Claus Assmann <openbsd+po...@esmtp.org> writes: > FYI (I haven't seen this in ports yet):
Thanks for the heads-up. > If sendmail tried to reuse an SMTP session which had already been > closed by the server, then the connection cache could have invalid > information about the session. One possible consequence was that > STARTTLS was not used even if offered. > The problem can be fixed by either: > - applying the patch (for 8.15.2) available at > ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0 > ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0.sig The diff below applies your patch to the current tarball. Build-tested only as my setup doesn't involve STARTTLS... Tests welcome. Claus, in the future would it be possible to prefix the patch file names with "sendmail-"? It would be a bit safer for us, as we would not have to check for possible collisions with other ports. > - or disabling the connection cache: > define(`confMCI_CACHE_SIZE', `0') > > The problem can be mitigated by setting at least one of these options: > - using a very short timeout: > define(`confMCI_CACHE_TIMEOUT', `5s') > - sorting the queue by hosts: > define(`confQUEUE_SORT_ORDER', `Host') We could patch the m4 bits, but people tend not to regen their .cf often so that would not help much in the end. > Note: This issue is fixed in sendmail snapshot 8.16.0.16 (or newer) > for those who would like to test upcoming releases. Index: Makefile =================================================================== RCS file: /cvs/ports/mail/sendmail/Makefile,v retrieving revision 1.14 diff -u -p -r1.14 Makefile --- Makefile 7 Mar 2016 14:19:46 -0000 1.14 +++ Makefile 9 Mar 2016 21:52:59 -0000 @@ -7,9 +7,11 @@ V= 8.15.2 DISTNAME = sendmail.${V} PKGNAME-main = sendmail-${V} PKGNAME-libmilter = libmilter-${V} -REVISION-main = 0 +REVISION-main = 1 FULLPKGNAME-libmilter = libmilter-${V} FULLPKGPATH-libmilter = mail/sendmail,-libmilter + +PATCHFILES = 8.15.2.mci.p0 SHARED_LIBS = milter 4.0 Index: distinfo =================================================================== RCS file: /cvs/ports/mail/sendmail/distinfo,v retrieving revision 1.3 diff -u -p -r1.3 distinfo --- distinfo 19 Jul 2015 02:25:35 -0000 1.3 +++ distinfo 9 Mar 2016 22:19:18 -0000 @@ -1,2 +1,4 @@ +SHA256 (8.15.2.mci.p0) = nqS15nJXc76HXnORZGpbj2ssLfuSRqbjR2OvR/tN5uA= SHA256 (sendmail.8.15.2.tar.gz) = JPlLX9dnBfFYl6eJMqXyQ5oysaL9w1dpuxpfXZtNtDk= +SIZE (8.15.2.mci.p0) = 6712 SIZE (sendmail.8.15.2.tar.gz) = 2207417 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE