Sendmail 8.12.0
Sendmail, Inc., and the Sendmail Consortium proudly announce the availability of sendmail 8.12.0.
sendmail 8.12 has been developed with two main topics in mind: enhanced security and better performance.
sendmail is by default not set-user-ID root anymore which avoids potential local root exploits; before installing, see the file sendmail/SECURITY for further information.
Several measures have been taken to significantly improve the performance of sendmail. These are:
- a new I/O layer that provides buffered file I/O on all platforms.
- the use of memory pools have helped remove memory leaks and sendmail now forks less in the SMTP server.
- e-mails to multiple recipients can now be split into several envelopes to enable concurrent delivery, which can significantly reduce the delivery times for mailing lists or large aliases.
- introduction of queue groups to allow control over the selection of queue directories and queue related policies, e.g., how often queues are run and how many processes are used to run queue groups.
There are several changes in the behavior of sendmail compared to previous versions which may affect configuration files and programs using sendmail. Please pay close attention to this list before upgrading.
- Check for group and world writable forward and :include: files.
- MX records will be looked up for FallBackMXhost. To use the old behavior (no MX lookups), put the name in square brackets.
- sendmail will run the queue(s) in the background when invoked with -q unless the new -qf option or -v is used.
- Remove AutoRebuildAliases option.
- Remove sendmail '-U' (initial user submission) command line option.
- Honor the resolver option RES_NOALIASES when canonifying hostnames.
- The deprecated [TCP] builtin mailer name is gone. Use [IPC] instead.
- IPC is no longer available as first mailer argument for [IPC] mailers. Use TCP instead.
- Sfio is no longer needed.
- Loopback interfaces (e.g., "lo0") are now probed for class {w} hostnames. Setting DontProbeInterfaces to "loopback" (without quotes) will disable this and return to the pre-8.12 behavior of only probing non-loopback interfaces.
- Privileges are dropped when entering address test mode. This may affect results.
- All IPv6 addresses must now be prefixed by "IPv6:". You may need to update your access database, local-host-names file, and/or relay-domains file if you specify IPv6 addresses in them.
- CONFIG: Don't accept addresses of the form a@b@, a@b@c, etc.
- CONFIG: Numbers for rulesets used by MAILERs have been removed.
- CONFIG: Removed deprecated FEATURE(`rbl').
In addition to the security and performance enhancements, several new features have been added. A complete list can be found in the RELEASE_NOTES. A few important items are:
- SMTP PIPELINING per RFC 1854
- Official support for generic mail filter API (milter). See libmilter/README.
- Mailbox database abstraction to look up local mail recipients in databases other than the password file.
- Even better LDAP support, e.g., for aliases, maps, and classes.
- More aggressive use of MX piggybacking
- More control over the use of SMTP AUTH
- Fined-grained control over connections that should use STARTTLS, including the possibility to turn off the request of a client certificate and more features to deal with bugs in other MTAs/MUAs
- Deliver By SMTP Service Extension per RFC 2852.
- Generic DNS map type
- Two new queue sorting order algorithms:
- Random sorts the queue randomly, which is useful if several queue runners are started by hand to avoid contention.
- Modification sorts the queue by the modification time of the qf file (older entries first).
ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.0.tar.Z ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.0.tar.gz ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.12.0.tar.sigMD5 signatures:
25ab5737edfae98b12b3071cf6e7cf00 sendmail.8.12.0.tar.gz e316eafa55e83c8a6b1c784a0d584e78 sendmail.8.12.0.tar.Z 57ca2c28c6845d058c3f27a6c35f3883 sendmail.8.12.0.tar.gz.sig
You only need one of the first two files (either the gzip'ed version or the compressed version). The .sig file contains the PGP signature of the tar file (after uncompressing it). The PGP signature was created using the Sendmail Signing Key/2001, available on the web site (http://www.sendmail.org/) or on the public key servers.
Since sendmail 8.11 and later includes hooks to cryptography, the following information from OpenSSL applies to sendmail as well.
PLEASE REMEMBER THAT EXPORT/IMPORT AND/OR USE OF STRONG CRYPTOGRAPHY SOFTWARE, PROVIDING CRYPTOGRAPHY HOOKS OR EVEN JUST COMMUNICATING TECHNICAL DETAILS ABOUT CRYPTOGRAPHY SOFTWARE IS ILLEGAL IN SOME PARTS OF THE WORLD. SO, WHEN YOU IMPORT THIS PACKAGE TO YOUR COUNTRY, RE-DISTRIBUTE IT FROM THERE OR EVEN JUST EMAIL TECHNICAL SUGGESTIONS OR EVEN SOURCE PATCHES TO THE AUTHOR OR OTHER PEOPLE YOU ARE STRONGLY ADVISED TO PAY CLOSE ATTENTION TO ANY EXPORT/IMPORT AND/OR USE LAWS WHICH APPLY TO YOU. THE AUTHORS ARE NOT LIABLE FOR ANY VIOLATIONS YOU MAKE HERE. SO BE CAREFUL, IT IS YOUR RESPONSIBILITY.
