Sendmail Open Source MTA
Proofpoint, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.15.2. This version:
- includes various IPv6 related fixes, including a run-time option to
select between compressed and uncompressed IPv6 addresses
- changes the default for DHParameters in response to the WeakDH
"LogJam" security vulnerability
- rejects more invalid protocol data in libmilter
- fixes FEATURE(`nopercenthack')
and has some other enhancements. For details see the release notes
Please send bug reports and general feedback to one of the addresses
listed at: http://www.sendmail.org/email-addresses.html
The version can be found at
You either need the first two files or the third and fourth,
i.e., the gzip'ed version or the compressed version and the
corresponding sig file. The PGP signature was created using
the Sendmail Signing Key/2015, available on the web site
(http //www.sendmail.com/sm/open_source/download/) or on
the public key servers.
Since sendmail 8.11 and later includes hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
Hide Release Notes
SENDMAIL RELEASE NOTES
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
If FEATURE(`nopercenthack') is used then some bogus input triggered
a recursion which was caught and logged as
SYSERR: rewrite: excessive recursion (max 50) ...
Fix based on patch from Ondrej Holas.
DHParameters now by default uses an included 2048 bit prime.
The value 'none' previously caused a log entry claiming
there was an error "cannot read or set DH parameters".
Also note that this option applies to the server side only.
The U= mailer field didn't accept group names containing hyphens,
underbars, or periods. Based on patch from David Gwynne
of the University of Queensland.
CONFIG: Allow connections from IPv6:0:0:0:0:0:0:0:1 to relay again.
Patch from Lars-Johan Liman of Netnod Internet Exchange.
CONFIG: New option UseCompressedIPv6Addresses to select between
compressed and uncompressed IPv6 addresses. The default
value depends on the compile-time option IPV6_FULL:
For 1 the default is False, for 0 it is True, thus
preserving the current behaviour. Based on patch from
John Beck of Oracle.
CONFIG: Account for IPv6 localhost addresses in
FEATURE(`block_bad_helo'). Suggested by Andrey Chernov
from FreeBSD and Robert Scheck from the Fedora Project.
CONFIG: Account for IPv6 localhost addresses in check_mail ruleset.
LIBMILTER: Deal with more invalid protocol data to avoid potential
crashes. Problem noted by Dimitri Kirchner.
LIBMILTER: Allow a milter to specify an empty macro list ("", not
NULL) in smfi_setsymlist() so no macro is sent for the
MAKEMAP: A change to check TrustedUser in fewer cases which was
made in 2013 caused a potential regression when makemap
was run as root (which should not be done anyway).
Note: sendmail often contains options "For Future Releases"
(prefix _FFR_) which might be enabled in a subsequent
version or might simply be removed as they turned out not
to be really useful. These features are usually not
documented but if they are, then the required (FFR)
options are listed in
- doc/op/op.* for rulesets and macros,
- cf/README for mc/cf options.
Hide Release Notes