Sendmail Open Source

Finding the Right Solution for Open Source Users

Overview

The Sentrion platform is specifically designed for large, complex environments, but we make a subset of that solution available as an open source offering. Sentrion is not for everyone, but if you are using open source for a large complex environment and need an enterprise platform that will enable your messaging roadmap for years to come (virtualization, consolidation, cloud migration, etc.), visit our product page to see if Sendmail Sentrion is right for you.

Current Sendmail Open Source Release

Sendmail 8.15.2 is available from ftp.sendmail.org. The release has a gzipped tar file and a PGP signature file. The compressed/gzipped tar files are signed by the 2015 signing key PGP signature file. See the security page for more information about how releases are signed. 

Important: Before downloading, please review the sendmail licensing terms.

 

Security and PGP Signing Keys

Security advisories are issued by The Computer Emergency Response Team CERT. Sendmail server related security problems should be sent to:


sendmail-security-YYYY@support.sendmail.org

 

Replace YYYY with the current year, e.g., 2015. This address is only for reporting security problems in sendmail. When reporting security problems, please use PGP-the public key is available in the file PGPKEYS of the sendmail distribution.

 

Please do not use this address to report problems that are not related to the security of the sendmail server. Questions about stopping spam, how to set up your own certificate authorities, etc. should be posted in comp.mail.sendmail, and Unix-related security in the comp.security.unix newsgroup.
 

All sendmail distributions are signed with a PGP key named "Sendmail Signing Key/YYYY" where YYYY is the year of release. The signature is always made on the decompressed distribution.

 

Signing Keys
 

Sendmail Signing Keys

Fingerprint

2015 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53
2014   49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73
2013   B87D 4569 86F1 9484 07E5 CCB4 3D68 B25D 5207 CAD3
2012   CA7A 8F39 A241 9FFF B0A9 AB27 8E5A E9FB CEEE F43B
2011   5872 6218 A913 400D E660 3601 39A4 C77D A978 84B0
2010   B175 9644 5303 5DCE DD7B E919 604D FBF2 8541 0ABE
2009   33 3A 62 61 2C F3 21 AA 4E 87 47 F2 2F 2C 40 4D
2008   07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0
2007   D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6
2006   E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79

 

If the uncompressed .tar file is not signed by one of these users, you may have a forgery.


Older Releases
 

Sendmail Signing Keys

Fingerprint

2005   4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A
2004   46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4
2003   C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F
2002   7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45
2001   59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1
2000   81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D
1999   25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71
  Used for: 8.9.3
1998   F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26
  Used for: 8.9.0 through 8.9.2
1997   CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11
  Used for: 8.8.6 through 8.8.8
Prior to sendmail 8.8.6,
distributions were signed
by Eric Allman.
  C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29

DKIM

The Domain Keys Identified Mail (DKIM) Internet standard enables email senders to digitally sign their messages so that receivers can verify that those messages have not been forged. The DKIM sender authentication scheme allows the recipient of a message to confirm a message originated with the sender’s domain and that the message content has not been altered. A cryptography-based solution, DKIM provides businesses an industry-standard method for mitigating email fraud and protecting an organization’s brand and reputation at a relatively low implementation cost.


DKIM has been approved by the IETF as a draft standard (RFC 4871). The protocol was developed through the cooperation of Sendmail, Cisco Systems and Yahoo!


Since being approved by the IETF, a new open source project was started. The OpenDKIM Project is a community effort to develop and maintain a C library for producing DKIM-aware applications and an open source milter for providing DKIM service.


The project started from a code fork of version 2.8.3 of the open source dkim-milter package developed and maintained by Sendmail, Inc.


The Sendmail Sentrion Message Processing Engine comes standard with OpenDKIM. More information is available at opendkim.org and dkim.org