Sendmail can enter an endless loop because of wrong interpretation of SSL errors. When it happens, the processing of mail is effectively stopped and the CPU overloaded. The log files fill up very quickly with message like the below example. This causes the /var filesystem to fill up, causing even more harm. Here is an example of the log messages: Nov 8 22:06:19 news last message repeated 629 times Nov 8 22:06:19 news sm-mta[17817]: STARTTLS: read error=generic SSL error (0) Nov 8 22:06:19 news last message repeated 575 times Nov 8 22:06:19 news sm-mta[8455]: STARTTLS: read error=generic SSL error (0) Nov 8 22:06:19 news last message repeated 613 times Nov 8 22:06:19 news sm-mta[17817]: STARTTLS: read error=generic SSL error (0) Nov 8 22:06:20 news last message repeated 621 times Nov 8 22:06:19 news sm-mta[8455]: STARTTLS: read error=generic SSL error (0) Nov 8 22:06:20 news last message repeated 643 times Nov 8 22:06:20 news sm-mta[17817]: STARTTLS: read error=generic SSL error (0) After some googling I found out that on BSD sendmail is currently compiled with the define _FFR_DEAL_WITH_ERROR_SSL in order to prevent this loop. See for instance these URL's: http://archives.neohapsis.com/archives/openbsd/cvs/2003-12/1013.html http://www.mailarchive.ca/lists/comp.mail.sendmail//2003-02/0293.html I encountered this error while running with mail-mta/sendmail-8.12.10. In the mean time I did an 'emerge -uD world', which caused an upgrade to mail-mta/sendmail-8.12.11-r3. I checked the ebuild and the build source tree for mail-mta/sendmail-8.12.11-r3, and it seems to me that the _FFR_DEAL_WITH_ERROR_SSL define is still not activated by the ebuild. Please consider the use of this define, as it can prevent a very serious outage. Thanks for your time, Toon van der Pas. Reproducible: Sometimes Steps to Reproduce: 1. 2. 3. Portage 2.0.51-r3 (default-linux/x86/2004.0, gcc-3.3.4, glibc-2.3.4.20040808-r1, 2.6.5-gentoo-r1 i686) ================================================================= System uname: 2.6.5-gentoo-r1 i686 Pentium II (Klamath) Gentoo Base System version 1.4.16 Autoconf: sys-devel/autoconf-2.59-r5 Automake: sys-devel/automake-1.8.5-r1 Binutils: sys-devel/binutils-2.14.90.0.8-r1 Headers: sys-kernel/linux26-headers-2.6.8.1 Libtools: sys-devel/libtool-1.5.2-r5 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=i586 -O2 -pipe -fomit-frame-pointer" CHOST="i586-pc-linux-gnu" COMPILER="" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/bind /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=i586 -O2 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache distlocks sandbox sfperms" GENTOO_MIRRORS="ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo http://gentoo.oregonstate.edu http://www.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X509 apache2 apm berkdb bitmap-fonts cgi crypt cscope curl doc encode f77 fam fastcgi foomaticdb fortran gdbm gif gpm gtk2 imlib innodb ipv6 ithreads java javascript jdepend jpeg ldap libg++ libwww lids mad mbox mikmod milter mmx motif mpeg mysql ncurses nls nptl oav odbc oggvorbis pam parse-clocks pcap perl plotutils png ppds python quicktime radius readline regexp sasl slang snmp socks5 spell ssl tcpd threads transparent-proxy truetype x86 xml2 xmms xv zlib"
A new sendmail-8.13.1-r1 ebuild is masked in portage now and it uses _FFR_DEAL_WITH_ERROR_SSL when compiled with ssl USE flag. Testing is appreciated :)
*** Bug 80101 has been marked as a duplicate of this bug. ***
This is fixed now.
