10.1-RELEASE-p12 broke sendmail. 10.1-RELEASE-p13 didn't fix sendmail.

Chris Stankevitz chrisstankevitz at gmail.com
Mon Jun 22 16:17:26 UTC 2015 

I updated to 10.1-RELEASE-p12 and my outgoing emails stopped working
due to FreeBSD-EN-15:08.sendmail.  I've never installed any ports and
I have as default a setup as one can imagine.  This leads me to
believe that the documentation is wrong or that cosmic rays have
corrupted my system.  I have never touched a sendmail conf file.

"mail root" fails with "dh key too small" in /var/log/maillog, both
after -p12 and -p13.

I tried following the errata to solve my problem, but got stuck at
just about every step:

- freebsd-update

freebsd-update succeeded.  I am now at 10.1-RELEASE-p13.  But I still
have the same problem (sendmail reports DH key too small).  I did not
reboot my machine (and it will be a pain for me to do so).  Perhaps I
should try the workaround?  Perhaps I must reboot.

- workaround

Should I try the workaround?  My preference is to find "root cause"
for why freebsd-update failed to solve my problem.  The workaround
reports many steps, but already at step 1 I am stumped:

        1. Edit /etc/mail/`hostname`.mc

That file doesn't exist.  I have a freebsd.mc though.  I'll use that.

        2. If a setting for confDH_PARAMETERS does not exist or
           exists and is set to a string beginning with '5',
           replace it with '1' for 1024-bit or '2' for 2048-bit.

I have confDH_PARAMETERS defined to CERT_DIR/dh.param.
/etc/mail/certs/dh.param doesn't exist.

        3. If a setting for confDH_PARAMETERS exists and is set to
           a file path, create a new file with:
                openssl dhparam -out /path/to/file 2048
           for 2048-bit or:
                openssl dhparam -out /path/to/file 1024
           for 1024-bit.

I could try this.  But I would have expected freebsd-upate to
10.1-RELEASE-p13 to handle this.

        4. If you have modified your MSP submission configuration
           file to enable STARTTLS (not enabled by default), repeat
           the above steps for /etc/mail/`hostname`.submit.mc.

Definitely have not done that (or anything else for that matter).

        5. Rebuild the .cf file(s):
                cd /etc/mail/; make; make install

I could do that...

        6. Restart sendmail:
                cd /etc/mail/; make restart

I could do that...

Thank you,

Chris

More information about the freebsd-questions mailing list