Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 22 Jun 2015 13:43:46 -0400
From:      "Chuck @ Mantis" <chuck@mantis.biz>
To:        freebsd-questions@freebsd.org
Subject:   Re: 10.1-RELEASE-p12 broke sendmail. 10.1-RELEASE-p13 didn't fix sendmail.
Message-ID:  <55884952.8060005@mantis.biz>
In-Reply-To: <CAPi0pssr54hRtvaQ9G=XNm5OUMO6pwaMmLRMR_vBSJx4qJS5qg@mail.gmail.com>
References:  <CAPi0pssr54hRtvaQ9G=XNm5OUMO6pwaMmLRMR_vBSJx4qJS5qg@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 6/22/2015 12:17 PM, Chris Stankevitz wrote:
> I updated to 10.1-RELEASE-p12 and my outgoing emails stopped working
> due to FreeBSD-EN-15:08.sendmail.  I've never installed any ports and
> I have as default a setup as one can imagine.  This leads me to
> believe that the documentation is wrong or that cosmic rays have
> corrupted my system.  I have never touched a sendmail conf file.
>
> "mail root" fails with "dh key too small" in /var/log/maillog, both
> after -p12 and -p13.
>
> I tried following the errata to solve my problem, but got stuck at
> just about every step:
>
> - freebsd-update
>
> freebsd-update succeeded.  I am now at 10.1-RELEASE-p13.  But I still
> have the same problem (sendmail reports DH key too small).  I did not
> reboot my machine (and it will be a pain for me to do so).  Perhaps I
> should try the workaround?  Perhaps I must reboot.
>
> - workaround
>
> Should I try the workaround?  My preference is to find "root cause"
> for why freebsd-update failed to solve my problem.  The workaround
> reports many steps, but already at step 1 I am stumped:
>
>          1. Edit /etc/mail/`hostname`.mc
>
> That file doesn't exist.  I have a freebsd.mc though.  I'll use that.
>
>          2. If a setting for confDH_PARAMETERS does not exist or
>             exists and is set to a string beginning with '5',
>             replace it with '1' for 1024-bit or '2' for 2048-bit.
>
> I have confDH_PARAMETERS defined to CERT_DIR/dh.param.
> /etc/mail/certs/dh.param doesn't exist.
>
>          3. If a setting for confDH_PARAMETERS exists and is set to
>             a file path, create a new file with:
>                  openssl dhparam -out /path/to/file 2048
>             for 2048-bit or:
>                  openssl dhparam -out /path/to/file 1024
>             for 1024-bit.
>
> I could try this.  But I would have expected freebsd-upate to
> 10.1-RELEASE-p13 to handle this.
>
>          4. If you have modified your MSP submission configuration
>             file to enable STARTTLS (not enabled by default), repeat
>             the above steps for /etc/mail/`hostname`.submit.mc.
>
> Definitely have not done that (or anything else for that matter).
>
>          5. Rebuild the .cf file(s):
>                  cd /etc/mail/; make; make install
>
> I could do that...
>
>          6. Restart sendmail:
>                  cd /etc/mail/; make restart
>
> I could do that...
>
> Thank you,
>
> Chris
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"




I've been dealing with this issue as well.

     cd /etc/mail/certs

     openssl dhparam -out dh.param 2048

     service sendmail restart







Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55884952.8060005>