Re: Last openssl update brakes localhost email sending

> All of my 10.1-RELEASE-p13 systems are affected, some 20 boxes. Sendmail > is used only for sending daily and security run outputs, but I am > starting to feel unconfortable as it will soon be two weeks since I > received them. > > All those systems are without source code on them, and it is qui

Re: Last openssl update brakes localhost email sending

> I'm curious... Why is localhost delivery encrypted by default in the first > place? sendmail, when acting as a client, employs opportunistic encryption by default. Local mail submission done via command line uses the MSP configuration /etc/mail/submit.cf to send the mail. That submit.cf is

Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail

> I'll post a patch here by tomorrow for those willing to assist in testing. As promised, there are two patches attached to this email, only one of which is needed (see below). This fixes the case where the DHParameters option is set to a file which doesn't exist, which is the case on newer ver

Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail

> I'll probably fix this by changing /etc/rc.d/sendmail to do the above. > > I'll also look into the sendmail source behavior when the file doesn't > exist (it should revert to it's defaults). As a quick update, the sendmail open source team have completed a set of changes to address these issue

Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail

> I never changed or generated anything in the mail configuration > on these servers, they use the default mc/cf files: > > $ grep DHParam /etc/mail/sendmail.cf > # DHParameters (only required if DSA/DH is used) > O DHParameters=/etc/mail/certs/dh.param > > $ ls -l /etc/mail/certs > total 12 > lr

Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-15:08.sendmail

> > Did you (re)generate your dh.params file as noted in the Workaround section? > > No, because of this text under Solution: > " > A change to the raise the default for sendmail client connections to > 1024-bit DH parameters has been committed. > " > > As I understand it this would remove the ne

Re: Last openssl update brakes localhost email sending

> We ran into this as well. There are notes in UPDATING now that have the > instructions on what changes need to be done to the locale .mc file. Even better than UPDATING: https://security.FreeBSD.org/advisories/FreeBSD-EN-15:08.sendmail.asc ___ free

Re: Sendmail problem after upgrade to r284296

n Sun, 14 Jun 2015, Gregory Shapiro wrote: > > >>I created it per your instructions. See above about it not existing > >>previously. > > > >Oh, sorry for the confusion. Seems an emergency patch is in order to change > >the default. > > > >W

Re: Sendmail problem after upgrade to r284296

On Sun, Jun 14, 2015 at 08:23:33PM -0700, Gregory Shapiro wrote: > > I created it per your instructions. See above about it not existing > > previously. > > Oh, sorry for the confusion. Seems an emergency patch is in order to change > the default. For now, I

Re: Sendmail problem after upgrade to r284296

> I created it per your instructions. See above about it not existing > previously. Oh, sorry for the confusion. Seems an emergency patch is in order to change the default. Would you be willing to test this patch (apply, build, install, remove dh.params file, and restart)? The patch changes

Re: Sendmail problem after upgrade to r284296

> After the update I got your email and followed your instructions, except for > moving dh.param because it didn't exist, and sendmail is happy now. Happy to hear sendmail is happy. > I checked and there is still no mention of this in /usr/src/UPDATING so my > question is, when and how is dh.para

Re: Sendmail problem after upgrade to r284296

> # DHParameters (only required if DSA/DH is used) > O DHParameters=/etc/mail/certs/dh.param > > # DHParameters (only required if DSA/DH is used) > O DHParameters=/etc/mail/certs/dh.param > > Again, default values, no changes to the installed files made. Try recreating those -- I'm not exactly s

Re: Sendmail problem after upgrade to r284296

> Jun 14 00:50:04 Ace sm-msp-queue[79406]: STARTTLS=client, error: connect > failed=-1, reason=dh key too small, SSL_error=1, errno=0, retry=-1 > Jun 14 00:50:04 Ace sm-msp-queue[79406]: ruleset=tls_server, arg1=SOFTWARE, > relay=[127.0.0.1], reject=403 4.7.0 TLS handshake. The new OpenSSL elimi

Re: Sendmail-8.14.7 doesn't work with MS DNS in IPv4 network

ne SM_IPNODEBYNAME_FLAGS AI_ADDRCONFIG > > -# endif /* SM_IPNODEBYNAME_FLAGS */ > > - > > - int flags = SM_IPNODEBYNAME_FLAGS; > > + int flags = AI_DEFAULT|AI_ALL; > > int err; > > # endif /* NETINET6 */ > > char *maptype[MAXMAPSTACK];

Re: Sendmail-8.14.7 doesn't work with MS DNS in IPv4 network

> I found a problem in new FreeBSD 9.2-{BETA2,RC1} which uses Sendmail-8.14.7. > If you try to send email from FreeBSD 9.2 in IPv4 network with MS DNS > you won't receive it. > But in same time email passes from FreeBSD 9.1-RELEASE which uses > Sendmail-8.14.5. The recent release made the followin

Re: sendmail vs ipv6 broken after upgrade to 9.1

> How can I unstupid sendmail here? I don't think sendmail is being stupid here as it is doing what it has been doing under 8.x and 9.1 (the code is the same). I think something changed with the upgrade to 9.1. As far as tracking it down, the sendmail code does: getipnodebyname("acme.spoerlei

Re: sleep(3) sometimes too sleepy on FreeBSD 8.0?

> After checking with jhb@ re appropriate value of __FreeBSD_version for > the test, I have submitted a build configuration patch to the sendmail > folks so that a sendmail build on FreeBSD >= 30 will use > nanosleep(). The patch has been accepted by sendmail and is attached > for reference.

Re: building system's libmilter with poll() support?

> What's the procedure to configure buildworld to get sendmail to build > libmilter using poll() instead of select()? Add this to /etc/make.conf: SENDMAIL_CFLAGS+=-D_FFR_WORKERS_POOL And then rebuild/reinstall libmilter: cd /usr/src/lib/libmilter/ make clean make depend make make install Note

Re: building system's libmilter with poll() support?

>> SENDMAIL_CFLAGS+=-D_FFR_WORKERS_POOL > > Do I want this one or just -DSM_CONF_POLL ? It would probably be safest to just use -DSM_CONF_POLL as that has had more testing and will get by the select() limits on fd_set. ___ freebsd-stable@freebsd.org mail

HEADS UP: No longer need to recompile milters when upgrading

The libmilter ABI breakage which required recompiling mail filters (milters) has been fixed in the RELENG_[456] branches. It is no longer necessary to recompile mail filters compiled against an older libmilter.so shared library. Additionally, if you did recompile them already, you do not need to

Re: HEADS UP: Recompile milters after sendmail 8.14 upgrade

> For those of us with RELENG_[456] servers do we just need to buildworld and > installworld? Yes, after the new code is committed (I'll post at that time). ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-

Re: HEADS UP: Recompile milters after sendmail 8.14 upgrade

> Unfortunately, this problem (the need to recompile filters) was found > after the MFC. The release engineering team has asked for this notice > instead of doing a full backout of sendmail 8.14 in the RELENG_[456] > branches. Note that I have some new code, currently under review, that eliminate

HEADS UP: Recompile milters after sendmail 8.14 upgrade

sendmail has been updated from version 8.13.8 to 8.14.1 in the HEAD and RELENG_[456] branches. This upgrade includes a new libmilter library which requires all dynamically linked milters to be recompiled (no source code changes are required). Unfortunately, this problem (the need to recompile fil

Re: sendmail updated -- milters unhappy

> Shouldn't there be a tiny little note in /usr/src/UPDATING just to > mention that sendmail was updated to 8.14.1 in RELENG_6 and that > consequently anyone running any milters out of ports[1] should > recompile all of them? > > [1] assuming SENDMAIL_MILTER_IN_BASE Yes, thanks for bringing i

Re: named rc.d

> Apologies if posted to wrong list, the rc.d script for named chowns > /etc/namedb to root:wheel if set to bind:bind why is this? A slave > named server running as bind user cannot download new slave zones if > dir ownership is root or update it if file ownerships are root which I > sometimes see