Sendmail

From Wikipedia, the free encyclopedia
Sendmail
Original author(s)Eric Allman
Developer(s)Sendmail Consortium, Proofpoint, Inc.
Initial release1983; 41 years ago (1983)
Stable release
8.18.1[1] / January 31, 2024; 52 days ago (2024-01-31)
Operating systemCross-platform
TypeMail transfer agent
LicenseSendmail License
Websitewww.proofpoint.com/us/products/open-source-email-solution

Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.

A descendant of the delivermail program written by Eric Allman, Sendmail is a well-known project of the free and open source software and Unix communities. It has spread both as free software and proprietary software.

Overview[edit]

Allman wrote the original ARPANET delivermail which shipped in 1979 with 4.0 and 4.1 BSD. He wrote Sendmail as a derivative of delivermail in the early 1980s at UC Berkeley. It shipped with BSD 4.1c in 1983, the first BSD version that included TCP/IP protocols.

In 1996, approximately 80% of the publicly reachable mail-servers on the Internet ran Sendmail.[2] More recent surveys have suggested a decline, with 3.64% of mail servers in March 2021 detected as running Sendmail in a study performed by E-Soft, Inc.[3] A previous survey (December 2007 or earlier) reported 24% of mail servers running Sendmail according to a study performed by Mail Radar.[4]

Allman designed Sendmail to incorporate great flexibility, but it can be daunting to configure for novices.[5] Standard configuration packages delivered with the source code distribution require the use of the M4 macro language which hides much of the configuration complexity. The configuration defines the site-local mail delivery options and their access parameters, the mechanism of forwarding mail to remote sites, as well as many application tuning parameters.

Sendmail supports a variety of mail transfer protocols, including SMTP, DECnet's Mail-11, HylaFAX, QuickPage and UUCP. Additionally, Sendmail v8.12 as of September 2001 introduced support for milters - external mail filtering programs that can participate in each step of the SMTP conversation.

Acquisition by Proofpoint, Inc.[edit]

Sendmail, Inc was acquired by Proofpoint, Inc. This announcement was released on 1 October 2013.[6]

Security[edit]

Sendmail originated in the early days of the Internet, an era when considerations of security did not play a primary role in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that have been corrected over the years.

Sendmail itself incorporated a certain amount of privilege separation in order to avoid exposure to security issues. As of 2009, current versions of Sendmail, like other modern MTAs, incorporate a number of security improvements and optional features that can be configured to improve security and help prevent abuse.

History of vulnerabilities[edit]

Sendmail vulnerabilities in CERT advisories and alerts:

  • "TA06-081A Sendmail Race Condition Vulnerability". US-CERT Alerts. Archived from the original on 2006-04-08.
  • "CA-2003-25 Buffer Overflow in Sendmail". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
  • "CA-2003-12 Buffer Overflow in Sendmail". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
  • "CA-2003-07 Remote Buffer Overflow in Sendmail". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
  • "CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
  • "CA-1996-25 Sendmail Group Permissions Vulnerability". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
  • "CA-1996-24 Sendmail Daemon Mode Vulnerability". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
  • "CA-1996-20 Sendmail Vulnerabilities". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.

The UNIX-HATERS Handbook dedicated an entire chapter to perceived problems and weaknesses of sendmail.

Implementation[edit]

As of sendmail release 8.12.0 the default implementation of sendmail runs as the Unix user smmsp[7] — the sendmail message submission program.

See also[edit]

Notes[edit]

  1. ^ "Release Notes".
  2. ^ D. J. Bernstein (1996-11-27). "Internet host SMTP server survey". Archived from the original on 2021-10-24.
  3. ^ "E-Soft MX survey". securityspace.com. E-Soft Inc. 1 March 2021. Archived from the original on 2021-10-24. Retrieved 21 March 2021.
  4. ^ "Mail Radar survey". Archived from the original on 2007-12-13.
  5. ^ Allman, Eric; Assmann, Claus; Shapiro, Gregory Neil. "Sendmail Installation and Operations Guide" (PDF). Archived from the original (PDF) on 2008-12-03. Retrieved 2009-07-28.
  6. ^ "Proofpoint, Inc. Acquires Sendmail, Inc" (Press release). Proofpoint, Inc. October 1, 2013. Archived from the original on 2021-10-24.
  7. ^ "Sendmail release notes". sendmail.org. The Sendmail Consortium. Archived from the original on 2021-10-24. Retrieved 2009-08-30.

References[edit]

External links[edit]