Sendmail Open Source MTA
Proofpoint, Inc., and the Sendmail Consortium announce the availability
of sendmail 8.14.9. This release fixes one security related bug
by properly closing file descriptors (except stdin, stdout, and
stderr) before executing programs. This bug could enable local
users to interfere with an open SMTP connection if they can execute
their own program for mail delivery (e.g., via procmail or the prog
Please send bug reports and general feedback to one of the addresses
listed at: http //www.sendmail.org/email-addresses.html
The version can be found at
You either need the first two files or the third and fourth,
i.e., the gzip'ed version or the compressed version and the
corresponding sig file. The PGP signature was created using
the Sendmail Signing Key/2014, available on the web site
(http //www.sendmail.com/sm/open_source/download/) or on
the public key servers.
Since sendmail 8.11 and later includes hooks to cryptography, the
following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY
SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING
TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME
PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR
COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL
SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE
YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT
AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR
ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
Hide Release Notes
SENDMAIL RELEASE NOTES
This listing shows the version of the sendmail binary, the version
of the sendmail configuration files, the date of release, and a
summary of the changes in that release.
SECURITY: Properly set the close-on-exec flag for file descriptors
(except stdin, stdout, and stderr) before executing mailers.
Fix a misformed comment in conf.c: "/*" within comment
which may cause a compilation error on some systems.
Problem reported by John Beck of Oracle.
DEVTOOLS: Fix regression in auto-detection of libraries when only
shared libraries are available. Problem reported by
Hide Release Notes