Overview
The Sentrion platform is specifically designed for large, complex environments, but we make a subset of that solution available as an open source offering. Sentrion is not for everyone, but if you are using open source for a large complex environment and need an enterprise platform that will enable your messaging roadmap for years to come (virtualization, consolidation, cloud migration, etc.), visit our product page to see if Sendmail Sentrion is right for you.
Current Sendmail Open Source Release
Sendmail 8.15.2 is available from ftp.sendmail.org. The release has a gzipped tar file and a PGP signature file. The compressed/gzipped tar files are signed by the 2015 signing key PGP signature file. See the security page for more information about how releases are signed.
Important: Before downloading, please review the sendmail licensing terms.
Security and PGP Signing Keys
Security advisories are issued by The Computer Emergency Response Team CERT. Sendmail server related security problems should be sent to:
sendmail-security-YYYY@support.sendmail.org
Replace YYYY with the current year, e.g., 2015. This address is only for reporting security problems in sendmail. When reporting security problems, please use PGP-the public key is available in the file PGPKEYS of the sendmail distribution.
Please do not use this address to report problems that are not related to the security of the sendmail server. Questions about stopping spam, how to set up your own certificate authorities, etc. should be posted in comp.mail.sendmail, and Unix-related security in the comp.security.unix newsgroup.
All sendmail distributions are signed with a PGP key named "Sendmail Signing Key/YYYY" where YYYY is the year of release. The signature is always made on the decompressed distribution.
Signing Keys
Sendmail Signing Keys |
Fingerprint |
2015 | 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53 |
2014 | 49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73 |
2013 | B87D 4569 86F1 9484 07E5 CCB4 3D68 B25D 5207 CAD3 |
2012 | CA7A 8F39 A241 9FFF B0A9 AB27 8E5A E9FB CEEE F43B |
2011 | 5872 6218 A913 400D E660 3601 39A4 C77D A978 84B0 |
2010 | B175 9644 5303 5DCE DD7B E919 604D FBF2 8541 0ABE |
2009 | 33 3A 62 61 2C F3 21 AA 4E 87 47 F2 2F 2C 40 4D |
2008 | 07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0 |
2007 | D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6 |
2006 | E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79 |
If the uncompressed .tar file is not signed by one of these users, you may have a forgery.
Older Releases
Sendmail Signing Keys |
Fingerprint |
2005 | 4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A |
2004 | 46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4 |
2003 | C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F |
2002 | 7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45 |
2001 | 59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1 |
2000 | 81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D |
1999 | 25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71 Used for: 8.9.3 |
1998 | F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26 Used for: 8.9.0 through 8.9.2 |
1997 | CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11 Used for: 8.8.6 through 8.8.8 |
Prior to sendmail 8.8.6, distributions were signed by Eric Allman. |
C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29 |
DKIM
The Domain Keys Identified Mail (DKIM) Internet standard enables email senders to digitally sign their messages so that receivers can verify that those messages have not been forged. The DKIM sender authentication scheme allows the recipient of a message to confirm a message originated with the sender’s domain and that the message content has not been altered. A cryptography-based solution, DKIM provides businesses an industry-standard method for mitigating email fraud and protecting an organization’s brand and reputation at a relatively low implementation cost.
DKIM has been approved by the IETF as a draft standard (RFC 4871). The protocol was developed through the cooperation of Sendmail, Cisco Systems and Yahoo!
Since being approved by the IETF, a new open source project was started. The OpenDKIM Project is a community effort to develop and maintain a C library for producing DKIM-aware applications and an open source milter for providing DKIM service.
The project started from a code fork of version 2.8.3 of the open source dkim-milter package developed and maintained by Sendmail, Inc.
The Sendmail Sentrion Message Processing Engine comes standard with OpenDKIM. More information is available at opendkim.org and dkim.org