Here is kind of proof that nothing is changed in mail dir since installation.
root at pyxis-v:~ # ll /etc/mail
total 384
-rw-r--r-- 1 root wheel 6814 Oct 7 2014 Makefile
-rw-r--r-- 1 root wheel 2900 Oct 7 2014 README
-rw-r--r-- 1 root wheel 632 Oct 7 2014 access.sample
-rw-r--r-- 1 root wheel 1691 Oct 7 2014 aliases
-rw-r----- 1 root wheel 131072 Aug 6 2014 aliases.db
drwxr-xr-x 2 root wheel 512 Aug 6 2014 certs/
-rw-r--r-- 1 root wheel 58400 Oct 7 2014 freebsd.cf
-rw-r--r-- 1 root wheel 4537 Oct 7 2014 freebsd.mc
-r--r--r-- 1 root wheel 40741 Oct 7 2014 freebsd.submit.cf
-r--r--r-- 1 root wheel 898 Oct 7 2014 freebsd.submit.mc
-r--r--r-- 1 root wheel 5659 Sep 15 2014 helpfile
-rw-r--r-- 1 root wheel 405 Oct 7 2014 mailer.conf
-rw-r--r-- 1 root wheel 248 Oct 7 2014 mailertable.sample
-rw-r--r-- 1 root wheel 58400 Oct 7 2014 sendmail.cf
-r--r--r-- 1 root wheel 40741 Oct 7 2014 submit.cf
-rw-r--r-- 1 root wheel 574 Oct 7 2014 virtusertable.sample
root at pyxis-v:~ # ll /etc/mail/certs/
total 12
lrwxr-xr-x 1 root wheel 10 Aug 6 2014 6ba511ab.0@ -> cacert.pem
-rw-r--r-- 1 root wheel 1285 Aug 6 2014 cacert.pem
-rw-r--r-- 1 root wheel 1334 Aug 6 2014 host.cert
-rw------- 1 root wheel 1704 Aug 6 2014 host.key
2015-06-18 11:34 GMT+03:00 Pavel Timofeev <timp87 at
gmail.com>:> Good day to everybody! ;)
> My FreeBSD 10.1-RELEASE-p13 amd64 can't send email to localhost
anymore!
>
> I know that openssl has been updated, and it raises the bar of bit
> size of dh parameters.
> I know, there is an update for sendmail to catch up it. But. it didn't
help.
>
> Here is one of my servers.
> I did not touch anything in /etc/mail after installation of my system.
> And of course I didn't create a dh parameters in /etc/mail/certs dir.
>
> root at pyxis-v:~ # freebsd-version
> 10.1-RELEASE-p13
>
> root at pyxis-v:~ # echo test | mail -s 'aa' ptimofeev at ocs.ru
>
> root at pyxis-v:~ # tail -f /var/log/maillog
> Jun 18 11:19:00 pyxis-v sendmail[1122]: t5I8J0F1001122: from=timp,
> size=39, class=0, nrcpts=1,
> msgid=<201506180819.t5I8J0F1001122 at pyxis-v.ocs.ru>,
> relay=root at localhost
> Jun 18 11:19:00 pyxis-v sendmail[1122]: STARTTLS=client, error:
> connect failed=-1, reason=dh key too small, SSL_error=1, errno=0,
> retry=-1
> Jun 18 11:19:00 pyxis-v sm-mta[1123]: STARTTLS=server, error: accept
> failed=0, reason=sslv3 alert handshake failure, SSL_error=1, errno=0,
> retry=-1, relay=localhost [127.0.0.1]
> Jun 18 11:19:00 pyxis-v sendmail[1122]: ruleset=tls_server,
> arg1=SOFTWARE, relay=[127.0.0.1], reject=403 4.7.0 TLS handshake.
> Jun 18 11:19:00 pyxis-v sendmail[1122]: t5I8J0F1001122:
> to=ptimofeev at ocs.ru, ctladdr=timp (1001/1001), delay=00:00:00,
> xdelay=00:00:00, mailer=relay, pri=30039, relay=[127.0.0.1]
> [127.0.0.1], dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake.
> Jun 18 11:19:00 pyxis-v sm-mta[1123]: t5I8J0p5001123: localhost
> [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to
> Daemon0
>
>
> Why it complains about too small dh key?! I don't have them. No
> changes in /etc/mail since installation. What's going on?
>
> So looks like everybody who updated their systems to p-1(2|3) has to
> do some stuff (openssl dhparam -out dh.param 2048).
> IMO, it's really, really bad.
> Am I wrong, misunderstanding or doing something wrong?