Date: Mon, 22 Jun 2015 13:43:46 -0400 From: "Chuck @ Mantis" <chuck@mantis.biz> To: freebsd-questions@freebsd.org Subject: Re: 10.1-RELEASE-p12 broke sendmail. 10.1-RELEASE-p13 didn't fix sendmail. Message-ID: <55884952.8060005@mantis.biz> In-Reply-To: <CAPi0pssr54hRtvaQ9G=XNm5OUMO6pwaMmLRMR_vBSJx4qJS5qg@mail.gmail.com> References: <CAPi0pssr54hRtvaQ9G=XNm5OUMO6pwaMmLRMR_vBSJx4qJS5qg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/22/2015 12:17 PM, Chris Stankevitz wrote: > I updated to 10.1-RELEASE-p12 and my outgoing emails stopped working > due to FreeBSD-EN-15:08.sendmail. I've never installed any ports and > I have as default a setup as one can imagine. This leads me to > believe that the documentation is wrong or that cosmic rays have > corrupted my system. I have never touched a sendmail conf file. > > "mail root" fails with "dh key too small" in /var/log/maillog, both > after -p12 and -p13. > > I tried following the errata to solve my problem, but got stuck at > just about every step: > > - freebsd-update > > freebsd-update succeeded. I am now at 10.1-RELEASE-p13. But I still > have the same problem (sendmail reports DH key too small). I did not > reboot my machine (and it will be a pain for me to do so). Perhaps I > should try the workaround? Perhaps I must reboot. > > - workaround > > Should I try the workaround? My preference is to find "root cause" > for why freebsd-update failed to solve my problem. The workaround > reports many steps, but already at step 1 I am stumped: > > 1. Edit /etc/mail/`hostname`.mc > > That file doesn't exist. I have a freebsd.mc though. I'll use that. > > 2. If a setting for confDH_PARAMETERS does not exist or > exists and is set to a string beginning with '5', > replace it with '1' for 1024-bit or '2' for 2048-bit. > > I have confDH_PARAMETERS defined to CERT_DIR/dh.param. > /etc/mail/certs/dh.param doesn't exist. > > 3. If a setting for confDH_PARAMETERS exists and is set to > a file path, create a new file with: > openssl dhparam -out /path/to/file 2048 > for 2048-bit or: > openssl dhparam -out /path/to/file 1024 > for 1024-bit. > > I could try this. But I would have expected freebsd-upate to > 10.1-RELEASE-p13 to handle this. > > 4. If you have modified your MSP submission configuration > file to enable STARTTLS (not enabled by default), repeat > the above steps for /etc/mail/`hostname`.submit.mc. > > Definitely have not done that (or anything else for that matter). > > 5. Rebuild the .cf file(s): > cd /etc/mail/; make; make install > > I could do that... > > 6. Restart sendmail: > cd /etc/mail/; make restart > > I could do that... > > Thank you, > > Chris > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" I've been dealing with this issue as well. cd /etc/mail/certs openssl dhparam -out dh.param 2048 service sendmail restart
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55884952.8060005>