This article includes a list of general references, but it lacks sufficient corresponding inline citations .(November 2019) |
Original author(s) | Eric Allman |
---|---|
Developer(s) | Sendmail Consortium, Proofpoint, Inc. |
Initial release | 1983 |
Stable release | 8.18.1 [1] / January 31, 2024 |
Operating system | Cross-platform |
Type | Mail transfer agent |
License | Sendmail License |
Website | www |
Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.
A descendant of the delivermail program written by Eric Allman, Sendmail is a well-known project of the free and open source software and Unix communities. It has spread both as free software and proprietary software.
Allman wrote the original ARPANET delivermail which shipped in 1979 with 4.0 and 4.1 BSD. He wrote Sendmail as a derivative of delivermail in the early 1980s at UC Berkeley. It shipped with BSD 4.1c in 1983, the first BSD version that included TCP/IP protocols.
In 1996, approximately 80% of the publicly reachable mail-servers on the Internet ran Sendmail. [2] More recent surveys have suggested a decline, with 3.64% of mail servers in March 2021 detected as running Sendmail in a study performed by E-Soft, Inc. [3] A previous survey (December 2007 or earlier) reported 24% of mail servers running Sendmail according to a study performed by Mail Radar. [4]
Allman designed Sendmail to incorporate great flexibility, but it can be daunting to configure for novices. [5] Standard configuration packages delivered with the source code distribution require the use of the M4 macro language which hides much of the configuration complexity. The configuration defines the site-local mail delivery options and their access parameters, the mechanism of forwarding mail to remote sites, as well as many application tuning parameters.
Sendmail supports a variety of mail transfer protocols, including SMTP, DECnet's Mail-11, HylaFAX, QuickPage and UUCP. Additionally, Sendmail v8.12 as of September 2001 [update] introduced support for milters - external mail filtering programs that can participate in each step of the SMTP conversation.
Sendmail, Inc was acquired by Proofpoint, Inc. This announcement was released on 1 October 2013. [6]
Sendmail originated in the early days of the Internet, an era when considerations of security did not play a primary role in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that have been corrected over the years.
Sendmail itself incorporated a certain amount of privilege separation in order to avoid exposure to security issues. As of 2009 [update] , current versions of Sendmail, like other modern MTAs, incorporate a number of security improvements and optional features that can be configured to improve security and help prevent abuse.
Sendmail vulnerabilities in CERT advisories and alerts:
The UNIX-HATERS Handbook dedicated an entire chapter to perceived problems and weaknesses of sendmail.
As of sendmail release 8.12.0 the default implementation of sendmail runs as the Unix user smmsp [7] — the sendmail message submission program.
In programming and information security, a buffer overflow or buffer overrun is an anomaly whereby a program writes data to a buffer beyond the buffer's allocated memory, overwriting adjacent memory locations.
Paul Vixie is an American computer scientist whose technical contributions include Domain Name System (DNS) protocol design and procedure, mechanisms to achieve operational robustness of DNS implementations, and significant contributions to open source software principles and methodology. He also created and launched the first successful commercial anti-spam service. He authored the standard UNIX system programs SENDS, proxynet, rtty and Vixie cron. At one point he ran his own consulting business, Vixie Enterprises. In 2002, Vixie held the record for "most CERT advisories due to a single author".
The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.
An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.
The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on 8:30 p.m. November 2, 1988, from the Massachusetts Institute of Technology network.
Eric Paul Allman is an American computer programmer who developed sendmail and its precursor delivermail in the late 1970s and early 1980s at UC Berkeley. In 1998, Allman and Greg Olson co-founded the company Sendmail, Inc.
Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large-scale, mixed-threat attack to successfully target enterprise networks.
qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure alternative to the popular Sendmail program. Originally license-free software, qmail's source code was later dedicated to the public domain by the author.
Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail.
Michał Zalewski, also known by the user name lcamtuf, is a computer security expert and "white hat" hacker from Poland. He is a former Google Inc. employee, and currently the VP of Security Engineering at Snap Inc.
Microsoft Mail was the name given to several early Microsoft e-mail products for local area networks, primarily two architectures: one for Macintosh networks, and one for PC architecture-based LANs. All were eventually replaced by the Exchange and Outlook product lines.
Alexander Peslyak, better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first generic heap-based buffer overflow exploitation technique, as well as computer security protection techniques such as privilege separation for daemon processes.
The comparison of mail servers covers mail transfer agents (MTAs), mail delivery agents, and other computer software that provide e-mail services.
ZMailer is a discontinued SMTP mail transfer agent for Linux, BSD and other Unix-like systems.
Przemysław Frasunek is a "white hat" hacker from Poland. He has been a frequent Bugtraq poster since late in the 1990s, noted for one of the first published successful software exploits for the format string bug class of attacks, just after the first exploit of the person using nickname tf8. Until that time the vulnerability was thought harmless. He serves as the CEO of Redge Technologies.
An Internet messaging platform is any system on the Internet that exchanges messages for the purpose of human communications.
OpenBSD is a security-focused, free and open-source, Unix-like operating system based on the Berkeley Software Distribution (BSD). Theo de Raadt created OpenBSD in 1995 by forking NetBSD 1.0. The OpenBSD project emphasizes portability, standardization, correctness, proactive security, and integrated cryptography.
OpenSMTPD is a Unix daemon implementing the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers. It was publicly released on 17 March 2013 with version number 5.3, after being in development since late 2008.
Sendmail, Inc. is an email management business.
The history of email entails an evolving set of technologies and standards that culminated in the email systems in use today.