Open Source Release 8.14.5

Sentrion Overview Sentrion Platform Sentrion REAC Sentrion Mimecast Hard Appliances Virtual Appliances

Overview Policy Compliance Secure Content Filtering Cloud Partner Enterprise Community

Overview Download Security Support News Documentation Tips & Tricks DKIM FAQ Misc Milters

Overview Directory Synchronization Messaging Architecture Review High Volume Mail HIPAA Policy QUICKStart Implementation Performance Tuning Training Services Overview Message Routing and
Configuration Message Policy
Management Connection Control /
Attack Prevention Directory Configuration
and Management

Overview Sendmail Partners Milter Community Industry Organizations System Integrators & Distributors

Overview Silver Support Gold Support Platinum Support Open Source Support Security Advisories Contact Support

Overview Customers Events Press Room Board & Investors Management Careers Contact Us

Overview Ask the Experts Security Chalk Talks Collateral Product Reviews & Awards IP Reputation Check Real-time Outbreak Monitor

		HOME \| CUSTOMER LOGIN

Sentrion Message Processors

Sentrion Application Store

Services

Partners

Support

Company

Resources

Open Source

Sendmail Open Source MTA

Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.14.5. This version fixes a few problems, including:

SMTP extensions are no longer cached across connections as the cache is based on hostname which may not be a unique identifier for a server, i.e., different machines may have the same hostname but provide different SMTP extensions.
An out-of-bounds access is avoided in case a resolver reply for a DNS map lookup returns a size larger than 1K.
The interrupt signal handler has been cleaned up to avoid invoking functions that are not signal-safe.
At most two AUTH lines are read from a server to avoid a DoS attack against the client (memory exhaustion).

A complete list of changes can be found in the release notes.

Please send bug reports and general feedback to one of the addresses listed at one of the following addresses.

The version can be found at:

MD5 signatures:

f3ebb70a5af37aaa6174bc07fb9cd1ae sendmail.8.14.5.tar.Z
d5c02a48b1c2c75babb9c666f5b3b1a6 sendmail.8.14.5.tar.Z.sig
02ccfc331cc81ed00ec8bb5ecfc69018 sendmail.8.14.5.tar.gz
43b8cb0eac8e4d9fe47013fa78f32752 sendmail.8.14.5.tar.gz.sig

ERRATA:

(2011-05-26)
If a server offers two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail. Problem noted by Lena. A patch (signature) is available.

You either need the first two files or the third and fourth, i.e., the gzip'ed version or the compressed version and the corresponding sig file. The PGP signature was created using the Sendmail Signing Key/2011, available on the web site (http://www.sendmail.com/sm/open_source/download/) or on the public key servers.

Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE, OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS, OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE, YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU.

THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.

Show Release Notes