From nobody Thu Feb 8 10:06:54 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TVt210l3gz59Q9l for ; Thu, 8 Feb 2024 10:07:05 +0000 (UTC) (envelope-from SRS0=98Ky=JR=quip.cz=000.fbsd@elsa.codelab.cz) Received: from elsa.codelab.cz (elsa.codelab.cz [94.124.105.4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4TVt203syMz4gHY; Thu, 8 Feb 2024 10:07:04 +0000 (UTC) (envelope-from SRS0=98Ky=JR=quip.cz=000.fbsd@elsa.codelab.cz) Authentication-Results: mx1.freebsd.org; none Received: from elsa.codelab.cz (localhost [127.0.0.1]) by elsa.codelab.cz (Postfix) with ESMTP id 95896D78A4; Thu, 8 Feb 2024 11:06:56 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1707386816; bh=96GP/Ddaho9dkNvg6Z2Rd1VimRc5MRfBdaOVcqpHWMo=; h=Date:Subject:To:References:From:In-Reply-To; b=Mx8Qqq1D2nvnfARX/7b1wFepanvCNXzNoNKFaPol8UMQGIzWBBam4hoOr+vN0Fu7C u3IUZrn4vuPV9bvlLC8ZEJD6P/6INNs5Qt4amTkcme3qdyuaUjqtatrhcPpU/DLPxd bSqvmuf5cuXYwoBARwYpJ/+Fj3Meaw9+Pnki3F7M= Received: from [192.168.145.49] (ip-89-177-27-225.bb.vodafone.cz [89.177.27.225]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by elsa.codelab.cz (Postfix) with ESMTPSA id 51754D78A8; Thu, 8 Feb 2024 11:06:55 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quip.cz; s=private; t=1707386815; bh=96GP/Ddaho9dkNvg6Z2Rd1VimRc5MRfBdaOVcqpHWMo=; h=Date:Subject:To:References:From:In-Reply-To; b=wza/AEnOHZRWHfDSxxxNTpoIAPqxXh+ua7rFEYE9HGQqDq+27aNCevSfD2pWK+mvj 9TjZugFQka2iiXnsA0/eV618g8DL/BKvgaRWl3c+kIgY6E/2kwqvlbQ+S5pYHYySjT 57DvK29igHGg86oUjLELp2U9AUyDU4hg94mSebzI= Message-ID: Date: Thu, 8 Feb 2024 11:06:54 +0100 List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: sendmail 8.18.1 MFC'ed to stable/13 and stable/14 To: mike tancsa , Gregory Shapiro , freebsd-stable@freebsd.org References: Content-Language: en-US From: Miroslav Lachman <000.fbsd@quip.cz> In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 4TVt203syMz4gHY X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:42000, ipnet:94.124.104.0/21, country:CZ] On 07/02/2024 20:02, mike tancsa wrote: > Thanks for the continued sendmail support!   One question, I noticed the > new mc file makes the following changes which refers to a file that does > not normally exist on RELENG_13.  What is the best way to generate that > file ? [..] > @@ -606,7 +607,7 @@ >  # Directory containing hashes pointing to certificate revocation > status files >  #O CRLPath >  # DHParameters (only required if DSA/DH is used) > -#O DHParameters > +O DHParameters=/etc/mail/certs/dh.param Almost any network daemon today can use DHParams files, but each have it's own location and some of them provide the script to re-generate it periodically. There was a PR about it for ProFTPD few years ago: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208953 As a quick POC, I've provided a simple dhparams_gen.sh script. https://bugs.freebsd.org/bugzilla/attachment.cgi?id=247526&action=edit I thing something like this can be included in the base and all services from ports and base should be configured to use the same dhparams.pem file easily managed from cron, or manually by one simple command. The submitted script generates DH params from 1024 to 8192. From what I read on the net, 1024 and 1536 should not be used and from my experience generating anything above 4096 takes too much time (the script runs for hours on a not so modern machine) so I created another version of the dhparams_gen.sh where user can specify what sizes will be generated by defining the range, for example "2048 4096" will generate only 2048 3072 4096 sizes. It is very simple scripting and as nobody reacted to the PR I didn't post the newer version. I can send it to you I you want. Kind regards Miroslav Lachman