[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
Peter Olsson
list-freebsd-announce at jyborn.se
Thu Jun 18 18:37:04 UTC 2015
On Thu, Jun 18, 2015 at 08:41:51AM -0700, Gregory Shapiro wrote:
> > I never changed or generated anything in the mail configuration
> > on these servers, they use the default mc/cf files:
> >
> > $ grep DHParam /etc/mail/sendmail.cf
> > # DHParameters (only required if DSA/DH is used)
> > O DHParameters=/etc/mail/certs/dh.param
> >
> > $ ls -l /etc/mail/certs
> > total 12
> > lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem
> > -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem
> > -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert
> > -rw------- 1 root wheel 1704 31 Aug 2014 host.key
>
> I found what is breaking it. This commit made locally to FreeBSD:
>
> Revision 256982
> Modified Wed Oct 23 16:55:20 2013 UTC (19 months, 3 weeks ago) by jmg
> MFC r256773:
> Enable the automatic creation of a certificate (if one does not exists)
> and enable the usage by sendmail if sendmail is enabled.
>
> sets DHParameters to that file but nothing else generates that file.
> We'll have to rev the Errata (and patch) to create that file. In the mean
> time, generating the file will fix the problem:
>
> openssl dhparam -out /etc/mail/certs/dh.param 2048
>
> I'll probably fix this by changing /etc/rc.d/sendmail to do the above.
>
> I'll also look into the sendmail source behavior when the file doesn't
> exist (it should revert to it's defaults).
Thanks for the investigation and explanation. I have now generated
dh.param in both servers and rebooted, and the problem is gone.
Thanks!
Peter Olsson
More information about the freebsd-stable
mailing list