[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
gshapiro at gshapiro.net
Thu Jun 18 15:41:55 UTC 2015
> I never changed or generated anything in the mail configuration
> on these servers, they use the default mc/cf files:
> $ grep DHParam /etc/mail/sendmail.cf
> # DHParameters (only required if DSA/DH is used)
> O DHParameters=/etc/mail/certs/dh.param
> $ ls -l /etc/mail/certs
> total 12
> lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem
> -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem
> -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert
> -rw------- 1 root wheel 1704 31 Aug 2014 host.key
I found what is breaking it. This commit made locally to FreeBSD:
Modified Wed Oct 23 16:55:20 2013 UTC (19 months, 3 weeks ago) by jmg
Enable the automatic creation of a certificate (if one does not exists)
and enable the usage by sendmail if sendmail is enabled.
sets DHParameters to that file but nothing else generates that file.
We'll have to rev the Errata (and patch) to create that file. In the mean
time, generating the file will fix the problem:
openssl dhparam -out /etc/mail/certs/dh.param 2048
I'll probably fix this by changing /etc/rc.d/sendmail to do the above.
I'll also look into the sendmail source behavior when the file doesn't
exist (it should revert to it's defaults).
More information about the freebsd-stable