Sendmail 8.13.3

Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.13.3. It contains fixes for a regression that was introduced in 8.13.2. Moreover, sendmail now keeps proper track of closed connections and will not reuse them erroneously. As this is the first sendmail release in 2005 a new key has been used to sign it; the key is available in the file PGPKEYS and from the PGP keyservers. KeyID: 0x1EF99251, fingerprint: 4B380E0B41E8FC79 E97E829B0423EC8A.

Note: Before these bug fixes more mails could be delivered to a domain despite errors on the connection. In some cases the old behavior is preferred because it more "aggressively" delivers mail, but the new one is "correct" with respect to the algorithm that is supposed to be implemented. On systems with large queues for single domains this may cause a noticeable change in behavior if the MTAs of the recipient domain close connections with an error that sendmail considers persistent, e.g., 421.

For a full list of changes see the release notes down below.

Errata

Please send bug reports to sendmail-bugs@sendmail.org and general feedback to sendmail@sendmail.org. Please send security reports to sendmail-security@sendmail.org using PGP encryption.

The version can be found at

ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.3.tar.gz
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.3.tar.gz.sig
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.3.tar.Z
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.13.3.tar.Z.sig

or on a mirror near to you.

You either need the first two files or the third and fourth, i.e., the gzip'ed version or the compressed version and the corresponding sig file. The PGP signature was created using the Sendmail Signing Key/2005, available on the web site (http://www.sendmail.org/) or on the public key servers.

MD5 signatures: 

2809fbf9c8b067947b650d0128928d05 sendmail.8.13.3.tar.gz
f00716c2e96ed89de5a529605cabdefe sendmail.8.13.3.tar.gz.sig
d3b28815512f5fc015b6b1c8d8ef9c1a sendmail.8.13.3.tar.Z
fbe5f269c096469ca559b9ac3d0bf534 sendmail.8.13.3.tar.Z.sig

Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.

PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY. 

			SENDMAIL RELEASE NOTES
      $Id: RELEASE_NOTES,v 8.1709 2005/01/12 04:32:31 ca Exp $

This listing shows the version of the sendmail binary, the version of the sendmail configuration files, the date of release, and a summary of the changes in that release. 

8.13.3/8.13.3	2005/01/11
	Enhance handling of I/O errors, especially EOF, when STARTTLS
		is active.
	Make sure a connection is not reused after it has been closed
		due to a 421 error.  Problem found by Allan E Johannesen
		of Worcester Polytechnic Institute.
	Avoid triggering an assertion when sendmail is interrupted while
		closing a connection.  Problem found by Allan E Johannesen
		of Worcester Polytechnic Institute.
	Regression: a change in 8.13.2 caused sendmail not to try the
		next MX host (or FallbackMXhost if configured) when, at
		connection open, the current server returns a 4xy or 5xy
		SMTP reply code.  Problem noted by Mark Tranchant.