Peter Olsson
2015-Jun-18 11:21 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
On Thu, Jun 18, 2015 at 05:53:20AM +0000, FreeBSD Errata Notices wrote:> Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE) > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13) > > V. Solution...> # freebsd-update fetch > # freebsd-update installThis does not seem to solve the problem. I upgraded two of my 10.1-RELEASE-pX servers to 10.1-RELEASE-p12 a couple of days ago, after which all outgoing mail, both for local destinations and for destinations outside the servers, end up stuck in /var/spool/clientmqueue with this in maillog: sendmail[1045]: t5IBAMAB001045: from=pol, size=23, class=0, nrcpts=1, msgid=<201506181110.t5IBAMAB001045 at xxx>, relay=root at localhost sendmail[1045]: STARTTLS=client, error: connect failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 sm-mta[1046]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost [127.0.0.1] sendmail[1045]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. sm-mta[1046]: t5IBAMPQ001046: localhost [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to Daemon0 sendmail[1045]: t5IBAMAB001045: to=www, ctladdr=pol (xxx/xxx), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30023, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake. And I still have the same problem after upgrading to 10.1-RELEASE-p13 and rebooting. Both servers use base sendmail, and I have done nothing (except adding aliases) with the sendmail configuration in them. Not even created `hostname` mc/cf files, so they are using the default cf files. -- Peter Olsson
Royce Williams
2015-Jun-18 12:54 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
On Thu, Jun 18, 2015 at 3:21 AM, Peter Olsson < list-freebsd-announce at jyborn.se> wrote:> On Thu, Jun 18, 2015 at 05:53:20AM +0000, FreeBSD Errata Notices wrote: > > Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE) > > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13) > > > > V. Solution > ... > > # freebsd-update fetch > > # freebsd-update install > > This does not seem to solve the problem. > > I upgraded two of my 10.1-RELEASE-pX servers to > 10.1-RELEASE-p12 a couple of days ago, after which all > outgoing mail, both for local destinations and for > destinations outside the servers, end up stuck in > /var/spool/clientmqueue with this in maillog: > > sendmail[1045]: t5IBAMAB001045: from=pol, size=23, class=0, nrcpts=1, > msgid=<201506181110.t5IBAMAB001045 at xxx>, relay=root at localhost > sendmail[1045]: STARTTLS=client, error: connect failed=-1, reason=dh key > too small, SSL_error=1, errno=0, retry=-1 > sm-mta[1046]: STARTTLS=server, error: accept failed=0, reason=sslv3 alert > handshake failure, SSL_error=1, errno=0, retry=-1, relay=localhost > [127.0.0.1] > sendmail[1045]: ruleset=tls_server, arg1=SOFTWARE, relay=[127.0.0.1], > reject=403 4.7.0 TLS handshake. > sm-mta[1046]: t5IBAMPQ001046: localhost [127.0.0.1] did not issue > MAIL/EXPN/VRFY/ETRN during connection to Daemon0 > sendmail[1045]: t5IBAMAB001045: to=www, ctladdr=pol (xxx/xxx), > delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30023, relay=[127.0.0.1] > [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake. > > And I still have the same problem after upgrading to > 10.1-RELEASE-p13 and rebooting. > > Both servers use base sendmail, and I have done nothing > (except adding aliases) with the sendmail configuration > in them. Not even created `hostname` mc/cf files, so they > are using the default cf files. >Did you (re)generate your dh.params file as noted in the Workaround section? On my systems, I had to do this to support the actual patch (not to perform the workaround). You might have to restart sendmail as well, but I have not tested this. Royce