From owner-freebsd-security@FreeBSD.ORG Thu Mar 12 14:38:11 2015 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AB001524 for ; Thu, 12 Mar 2015 14:38:11 +0000 (UTC) Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 7947318D for ; Thu, 12 Mar 2015 14:38:11 +0000 (UTC) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 2DC8620672 for ; Thu, 12 Mar 2015 10:38:08 -0400 (EDT) Received: from web3 ([10.202.2.213]) by compute5.internal (MEProxy); Thu, 12 Mar 2015 10:38:09 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:x-sasl-enc:from:to :mime-version:content-transfer-encoding:content-type:subject :date:in-reply-to:references; s=smtpout; bh=cLCG0UJzBA9qtimbHUsA QsLHcws=; b=rLLirCX7Pq/9FKfpWbk8nN9RBGt/kIM4lgLzY8XtYZ/9bi5sdbxs 3fbRBTeUaQP8o7Lj2nXzmKBbpKfyyJ7IaOh6rt6+dXZXYT1vlgpfeOeiGJkhB0vi wjwJz8nUcjX2s+1Ujm4ytdtNZVF+ZKxLYszXZJ3HK6kjM3CvVKbiLPw= Received: by web3.nyi.internal (Postfix, from userid 99) id BA8DE112DA2; Thu, 12 Mar 2015 10:38:09 -0400 (EDT) Message-Id: <1426171089.1809256.239414225.2EB26D2D@webmail.messagingengine.com> X-Sasl-Enc: f8FJU6VzoFHAIgNSKfTXomsP3jKbYOPMhf1uCblOl3km 1426171089 From: Mark Felder To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain X-Mailer: MessagingEngine.com Webmail Interface - ajax-15db86eb Subject: Re: sendmail broken by libssl in current Date: Thu, 12 Mar 2015 09:38:09 -0500 In-Reply-To: <5500DF36.9070904@obluda.cz> References: <54FFE774.50103@freebsd.org> <6BD2AE7F-8EC5-4EBC-A183-E03EC54456BC@vpnc.org> <55005753.3070306@obluda.cz> <550092DD.9030808@freebsd.org> <5500DF36.9070904@obluda.cz> X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Mar 2015 14:38:11 -0000 On Wed, Mar 11, 2015, at 19:35, Dan Lukes wrote: > Julian Elischer wrote: > >>> Can you say which email servers *other* than unpatched Ironport fail? > > > well my problem is that I don't know what the other ends are running > > exactly, but they are pretty big institution. > > Just side note - you need not to wait for a source patch. Just disable > TLS for those destinations as a instant workaround. > > Users of 8.4/9.3 need to disable TLS to those destinations supporting > TLSv1.2 only (as TLSv1.2 is not supported by sendmail on 8.4/9.3-R), so > you will not be alone with such kind of workaround ;-) > It seems like this is the sort of thing where we shouldn't just give up and accept as the norm. *sigh*