Date: Thu, 18 Jun 2015 08:41:51 -0700 From: Gregory Shapiro <gshapiro@gshapiro.net> To: Peter Olsson <list-freebsd-announce@jyborn.se> Cc: FreeBSD Errata Notices <errata-notices@freebsd.org>, freebsd-stable <freebsd-stable@freebsd.org> Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail Message-ID: <20150618154115.GA68153@C02N93Y5G3QT.corp.proofpoint.com> In-Reply-To: <20150618151608.GB3755@pol-server.leissner.se> References: <201506180553.t5I5rKlO059969@freefall.freebsd.org> <20150618112132.GD7234@pol-server.leissner.se> <CA%2BE3k91zj4Tt5BQKNbE5dn1FvykCbn=E1xhFjrkU18jMnL6DCw@mail.gmail.com> <20150618132211.GO7234@pol-server.leissner.se> <20150618151032.GB42082@minime.local> <20150618151608.GB3755@pol-server.leissner.se>
next in thread | previous in thread | raw e-mail | index | archive | help
> I never changed or generated anything in the mail configuration > on these servers, they use the default mc/cf files: > > $ grep DHParam /etc/mail/sendmail.cf > # DHParameters (only required if DSA/DH is used) > O DHParameters=/etc/mail/certs/dh.param > > $ ls -l /etc/mail/certs > total 12 > lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem > -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem > -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert > -rw------- 1 root wheel 1704 31 Aug 2014 host.key I found what is breaking it. This commit made locally to FreeBSD: Revision 256982 Modified Wed Oct 23 16:55:20 2013 UTC (19 months, 3 weeks ago) by jmg MFC r256773: Enable the automatic creation of a certificate (if one does not exists) and enable the usage by sendmail if sendmail is enabled. sets DHParameters to that file but nothing else generates that file. We'll have to rev the Errata (and patch) to create that file. In the mean time, generating the file will fix the problem: openssl dhparam -out /etc/mail/certs/dh.param 2048 I'll probably fix this by changing /etc/rc.d/sendmail to do the above. I'll also look into the sendmail source behavior when the file doesn't exist (it should revert to it's defaults).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150618154115.GA68153>