HPE Community
Operating System - HP-UX
1830973 Members
2408 Online
110018 Solutions
New Discussion

Random Number generator for use with sendmail

 
David L Brewster
Frequent Advisor

‎04-13-2006 04:09 AM

‎04-13-2006 04:09 AM

Random Number generator for use with sendmail

I am working on using the random number generator with the new version of sendmail (version 8.13.3)

This version has TLS support and that's why I need it...

I am getting an error saying that the random number generator is not seeded.
I don't know what that means.

Here is the full log...
Apr 11 07:45:17 hpov sm-mta[9430]: k3BBjHxC009430: SYSERR(root): dbm map "access": unsafe map file /etc/mail/access
Apr 11 07:45:17 hpov sm-mta[9430]: ruleset=check_relay, arg1=pandora, arg2=199.231.8.17, relay=pandora [199.231.8.17], reject=451 4.3.0 Temporary system failure. Please try again later.
Apr 11 07:55:17 hpov /sbin/init.d/sendmail[9518]: #### Starting sendmail ####
Apr 11 07:55:18 hpov sendmail[9536]: alias database /etc/mail/aliases rebuilt by root
Apr 11 07:55:18 hpov /sbin/init.d/sendmail[9518]: /etc/mail/aliases: 7 aliases, longest 9 bytes, 88 bytes total
Apr 11 07:55:18 hpov sendmail[9536]: /etc/mail/aliases: 7 aliases, longest 9 bytes, 88 bytes total
Apr 11 07:55:18 hpov sm-mta[9539]: starting daemon (@(#)Sendmail version 8.13.3 - Revision 2.001 - 2005/02/12): SMTP+queueing@00:30:00
Apr 11 07:55:18 hpov sm-mta[9539]: STARTTLS=server: file /etc/mail/certs/key.pem unsafe: Group readable file
Apr 11 07:55:18 hpov sm-msp-queue[9541]: STARTTLS: RAND_egd(/dev/random) failed: random number generator not seeded
Apr 11 07:55:18 hpov sm-msp-queue[9542]: starting daemon (@(#)Sendmail version 8.13.3 - Revision 2.001 - 2005/02/12): queueing@00:30:00
0 Kudos
Reply
8 REPLIES 8
A. Clay Stephenson
Acclaimed Contributor

‎04-13-2006 04:16 AM

‎04-13-2006 04:16 AM

Re: Random Number generator for use with sendmail

Have you installed the Strong Random Number Generator? It's only available at HP-UX 11.11 and up.

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I

It's also possible that the product is installed but the startup script, /sbin/init.d/krng has not been run.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-13-2006 04:16 AM

‎04-13-2006 04:16 AM

Re: Random Number generator for use with sendmail

Hi David,

What OS are you running?
Is it 11.11 (11i)?
If so do you have the KRNG11i product installed?
A "pure" RNG was not included w/11i - you had to install KRNG11i to get it.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-13-2006 04:18 AM

‎04-13-2006 04:18 AM

Re: Random Number generator for use with sendmail

I must learn to type faster...Clay always beats me - but 2 seconds....durn it....is embarassing!
Cheers Clay %~))

NPP,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
TOM BROCCOLETTI
Occasional Advisor

‎04-13-2006 04:51 AM

‎04-13-2006 04:51 AM

Re: Random Number generator for use with sendmail

Restarted the rng script and got the same error.

the operating system is a 11.11 64 bit server.
0 Kudos
Reply
Jeff Schussele
Honored Contributor

‎04-13-2006 04:59 AM

‎04-13-2006 04:59 AM

Re: Random Number generator for use with sendmail

Hi (again) Tom,

Is this the "new" 8.13.3 that HP just released for the sendmail CERT?
If so, I would report this ASAP to HP because these "unofficial" CERT patches get nowhere near the QA that "normal" patches do.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-13-2006 05:03 AM

‎04-13-2006 05:03 AM

Re: Random Number generator for use with sendmail

Well, let's find out if the random device node is functional.

dd if=/dev/random bs=256 count=1 2>/dev/null | xd -Ad -txS


You should see 128 random hex values displayed.
If it ain't broke, I can fix that.
0 Kudos
Reply
TOM BROCCOLETTI
Occasional Advisor

‎04-13-2006 05:26 AM

‎04-13-2006 05:26 AM

Re: Random Number generator for use with sendmail

This is the new 8.13.3 version that has TLS support. I did report this to HP and they have notified the lab, however, I just wondered if anyone else has hit this problem do to some configuration type of problem.

The dd using /dev/random did produce 128 hex numbers.....
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎04-13-2006 05:37 AM

‎04-13-2006 05:37 AM

Re: Random Number generator for use with sendmail

I just looked at the source code and it looks as though the developer's are using the wrong #define's.
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.