10.1-RELEASE-p12 broke sendmail. 10.1-RELEASE-p13 didn't fix sendmail.
Chuck @ Mantis
chuck at mantis.biz
Mon Jun 22 17:43:53 UTC 2015
On 6/22/2015 12:17 PM, Chris Stankevitz wrote:
> I updated to 10.1-RELEASE-p12 and my outgoing emails stopped working
> due to FreeBSD-EN-15:08.sendmail. I've never installed any ports and
> I have as default a setup as one can imagine. This leads me to
> believe that the documentation is wrong or that cosmic rays have
> corrupted my system. I have never touched a sendmail conf file.
> "mail root" fails with "dh key too small" in /var/log/maillog, both
> after -p12 and -p13.
> I tried following the errata to solve my problem, but got stuck at
> just about every step:
> - freebsd-update
> freebsd-update succeeded. I am now at 10.1-RELEASE-p13. But I still
> have the same problem (sendmail reports DH key too small). I did not
> reboot my machine (and it will be a pain for me to do so). Perhaps I
> should try the workaround? Perhaps I must reboot.
> - workaround
> Should I try the workaround? My preference is to find "root cause"
> for why freebsd-update failed to solve my problem. The workaround
> reports many steps, but already at step 1 I am stumped:
> 1. Edit /etc/mail/`hostname`.mc
> That file doesn't exist. I have a freebsd.mc though. I'll use that.
> 2. If a setting for confDH_PARAMETERS does not exist or
> exists and is set to a string beginning with '5',
> replace it with '1' for 1024-bit or '2' for 2048-bit.
> I have confDH_PARAMETERS defined to CERT_DIR/dh.param.
> /etc/mail/certs/dh.param doesn't exist.
> 3. If a setting for confDH_PARAMETERS exists and is set to
> a file path, create a new file with:
> openssl dhparam -out /path/to/file 2048
> for 2048-bit or:
> openssl dhparam -out /path/to/file 1024
> for 1024-bit.
> I could try this. But I would have expected freebsd-upate to
> 10.1-RELEASE-p13 to handle this.
> 4. If you have modified your MSP submission configuration
> file to enable STARTTLS (not enabled by default), repeat
> the above steps for /etc/mail/`hostname`.submit.mc.
> Definitely have not done that (or anything else for that matter).
> 5. Rebuild the .cf file(s):
> cd /etc/mail/; make; make install
> I could do that...
> 6. Restart sendmail:
> cd /etc/mail/; make restart
> I could do that...
> Thank you,
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
I've been dealing with this issue as well.
openssl dhparam -out dh.param 2048
service sendmail restart
More information about the freebsd-questions