Obtain the Source

The latest release of sendmail is available via:


When you download the source you must select one file from many that are listed. In addition to selecting the version you want, you must choose between two forms of compressed tar(1) distributions. Those that end in .Z are compressed with Unix compress(1); those that end in .gz are compressed with GNU gzip(1). The latter is the preferred form because the file is smaller and therefore quicker to transfer.

In addition to the two forms of distribution, each release has a PGP signature file associated with it.[2] This is a signature of the uncompressed file, so you need to uncompress the tar(1) file before verifying it.

To verify V8.5 or earlier distributions, get Eric Allman’s public key by sending email to with the following subject line:

Subject: MGET Allman

Eric Allman’s public key will be mailed back to you a few minutes later. Save that returned email to a file—for example, /tmp/eric.asc—and add that key to your public “keyring” with the command:

% pgp -ka /tmp/eric.asc              for pgp version 2.x 
% pgpk -a /tmp/eric.asc              for pgp version 5.x

For V8.6 and above, you download a special signing key from www.sendmail.org, instead of Eric’s key. The fingerprint for the signing key is:

CA AE F2 94 3B 1D 41 3C  94 7B 72 5F AE 0B 6A 11    1997
F9 32 40 A1 3B 3A B6 DE  B2 98 6A 70 AF 54 9D 26    1998
25 73 4C 8E 94 B1 E8 EA  EA 9B A4 D6 00 51 C3 71    1999 81 8C ...

Get Sendmail, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.