I have a Solaris 2.6 box and am trying to get pop3 over SSL running. I use:
qpopper 4.0.5 openssl-0.9.7g stunnel 4.10 compiled with gcc 2.95.3
When I compiled stunnel it made a private ket and certificate in /usr/local/etc/stunnel/stunnel.pem.
Do I need anything else?
I have the following configuration:
Inetd.conf:
pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S -t /poplog
stunnel.conf:
cert = /usr/local/etc/stunnel/stunnel.pem key = /usr/local/etc/stunnel/stunnel.pem debug = 7 output = /stunnel.log pid = /stunnel.pid client = yes
[pop3s] accept = 995 connect = 110
I run stunnel and get the following output:
2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy for the PRNG 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: /usr/local/etc/stunnel/stunnel.pem 2005.07.06 11:34:18 LOG7[17873:1]: Key file: /usr/local/etc/stunnel/stunnel.pem 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with 'ulimit -n') 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for file descriptors 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file descriptor(s)
I connect via pop3 in thunderbird with ssl and qpopper always says: (null) at localhost (127.0.0.1): -ERR Unknown command: "". (nulI/O error flushing output to client at localhost [127.0.0.1]: Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
Stunnel says:
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN) 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 172.20.10.7:45464 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect initialization 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write client hello A 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file descriptor(s) 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->() 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->() 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
The mail never gets delivered to either Thunderbird or outlook express. I get a certificate approval request from Thunderbird to which I grant, then nothing. If I disable ssl in thunderbird the mail gets accepted normally.
What might I be doing wrong???
Thanks
Doug P