On Thu, Jun 18, 2015 at 08:41:51AM -0700, Gregory Shapiro wrote: > > I never changed or generated anything in the mail configuration > > on these servers, they use the default mc/cf files: > > > > $ grep DHParam /etc/mail/sendmail.cf > > # DHParameters (only required if DSA/DH is used) > > O DHParameters=/etc/mail/certs/dh.param > > > > $ ls -l /etc/mail/certs > > total 12 > > lrwxr-xr-x 1 root wheel 10 31 Aug 2014 4bc0b037.0 -> cacert.pem > > -rw-r--r-- 1 root wheel 1326 31 Aug 2014 cacert.pem > > -rw-r--r-- 1 root wheel 1375 31 Aug 2014 host.cert > > -rw------- 1 root wheel 1704 31 Aug 2014 host.key > > I found what is breaking it. This commit made locally to FreeBSD: > > Revision 256982 > Modified Wed Oct 23 16:55:20 2013 UTC (19 months, 3 weeks ago) by jmg > MFC r256773: > Enable the automatic creation of a certificate (if one does not exists) > and enable the usage by sendmail if sendmail is enabled. > > sets DHParameters to that file but nothing else generates that file. > We'll have to rev the Errata (and patch) to create that file. In the mean > time, generating the file will fix the problem: > > openssl dhparam -out /etc/mail/certs/dh.param 2048 > > I'll probably fix this by changing /etc/rc.d/sendmail to do the above. > > I'll also look into the sendmail source behavior when the file doesn't > exist (it should revert to it's defaults).
Thanks for the investigation and explanation. I have now generated dh.param in both servers and rebooted, and the problem is gone. Thanks! Peter Olsson _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
