[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
Royce Williams
royce at tycho.org
Thu Jun 18 12:54:53 UTC 2015
On Thu, Jun 18, 2015 at 3:21 AM, Peter Olsson <
list-freebsd-announce at jyborn.se> wrote:
> On Thu, Jun 18, 2015 at 05:53:20AM +0000, FreeBSD Errata Notices wrote:
> > Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE)
> > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13)
> >
> > V. Solution
> ...
> > # freebsd-update fetch
> > # freebsd-update install
>
> This does not seem to solve the problem.
>
> I upgraded two of my 10.1-RELEASE-pX servers to
> 10.1-RELEASE-p12 a couple of days ago, after which all
> outgoing mail, both for local destinations and for
> destinations outside the servers, end up stuck in
> /var/spool/clientmqueue with this in maillog:
>
> sendmail[1045]: t5IBAMAB001045: from=pol, size=23, class=0, nrcpts=1,
> msgid=<201506181110.t5IBAMAB001045 at xxx>, relay=root at localhost
> sendmail[1045]: STARTTLS=client, error: connect failed=-1, reason=dh key
> too small, SSL_error=1, errno=0, retry=-1
> sm-mta[1046]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert
> handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost
> [127.0.0.1]
> sendmail[1045]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1],
> reject=403 4.7.0 TLS handshake.
> sm-mta[1046]: t5IBAMPQ001046: localhost [127.0.0.1] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to Daemon0
> sendmail[1045]: t5IBAMAB001045: to=www, ctladdr=pol (xxx/xxx),
> delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30023, relay=[127.0.0.1]
> [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake.
>
> And I still have the same problem after upgrading to
> 10.1-RELEASE-p13 and rebooting.
>
> Both servers use base sendmail, and I have done nothing
> (except adding aliases) with the sendmail configuration
> in them. Not even created `hostname` mc/cf files, so they
> are using the default cf files.
>
Did you (re)generate your dh.params file as noted in the Workaround section?
On my systems, I had to do this to support the actual patch (not to perform
the workaround).
You might have to restart sendmail as well, but I have not tested this.
Royce
More information about the freebsd-stable
mailing list