Security advisories are issued by The Computer Emergency Response Team CERT.
sendmail server related security problems should be sent to:
Replace YYYY with the current year, e.g., 2015. This address is only for reporting security problems in sendmail. When reporting security problems, please use PGP-the public key is available in the file PGPKEYS of the sendmail distribution.
Please do not use this address to report problems that are not related to the security of the sendmail server. Questions about stopping spam, how to set up your own certificate authorities, etc. should be posted in comp.mail.sendmail, and Unix-related security in the comp.security.unix newsgroup.
PGP Signing Keys
All sendmail distributions are signed with a PGP key