Sendmail

Sendmail
Original author(s)	Eric Allman
Developer(s)	Sendmail Consortium, Proofpoint, Inc.
Initial release	1983;41 years ago
Stable release	8.18.1 / January 31, 2024;0 days ago
Operating system	Cross-platform
Type	Mail transfer agent
License	Sendmail License
Website	www.proofpoint.com/us/products/open-source-email-solution

Last updated February 01, 2024

Sendmail is a general purpose internetwork email routing facility that supports many kinds of mail-transfer and delivery methods, including the Simple Mail Transfer Protocol (SMTP) used for email transport over the Internet.

Overview

Allman wrote the original ARPANET delivermail which shipped in 1979 with 4.0 and 4.1 BSD. He wrote Sendmail as a derivative of delivermail in the early 1980s at UC Berkeley. It shipped with BSD 4.1c in 1983, the first BSD version that included TCP/IP protocols.

In 1996, approximately 80% of the publicly reachable mail-servers on the Internet ran Sendmail.^[2] More recent surveys have suggested a decline, with 3.64% of mail servers in March 2021 detected as running Sendmail in a study performed by E-Soft, Inc.^[3] A previous survey (December 2007 or earlier) reported 24% of mail servers running Sendmail according to a study performed by Mail Radar.^[4]

Allman designed Sendmail to incorporate great flexibility, but it can be daunting to configure for novices.^[5] Standard configuration packages delivered with the source code distribution require the use of the M4 macro language which hides much of the configuration complexity. The configuration defines the site-local mail delivery options and their access parameters, the mechanism of forwarding mail to remote sites, as well as many application tuning parameters.

Sendmail supports a variety of mail transfer protocols, including SMTP, DECnet's Mail-11, HylaFAX, QuickPage and UUCP. Additionally, Sendmail v8.12 as of September 2001^[update] introduced support for milters - external mail filtering programs that can participate in each step of the SMTP conversation.

Acquisition by Proofpoint, Inc.

Sendmail, Inc was acquired by Proofpoint, Inc. This announcement was released on 1 October 2013.^[6]

Security

Sendmail originated in the early days of the Internet, an era when considerations of security did not play a primary role in the development of network software. Early versions of Sendmail suffered from a number of security vulnerabilities that have been corrected over the years.

Sendmail itself incorporated a certain amount of privilege separation in order to avoid exposure to security issues. As of 2009^[update], current versions of Sendmail, like other modern MTAs, incorporate a number of security improvements and optional features that can be configured to improve security and help prevent abuse.

History of vulnerabilities

Sendmail vulnerabilities in CERT advisories and alerts:

"TA06-081A Sendmail Race Condition Vulnerability". US-CERT Alerts. Archived from the original on 2006-04-08.
"CA-2003-25 Buffer Overflow in Sendmail". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
"CA-2003-12 Buffer Overflow in Sendmail". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
"CA-2003-07 Remote Buffer Overflow in Sendmail". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
"CA-1997-05 MIME Conversion Buffer Overflow in Sendmail Versions 8.8.3 and 8.8.4". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
"CA-1996-25 Sendmail Group Permissions Vulnerability". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
"CA-1996-24 Sendmail Daemon Mode Vulnerability". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.
"CA-1996-20 Sendmail Vulnerabilities". CERT Advisories. Archived from the original on 2021-10-24. Retrieved January 7, 2005.

The UNIX-HATERS Handbook dedicated an entire chapter to perceived problems and weaknesses of sendmail.

Implementation

As of sendmail release 8.12.0 the default implementation of sendmail runs as the Unix user smmsp^[7] — the sendmail message submission program.

Notes

↑ "Release Notes".
↑ D. J. Bernstein (1996-11-27). "Internet host SMTP server survey". Archived from the original on 2021-10-24.
↑ "E-Soft MX survey". securityspace.com. E-Soft Inc. 1 March 2021. Archived from the original on 2021-10-24. Retrieved 21 March 2021.
↑ "Mail Radar survey". Archived from the original on 2007-12-13.
↑ Allman, Eric; Assmann, Claus; Shapiro, Gregory Neil. "Sendmail Installation and Operations Guide" (PDF). Archived from the original (PDF) on 2008-12-03. Retrieved 2009-07-28.
↑ "Proofpoint, Inc. Acquires Sendmail, Inc" (Press release). Proofpoint, Inc. October 1, 2013. Archived from the original on 2021-10-24.
↑ "Sendmail release notes". sendmail.org. The Sendmail Consortium. Archived from the original on 2021-10-24. Retrieved 2009-08-30.

Related Research Articles

Paul Vixie is an American computer scientist whose technical contributions include Domain Name System (DNS) protocol design and procedure, mechanisms to achieve operational robustness of DNS implementations, and significant contributions to open source software principles and methodology. He also created and launched the first successful commercial anti-spam service. He authored the standard UNIX system programs SENDS, proxynet, rtty and Vixie cron. At one point he ran his own consulting business, Vixie Enterprises. In 2002, Vixie held the record for "most CERT advisories due to a single author".

The Simple Mail Transfer Protocol (SMTP) is an Internet standard communication protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP to send and receive mail messages. User-level email clients typically use SMTP only for sending messages to a mail server for relaying, and typically submit outgoing email to the mail server on port 587 or 465 per RFC 8314. For retrieving messages, IMAP is standard, but proprietary servers also often implement proprietary protocols, e.g., Exchange ActiveSync.

<span class="mw-page-title-main">Open mail relay</span>

An open mail relay is a Simple Mail Transfer Protocol (SMTP) server configured in such a way that it allows anyone on the Internet to send e-mail through it, not just mail destined to or originating from known users. This used to be the default configuration in many mail servers; indeed, it was the way the Internet was initially set up, but open mail relays have become unpopular because of their exploitation by spammers and worms. Many relays were closed, or were placed on blacklists by other servers.

The Morris worm or Internet worm of November 2, 1988, is one of the oldest computer worms distributed via the Internet, and the first to gain significant mainstream media attention. It resulted in the first felony conviction in the US under the 1986 Computer Fraud and Abuse Act. It was written by a graduate student at Cornell University, Robert Tappan Morris, and launched on 8:30 pm November 2, 1988, from the Massachusetts Institute of Technology network.

The ancestor of sendmail, delivermail, also by Eric Allman, is a mail transport agent that used the FTP protocol on the early ARPANET to transmit e-mail to the recipient. Due to deficiencies in using FTP to send e-mail, a new protocol was created in 1981 for sending e-mail, SMTP. After DNS replaced hosts files, DNS-style host names were also adopted.

Eric Paul Allman is an American computer programmer who developed sendmail and its precursor delivermail in the late 1970s and early 1980s at UC Berkeley. In 1998, Allman and Greg Olson co-founded the company Sendmail, Inc.

Code Red was a computer worm observed on the Internet on July 15, 2001. It attacked computers running Microsoft's IIS web server. It was the first large-scale, mixed-threat attack to successfully target enterprise networks.

qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting December 1995, by Daniel J. Bernstein as a more secure alternative to the popular Sendmail program. Originally license-free software, qmail's source code was later dedicated to the public domain by the author.

Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.

Blaster was a computer worm that spread on computers running operating systems Windows XP and Windows 2000 during August 2003.

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail.

Michał Zalewski, also known by the user name lcamtuf, is a computer security expert and "white hat" hacker from Poland. He is a former Google Inc. employee, and currently the VP of Security Engineering at Snap Inc.

<span class="mw-page-title-main">Message submission agent</span>

A message submission agent (MSA), or mail submission agent, is a computer program or software agent that receives electronic mail messages from a mail user agent (MUA) and cooperates with a mail transfer agent (MTA) for delivery of the mail. It uses ESMTP, a variant of the Simple Mail Transfer Protocol (SMTP), as specified in RFC 6409.

Alexander Peslyak, better known as Solar Designer, is a security specialist from Russia. He is best known for his publications on exploitation techniques, including the return-to-libc attack and the first generic heap-based buffer overflow exploitation technique, as well as computer security protection techniques such as privilege separation for daemon processes.

The comparison of mail servers covers mail transfer agents (MTAs), mail delivery agents, and other computer software that provide e-mail services.

An Internet messaging platform is any system on the Internet that exchanges messages for the purpose of human communications.

<span class="mw-page-title-main">OpenSMTPD</span> SMTP server

OpenSMTPD is a Unix daemon implementing the Simple Mail Transfer Protocol to deliver messages on a local machine or to relay them to other SMTP servers. It was publicly released on 17 March 2013 with version number 5.3, after being in development since late 2008.

Sendmail, Inc. is an email management business.

The history of email entails an evolving set of technologies and standards that culminated in the email systems in use today.

References

Bryan Costales with Eric Allman (October 2007). sendmail, 4th Edition. O'Reilly and Associates. — This is the Sendmail "bible" containing 1308 pages about Sendmail. It is also known as "The Bat Book", because of the picture on its cover. The 1st Edition was published in November 1993.
Bryan Costales; George Jansen; Claus Assmann; Gregory Shapiro (September 2004). sendmail 8.13 Companion. O'Reilly and Associates. — A companion to sendmail, 3rd Edition, this book documents the improvements in V8.13 in parallel with its release.
Craig Hunt (December 2003). sendmail Cookbook. O'Reilly.
Nick Christenson (2002-09-13). sendmail Performance Tuning. Addison-Wesley. ISBN 978-0-321-11570-6.
Paul Vixie; Frederick M Avolio (2002-01-09). sendmail Theory and Practice. Digital Press. ISBN 978-1555582296.
Lourier, Philippe (1999). "History of Sendmail: Interview with Eric Allman". Dr. Dobb's Journal.
Eric Allman; et al. (1999). Sendmail Evolution: 8.10 and Beyond (PDF). USENIX Annual Technical Conference. Archived (PDF) from the original on 2000-09-14.

External links

Sendmail, Inc.
Sendmail sources
SMTPfeed, SMTP Fast Exploding External Deliverer for Sendmail.
Daniel J. Bernstein, Internet SMTP server survey, October 2001
Mike Brodbelt, A brief history of mail

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Release Notes".

[2] D. J. Bernstein (1996-11-27). "Internet host SMTP server survey". Archived from the original on 2021-10-24.

[3] "E-Soft MX survey". securityspace.com. E-Soft Inc. 1 March 2021. Archived from the original on 2021-10-24. Retrieved 21 March 2021.

[4] "Mail Radar survey". Archived from the original on 2007-12-13.

[5] Allman, Eric; Assmann, Claus; Shapiro, Gregory Neil. "Sendmail Installation and Operations Guide" (PDF). Archived from the original (PDF) on 2008-12-03. Retrieved 2009-07-28.

[6] "Proofpoint, Inc. Acquires Sendmail, Inc" (Press release). Proofpoint, Inc. October 1, 2013. Archived from the original on 2021-10-24.

[7] "Sendmail release notes". sendmail.org. The Sendmail Consortium. Archived from the original on 2021-10-24. Retrieved 2009-08-30.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

Authority control databases
International	VIAF
National	Germany Israel United States