From owner-freebsd-stable@FreeBSD.ORG Sun Jun 14 14:57:20 2015 Return-Path: Delivered-To: freebsd-stable@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id C5E9A867 for ; Sun, 14 Jun 2015 14:57:20 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from fmailhost02.isp.att.net (fmailhost02.isp.att.net [204.127.217.102]) by mx1.freebsd.org (Postfix) with ESMTP id B44ABC3F for ; Sun, 14 Jun 2015 14:57:20 +0000 (UTC) (envelope-from frank_s@bellsouth.net) Received: from ace.nina.org (adsl-74-178-59-239.gnv.bellsouth.net[74.178.59.239]) by isp.att.net (frfwmhc02) with SMTP id <20150614145800H02004pve4e>; Sun, 14 Jun 2015 14:58:00 +0000 X-Originating-IP: [74.178.59.239] Date: Sun, 14 Jun 2015 10:57:13 -0400 (EDT) From: Frank Seltzer X-X-Sender: frank_s@Ace.nina.org To: freebsd-stable@freebsd.org Subject: Sendmail problem after upgrade to r284296 Message-ID: User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 14:57:20 -0000 I didn't get any hits from a mailing list search and there is no mail or sendmail list so I am sending it here because stable is what I'm running. Because of a recent alert I updated both of my FreeBSD computers (both running 10.1-STABLE and built from /etc/src) to r284296 and am having a problem with sendmail. Sendmail is giving me the following error every 30 minutes: Jun 14 09:50:04 Ace sm-mta[10430]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1] If I restart it I get these errors: Jun 14 00:50:04 Ace sm-msp-queue[79406]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 Jun 14 00:50:04 Ace sm-msp-queue[79406]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. I have made no changes to sendmail's configuration and all files in /etc/mail are dated Mar 16 so apparently mergemaster didn't see anything new to install and rebuild. There is no entry in /usr/src/UPDATING about any change in sendmail either. I first noticed this on the second machine on my home network. This machine has an entry in /etc/mail/aliases forwarding root's email to me on the primary. I noticed the day after the upgrade that I didn't get the nightly email from the /etc/periodic/daily/ run or from rkhunter. I checked my main machine and found that I am not getting these emails from it either and am getting the same errors in /var/log/maillog. It can't even email itself. Am I the only one seeing this? Did I get caught between revisions? Thanks, Frank