Peter Olsson
2015-Jun-18 13:22 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
On Thu, Jun 18, 2015 at 04:54:31AM -0800, Royce Williams wrote:> On Thu, Jun 18, 2015 at 3:21 AM, Peter Olsson < > list-freebsd-announce at jyborn.se> wrote: > > > On Thu, Jun 18, 2015 at 05:53:20AM +0000, FreeBSD Errata Notices wrote: > > > Corrected: 2015-06-17 02:39:10 UTC (stable/10, 10.1-STABLE) > > > 2015-06-18 05:36:45 UTC (releng/10.1, 10.1-RELEASE-p13) > > > > > > V. Solution > > ... > > > # freebsd-update fetch > > > # freebsd-update install > > > > This does not seem to solve the problem. > > > > I upgraded two of my 10.1-RELEASE-pX servers to > > 10.1-RELEASE-p12 a couple of days ago, after which all > > outgoing mail, both for local destinations and for > > destinations outside the servers, end up stuck in > > /var/spool/clientmqueue with this in maillog: > > > > And I still have the same problem after upgrading to > > 10.1-RELEASE-p13 and rebooting. > > > > Both servers use base sendmail, and I have done nothing > > (except adding aliases) with the sendmail configuration > > in them. Not even created `hostname` mc/cf files, so they > > are using the default cf files. > > > > Did you (re)generate your dh.params file as noted in the Workaround section?No, because of this text under Solution: " A change to the raise the default for sendmail client connections to 1024-bit DH parameters has been committed. " As I understand it this would remove the need for generating the dh.params file? Hence my thinking that the patch is maybe not 100% correct. Mail from these two servers are not critical for me, so I will wait and see if there is another patch or if in fact I have to generate the dh.params file.> On my systems, I had to do this to support the actual patch (not to perform > the workaround). > > You might have to restart sendmail as well, but I have not tested this.I rebooted the server, didn't help. Peter Olsson
Gregory Shapiro
2015-Jun-18 15:10 UTC
[FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail
> > Did you (re)generate your dh.params file as noted in the Workaround section? > > No, because of this text under Solution: > " > A change to the raise the default for sendmail client connections to > 1024-bit DH parameters has been committed. > " > > As I understand it this would remove the need for generating > the dh.params file?You do not need to regenerate dh.params with the patch unless you have specifically set DHParameters in /etc/mail/sendmail.cf to a lower strength. What is the output of: grep DHParam /etc/mail/sendmail.cf If it is set to a string beginning with '5' or a filename and that file was generated using 512-bit strength, then remove that setting.