I think I've done something stupid but I can't work out what.
I'm running stunnel4 version 4.29 on an Ubuntu server box, using it to
tunnel smtp connections to my ISP's mail server. Everything works
perfectly until I reboot the server, when it stops working.
In syslog, I get:
Apr 24 15:56:11 friedbread stunnel: LOG5[1101:3074997104]: ssmtp
accepted connection from 127.0.0.1:50681
Apr 24 15:56:11 friedbread stunnel: LOG3[1101:3074997104]: Error
resolving 'smtp.blueyonder.co.uk': Temporary failure in name resolution
(EAI_AGAIN)
Apr 24 15:56:11 friedbread stunnel: LOG3[1101:3074997104]: No host resolved
Apr 24 15:56:11 friedbread stunnel: LOG5[1101:3074997104]: Connection
reset: 0 bytes sent to SSL, 0 bytes sent to socket
every time I attempt to send mail. I can ping smtp.blueyonder.co.uk no
problem. The problem persists until I restart stunnel4, after which it
works perfectly for weeks on end.
Looking at syslog for boot time, it looks like stunnel tries to resolve
smtp.blueyonder.co.uk as soon as it starts, but dhcp hasn't finished at
this time so it fails. It seems to cache something from the failure and
not try again? Even though the error is "Temporary".
All advice gratefully received.
Phil Wieland
Liverpool, UK.
###@friedbread:~$ stunnel4 -version
stunnel 4.29 on i486-pc-linux-gnu with OpenSSL 0.9.8k 25 Mar 2009
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /var/run/stunnel4.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /etc/stunnel/stunnel.pem
session = 300 seconds
stack = 65536 bytes
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
###@friedbread:~$ cat /etc/stunnel/stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2009
; Some options used here may not be adequate for your particular
configuration
; Please make sure you understand them (especially the effect of the
chroot jail)
; Certificate/key is needed in server mode and optional in client mode
cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /stunnel4.pid
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log
; Use it for client mode
client = yes
; Service-level configuration
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
[ssmtp]
accept = 55899
connect = smtp.blueyonder.co.uk:465
;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0
; vim:ft=dosini
###@friedbread:~$