Since updating to sendmail+tls+sasl2-8.15.2_8, sendmail now crashes with signal 11 (segfault) on attempts to deliver mail. Reverting to the sendmail+tls+sasl2-8.15.2_6 package from the quarterly branch fixes it, so one of the last two commits has broken it.
I have the same problem too. sendmail+tls+sasl2-8.15.2_7 works fine, but sendmail+tls+sasl2-8.15.2_8 crashes when remote server use SSL to relay mail. Sending mail without SSL still works fine. The difference between packages is: r463590 | dinoex | 2018-03-04 17:45:26 +0000 (Sun, 04 Mar 2018) | 2 lines - fix build with openssl 1.1 and libressl
Me too. :/ I confirm that sendmail+tls+sasl2-8.15.2_7 still works fine on 11.1-RELEASE-p7.
I am unable to reproduce the problem yet. with my setup on FreebSD 11.1 amd64, sendmail+tls+sasl2-8.15.2_8 and openssl-1.0.2n,1 I send and receive mails via TLS. Also a clean build on FreebSD 11.1 amd64, with ssl from base. Allows me to deliver a mail with STARTTLS handshake successful. Also the package from the FreebSD 11.1 amd64 latest repo, using ssl from base. Allows me to deliver a mail with STARTTLS handshake successful. What Version of FreeBSD are you using? What Arch are you using ? What version of SSL is installed ? Your LDD output should look like this: $ ldd /usr/local/sbin/sendmail /usr/local/sbin/sendmail: libwrap.so.6 => /usr/lib/libwrap.so.6 (0x8008d5000) libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x800ade000) libblacklist.so.0 => /usr/lib/libblacklist.so.0 (0x800cfa000) libssl.so.8 => /usr/lib/libssl.so.8 (0x800efd000) libcrypto.so.8 => /lib/libcrypto.so.8 (0x801200000) libutil.so.9 => /lib/libutil.so.9 (0x801669000) libc.so.7 => /lib/libc.so.7 (0x80187d000) libthr.so.3 => /lib/libthr.so.3 (0x801c35000)
> What Version of FreeBSD are you using? 11.1-RELEASE-p7 > What Arch are you using ? amd64, in a Xen VM. Sendmail is in a jail, with very little to interfere. > What version of SSL is installed ? The version from the base system, no OpenSSL or LibreSSL packages. > Your LDD output should look like this: It does appear to: /usr/local/sbin/sendmail: libwrap.so.6 => /usr/lib/libwrap.so.6 (0x8008d4000) libsasl2.so.3 => /usr/local/lib/libsasl2.so.3 (0x800add000) libblacklist.so.0 => /usr/lib/libblacklist.so.0 (0x800cf9000) libssl.so.8 => /usr/lib/libssl.so.8 (0x800efc000) libcrypto.so.8 => /lib/libcrypto.so.8 (0x801200000) libutil.so.9 => /lib/libutil.so.9 (0x801669000) libc.so.7 => /lib/libc.so.7 (0x80187d000) libthr.so.3 => /lib/libthr.so.3 (0x801c35000) My dmesg; however, is filled with: pid 2965 (sendmail), uid 0: exited on signal 11 pid 2974 (sendmail), uid 0: exited on signal 11 pid 2975 (sendmail), uid 0: exited on signal 11 pid 2985 (sendmail), uid 0: exited on signal 11 pid 2992 (sendmail), uid 0: exited on signal 11 pid 3005 (sendmail), uid 0: exited on signal 11 pid 3006 (sendmail), uid 0: exited on signal 11 pid 3007 (sendmail), uid 0: exited on signal 11 pid 3008 (sendmail), uid 0: exited on signal 11 pid 3112 (sendmail), uid 0: exited on signal 11 pid 3148 (sendmail), uid 0: exited on signal 11 pid 3149 (sendmail), uid 0: exited on signal 11 pid 3150 (sendmail), uid 0: exited on signal 11 pid 3151 (sendmail), uid 0: exited on signal 11 pid 3152 (sendmail), uid 0: exited on signal 11 pid 3199 (sendmail), uid 0: exited on signal 11 pid 3200 (sendmail), uid 0: exited on signal 11 pid 3205 (sendmail), uid 0: exited on signal 11 pid 3208 (sendmail), uid 0: exited on signal 11 pid 3209 (sendmail), uid 0: exited on signal 11 pid 3210 (sendmail), uid 0: exited on signal 11 pid 3215 (sendmail), uid 0: exited on signal 11 pid 3216 (sendmail), uid 0: exited on signal 11 pid 3219 (sendmail), uid 0: exited on signal 11 pid 3220 (sendmail), uid 0: exited on signal 11 pid 3221 (sendmail), uid 0: exited on signal 11 pid 3458 (sendmail), uid 0: exited on signal 11 pid 3459 (sendmail), uid 0: exited on signal 11 pid 3495 (sendmail), uid 0: exited on signal 11 pid 3496 (sendmail), uid 0: exited on signal 11 pid 3523 (sendmail), uid 0: exited on signal 11 pid 3526 (sendmail), uid 0: exited on signal 11 pid 3530 (sendmail), uid 0: exited on signal 11 pid 3529 (sendmail), uid 0: exited on signal 11 pid 3531 (sendmail), uid 0: exited on signal 11 pid 3532 (sendmail), uid 0: exited on signal 11 pid 3543 (sendmail), uid 0: exited on signal 11 ... Because as soon as a remote server (or a client attempting to submit mail) connects then the sendmail process crashes. Please revert r463590 until this can be addressed.
Thanks, finally I am able to reproduce the problem. It does happen only in combination with an old openssl, and if you have not configurured your down dhparams file. A fix will be committed soon.
A commit references this bug: Author: dinoex Date: Thu Mar 8 13:49:32 UTC 2018 New revision: 463887 URL: https://svnweb.freebsd.org/changeset/ports/463887 Log: - fix "exited on signal 11" when dhparams file is missing. PR: 226431 Changes: head/mail/sendmail/Makefile head/mail/sendmail/files/patch-tls.c
if you don't want to wait for the update or can not downgrade: Create custom dh primes: openssl dhparam 2048 > /etc/mail/certs/dhparam add the file to <hostname>.mc: define(`confDH_PARAMETERS', `MAIL_SETTINGS_DIR`'certs/dhparam')dnl cd /etc/mail && make && make install restart sendmail.