sendmail -- The industry-leading mail transfer agent for Unix platforms

By ServerWatch Staff (Send Email)
Posted Jun 5, 2002


There is probably no more universally criticized software in the UNIX/Internet world than sendmail.

Then again, there is probably no more universally implemented mail-transfer software in the Internet world, either. There is probably no more universally criticized software in the UNIX/Internet world than sendmail. Then again, there is probably no more universally implemented mail-transfer software in the Internet world, either.

This isn't as contradictory as it might seem. When the Internet was in its infancy, sendmail was one of the few tools suitable for moving large amounts of mail; it was the mail transfer agent of choice for many TCP/IP intranets as well. As both the Internet and corporate intranets grew in popularity, sendmail went along for the ride, all the while being continually upgraded by the Sendmail Consortium and implemented by the likes of Sun and IBM.

Today, the mail-transfer agent of choice among larger Internet sites continues to be sendmail. The major commercial Internet vendors, such as IBM and Sun, still support sendmail, and almost every leading PC-based UNIX workalike comes standard with sendmail as its mail-routing tool, including all the major Linux variants (Slackware Linux, Red Hat Linux, etc.) and the BSD variants (including FreeBSD, BSDi, and 4.3BSD).

This is not to say that sendmail is ideal software -- it isn't. Sendmail is a pain to implement and configure (if you're a consultant and want to ensure a steady stream of customers, roll up your sleeves and obtain a good working knowledge of sendmail). It relies on obscure syntax invoked in text-based configuration files that are run through a macro processor. It's also closely tied to UNIX conventions and standards, necessitating a significant knowledge base in both.

But on the plus side, sendmail does contain a number of sample files that can easily be adapted for most situations. Once up and running, sendmail is considered to be one of the more robust tools in the Internet mail world -- it rarely stops offering mail services and even more rarely brings down a server. Sendmail is also regarded as being among the most efficient and flexible servers available for routing mail in intranet and Internet situations.

There are also two commercial versions of sendmail currently available. MetaInfo offers the $495 Sendmail for Windows NT, which places a graphical interface on top of a standard sendmail configuration. Sendmail, Inc. offers commercial support for the standard sendmail distribution. If you plan on tackling the freeware release of sendmail instead, you'll want to make sure you have a good resource for installing and configuring the server -- O'Reilly & Associates' sendmail (co-authored by sendmail developer Eric Allman) is considered to be the definitive guide to sendmail.

Should you consider sendmail? If you are planning on running a mail server on a UNIX box and want a great, free piece of software, the answer is a definitive yes. Be prepared for some work -- and perhaps a bit of frustration -- in setting up sendmail, but in the long run the effort will be worth it. If you're using sendmail already, you'll want to upgrade to version 8.8 or 8.9 for one reason -- implementation of various anti-spam tools. These perform a number of tasks, including preventing the relay of mail messages through your SMTP port, refusing mail from selected relays, insisting on valid hostnames in the MAIL FROM: field, and restricting mail acceptance (in other words, preventing mail bombing).

Sendmail is one of those necessary evils when you consider your Internet plumbing needs. Sendmail is both robust and ubiquitous -- and in a mission-critical situation, that's perhaps the best possible combination of all.

Pros: Proven in high-traffic situations, ubiquitous in UNIX, advanced anti-spam capabilities
Cons: Configuration performed through text config files, obscure syntax, tied closely to UNIX
New: Anti-spam tools, including preventing the relay of mail messages through your SMTP port

New in v8.9.1: A variety of bug fixes (see the Release Notes for details)
Upgrade Meter: 2

New in v8.9.1a: This patch provides MIME Buffer Overflow protection (sendmail is not vulnerable to buffer overflow attacks, but this patch will proactively defend against such attacks for users, even if the user's e-mail client is susceptible to the problem); Release Notes
Upgrade Meter: 2

New in v8.9.3: No information yet - check back or send us an e-mail if you have what's new info

New in v8.10.0 Beta 10: AutoRebuildAliases option deprecated; only root, the TrustedUser, and trusted users can rebuild the alias file with new aliases; all file descriptors must be closed before restarting sendmail; allows MaxRecipientsPerMessage option to be set on the command line by normal users; includes free disk space and load average information in control socket status responses; multiple bug fixes; Release Notes
Upgrade Meter: 2

New in v8.10.0 Beta 12: Changed cf header syntax for macro decisions to be more like mailer flag decision; logs basic information about authenticated connections at LogLevel 10; stops processing SMTP commands if the connection is dropped; properly processes user-supplied headers beginning with '?'; adds an H_FORCE flag for the X-Authentication-Warning: header; version number for queue files (qf) has been incremented to 4; mail filter API (Milter) code has been added as FFR Minor portability changes; Release Notes
Upgrade Meter: 2

New in v8.10.0 (Official Release): Safe file checks now backtrack through symbolic links to ensure files cannot be compromised due to poor permissions on the parent directories of the symbolic link target; only root, TrustedUser, and users in class t can rebuild the alias map; there is potential for a denial of service attack if the AutoRebuildAliases option is set; all file descriptors (besides stdin, stdout, and stderr) must be closed before restarting sendmail; DataFileBufferSize can control the maximum size of a memory-buffered data (df) file before a disk-based file is used; XscriptFileBufferSize can control the maximum size of a memory-buffered transcript (xf) file before a disk-based file is used; Release Notes
Upgrade Meter: 4

New in v8.10.1: Limits the choice of outgoing (client-side) SMTP authentication mechanisms to those specified in AuthMechanisms to prevent information leakage; copies the ident argument for openlog() to avoid problems on some OSs; prevents a malformed ruleset (missing right hand side) from causing a segmentation fault when using address test mode; prevent memory leak from use of NIS maps and yp_match(3); fixed queue file permission checks to allow for TrustedUser ownership; changed logging of errors from the trust_auth ruleset to LogLevel 10 or higher; Release Notes
Upgrade Meter: 2

New in v8.11 Beta 1: Supports SMTP service extension for Secure SMTP; new DontBlameSendmail option InsufficientEntropy for systems that do not properly seed the PRNG for OpenSSL but want to use STARTTLS despite the security problems; supports the security layer in SMTP AUTH for mechanisms that support encryption; more protection added for accidentally tripping OpenLDAP 1.X's ld_errno == LDAP_DECODING_ERROR hack on ldap_next_attribute(); fixed the default family selection for DaemonPortOptions; set the ${if_family} when setting ${if_addr} and ${if_name} to reflect the interface information for an outgoing connection; Release Notes
Upgrade Meter: 2

New in v8.11 (Official Release): STARTTLS and SMTP Authentication Security Layer code included in the open source version; overly restrictive gid security checking in 8.10.2 was relaxed; DaemonPortOptions Family= defaults to inet if not specified, requiring IPv6 users to add an additional DaemonPortOptions settings with Family=inet6; LDAP map fixes; mail.local Content-Length header fix; support added for the Entropy Gathering Daemon (EGD) for better random data; added new macro ${auth_ssf} to reflect the SMTP AUTH security strength factor; Release Notes
Upgrade Meter: 3

New in v8.11.3: Prevents a segmentation fault when a bogus value was used in the LDAPDefaultSpec option's -r, -s, or -M flags, and if a bogus option was used; prevents "token too long" message by shortening {currHeader}; checks IPv6 for unspecified addresses does not ignore the ClientPortOptions setting; deals with open failures on nonoptional maps used in check_* rulesets by returning a temporary failure; buffered file I/O files are fsync'ed to disk when they were committed; encodes '=' for the AUTH= parameter of the MAIL command; under certain circumstances, the macro {server_name} could be set to the wrong hostname (of a previous connection), causing some rulesets to return wrong results; ignored F=z (LMTP) mailer flag if $u is given in the mailer A=equate; work-around broken accept() implementations, which only partially fill in the peer address if the socket is closed before accept() completes; returns an SMTP "421" temporary failure if the data file cannot be opened where the "354" reply would normally be given; prevented a CPU loop in trying to expand a macro that doesn't exist in a queue run; Release Notes
Upgrade Meter: 2

New in v8.12.0 Beta 7: Several of the portability problems (especially for MacOS X and NeXTstep) have been fixed; confDELIVERBYMIN and confSHAREDMEMORYKEY renamed confDELIVER_BY_MIN and confSHARED_MEMORY_KEY, respectively; replaced {LDAPCluster} with {sendmailMTACluster}; added FEATURE(`queuegroup') for selecting a queue group in the access database; added OSTYPE(`freebsd4'); sendmail/TUNING gives some hints about performance tuning; any IPv6 addresses used in configuration should be prefixed by the "IPv6:" tag to identify the address properly; enhances the selection of the .cf file for MSP/MTA as explained in sendmail/SECURITY; Release Notes
Upgrade Meter: 2

New in v8.11.4: Cleaned up signal-handling routines to reduce the chances of heap corruption and other potential race conditions; if a server offers "AUTH=" and "AUTH", and the list of mechanisms is different in those two lines, sendmail might not have recognized (and used) all of the offered mechanisms; fixed an IP address look-up problem on Solaris 2.0 to 2.3; problems with Timeout.QueueReturn where bounce messages were lost has been fixed; pass map argument vector moved into map rewriting engine for the regex and prog map types; fixed DSN for "Too many hops" and "mail loops back to me" bounces; OpenBSD has a broken setreuid() implementation; added OSTYPE(freebsd4) for FreeBSD 4.X; install.sh now properly handles paths in the source file name argument; added FAST_PID_RECYCLE to compile time options for OpenBSD since it generates random process ids; added back adaptive algorithm to deal with different endings of entries in the database; Release Notes
Upgrade Meter: 2

New in v8.11.5: Fixed a possible race condition that occurred when sending an HUP signal to restart the daemon; variety of bug fixes; fixed broken setreuid() implementation in BSD/OS; BSD/OS has /dev/urandom(4) and fchown(2), and Solaris 2.X and later have strerror(3); fixed parsing for IPv6 domain literals in addresses; Release Notes
Upgrade Meter: 2

New in v8.11.6: Fixed a possible memory access violation that occurred when specifying out-of-bounds debug parameters; fixed a possible segmentation violation that occurred when specifying too many wildcard operators in a rule; non-matching Hesiod lookups can cause a segmentation fault; recipient information may leak in unrelated DSNs; Release Notes
Upgrade Meter: 2

New in v8.12.0 Beta 19: Fixes a security problem in handling the '-d' command line option; new compile time option REQUIRES_DIR_FSYNC turns on support for file systems that require to call fsync() for a directory if the meta-data in it has been changed; various compilation flag changes for Linux; fixed install program in cf/cf/Makefile; properly recognizes IPv6 domain literals; enhanced logging for rejections due to mail filters; timeout options given on the command line also override their sub-suboptions in the .cf file; Release Notes
Upgrade Meter: 2

New in v8.12.1: Check whether dropping group privileges actually succeeded to avoid possible compromises of the mail system by supplying bogus data; added configuration options for different set*gid() calls to reset saved gid; prevents information leakage when sendmail has extra privileges by disabling debugging (command line -d flag) during queue runs and disabling ETRN when sendmail -bs is used; avoids memory corruption problems that result from bogus .cf files; set the ${server_addr} macro to the name of the mailer when doing LMTP delivery; if debugging is turned on (-d0.10) sendmail can print not just the default values for configuration file and pid file but also the selected values; limits mail submission command-line flags (i.e., -G, -h, -F, etc.) to mail submission operating modes (e.g., -bm, -bs, and -bv) when sendmail has extra privileges; added restrictqrun to PrivacyOptions for the MSP to minimize problems with potential misconfigurations; fixed comment showing the default value of MaxHopCount; mfapi.h now requires mfdef.h; added __P definition for the OS that lacks it; fixed a lock race condition that affects makemap, praliases, and vacation; Release Notes
Upgrade Meter: 4

New in v8.12.2: Only logs an error message if stdin, stdout, or stderr are missing at startup; fixes a potential problem if an unknown operation mode (character following -b) has been specified; prevents purgestat from looping even if someone changes the permissions or owner of hoststatus files; properly records dropped connections in persistent host status; removes newlines from recipients read via sendmail -t to prevent SMTP protocol errors when sending the RCPT command; logs milter body replacements once instead of for each body chunk sent by a filter; headers are again included in message size calculations; "nullserver" and ETRN-only connections shut down after 25 bad commands are issued; fixed FallbackMXhost behavior for temporary errors during address parsing; fixed a potential deadlock if two events are supposed to occur at exactly the same time; performs envelope splitting for aliases listed directly in the alias file, not just for include/.forward files; can selection queue group for mailq using -qGgroup; cached LDAP connections that use multiple maps in the same process are closed; if running as root, now allows class files in protected directories to be read; corrected a few LDAP-related memory leaks; can specify an empty realm via the authinfo ruleset; avoids a potential information leak if AUTH PLAIN is used and the server gets stuck while processing that command; Release Notes
Upgrade Meter: 2

New in v8.12.3: Fixed problem with error mail; fixed possible race condition that could cause sendmail to forget running queues; protects against interrupted select() call when enforcing Milter read and write timeouts; matching queue IDs with -qI should be case sensitive; fixed SafeFileEnvironment path munging when the specified path contains a trailing slash; clear full name of sender for each new envelope to avoid bogus data if several mails are sent in one session and some of them do not have a From: header; change timeout check such that cached information about a connection will be immediately invalid if ConnectionCacheTimeout is zero; properly count message size for mailstats during mail collection; logs complete response from LMTP delivery agent on failure; provide workaround for getopt() implementations that do not catch missing arguments; fixed the message size calculation if the message body is replaced by a milter filter and buffered file I/O is being used; do not honor SIGUSR1 requests if running with extra privileges; prevent a file descriptor leak on mail delivery if the initial connect fails and DialDelay is set; properly deals with a case where sendmail is called by root running a set-user-ID (non-root) program; avoid leaving behind stray transcript (xf) files if multiple queue directories are used and mail is sent to a mailing list that has an owner- alias; fixed class map parsing code if optional key is specified; SMTP daemon no longer tries to fix up improperly dot-stuffed incoming messages; fixed corruption when doing automatic MIME 7-bit quoted-printable or base64 encoding to 8-bit text; Release Notes
Upgrade Meter: 2

Version Reviewed: 8.9.3
Reviewed by: Kevin Reichard
Last Updated: 4/8/02
Date of Original Review: 8/12/98


Operating Systems / Latest Versions:

Unix: All flavors - SunOS, Sun Solaris, HP-UX, IBM AIX, SGI IRIX, Digital Unix and Ultrix, Linux, NeXTStep, BSDI, FreeBSD, 4.3BSD, A/UX, SCO Unix, UnixWare, Dell SVR4, and Amdahl UTS

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.