Sendmail: Difference between revisions
version 8.14.2 and MeTA1-1.0.PreAlpha22.0 |
|||
Line 33: | Line 33: | ||
The first release of Sendmail X ([http://www.sendmail.org/sm-X/release.html smX-0.0.0.0]) was made available on October 30 2005. The final release was [http://sendmail.org/sm-X/release-smX-1.0.PreAlpha7.0.html smX-1.0.PreAlpha7.0.], released on May 20 2006 under the same license used by Sendmail 8. |
The first release of Sendmail X ([http://www.sendmail.org/sm-X/release.html smX-0.0.0.0]) was made available on October 30 2005. The final release was [http://sendmail.org/sm-X/release-smX-1.0.PreAlpha7.0.html smX-1.0.PreAlpha7.0.], released on May 20 2006 under the same license used by Sendmail 8. |
||
Development on MeTA1 continues, with the released code at the [[development stage#Pre-alpha|pre-alpha]] stage as of |
Development on MeTA1 continues, with the released code at the [[development stage#Pre-alpha|pre-alpha]] stage as of January 2008. |
||
== Sendmail-8 == |
== Sendmail-8 == |
Revision as of 01:10, 27 January 2008
Sendmail logo | |
Developer(s) | Sendmail, Inc. |
---|---|
Stable release | |
Preview release | |
Operating system | Cross-platform |
Type | Mail transfer agent |
License | Sendmail License |
Website | http://www.sendmail.org/ |
Sendmail is a mail transfer agent (MTA) that is a well-known project of the open source, free software and Unix communities, which is distributed both as free software and proprietary software.
History and use
A descendant of the original ARPANET delivermail application, Sendmail is a remarkably flexible program, supporting many kinds of mail transfer and delivery including the overwhelmingly popular SMTP. The original version of Sendmail was written by Eric Allman in the early 1980s at UC Berkeley, who had also written delivermail previously. Delivermail was shipped in 1979 with 4.0 and 4.1 BSD. Sendmail was shipped with BSD 4.1c in 1983 (the first BSD version to include TCP/IP).
Sendmail remains the most popular MTA on the Internet. Its popularity is due in part to its position as the standard MTA under most variants of the Unix operating system. According to latest D. J. Bernstein SMTP survey[1], as of November 2001 approximately 42% of the publicly reachable mail servers on the Internet were running Sendmail. More recent surveys have suggested a decline, with 29.4% of mail servers in August 2007 detected as running Sendmail in a study performed by E-Soft, Inc. [2] Sendmail is trailed by Microsoft Exchange Server, Exim, and Postfix, these four being the only mail servers with more than 10% of the installed base.
As Sendmail is a complex package with a great deal of functionality, it can be difficult for an inexperienced system administrator to configure. Documentation of the Sendmail system has not always kept pace with changes to the administrative interfaces; despite the availability of macro-based configuration tools, many support websites instruct administrators to directly modify configuration files that should instead be managed by administrative tools. The failure of vendors to update their support materials contributes to the perception of Sendmail as a difficult-to-configure package[citation needed].
The complexity of Sendmail does provide benefits, in the form of flexibility and scalability. Sendmail supports a variety of mail transfer protocols, including SMTP, ESMTP, DECnet's mail11, HylaFax, QuickPage and UUCP. Additionally, Sendmail v8.12 as of September 2001 introduced support for milters - external mail filtering programs that can participate in each step of the SMTP conversation.
Security
Sendmail originated in the early days of the modern Internet, an era when security was not a primary consideration in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that have been corrected over the years.
Sendmail itself incorporated a certain amount of privilege separation in order to avoid exposure to security issues. Current versions of Sendmail, like other modern MTAs, incorporate a number of security improvements and optional features that can be configured to improve security and help prevent abuse.
Sendmail X / MeTA1
The next generation of Sendmail was initially called Sendmail X (previously it was called Sendmail 9, but is not an evolution of the Sendmail version 8 code base). However, the development of Sendmail X was stopped in favor of a new project called MeTA1.
The first release of Sendmail X (smX-0.0.0.0) was made available on October 30 2005. The final release was smX-1.0.PreAlpha7.0., released on May 20 2006 under the same license used by Sendmail 8.
Development on MeTA1 continues, with the released code at the pre-alpha stage as of January 2008.
Sendmail-8
Releases
- Sendmail-8.14.2 2007-11-01
- Sendmail-8.14.1 2007-04-03
- Sendmail-8.14.0 2007-01-31
- Sendmail-8.13.0 2004-06-20
- Sendmail-8.12.0 2001-09-08
- Sendmail-8.11.0 2000-07-19
- Sendmail-8.10.0 2000-03-01
- Sendmail-8.9.0 1998-05-19
- Sendmail-8.8.0 1996-09-26
- Sendmail-8.7 1995-09-16
- Sendmail-8.6 1993-10-05
- ...
- Sendmail-8.1 1993-06-07 - 4.4BSD freeze. No semantic changes.
The information is based on RELEASE_NOTES file from sendmail distribution.
History of Vulnerabilities
Sendmail vulnerabilities in CERT advisories and alerts.
- "TA06-081A Sendmail Race Condition Vulnerability". US-CERT Alerts.
- "CA-2003-25 Buffer Overflow in Sendmail". CERT Advisories. Retrieved January 7.
{{cite web}}
: Check date values in:|accessdate=
(help); Unknown parameter|accessyear=
ignored (|access-date=
suggested) (help) - "CA-2003-12 Buffer Overflow in Sendmail". CERT Advisories. Retrieved January 7.
{{cite web}}
: Check date values in:|accessdate=
(help); Unknown parameter|accessyear=
ignored (|access-date=
suggested) (help) - "CA-2003-07 Remote Buffer Overflow in Sendmail". CERT Advisories. Retrieved January 7.
{{cite web}}
: Check date values in:|accessdate=
(help); Unknown parameter|accessyear=
ignored (|access-date=
suggested) (help) - "CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4". CERT Advisories. Retrieved January 7.
{{cite web}}
: Check date values in:|accessdate=
(help); Unknown parameter|accessyear=
ignored (|access-date=
suggested) (help) - "CA-1996-25 Sendmail Group Permissions Vulnerability". CERT Advisories. Retrieved January 7.
{{cite web}}
: Check date values in:|accessdate=
(help); Unknown parameter|accessyear=
ignored (|access-date=
suggested) (help) - "CA-1996-24 Sendmail Daemon Mode Vulnerability". CERT Advisories. Retrieved January 7.
{{cite web}}
: Check date values in:|accessdate=
(help); Unknown parameter|accessyear=
ignored (|access-date=
suggested) (help) - "CA-1996-20 Sendmail Vulnerabilities". CERT Advisories. Retrieved January 7.
{{cite web}}
: Check date values in:|accessdate=
(help); Unknown parameter|accessyear=
ignored (|access-date=
suggested) (help)
See also
- List of mail servers
- Mail Delivery Agent
- Mail User Agent
- The original UNIX-HATERS Handbook dedicated an entire chapter to the problems and weaknesses of sendmail.
References
- Bryan Costales with Eric Allman (December 2002). sendmail, 3rd Edition. O'Reilly and Associates. ISBN.
{{cite book}}
: CS1 maint: year (link) — This is the Sendmail "bible" containing 1232 pages about Sendmail. It is also known as "The Bat Book", because of the picture on its cover. The 1st Edition was published in November 1993. - Bryan Costales, George Jansen, Claus Assmann, Gregory Shapiro (September 2004). sendmail 8.13 Companion. O'Reilly and Associates. ISBN.
{{cite book}}
: CS1 maint: multiple names: authors list (link) CS1 maint: year (link) — A companion to sendmail, 3rd Edition, this book documents the improvements in V8.13 in parallel with its release. - Craig Hunt (December 2003). sendmail Cookbook. O'Reilly. ISBN.
{{cite book}}
: CS1 maint: year (link) - Nick Christenson (2002-09-13). sendmail Performance Tuning. Addison-Wesley. ISBN.
{{cite book}}
: Check date values in:|year=
(help)CS1 maint: year (link) [3]
External links
- Sendmail Consortium, sendmail.org
- Sendmail, Inc., sendmail.com
- Milter.org, Sendmail MILTERs [4]
- Daniel J. Bernstein, Internet SMTP server survey, October 2001
- Mike Brodbelt, A brief history of mail
- Lourier, Philippe (1999). "History of Sendmail: Interview with Eric Allman". Dr. Dobb's Journal.
- Eric Allman; et al. (1999). "Sendmail Evolution: 8.10 and Beyond" (PDF).
{{cite journal}}
: Cite journal requires|journal=
(help); Explicit use of et al. in:|author=
(help) — presented at the USENIX Annual Technical Conference - Williamson, Alan (2003-08-11). "A Talk with the Father of sendmail". LinuxWorld.
{{cite news}}
: Check date values in:|date=
(help)