Should I have "protocol = pop3" in my config file?
When I do, I get this from the stunnel log:
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN)
2005.07.06 12:46:54 LOG7[18045:0]: Waiting 300 second(s) for 3 file
descriptor(s)
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=4, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN)
2005.07.06 12:46:54 LOG7[18045:2]: <- .g..
2005.07.06 12:46:54 LOG3[18045:2]: Client does not want TLS
2005.07.06 12:46:54 LOG5[18045:2]: Protocol negotiation failed
2005.07.06 12:46:54 LOG3[18045:2]: Protocol negotiations failed
2005.07.06 12:46:54 LOG7[18045:2]: pop3s finished (0 left)
2005.07.06 12:46:54 LOG7[18045:2]: Context 2 closed
2005.07.06 12:46:54 LOG7[18045:0]: Waiting -1 second(s) for 2 file
descriptor(s)
Doug P
Douglas Phillipson wrote:
> I'm not sure it it applies but if I do:
>
> openssl s_client -connect 172.20.12.59:995
>
> I get the following error:
>
> CONNECTED(00000003)
> 17964:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
>
>
> Doug P
>
>
> Douglas Phillipson wrote:
>
>> I have a Solaris 2.6 box and am trying to get pop3 over SSL running.
I use:
>>
>> qpopper 4.0.5
>> openssl-0.9.7g
>> stunnel 4.10 compiled with gcc 2.95.3
>>
>> When I compiled stunnel it made a private ket and certificate in
/usr/local/etc/stunnel/stunnel.pem.
>>
>> Do I need anything else?
>>
>> I have the following configuration:
>>
>> Inetd.conf:
>>
>> pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S -t
/poplog
>>
>> stunnel.conf:
>>
>> cert = /usr/local/etc/stunnel/stunnel.pem
>> key = /usr/local/etc/stunnel/stunnel.pem
>> debug = 7
>> output = /stunnel.log
>> pid = /stunnel.pid
>> client = yes
>>
>> [pop3s]
>> accept = 995
>> connect = 110
>>
>> I run stunnel and get the following output:
>>
>> 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on
sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
>> 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
>> 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
>> 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient
entropy for the PRNG
>> 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
>> 2005.07.06 11:34:18 LOG7[17873:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
>> 2005.07.06 11:34:18 LOG7[17873:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
>> 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed
with 'ulimit -n')
>> 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit
for file descriptors
>> 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
>> 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
>> 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
>> 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
>> 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept
socket
>> 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
>> 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
>> 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file
descriptor(s)
>>
>>
>> I connect via pop3 in thunderbird with ssl and qpopper always says:
>> (null) at localhost (127.0.0.1): -ERR Unknown command: "".
>> (nulI/O error flushing output to client at localhost [127.0.0.1]:
Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
>>
>> Stunnel says:
>>
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
>> 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from
172.20.10.7:45464
>> 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
>> 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
>> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
>> 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
>> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local
socket
>> 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from
172.20.10.7:45464
>> 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
>> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
>> 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
>> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote
socket
>> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect):
before/connect initialization
>> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write
client hello A
>> 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file
descriptor(s)
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
>>
>> The mail never gets delivered to either Thunderbird or outlook express.
>> I get a certificate approval request from Thunderbird to which I
grant, then nothing. If I disable ssl in thunderbird the mail gets
accepted normally.
>>
>> What might I be doing wrong???
>>
>> Thanks
>>
>> Doug P