[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail

Gregory Shapiro gshapiro at gshapiro.net
Thu Jun 18 15:41:55 UTC 2015

> I never changed or generated anything in the mail configuration
> on these servers, they use the default mc/cf files:
> $ grep DHParam /etc/mail/sendmail.cf
> # DHParameters (only required if DSA/DH is used)
> O DHParameters=/etc/mail/certs/dh.param
> $ ls -l /etc/mail/certs
> total 12
> lrwxr-xr-x  1 root  wheel    10 31 Aug  2014 4bc0b037.0 -> cacert.pem
> -rw-r--r--  1 root  wheel  1326 31 Aug  2014 cacert.pem
> -rw-r--r--  1 root  wheel  1375 31 Aug  2014 host.cert
> -rw-------  1 root  wheel  1704 31 Aug  2014 host.key

I found what is breaking it.  This commit made locally to FreeBSD:

  Revision 256982 
  Modified Wed Oct 23 16:55:20 2013 UTC (19 months, 3 weeks ago) by jmg 
  MFC r256773:
  Enable the automatic creation of a certificate (if one does not exists)
  and enable the usage by sendmail if sendmail is enabled.

sets DHParameters to that file but nothing else generates that file.
We'll have to rev the Errata (and patch) to create that file.  In the mean
time, generating the file will fix the problem:

openssl dhparam -out /etc/mail/certs/dh.param 2048

I'll probably fix this by changing /etc/rc.d/sendmail to do the above.

I'll also look into the sendmail source behavior when the file doesn't
exist (it should revert to it's defaults).

More information about the freebsd-stable mailing list