Sendmail
Sendmail is an open-source mail transfer agent (MTA) software application that routes and delivers electronic mail messages across computer networks, primarily on Unix-like operating systems, using protocols such as the Simple Mail Transfer Protocol (SMTP).[1][2] It accepts incoming mail from mail user agents (MUAs), interprets recipient addresses, performs rewriting and aliasing as needed, and forwards messages to destination hosts or local mailboxes, with built-in queuing and retry mechanisms for reliable delivery.[3][4] Originally developed by Eric Allman as a graduate student and staff member at the University of California, Berkeley, Sendmail evolved from Allman's earlier delivermail program, which he wrote in 1979 to handle local mail delivery on Berkeley Unix systems.[5][6] The first version of Sendmail was released in 1981, and it became part of the standard Berkeley Software Distribution (BSD) starting with 4.1 BSD in 1983, quickly establishing itself as the dominant MTA on Unix platforms due to its flexibility in supporting diverse network environments and mail formats.[7][8] By the 1990s, Sendmail powered the majority of internet email servers, with an estimated 80% market share at its peak in 1996.[9] One of Sendmail's defining characteristics is its highly configurable architecture, centered on the sendmail.cf file, which defines rules for address rewriting, routing, and delivery; this file is typically generated from human-readable input using the M4 macro processor to simplify administration.[10][11] Key features include support for multiple transport protocols beyond SMTP (such as UUCP and PH), spam and relay controls (introduced in version 8.9 in 1998), integration with authentication mechanisms like DomainKeys Identified Mail (DKIM), and modular components for queue management and policy enforcement.[12][13] These capabilities made it suitable for complex enterprise environments, though its configuration complexity has led to the rise of alternatives like Postfix and Exim.[14] In 1998, Allman co-founded Sendmail, Inc. to offer commercial versions and support for the software, which released proprietary appliances and enhanced features while maintaining the open-source core under the Sendmail License.[15] The company was acquired by Proofpoint, Inc. in October 2013 for approximately $23 million, integrating Sendmail into Proofpoint's security platform while continuing open-source development.[16] As of 2024, the project remains active, with the latest stable release being version 8.18.1 from January 2024, focusing on security enhancements, virtualization support, and compatibility with modern cloud infrastructures.[12]History and Development
Origins and Early Versions
Sendmail was originally developed by Eric Allman in 1981 at the University of California, Berkeley, as a more flexible replacement for the delivermail program to manage email routing across the ARPANET and emerging networks like UUCP and BerkNet.[17] Delivermail, written by Allman in 1980 and included in 4.0 and 4.1 BSD Unix releases, supported basic mail delivery but relied on compiled-in configurations that proved inadequate for the growing complexity of inter-network addressing and protocols.[17] The initial development of Sendmail addressed these limitations by enabling runtime reconfiguration and support for the nascent TCP/IP stack, marking a shift toward a general-purpose mail transfer agent (MTA).[18] The first public release of Sendmail occurred in 1981, with version 3 distributed in March alongside 4.1a BSD and enhanced in November with 4.1c BSD to incorporate SMTP for reliable email transmission over TCP/IP.[17] A significant milestone came in 1983, when a major rewrite of Sendmail was released as version 4 with 4.2 BSD, integrating it into the first BSD distribution with full TCP/IP networking and solidifying its role in academic computing environments.[17] This version introduced foundational capabilities for handling diverse mail formats and routes, including aliasing, forwarding, and compatibility with ARPANET's FTP-based mail transfer.[18] Early Sendmail versions featured rule-based routing implemented via a domain-specific rewriting language, which parsed addresses through a series of production rules to canonicalize formats like "user@host" or ad hoc paths (e.g., ucsfcgl!tef), enabling seamless delivery across heterogeneous systems.[18] Message queueing for temporary storage and retry mechanisms were also core from these initial releases, ensuring resilience against network failures.[18] By Sendmail 5 in 1986, distributed with 4.3 BSD, these queueing and retry features were refined for better performance and reliability in larger-scale deployments.[17] Sendmail 8, released in 1993 with 4.4 BSD, further evolved the system by introducing enhanced M4 macro support for declarative configuration, allowing administrators to specify features like mailers and rulesets without directly editing complex rewrite rules.[6] This abstraction simplified customization while maintaining backward compatibility.[17] Throughout its early development, Sendmail became instrumental in standardizing SMTP as the de facto protocol for email transfer in Unix-like systems, powering mail infrastructure on thousands of hosts and influencing the broader adoption of internetworking standards.[17]Commercialization and Acquisition
In 1998, Eric Allman and Greg Olson co-founded Sendmail, Inc. to commercialize the open-source Sendmail project by offering professional support services, proprietary enhancements, and enterprise-grade versions tailored for large-scale deployments.[5][19] The company aimed to address the growing demands of organizations needing reliable email infrastructure beyond the free distribution, which had originated as a university-developed tool in the 1980s.[19] Sendmail, Inc. expanded its portfolio with the release of Sendmail Switch in 1998, a commercial mail transfer agent (MTA) designed as an enterprise messaging gateway with added features for high-volume traffic management, policy enforcement, and integration with security tools.[20] This product built on the core Sendmail engine but included proprietary modules for scalability in corporate environments, such as advanced queuing and monitoring capabilities. Subsequent offerings, including the Sendmail Secure Messaging Gateway, focused on email hygiene, anti-spam filtering, and compliance, providing a unified platform for secure inbound and outbound messaging.[21][16] On October 1, 2013, Proofpoint, Inc. announced the acquisition of Sendmail, Inc. for approximately $23 million in cash, aiming to integrate Sendmail's messaging technology into Proofpoint's broader email security ecosystem.[16] The deal enabled Proofpoint to enhance its secure email gateway solutions by leveraging Sendmail's robust MTA for improved threat detection and policy routing, while transitioning proprietary products to a subscription model.[16] Following the acquisition, Sendmail's technology was rebranded and evolved under Proofpoint as the Sendmail Sentrion platform by 2014, emphasizing cloud-compatible architectures for hybrid environments and seamless migrations to modern email systems.[16] Proofpoint committed to ongoing maintenance of the open-source Sendmail distribution, with version 8.18.1 released in 2024 and remaining current as of 2025, ensuring continued availability for non-commercial and legacy uses.[12] This shift facilitated the integration of Sendmail's capabilities into cloud-based security suites, broadening access to a subset of Sentrion features via open source while prioritizing enterprise-grade, cloud-integrated solutions for complex deployments.[12]Technical Overview
Core Functionality
Sendmail functions as a general-purpose Mail Transfer Agent (MTA) responsible for sending, receiving, and routing email messages across networks, primarily utilizing the Simple Mail Transfer Protocol (SMTP) as defined in RFC 821.[22] As an MTA, it serves as an intermediary that relays messages between domains, performing limited header editing to ensure compatibility while focusing on reliable transport.[22] This core role positions Sendmail as a foundational component in Unix-based email systems, handling the transfer of messages without direct user interaction. The primary processes begin with accepting mail from clients, either through local submissions or remote connections via an SMTP daemon listener on TCP port 25.[22] Once accepted, Sendmail parses recipient addresses and rewrites both the message envelope and headers using configurable rulesets to standardize formats and resolve delivery paths.[22] For messages that cannot be delivered immediately—due to network issues or recipient unavailability—Sendmail queues them in a spool directory, such as /var/spool/mqueue, and periodically retries delivery according to predefined intervals.[22] This queuing mechanism ensures persistence and fault tolerance in email routing. In addition to SMTP, Sendmail supports multiple transport protocols, including UUCP for inter-Unix communication and mechanisms for local delivery to user mailboxes.[22] It acts as a relay for outbound mail originating from local hosts and accepts inbound mail from external sources, facilitating seamless integration across heterogeneous networks.[23] Sendmail integrates with Mail User Agents (MUAs), such as the Pine client or contemporary applications like Thunderbird, by processing messages handed off for transport and delivering them to final destinations via aliases, forward files, or direct mailbox writes.[22] A distinctive feature of Sendmail is its extensive configurability, enabling custom routing logic tailored to complex enterprise networks, which contributed to its widespread adoption as the de facto MTA on most Unix systems since the early Internet era.[6]Architecture and Components
Sendmail employs a modular architecture centered around a single mailer daemon process, known as the sendmail daemon, which handles SMTP transactions for incoming and outgoing mail. This daemon operates as a persistent server, listening on port 25 for connections and forking child processes to manage individual delivery jobs, enabling concurrent handling of multiple messages without requiring a full restart. The design separates concerns such as address rewriting, queuing, and delivery, allowing adaptation to diverse network environments while maintaining a core routing engine.[17][22] Key components include the queue manager, which spools messages in the /var/spool/mqueue directory using flat files for control (qf), data (df), and transcripts (xf) to track delivery status and retries. Messages are held here during processing, with the queue runner periodically scanning and attempting delivery, typically every 30 minutes by default, supporting multiple queue subdirectories for load distribution in high-volume setups. The alias database, stored in /etc/mail/aliases and compiled into a binary format like /etc/mail/aliases.db using tools such as newaliases, enables local address expansion and mapping to user mailboxes or external forwards. Additionally, the resolver component queries DNS for MX records to determine recipient hosts, relying on the system's name resolution services with configurable options like timeouts and search limits to ensure reliable routing.[22][17][22] Address handling occurs through a series of rewriting rule sets, defined in the configuration file as pattern-replacement pairs processed sequentially. For instance, Ruleset 0 parses sender and recipient addresses into mailer-host triples for final routing, while Ruleset 3 performs canonicalization to standardize formats like local-part@host-domain. These rules use tokenization and substitution to transform addresses across protocols, ensuring compatibility with varied mail systems. Delivery agents then interface with external programs for final handoff, such as /bin/mail for local inbox delivery or procmail for user-defined filtering, specified via MAILER definitions that include flags for capabilities like handling multiple recipients.[22][17][22] For scalability, Sendmail utilizes a forking model where the daemon spawns children per connection or queue job, controlled by options like MaxDaemonChildren to cap concurrent processes and prevent resource exhaustion under load. This approach supports environments with thousands of messages but can lead to overhead from frequent forking, with configurations allowing queue splitting across directories to distribute processing. In contrast to modern MTAs, Sendmail relies on flat-file queues and sequential retry logic rather than database-backed storage or parallelized queue managers, which can result in simpler but less efficient handling of very high volumes compared to systems like Postfix.[24][25][17]Configuration and Usage
Configuration Mechanisms
Sendmail's configuration is primarily managed through thesendmail.cf file, which serves as the runtime configuration for the mail transfer agent (MTA). This file is typically generated from a higher-level input file, such as sendmail.mc, using the m4 macro preprocessor to simplify customization and avoid direct editing of the complex sendmail.cf syntax.[26] The m4 approach allows administrators to define settings declaratively, with the preprocessor expanding macros into the appropriate directives in the output file.[27]
The sendmail.mc file employs m4 macros to specify configuration options, features, and domain-specific behaviors. Common macros include define for setting variables, such as define(confDOMAIN_NAME', example.com') to establish the host's domain name, and FEATURE for enabling built-in capabilities, like FEATURE(masquerade_envelope')which rewrites [envelope](/page/Envelope) sender and recipient addresses to appear from the specified [domain](/page/Domain), aiding in outbound mail presentation.[](https://www.proofpoint.com/sites/default/files/configuration_readme.pdf)[](https://docs.oracle.com/cd/E19683-01/817-1717/sendmail-4/index.html) Other foundational macros encompassOSTYPEto select operating system-specific defaults (e.g.,OSTYPE(linux')), DOMAIN for site policies (e.g., DOMAIN(example')), and MAILERto include [transport](/page/Transport) protocols (e.g.,MAILER(smtp') for SMTP delivery).[26] To generate the sendmail.cf, administrators run a command like m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf, ensuring the configuration is rebuilt after modifications.[26]
The resulting sendmail.cf file is structured into key sections that control Sendmail's operation. The Options section uses O flags to set parameters, such as O Timeout.queuereturn=5d to configure the interval before returning undeliverable queued mail to the sender, defaulting to five days for queue management.[26] Rulesets, defined with R lines, handle address parsing, rewriting, and routing through pattern matching and transformations; for instance, a rule like R$* < @ $+ .m. > $* $#smtp $@ $2.$m. $: $1 < @ $2.$m. > $3 rewrites addresses for local domains to use SMTP delivery.[26] Mailers, specified with M definitions, outline transport agents, such as Mesmtp, P=[IPC], F=mDFMuX, A=IPC $h, which defines an extended SMTP mailer for outbound connections with specific flags for error handling and eight-bit data support.[26]
Sendmail supports integration with external databases for dynamic lookups, enhancing scalability for aliases, user mappings, and access controls. It accommodates LDAP for centralized authentication and mapping (e.g., define(ALIAS_FILE', ldap:')), NIS for network information services (e.g., via Kmaps nis hosts.byname), and Berkeley DB for local hashed databases (e.g., Kaccess hash /etc/mail/access).[26] The virtusertable feature, enabled via FEATURE(virtusertable', hash /etc/mail/virtusertable'), uses a database to route virtual domain addresses, such as mapping [email protected] to a local alias or external recipient.[26][28]
Testing and debugging configurations are facilitated by command-line tools. The -bt option invokes an interactive address test mode, allowing simulation of rule processing (e.g., sendmail -bt followed by input like 3,1 <[email protected]> to trace rewriting).[26] Debug output is enabled with -d flags, specifying verbosity levels (e.g., sendmail -d8.1 for connection debugging), which logs detailed traces to aid in troubleshooting complex setups.[26]
Common customizations leverage these mechanisms for operational control. The access database, activated by FEATURE(access_db', hash -T<TMPF> /etc/mail/[access](/page/Access)'), permits fine-grained policies in a text file rebuilt into a DB map, such as From:[email protected] REJECT to block specific senders.[26][28] Relay restrictions are managed through entries like Connect:authorized.host [RELAY](/page/Relay) in the access file or macros such as RELAY_DOMAIN(sendmail.org')` to permit relaying only for trusted domains, preventing unauthorized use as an open relay.[26][28] These tools enable tailored behaviors without altering Sendmail's core code.
Deployment and Integration
Sendmail can be installed on Unix-like systems using package managers for the open-source version, such asyum install sendmail sendmail-cf on Red Hat-based distributions like CentOS or RHEL, or apt-get install sendmail on Debian-based systems like Ubuntu.[2][29] For enterprise environments, Proofpoint offers Sentrion, a commercial variant of Sendmail designed for high-volume messaging with advanced features like integrated policy enforcement.[12]
Basic deployment from source involves downloading the distribution from ftp.sendmail.org, navigating to the sendmail directory, and running ./Build to compile the binaries, followed by ./Build install to place the executable in /usr/sbin and create necessary links like /usr/bin/[mailq](/page/Mail). Configuration files are generated by editing a .mc file (e.g., sendmail.mc), processing it with m4 sendmail.mc > /etc/[mail](/page/Mail)/sendmail.cf, and then restarting the service. The latest open-source release as of 2025 is version 8.18.1.[12]
Sendmail integrates with other mail transfer agents (MTAs) by configuring it as a relay to forward mail to a secondary MTA like Postfix, achieved by defining a smart host in the .mc file (e.g., define(SMART_HOST', postfix.example.com')) and regenerating the .cf file. In cloud environments such as AWS EC2, Sendmail is commonly deployed for outbound email relays by integrating with Amazon Simple Email Service (SES), involving installation via package manager, editing /etc/mail/sendmail.mc to specify the SES smart host, and verifying domain identities in the AWS console to bypass port 25 throttling.[30][31]
Performance tuning for high-volume deployments includes adjusting the queue processing interval in /etc/sysconfig/sendmail (e.g., setting QUEUE=15m for more frequent retries) to balance load and delivery speed, while monitoring queue status with the mailq command to identify deferred messages. The open-source version 8.18.1 supports basic tuning options, whereas Proofpoint's Sentrion provides enterprise clustering for load balancing and failover across multiple nodes, enabling centralized reporting and high-availability in large-scale setups.[32][33]
Migration from older Sendmail versions requires updating configuration files to address deprecated features, such as obsolete UUCP mailers (e.g., uucp-old), which have been consolidated into the mailertable feature for modern routing; users must review and rewrite affected rules in the .mc file before regenerating .cf and testing delivery.[34][35]
Security Considerations
Historical Vulnerabilities
Sendmail has faced several significant security vulnerabilities throughout its history, particularly in its early versions, which were widely deployed on Unix systems. One of the earliest notable flaws occurred in 1988, when the debug mode feature in Sendmail versions prior to 5.59 was enabled by default, allowing remote attackers to execute arbitrary commands as root by invoking the SMTP DEBUG command.[36] This vulnerability was prominently exploited by the Morris Worm, which used it to propagate across networks, infecting thousands of systems and causing widespread disruption.[36] The issue stemmed from inadequate access controls on the debug functionality, intended for troubleshooting but left exposed in production environments. In the 1990s, Sendmail continued to be targeted due to parsing errors in its SMTP handling. A critical remote root exploit affected versions 5.58 and 5.59, where a buffer overflow in the processing of EXPN and VRFY SMTP commands enabled attackers to overflow a buffer and execute arbitrary code with root privileges.[37] This flaw arose from insufficient bounds checking during command parsing, allowing malicious input to overwrite memory. Although the exact CVE identifier in historical records varies, it impacted numerous installations and highlighted ongoing risks in address resolution mechanisms. Exploitation was feasible remotely without authentication, leading to system compromise on vulnerable Unix servers. The 2000s saw further issues related to input validation and relay controls. In 2003, a configuration vulnerability in Sendmail allowed unauthorized mail relaying due to default settings in sendmail.cf that enabled promiscuous relay and accepted unresolvable domains, permitting remote attackers to use affected systems as open relays for spam distribution.[38] This stemmed from misconfigured relay rules in vendor distributions like IBM AIX, facilitating abuse without direct code execution but enabling large-scale unauthorized email forwarding. Later that year, additional parsing flaws in the prescan function of versions 8.12.9 permitted buffer overflows via crafted email addresses, potentially allowing arbitrary code execution.[39] By 2006, a use-after-free error in header processing affected versions before 8.13.8, where long header lines caused memory corruption, resulting in denial-of-service crashes through repeated pointer deallocation.[40] This could be triggered remotely, exhausting resources on busy mail servers. The Sendmail Consortium, formed to manage open-source development, issued regular patches to address these flaws, with version 8.13.8 released in 2007 incorporating fixes for the use-after-free issue along with multiple other bugs and regressions from prior updates.[41] Common patterns across these vulnerabilities included failures in input validation within SMTP handlers—such as inadequate bounds checking in address and command parsers—and configuration parsers that defaulted to insecure settings. These weaknesses often enabled remote exploitation without authentication, leading to root access, service disruptions, or relay abuse. The impact of these historical vulnerabilities was profound, as Sendmail powered the majority of Unix-based email servers during the era, resulting in widespread exploitation and network outages. Incidents like the Morris Worm prompted mandatory upgrades across academic and government networks, accelerating the adoption of security best practices and contributing to the formation of response teams like CERT. Over time, these events underscored the need for robust input sanitization and secure defaults in mail transfer agents.Modern Security Features and Practices
Sendmail incorporates several built-in security features to enhance email transmission security, notably the support for STARTTLS, which enables encrypted SMTP connections using Transport Layer Security (TLS). This feature was introduced in version 8.13, released in 2003, allowing opportunistic encryption of mail transfer sessions to protect against eavesdropping and man-in-the-middle attacks.[42] Additionally, Sendmail supports integration with DomainKeys Identified Mail (DKIM) signing through its Milter (mail filter) API, enabling administrators to digitally sign outgoing messages and verify incoming ones to prevent spoofing and tampering. Following Proofpoint's acquisition of Sendmail in 2013, the commercial Sentrion platform introduced advanced enhancements, including AI-driven threat detection that analyzes email content and metadata in real-time to identify sophisticated attacks like phishing and malware.[43] Sentrion also implements rate limiting to throttle excessive connections and prevent denial-of-service attempts, as well as sandboxing for email attachments, where suspicious files are detonated in isolated environments to assess malicious behavior before delivery.[44] Recommended best practices for securing Sendmail deployments include enabling opportunistic TLS encryption by configuring thesmtpd_tls_cert_file directive in the sendmail.cf file, which specifies the server certificate for incoming connections and ensures encrypted sessions where possible.[45] Administrators should also utilize the FEATURE(access_db')macro in thesendmail.mc` file to enable IP-based access control, allowing blacklisting of known malicious sources via a database lookup to block unauthorized relaying. Regular updates to the latest stable release, such as version 8.18.x, are essential, as these incorporate patches for vulnerabilities like SMTP smuggling (CVE-2023-51765) and other zero-day issues.[46]
Sendmail supports compliance with modern email authentication standards through integration with tools like OpenSPF for Sender Policy Framework (SPF) validation, which checks the sending IP against domain records to reject unauthorized senders, and OpenDMARC for Domain-based Message Authentication, Reporting, and Conformance (DMARC), enabling policy enforcement to mitigate domain spoofing.[47]
For ongoing monitoring, Sendmail logs can be analyzed using tools like Logwatch, which generates periodic summaries to detect anomalies such as unusual relay attempts or volume spikes indicative of phishing campaigns or abuse.[48] This integration helps in identifying and responding to modern threats, including unauthorized relays used in phishing operations.
As of 2025, the open-source Sendmail project continues to release security patches addressing zero-day vulnerabilities, often in collaboration with community contributors, while the commercial Proofpoint version of Sentrion incorporates behavioral analysis powered by machine learning to profile user and email patterns, flagging deviations that signal advanced persistent threats.[43][49]