Sendmail Open Source MTA
Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.14.6. This version fixes a few problems, including:
- If a server offers two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail.
- Hostnames are no longer cached internally in a non case sensitive way as that may cause addresses to change from lower case to upper case or vice versa.
- It was possible that new queue runners could not be started anymore if MaxQueueChildren was set.
A complete list of changes can be found in the release notes (see below).
Please send bug reports and general feedback to one of the addresses listed at one of the following addresses.
The version can be found at
MD5 (sendmail.8.14.6.tar.Z) = fea8951e7ccd0d6150fb63da1fb4c29a
MD5 (sendmail.8.14.6.tar.Z.sig) = 83cb2970fc06dcf842ce72f05938121b
MD5 (sendmail.8.14.6.tar.gz) = 9eeed3d1baecbf4e17d829d2ec005553
MD5 (sendmail.8.14.6.tar.gz.sig) = efb5697ceec739b72d888e95e779daeb
You either need the first two files or the third and fourth, i.e., the gzip'ed version or the compressed version and the corresponding sig file. The PGP signature was created using the Sendmail Signing Key/2012, available on the web site (http://www.sendmail.com/sm/open_source/download/) or on the public key servers.
Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.
The wrong list of macros is sent to a milter in the EHLO stage.
Problem found by Fabrice Bellet, reported via RedHat (Jaroslav Skarvada).
A patch (signature)
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
AND/OR USE LAWS WHICH APPLY TO YOU.
THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
Hide Release Notes
SENDMAIL RELEASE NOTES
$Id: RELEASE_NOTES,v 8.2011 2012/12/21 18:42:16 ca Exp $
This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release.
Fix a regression introduced in 8.14.5: if a server offers
two AUTH lines, the MTA would not read them after
STARTTLS has been used and hence SMTP AUTH for
the client side would fail. Problem noted by Lena.
Do not cache hostnames internally in a non case sensitive way
as that may cause addresses to change from lower case
to upper case or vice versa. These header modifications
can cause problems with milters that rely on receiving
headers in the same way as they are being sent out such
as a DKIM signing milter.
If MaxQueueChildren is set then it was possible that new queue
runners could not be started anymore because an
internal counter was subject to a race condition.
If a milter decreases the timeout it waits for a communication
with the MTA, the MTA might experience a write() timeout.
In some situations, the resulting error might have been
ignored. Problem noted by Werner Wiethege.
Note: decreasing the communication timeout in a milter
should not be done without considering the potential
smfi_setsymlist() now properly sets the list of macros for
the milter which invoked it, instead of a global
list for all milters. Problem reported by
David Shrimpton of the University of Queensland.
If Timeout.resolver.retrans is set to a value larger than 20,
then resolver.retry was temporarily set to 0 for
gethostbyaddr() lookups. Now it is set to 1 instead.
Patch from Peter.
If sendmail could not lock the statistics file due to a system
error, and sendmail later sends a DSN for a mail that
triggered such an error, then sendmail tried to access
memory that was freed before (causing a crash on some
systems). Problem reported by Ryan Stone.
Do not log negative values for size= nor pri= to avoid confusing
log parsers, instead limit the values to LONG_MAX.
Account for an API change in newer versions of Cyrus-SASL.
Patch from Hajimu UMEMOTO from FreeBSD.
Do not try to resolve link-local addresses for IPv4 (just as it
is done for IPv6). Patch from John Beck of Oracle.
Improve logging of client and server STARTTLS connection failures
that may be due to incompatible cipher lists by including
the reason for the failure in a single log line. Suggested
by James Carey of Boeing.
Add support for Darwin 11.x and 12.x (Mac OS X 10.7 and 10.8).
Add support for SunOS 5.12 (aka Solaris 12). Patch from
John Beck of Oracle.
Hide Release Notes