1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • sendmail snapshot 8.18.0.2

    From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to All on Tue Dec 19 12:56:22 2023
    sendmail snapshot 8.18.0.2 is available for testing. It offers the
    new srv_features option 'o' to require CR LF . CR LF as end of an
    SMTP message and fixes parsing of UTF8 addresses when
    SMTPUTF8 BODY=3D7BIT are used as parameters for the MAIL command.

    SHA256 (sendmail.8.18.0.2.tar.gz) =3D b8f64c67f94dc6ff0f65498636f8f90b794e58ded15a05650a98115167b60773
    SHA256 (sendmail.8.18.0.2.tar.gz.sig) =3D 95c3f2845f0d099d6e2d4662f73a0e1afe83f028b69e3c62a9fdf12bbdaccdec

    Available at:
    https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz https://ftp.sendmail.org/snapshots/sendmail.8.18.0.2.tar.gz.sig

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Alex H on Wed Dec 20 11:16:32 2023
    Alex H wrote:
    FYI - not sure you want to add a check against OpenSSL 3.2.0 and disable DANE, or let us to remove DANE for the time being until this is fixed.

    Just use OpenSSL 3.0.x instead for DANE support until OpenSSL fixes
    their stuff (1 committer + 3 reviewers - and still such common error).

    DH_new is deprecated: Since OpenSSL 3.0

    -DNO_DH

    2917 | while ((l = MTA_SSL_ERR_get((const char **) &file, &line,

    Try
    -DHAVE_ERR_get_error_all
    ?

    3010 | ENGINE_load_builtin_engines();

    -DUSE_OPENSSL_ENGINE=0
    or
    -DOPENSSL_NO_ENGINE

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Alex H on Wed Dec 20 12:36:00 2023
    Alex H wrote:
    ... or maybe add this to the Known bugs and/or to the Release notes

    8.18.1/8.18.1 202X/XX/XX
    OpenSSL version 3.0.x is supported. Note: OpenSSL 3 loads by
    ...

    Neither OpenSSL 3.1 nor 3.2 are mentioned as supported (yet),
    which means they may or may not work...

    is no mention about this version limitation on sendmail supporting

    Nobody reads the documentation... but a compilation error
    is hard to ignore :-)


    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From HQuest@21:1/5 to All on Thu Dec 21 13:44:11 2023
    Well, I'm the exception then since I usually read it (had my hand slapped by you once), and while I see where you are coming from official vs unofficial support, the Release notes are slightly confusing:

    8.18.1/8.18.1 202X/XX/XX
    Full DANE support is available if OpenSSL versions 1.1.1 or 3.x
    are used
    OpenSSL version 3.0.x is supported.

    If DANE support is provided via OpenSSL 3.x (!= 3.0.x), I would think 3.2 would too be supported - even though the line below says version 3.0.x is supported and with the fact previous versions up to 8.18.0.Alpha3 did compile against OpenSSL 3.2 with no
    errors (just the usual DH deprecation warnings). I suppose this error via the DANE bug you reported was added just in time for this snapshot. Anyhow, thanks to the magic of containers, I managed to get OpenSSL v3.3.0-dev deployed, compiled 8.18.0.2
    against it, and during the first 24h, things look absolutely fine so far. However, I'm just a small fish so surely large-scale tests are necessary. Appreciate all you do, and happy holiday season.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Alex H on Thu Dec 21 09:11:31 2023
    Alex H wrote:
    Plus, a few deprecations here and there.

    Which configuration options do you use for OpenSSL 3.2?
    I'm trying to reproduce this locally.

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From HQuest@21:1/5 to All on Thu Dec 21 14:32:18 2023
    OpenSSL 3.2 settings are the default ones from Slackware -current. Pat builds it as of below. I reused it with the git clone of yesterday's 3.3.0-dev tree.

    /config
    --prefix=/usr
    --openssldir=/etc/ssl
    zlib
    enable-camellia
    enable-seed
    enable-rfc3779
    enable-cms
    enable-md2
    enable-rc5
    enable-ssl3
    enable-ssl3-method
    no-weak-ssl-ciphers
    no-mdc2
    no-ec2m
    no-sm2
    no-sm4
    no-sse2
    shared

    On the sendmail side, my site.config.m4 looks like

    APPENDDEF(`confMAPDEF', `-DNEWDB')
    APPENDDEF(`confLIBS', `-lnsl -lssl -lcrypto -lsasl2 -lwrap -lm -ldb -lresolv -licuuc -licui18n -licudata')
    APPENDDEF(`conf_libmilter_ENVDEF', `-DMILTER') APPENDDEF(`conf_sendmail_ENVDEF', `-DMILTER')
    APPENDDEF(`confENVDEF', `-DNETINET6 -DIPV6_FULL -DNEWDB -DSTARTTLS -DDANE -DSASL=2 -DTCPWRAPPERS -DNIS -DMAP_REGEX -DSOC
    KETMAP -DTLS_EC -DUSE_EAI -DDNSSEC_TEST -D_FFR_TLS_ALTNAMES -D_FFR_MTA_STS')dnl

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)