Enterprise Cybersecurity Solutions, Services and Training
Enterprise Cybersecurity Solutions, Services and Training

Sendmail Open Source

The sendmail Sentrion platform is specifically designed for large, complex environments, but we make a subset of that solution available as an open-source offering. Sentrion is not for everyone, but if you are using open source email for a large complex environment and need an enterprise platform that will enable your messaging roadmap for years to come (virtualization, consolidation, cloud migration, etc.), speak with a specialist to see if Sendmail Sentrion is right for you.

Contact us
Contact us
Releases Signing Keys Contact Us DKIM
Releases

Current Sendmail Open Source Release


Sendmail 8.18.2 is available from ftp.sendmail.org. The release has a gzipped tar file and a PGP signature file. The compressed/gzipped tar files are signed by the 2025 signing key. See the Security and PGP Signing Keys section for more information about how releases are signed.

Signing Keys

Signing Keys


Security advisories are issued by The Computer Emergency Response Team CERT. Sendmail server related security problems should be sent to:

sendmail-security-YYYY@support.sendmail.org

Replace YYYY with the current year, e.g., 2015. This address is only for reporting security problems in sendmail. When reporting security problems, please use PGP-the public key is available in the file PGPKEYS of the sendmail distribution.

Please do not use this address to report problems that are not related to the security of the sendmail server. Questions about avoiding spam risk, how to set up your own certificate authorities, etc. should be posted in comp.mail.sendmail, and Unix-related security in the comp.security.unix newsgroup.

All sendmail distributions are signed with a PGP key named "Sendmail Signing Key/YYYY" where YYYY is the year of release.

Sendmail Signing Keys

Fingerprint

2026

E73A 77EF 550A EEFB D362  DC31 C029 CC30 D575 D027

2025

0323 12C7 C0C2 B197 3D50  1318 0C19 D37C B7E6 543E

2024

8AB0 63D7 A4C5 939D A9C0  1E38 C406 5A87 C71F 6844

2023

8186 4A03 75F2 7810 64FE  8E4D CFF9 F967 40ED 9550

2022

6327 DDCB 5E7E 80E4 987E  A3B7 FD79 DC0C 81D9 210A

2021

F4CE 2263 2102 53D6 A9F9 79B0 4C66 EA8D 4BEE 1BEE

2020

ADFD B709 FE1E A682 E585 5971 D583 210E F514 71A7

2019

50A3 0309 8EA2 DD7B CBEE 2ADA 09E0 1FA0 3C0C 504E

2018

A687 3D24 A4D6 D628 4AE4 2A75 F060 59FD 5DC7 CC3F

2017

3C8A 1E8E 7F44 CADE 114F ED46 4BC9 BDA6 6BF7 26AD

2016

0F5C 96AE C8E6 9E9C 8E54 2E5C 6D4C D194 29FB 03DE

2015

30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53

2014

49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73

2013

B87D 4569 86F1 9484 07E5 CCB4 3D68 B25D 5207 CAD3

2012

CA7A 8F39 A241 9FFF B0A9 AB27 8E5A E9FB CEEE F43B

2011

5872 6218 A913 400D E660 3601 39A4 C77D A978 84B0

2010

B175 9644 5303 5DCE DD7B E919 604D FBF2 8541 0ABE

2009

33 3A 62 61 2C F3 21 AA 4E 87 47 F2 2F 2C 40 4D

2008

07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0

2007

D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6

2006

E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79

Sendmail Signing Keys

2026

Fingerprint

E73A 77EF 550A EEFB D362  DC31 C029 CC30 D575 D027

Sendmail Signing Keys

2025

Fingerprint

0323 12C7 C0C2 B197 3D50  1318 0C19 D37C B7E6 543E

Sendmail Signing Keys

2024

Fingerprint

8AB0 63D7 A4C5 939D A9C0  1E38 C406 5A87 C71F 6844

Sendmail Signing Keys

2023

Fingerprint

8186 4A03 75F2 7810 64FE  8E4D CFF9 F967 40ED 9550

Sendmail Signing Keys

2022

Fingerprint

6327 DDCB 5E7E 80E4 987E  A3B7 FD79 DC0C 81D9 210A

Sendmail Signing Keys

2021

Fingerprint

F4CE 2263 2102 53D6 A9F9 79B0 4C66 EA8D 4BEE 1BEE

Sendmail Signing Keys

2020

Fingerprint

ADFD B709 FE1E A682 E585 5971 D583 210E F514 71A7

Sendmail Signing Keys

2019

Fingerprint

50A3 0309 8EA2 DD7B CBEE 2ADA 09E0 1FA0 3C0C 504E

Sendmail Signing Keys

2018

Fingerprint

A687 3D24 A4D6 D628 4AE4 2A75 F060 59FD 5DC7 CC3F

Sendmail Signing Keys

2017

Fingerprint

3C8A 1E8E 7F44 CADE 114F ED46 4BC9 BDA6 6BF7 26AD

Sendmail Signing Keys

2016

Fingerprint

0F5C 96AE C8E6 9E9C 8E54 2E5C 6D4C D194 29FB 03DE

Sendmail Signing Keys

2015

Fingerprint

30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53

Sendmail Signing Keys

2014

Fingerprint

49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73

Sendmail Signing Keys

2013

Fingerprint

B87D 4569 86F1 9484 07E5 CCB4 3D68 B25D 5207 CAD3

Sendmail Signing Keys

2012

Fingerprint

CA7A 8F39 A241 9FFF B0A9 AB27 8E5A E9FB CEEE F43B

Sendmail Signing Keys

2011

Fingerprint

5872 6218 A913 400D E660 3601 39A4 C77D A978 84B0

Sendmail Signing Keys

2010

Fingerprint

B175 9644 5303 5DCE DD7B E919 604D FBF2 8541 0ABE

Sendmail Signing Keys

2009

Fingerprint

33 3A 62 61 2C F3 21 AA 4E 87 47 F2 2F 2C 40 4D

Sendmail Signing Keys

2008

Fingerprint

07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0

Sendmail Signing Keys

2007

Fingerprint

D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6

Sendmail Signing Keys

2006

Fingerprint

E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79

If the signature does not match any of these keys, you may have a forgery.

 

Older Releases

Sendmail Signing Keys

Fingerprint

2005

4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A

2004

46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4

2003

C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F

2002

7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45

2001

59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1

2000

81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D

1999

25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71
Used for: 8.9.3

1998

F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26
Used for: 8.9.0 through 8.9.2

1997

CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11
Used for: 8.8.6 through 8.8.8

Prior to sendmail 8.8.6, distributions were signed by Eric Allman

C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29

Sendmail Signing Keys

2005

Fingerprint

4B 38 0E 0B 41 E8 FC 79 E9 7E 82 9B 04 23 EC 8A

Sendmail Signing Keys

2004

Fingerprint

46 FE 81 99 48 75 30 B1 3E A9 79 43 BB 78 C1 D4

Sendmail Signing Keys

2003

Fingerprint

C4 73 DF 4A 97 9C 27 A9 EE 4F B2 BD 55 B5 E0 0F

Sendmail Signing Keys

2002

Fingerprint

7B 02 F4 AA FC C0 22 DA 47 3E 2A 9A 9B 35 22 45

Sendmail Signing Keys

2001

Fingerprint

59 AF DC 3E A2 7D 29 56 89 FA 25 70 90 0D 7E C1

Sendmail Signing Keys

2000

Fingerprint

81 8C 58 EA 7A 9D 7C 1B 09 78 AC 5E EB 99 08 5D

Sendmail Signing Keys

1999

Fingerprint

25 73 4C 8E 94 B1 E8 EA EA 9B A4 D6 00 51 C3 71
Used for: 8.9.3

Sendmail Signing Keys

1998

Fingerprint

F9 32 40 A1 3B 3A B6 DE B2 98 6A 70 AF 54 9D 26
Used for: 8.9.0 through 8.9.2

Sendmail Signing Keys

1997

Fingerprint

CA AE F2 94 3B 1D 41 3C 94 7B 72 5F AE 0B 6A 11
Used for: 8.8.6 through 8.8.8

Sendmail Signing Keys

Prior to sendmail 8.8.6, distributions were signed by Eric Allman

Fingerprint

C0 28 E6 7B 13 5B 29 02 6F 7E 43 3A 48 4F 45 29

Contact Us

Contact Us


These addresses are for contributing patches or reporting problems about V8 sendmail. The members of these lists do not have the resources to support vendor versions. Before sending to any of these addresses, please check the FAQ and the files README, sendmail/README (on this web-site as Compiling Sendmail) and cf/README (on this web-site as the Configuration README pages) to see if they are already answered; about half of the questions received can be answered in this way.

Notes

  • Do not send us mail in HTML format, use plain text only (even multipart/alternative with an HTML part will be classified as spam by some of our members and hence an answer will most likely be delayed).
  • Do not use 8bit characters in the Subject: nor use some encoding, e.g., =?GB2312?B?, but only plain 7bit ASCII without any charset encoding.
  • If you send e-mail to sendmail.org, the answer will most likely not come from a system in the sendmail.org domain. If you use some anti-spam techniques (e.g., challenge-response systems) or you block hosts that are connected via DSL then please do not expect an answer. More and more often replies are blocked which is very annoying. Do not block this address or make sure that your system accepts at least STARTTLS secured mail. A list of IPs is available in the sendmail.org SPF record.
  • If you use a challenge/response system, make sure that it does NOT send us a challenge when we reply to your question or when you receive mail from the announce list. We will not reply to those annoying mails.
  • If you are using the blacklist from spamlist.org then please do not send us e-mail, the reply of the sendmail maintainer will not reach you.
  • Do not send us mail in proprietary formats.
  • The mailservers for support.sendmail.org now (2004-11-24) use the following DNSBLs:
    • sbl-xbl.spamhaus.org
    • dnsbl.sorbs.net
    • list.dsbl.org
    • bl.spamcop.net
  • The mailserver for support.sendmail.org performs strict RFC checks, for example, it does not accept mail if the domain part has an MX record that points to an IP address (instead of hostname as required).

If you have a question about sendmail, then please post it to the Usenet group comp.mail.sendmail. This newsgroup is dedicated to sendmail. Please make sure you check the usual resources before posting and follow the netiquette.

E-mail addresses to contact sendmail.org are (do not send questions about sendmail to these addresses, see above instead; replace YYYY with the current year, e.g., 2006, in all of these addresses):

  • sendmail-YYYY@support.sendmail.org for contributing patches, feature requests, and general comments but not questions how to use, install, or configure sendmail;
  • sendmail-bugs-YYYY@support.sendmail.org to report implementation bugs;
  • sendmail-faq-YYYY@support.sendmail.org only for comments / questions about the FAQ. Please mark your mail clearly with "FAQ: item" where item is the entry in the faq to which you are referring. If it is a general comment about the FAQ, use "FAQ: general", if it is an addition, use "FAQ: new".
  • sendmail-security-YYYY@support.sendmail.org (use this only to report related bugs or problems in sendmail). Please do not use this to ask about problems with your configuration, including how to stop spam, how to set up your own certificate authority, how to make sendmail work with S/MIME, etc. All such questions should be asked in comp.mail.sendmail. Also, please do not tell us that you were able to forge mail by using telnet to connect to port 25; this is fundamental to the Internet design for SMTP, and not a sendmail bug. Please use encryption to send mail to this address.
  • sendmail-mirror-YYYY@support.sendmail.org for updates about a mirror (e.g., a new mirror or an address change).
  • webmaster-YYYY@support.sendmail.org for comments about the website.

These are not open lists, meaning that subscription is by invitation only.

DKIM

DKIM


The Domain Keys Identified Mail (DKIM) Internet standard enables email senders to digitally sign their messages so that receivers can verify that those messages have not been forged. The DKIM sender authentication scheme allows the recipient of a message to confirm a message originated with the sender’s domain and that the message content has not been altered. A cryptography-based solution, DKIM provides businesses an industry-standard method for mitigating email fraud and protecting an organization’s brand and reputation at a relatively low implementation cost.

DKIM has been approved by the IETF as a draft standard (RFC 4871). The protocol was developed through the cooperation of Sendmail, Cisco Systems and Yahoo!

Since being approved by the IETF, a new open source project was started. The OpenDKIM Project is a community effort to develop and maintain a C library for producing DKIM-aware applications and an open source milter for providing DKIM service.

The project started from a code fork of version 2.8.3 of the open source dkim-milter package developed and maintained by Sendmail, Inc.

The Sendmail Sentrion Message Processing Engine comes standard with OpenDKIM. More information is available at opendkim.org and dkim.org

details icon

List of Mirrors

search icon

How to Mirror