Security advisories are issued by The Computer Emergency Response Team CERT. Sendmail server related security problems should be sent to:

sendmail-security-YYYY@support.sendmail.org

Replace YYYY with the current year, e.g., 2015. This address is only for reporting security problems in sendmail. When reporting security problems, please use PGP-the public key is available in the file PGPKEYS of the sendmail distribution.

Please do not use this address to report problems that are not related to the security of the sendmail server. Questions about avoiding spam risk, how to set up your own certificate authorities, etc. should be posted in comp.mail.sendmail, and Unix-related security in the comp.security.unix newsgroup.

All sendmail distributions are signed with a PGP key named "Sendmail Signing Key/YYYY" where YYYY is the year of release.

Signing Keys

Sendmail Signing Keys Fingerprint 2020 ADFD B709 FE1E A682 E585 5971 D583 210E F514 71A7 2019 50A3 0309 8EA2 DD7B CBEE 2ADA 09E0 1FA0 3C0C 504E 2018 A687 3D24 A4D6 D628 4AE4 2A75 F060 59FD 5DC7 CC3F 2017 3C8A 1E8E 7F44 CADE 114F ED46 4BC9 BDA6 6BF7 26AD 2016 0F5C 96AE C8E6 9E9C 8E54 2E5C 6D4C D194 29FB 03DE 2015 30BC A747 05FA 4154 5573 1D7B AAF5 B5DE 05BD CC53 2014 49F6 A8BE 8473 3949 5191 6F3B 61DE 11EC E276 3A73 2013 B87D 4569 86F1 9484 07E5 CCB4 3D68 B25D 5207 CAD3 2012 CA7A 8F39 A241 9FFF B0A9 AB27 8E5A E9FB CEEE F43B 2011 5872 6218 A913 400D E660 3601 39A4 C77D A978 84B0 2010 B175 9644 5303 5DCE DD7B E919 604D FBF2 8541 0ABE 2009 33 3A 62 61 2C F3 21 AA 4E 87 47 F2 2F 2C 40 4D 2008 07 FB 9A F9 F7 94 4B E4 0F 28 D1 8E 23 6F A2 B0 2007 D9 FD C5 6B EE 1E 7A A8 CE 27 D9 B9 55 8B 56 B6 2006 E3 F4 97 BC 9F DF 3F 1D 9B 0D DF D5 77 9A C9 79

If the signature does not match any of these keys, you may have a forgery.

Older Releases