005. The final release was smX-1.0.PreAlpha7.0., released on May 20, 2006 under the same license used by Sendmail 8.
As of August 2010[update] development on MeTA1 continues, with the released code at the alpha stage.
Sendmail 8 releases
- Sendmail-8.14.5 2011-05-17
- Sendmail-8.14.4 2009-12-30
- Sendmail-8.14.3 2008-05-03
- Sendmail-8.14.2 2007-11-01
- Sendmail-8.14.1 2007-04-03
- Sendmail-8.14.0 2007-01-31
- Sendmail-8.13.0 2004-06-20
- Sendmail-8.12.0 2001-09-08
- Sendmail-8.11.0 2000-07-19
- Sendmail-8.10.0 2000-03-01
- Sendmail-8.9.0 1998-05-19
- Sendmail-8.8.0 1996-09-26
- Sendmail-8.7 1995-09-16
- Sendmail-8.6 1993-10-05
- ...
- Sendmail-8.1 1993-06-07 - 4.4BSD freeze. No semantic changes.
The information derives from RELEASE_NOTES file from sendmail distribution.
Security
Sendmail originated in the early days of the Internet, an era when considerations of security did not play a primary role in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that have been corrected over the years.
Sendmail itself incorporated a certain amount of privilege separation in order to avoid exposure to security issues. As of 2009[update], current versions of Sendmail, like other modern MTAs, incorporate a number of security improvements and optional features that can be configured to improve security and help prevent abuse.
History of vulnerabilities
Sendmail vulnerabilities in CERT advisories and alerts:
- "TA06-081A Sendmail Race Condition Vulnerability". US-CERT Alerts. http://www.us-cert.gov/cas/techalerts/TA06-081A.html.
- "CA-2003-25 Buffer Overflow in Sendmail". CERT Advisories. http://www.cert.org/advisories/CA-2003-25.html. Retrieved January 7, 2005.
- "CA-2003-12 Buffer Overflow in Sendmail". CERT Advisories. http://www.cert.org/advisories/CA-2003-12.html. Retrieved January 7, 2005.
- "CA-2003-07 Remote Buffer Overflow in Sendmail". CERT Advisories. http://www.cert.org/advisories/CA-2003-07.html. Retrieved January 7, 2005.
- "CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4". CERT Advisories. http://www.cert.org/advisories/CA-1997-05.html. Retrieved January 7, 2005.
- "CA-1996-25 Sendmail Group Permissions Vulnerability". CERT Advisories. http://www.cert.org/advisories/CA-1996-25.html. Retrieved January 7, 2005.
- "CA-1996-24 Sendmail Daemon Mode Vulnerability". CERT Advisories. http://www.cert.org/advisories/CA-1996-24.html. Retrieved January 7, 2005.
- "CA-1996-20 Sendmail Vulnerabilities". CERT Advisories. http://www.cert.org/advisories/CA-1996-20.html. Retrieved January 7, 2005.
The UNIX-HATERS Handbook dedicated an entire chapter to perceived problems and weaknesses of sendmail.
Implementation
As of sendmail release 8.12.0 the default implementation of sendmail runs as the Unix user smmsp[4] — the sendmail message submission program.
See also
- List of mail servers
- Mail delivery agent
- Mail user agent
- Internet messaging platform
- Morris worm
Footnotes
- ^ D. J. Bernstein (2001-10-04). "Internet host SMTP server survey". http://cr.yp.to/surveys/smtpsoftware6.txt.
- ^ "E-Soft MX survey". http://www.securityspace.com/s_survey/data/man.200707/mxsurvey.html.
- ^ "Sendmail Installation and Operations Guide". http://www.sendmail.org/doc/sendmail-current/doc/op/op.pdf.
- ^ "Sendmail release notes". sendmail.org. The Sendmail Consortium. http://www.sendmail.org/documentation. Retrieved 2009-08-30. "8.12.0/8.12.0 2001/09/08 *NOTICE*: The default installation of sendmail does not use set-user-ID root anymore. You need to create a new user and a new group before installing sendmail (both called smmsp by default). [...] Please see sendmail/SECURITY for details."
References
- Bryan Costales with Eric Allman (October 2007). sendmail, 4th Edition. O'Reilly and Associates. — This is the Sendmail "bible" containing 1308 pages about Sendmail. It is also known as "The Bat Book", because of the picture on its cover. The 1st Edition was published in November 1993.
- Bryan Costales, George Jansen, Claus Assmann, Gregory Shapiro (September 2004). sendmail 8.13 Companion. O'Reilly and Associates. — A companion to sendmail, 3rd Edition, this book documents the improvements in V8.13 in parallel with its release.
- Craig Hunt (December 2003). sendmail Cookbook. O'Reilly.
- Nick Christenson (2002-09-13). sendmail Performance Tuning. Addison-Wesley. [1]
External links
- Sendmail Consortium
- Sendmail, Inc.
- Bryan Costales, George Jansen and Claus Aßmann with Gregory Neil Shapiro Sendmail, 4th Edition, O'Reilly, October 2007, ISBN 978-0-596-51029-9
- Milter.org, Sendmail MILTERs [2]
- Daniel J. Bernstein, Internet SMTP server survey, October 2001
- Mike Brodbelt, A brief history of mail
- Lourier, Philippe (1999). "History of Sendmail: Interview with Eric Allman". Dr. Dobb's Journal. http://technetcast.ddj.com/tnc_program.html?program_id=32.
- Eric Allman et al. (1999) (PDF). Sendmail Evolution: 8.10 and Beyond. http://www.sendmail.org/~gshapiro/Sendmail-8.10.Paper.pdf. — presented at the USENIX Annual Technical Conference
- Williamson, Alan (2003-08-11). "A Talk with the Father of sendmail". LinuxWorld. http://linux.sys-con.com/read/33904.htm.
Categories:- Message transfer agents
- Free email server software
- Emeryville, California
Wikimedia Foundation. 2010.