From owner-freebsd-questions@FreeBSD.ORG Mon Jun 22 17:43:53 2015 Return-Path: Delivered-To: freebsd-questions@nevdull.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 6C18E9D5 for ; Mon, 22 Jun 2015 17:43:53 +0000 (UTC) (envelope-from chuck@mantis.biz) Received: from zip.c7hosting.com (zip.c7hosting.com [96.47.41.151]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 81E2DA3C for ; Mon, 22 Jun 2015 17:43:52 +0000 (UTC) (envelope-from chuck@mantis.biz) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=mantis.biz; s=default; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=VFIw18e7PM6InR5BWM/E6OTO1yEcXY0r+EHsXGDxdYg=; b=Tni0X9glsCxYS86JxJS298pKrgfspaLU7MyzrJPD5ykzjysfkQstVy5B8pRo4gwiF8fpdR4Bbjmg5Gh/wF9Yxk7ZCyjv9WzFw5s4HvpbcJszmluCvWjgltCyXvNd4qv8; Received: from toroon4213w-lp130-04-1176445566.dsl.bell.ca ([70.31.34.126]:56524 helo=[192.168.2.13]) by zip.c7hosting.com with esmtpa (Exim 4.85) (envelope-from ) id 1Z75l3-0003h3-3C for freebsd-questions@freebsd.org; Mon, 22 Jun 2015 13:43:45 -0400 Message-ID: <55884952.8060005@mantis.biz> Date: Mon, 22 Jun 2015 13:43:46 -0400 From: "Chuck @ Mantis" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: 10.1-RELEASE-p12 broke sendmail. 10.1-RELEASE-p13 didn't fix sendmail. References: In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - zip.c7hosting.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - mantis.biz X-Get-Message-Sender-Via: zip.c7hosting.com: authenticated_id: chuck@mantis.biz X-Source: X-Source-Args: X-Source-Dir: X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2015 17:43:53 -0000 On 6/22/2015 12:17 PM, Chris Stankevitz wrote: > I updated to 10.1-RELEASE-p12 and my outgoing emails stopped working > due to FreeBSD-EN-15:08.sendmail. I've never installed any ports and > I have as default a setup as one can imagine. This leads me to > believe that the documentation is wrong or that cosmic rays have > corrupted my system. I have never touched a sendmail conf file. > > "mail root" fails with "dh key too small" in /var/log/maillog, both > after -p12 and -p13. > > I tried following the errata to solve my problem, but got stuck at > just about every step: > > - freebsd-update > > freebsd-update succeeded. I am now at 10.1-RELEASE-p13. But I still > have the same problem (sendmail reports DH key too small). I did not > reboot my machine (and it will be a pain for me to do so). Perhaps I > should try the workaround? Perhaps I must reboot. > > - workaround > > Should I try the workaround? My preference is to find "root cause" > for why freebsd-update failed to solve my problem. The workaround > reports many steps, but already at step 1 I am stumped: > > 1. Edit /etc/mail/`hostname`.mc > > That file doesn't exist. I have a freebsd.mc though. I'll use that. > > 2. If a setting for confDH_PARAMETERS does not exist or > exists and is set to a string beginning with '5', > replace it with '1' for 1024-bit or '2' for 2048-bit. > > I have confDH_PARAMETERS defined to CERT_DIR/dh.param. > /etc/mail/certs/dh.param doesn't exist. > > 3. If a setting for confDH_PARAMETERS exists and is set to > a file path, create a new file with: > openssl dhparam -out /path/to/file 2048 > for 2048-bit or: > openssl dhparam -out /path/to/file 1024 > for 1024-bit. > > I could try this. But I would have expected freebsd-upate to > 10.1-RELEASE-p13 to handle this. > > 4. If you have modified your MSP submission configuration > file to enable STARTTLS (not enabled by default), repeat > the above steps for /etc/mail/`hostname`.submit.mc. > > Definitely have not done that (or anything else for that matter). > > 5. Rebuild the .cf file(s): > cd /etc/mail/; make; make install > > I could do that... > > 6. Restart sendmail: > cd /etc/mail/; make restart > > I could do that... > > Thank you, > > Chris > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" I've been dealing with this issue as well. cd /etc/mail/certs openssl dhparam -out dh.param 2048 service sendmail restart