Date: Mon, 22 Jun 2015 09:17:23 -0700 From: Chris Stankevitz <chrisstankevitz@gmail.com> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: 10.1-RELEASE-p12 broke sendmail. 10.1-RELEASE-p13 didn't fix sendmail. Message-ID: <CAPi0pssr54hRtvaQ9G=XNm5OUMO6pwaMmLRMR_vBSJx4qJS5qg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I updated to 10.1-RELEASE-p12 and my outgoing emails stopped working
due to FreeBSD-EN-15:08.sendmail. I've never installed any ports and
I have as default a setup as one can imagine. This leads me to
believe that the documentation is wrong or that cosmic rays have
corrupted my system. I have never touched a sendmail conf file.
"mail root" fails with "dh key too small" in /var/log/maillog, both
after -p12 and -p13.
I tried following the errata to solve my problem, but got stuck at
just about every step:
- freebsd-update
freebsd-update succeeded. I am now at 10.1-RELEASE-p13. But I still
have the same problem (sendmail reports DH key too small). I did not
reboot my machine (and it will be a pain for me to do so). Perhaps I
should try the workaround? Perhaps I must reboot.
- workaround
Should I try the workaround? My preference is to find "root cause"
for why freebsd-update failed to solve my problem. The workaround
reports many steps, but already at step 1 I am stumped:
1. Edit /etc/mail/`hostname`.mc
That file doesn't exist. I have a freebsd.mc though. I'll use that.
2. If a setting for confDH_PARAMETERS does not exist or
exists and is set to a string beginning with '5',
replace it with '1' for 1024-bit or '2' for 2048-bit.
I have confDH_PARAMETERS defined to CERT_DIR/dh.param.
/etc/mail/certs/dh.param doesn't exist.
3. If a setting for confDH_PARAMETERS exists and is set to
a file path, create a new file with:
openssl dhparam -out /path/to/file 2048
for 2048-bit or:
openssl dhparam -out /path/to/file 1024
for 1024-bit.
I could try this. But I would have expected freebsd-upate to
10.1-RELEASE-p13 to handle this.
4. If you have modified your MSP submission configuration
file to enable STARTTLS (not enabled by default), repeat
the above steps for /etc/mail/`hostname`.submit.mc.
Definitely have not done that (or anything else for that matter).
5. Rebuild the .cf file(s):
cd /etc/mail/; make; make install
I could do that...
6. Restart sendmail:
cd /etc/mail/; make restart
I could do that...
Thank you,
Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPi0pssr54hRtvaQ9G=XNm5OUMO6pwaMmLRMR_vBSJx4qJS5qg>