From nobody Wed Feb 07 19:54:04 2024 X-Original-To: freebsd-stable@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TVW5p6cl7z59yVr for ; Wed, 7 Feb 2024 19:54:06 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4TVW5p5MvNz41rP; Wed, 7 Feb 2024 19:54:06 +0000 (UTC) (envelope-from gshapiro@freebsd.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707335646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8fyeZC8ige5/jZLElXl18LKxFH9uF7DZOVjzxPmG9PE=; b=fwvIiJYk1F0rI3mTd3S0K3MQdYtEEqaaWD/GH2emOWf43+zgocJpSpytqFrbCPkCNNXU+3 84C8MLFBiaZLOuGedYevDT2P+3zpGMbtg8LTah3uPxl7fr0AoA/8W5EjsL0z8CjvaXkCde VZNKCF5CRLrsPbqd+88TQR/fZ2uVSYhpJR1KGOzSuDpYQjZb6uWjwHTMyEn8Ua0zihcVYf RGspUOEHPCKt8BbPQEIjmoPWqGk9da9OHJ5JfqLHTul43vtoPvtqyyJHfpMf+hOl8iHeGp Jg9BJGbDPPkV3XsxOMXb4Vr4WjRve//DGlmpenkBhPXInbdPTB51DxO1gnvSjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1707335646; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=8fyeZC8ige5/jZLElXl18LKxFH9uF7DZOVjzxPmG9PE=; b=VoTXY6ldfnVP0TRun37jv1KyGkXSHH4tACE6eGyKBwtMt8jedX61xLCHXlLgfKQ3z38Uds tBZu8F91ecYonDsrFeBosa/ae7GMq45vZhAES9DhjvAShkSMV0ZTL0BSd8MEltM+vXpaNh O5N7DBpmn7UqGut77pYnnw/8wSOyCk2nLubgrnjsPp0aAybSsLHsE0UtHnzSFTq6MQ7HHA KaraZ3YyZg/HyspwIIGFQuQJJfEaUbzD91SPr1CReZf9+v2sMJWXKWGYL/rEAUvS3VWgwu YHe0QetE6nubq+zAh5nyhuGpoPI91SlRsmNKQkEcM1oPWOpDJkgrxx8S1qDogQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1707335646; a=rsa-sha256; cv=none; b=F3pejR/ZaI/H0NgilTbOe4KT88Onzr6kvuJAiR9JTT2REmW//PWOBRiYfAzeRB13Muxvaa P5VpCxWbJIOq7W4o994ExDgY5F5oygIMmZxAcAk6PpUUTISG+bTg5GCy/lcfJeTubMpqav 0zlxy/1brC7guGAwwyfIWQLcicj9RUcGn/5FCjEX8u0oHroS77DD/MT4r0+q+/HBBO2l6B K+7b9kYQMwcb4XbvPWORLlIx3WYweI8BEw+jqMISGyukHAATu2jYcbhIylj0cgypJBxlac phtC+piFXyxYbky9nHLefMPhZfaoEdJYytvBWgSeewG97alo9O2v2ap6iKeZHw== Received: from thornystick.terrier-augmented.ts.net (sizz-lor.gshapiro.net [104.234.4.21]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: gshapiro) by smtp.freebsd.org (Postfix) with ESMTPSA id 4TVW5p2djwz1NCl; Wed, 7 Feb 2024 19:54:06 +0000 (UTC) (envelope-from gshapiro@freebsd.org) Date: Wed, 7 Feb 2024 11:54:04 -0800 From: Gregory Shapiro To: mike tancsa Cc: freebsd-stable@freebsd.org Subject: Re: sendmail 8.18.1 MFC'ed to stable/13 and stable/14 Message-ID: References: List-Id: Production branch of FreeBSD source code List-Archive: https://lists.freebsd.org/archives/freebsd-stable List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: On Wed, Feb 07, 2024 at 02:02:36PM -0500, mike tancsa wrote: > Thanks for the continued sendmail support!   One question, I noticed the new > mc file makes the following changes which refers to a file that does not > normally exist on RELENG_13.  What is the best way to generate that file ? Thanks Mike! That file isn't part of the default configuration for FreeBSD so it must be something you set in your .mc file. The good news is it won't cause any breakage, but here are the docs (op.me) which include how to generate: DHParameters This option applies to the server side only. Possible values are: 5 use precomputed 512 bit prime. 1 generate 1024 bit prime 2 generate 2048 bit prime. i use included precomputed 2048 bit prime (default). none do not use Diffie-Hellman. /path/to/file load prime from file. This is only required if a ciphersuite containing DSA/DH is used. The default is ``i'' which selects a precomputed, fixed 2048 bit prime. If ``5'' is selected, then precomputed, fixed primes are used. Note: this option should not be used (unless necessary for compatibility with old implementations). If ``1'' or ``2'' is selected, then prime values are computed during startup. Note: this operation can take a significant amount of time on a slow machine (several seconds), but it is only done once at startup. If ``none'' is selected, then TLS ciphersuites containing DSA/DH cannot be used. If a file name is specified (which must be an absolute path), then the primes are read from it. It is recommended to generate such a file using a command like this: openssl dhparam -out /etc/mail/dhparams.pem 2048 If the file is not readable or contains unusable data, the default ``i'' is used instead.