From owner-freebsd-questions@FreeBSD.ORG Mon Jun 22 16:17:25 2015 Return-Path: Delivered-To: freebsd-questions@nevdull.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E9A6142A for ; Mon, 22 Jun 2015 16:17:25 +0000 (UTC) (envelope-from chrisstankevitz@gmail.com) Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 728857AA for ; Mon, 22 Jun 2015 16:17:25 +0000 (UTC) (envelope-from chrisstankevitz@gmail.com) Received: by lacny3 with SMTP id ny3so113012155lac.3 for ; Mon, 22 Jun 2015 09:17:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=YA3hMHUHYTuPIc/VS9Xq0eP2pMqLxS8rtRiBFfBZaEI=; b=EUhazTyKBPJKXLLPi8yN1tU3ybEdy48J4m1D1xB65IquZwyhXtSMbtErB03IJzLyHH eI0d27+j+wgQzpbqBVhSNmRZSeOJj7E20dsilBGvzdj6fD5iu2EkftHA2kV3CelbutWv wbteVHp5yw5f0061SMlH3OEhMYbs2rXnIRei5wR3JdaHqu1LY/FtGElXBtp7XCnNqOTC yV4xAqIXkr56C0n/ucNvMzVZf9FzsIMF65R+0Jbv5WE30+WX2aLDftzn9GUMNOqbcQc2 lObqB7clWif5lVYn98MtJlzNvN+vxfigJinQr3zM1tPPKpnQj942Aa42NgmcEcAySIiT SS7A== MIME-Version: 1.0 X-Received: by 10.153.8.171 with SMTP id dl11mr4576294lad.77.1434989843525; Mon, 22 Jun 2015 09:17:23 -0700 (PDT) Received: by 10.25.42.146 with HTTP; Mon, 22 Jun 2015 09:17:23 -0700 (PDT) Date: Mon, 22 Jun 2015 09:17:23 -0700 Message-ID: Subject: 10.1-RELEASE-p12 broke sendmail. 10.1-RELEASE-p13 didn't fix sendmail. From: Chris Stankevitz To: freebsd-questions Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Jun 2015 16:17:26 -0000 I updated to 10.1-RELEASE-p12 and my outgoing emails stopped working due to FreeBSD-EN-15:08.sendmail. I've never installed any ports and I have as default a setup as one can imagine. This leads me to believe that the documentation is wrong or that cosmic rays have corrupted my system. I have never touched a sendmail conf file. "mail root" fails with "dh key too small" in /var/log/maillog, both after -p12 and -p13. I tried following the errata to solve my problem, but got stuck at just about every step: - freebsd-update freebsd-update succeeded. I am now at 10.1-RELEASE-p13. But I still have the same problem (sendmail reports DH key too small). I did not reboot my machine (and it will be a pain for me to do so). Perhaps I should try the workaround? Perhaps I must reboot. - workaround Should I try the workaround? My preference is to find "root cause" for why freebsd-update failed to solve my problem. The workaround reports many steps, but already at step 1 I am stumped: 1. Edit /etc/mail/`hostname`.mc That file doesn't exist. I have a freebsd.mc though. I'll use that. 2. If a setting for confDH_PARAMETERS does not exist or exists and is set to a string beginning with '5', replace it with '1' for 1024-bit or '2' for 2048-bit. I have confDH_PARAMETERS defined to CERT_DIR/dh.param. /etc/mail/certs/dh.param doesn't exist. 3. If a setting for confDH_PARAMETERS exists and is set to a file path, create a new file with: openssl dhparam -out /path/to/file 2048 for 2048-bit or: openssl dhparam -out /path/to/file 1024 for 1024-bit. I could try this. But I would have expected freebsd-upate to 10.1-RELEASE-p13 to handle this. 4. If you have modified your MSP submission configuration file to enable STARTTLS (not enabled by default), repeat the above steps for /etc/mail/`hostname`.submit.mc. Definitely have not done that (or anything else for that matter). 5. Rebuild the .cf file(s): cd /etc/mail/; make; make install I could do that... 6. Restart sendmail: cd /etc/mail/; make restart I could do that... Thank you, Chris