sendmail.org

Security

Security advisories are issued by CERT (The Computer Emergency Response Team)

Discussion of Unix-related security issues go on in the comp.security.unix newsgroup.

sendmail related security problems in the sendmail implementation should be sent to sendmail-security-YYYY@support.sendmail.org (replace YYYY with the current year, e.g., 2006). The sendmail-security address is only for reporting security problems in sendmail.

When reporting security problems, please use PGP. The public key is available in the file PGPKEYS of the sendmail distribution.

Please do not use this address to report problems that are not related to the security of the sendmail server. Questions about stopping spam, how to set up your own certificate authorities, etc. should be asked in comp.mail.sendmail. Also, don't bother telling us that you can forge mail by using telnet to port 25. This is a fundamental part of the Internet design for SMTP, not a sendmail problem.

PGP Signing Keys

All sendmail distributions are signed with a PGP key. Learn more »