[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
Peter Olsson
list-freebsd-announce at jyborn.se
Thu Jun 18 15:16:14 UTC 2015
On Thu, Jun 18, 2015 at 08:10:33AM -0700, Gregory Shapiro wrote:
> > > Did you (re)generate your dh.params file as noted in the Workaround section?
> >
> > No, because of this text under Solution:
> > "
> > A change to the raise the default for sendmail client connections to
> > 1024-bit DH parameters has been committed.
> > "
> >
> > As I understand it this would remove the need for generating
> > the dh.params file?
>
> You do not need to regenerate dh.params with the patch unless you have
> specifically set DHParameters in /etc/mail/sendmail.cf to a lower
> strength. What is the output of:
>
> grep DHParam /etc/mail/sendmail.cf
>
> If it is set to a string beginning with '5' or a filename and that
> file was generated using 512-bit strength, then remove that setting.
I never changed or generated anything in the mail configuration
on these servers, they use the default mc/cf files:
$ grep DHParam /etc/mail/sendmail.cf
# DHParameters (only required if DSA/DH is used)
O DHParameters=/etc/mail/certs/dh.param
$ ls -l /etc/mail/certs
total 12
lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem
-rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem
-rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert
-rw------- 1 root wheel 1704 31 Aug 2014 host.key
Peter Olsson
More information about the freebsd-stable
mailing list