Having issues with stunnel not working with this settings that
have work with previous kernels?
[guamsmtp]
client=yes
accept = 127.0.0.1:20466
connect = smtp1.guam.net:465
connect = smtp1.guam.net:465
debug = 7
verifyChain = yes
CApath = /etc/ssl/certs
checkHost = mail.guam.net
OCSPaia = yes
But now changing to
[guamsmtp]
client=yes
accept = 127.0.0.1:20466
connect = smtp1.guam.net:465
connect = smtp1.guam.net:465
debug = 7
Seems to work.
systemctl status stunnel.
stunnel.service - TLS tunnel for network daemons
Loaded: loaded (/usr/lib/systemd/system/stunnel.service;
enabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Thu 2024-04-18 14:48:15 ChST;
5s ago
Process: 15349 ExecStart=/usr/bin/stunnel (code=exited,
status=0/SUCCESS)
Main PID: 15352 (stunnel)
Tasks: 3 (limit: 18938)
Memory: 3.6M
CPU: 1.618s
CGroup: /system.slice/stunnel.service
└─15352 /usr/bin/stunnel
Apr 18 14:48:14 setzconote.dyndns.org systemd[1]: Starting
stunnel.service - TLS tunnel for network daemons...
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]:
stunnel 5.72 on x86_64-redhat-linux-gnu platform
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]:
Compiled/running with OpenSSL 3.1.1 30 May 2023
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]:
Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD
TLS:ENGINE,>
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]:
Reading configuration from file /etc/stunnel/stunnel.co>
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]:
UTF-8 byte order mark not detected
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]:
FIPS mode disabled
Apr 18 14:48:15 setzconote.dyndns.org stunnel[15349]: LOG5[ui]:
Configuration successful
Apr 18 14:48:15 setzconote.dyndns.org systemd[1]: Started
stunnel.service - TLS tunnel for network daemons.
Using the longer one gives this after attempting to sent smtp.
stunnel.service - TLS tunnel for network daemons
Loaded: loaded (/usr/lib/systemd/system/stunnel.service;
enabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Thu 2024-04-18 14:57:22 ChST;
1min 15s ago
Process: 15616 ExecStart=/usr/bin/stunnel (code=exited,
status=0/SUCCESS)
Main PID: 15619 (stunnel)
Tasks: 3 (limit: 18938)
Memory: 4.0M
CPU: 1.639s
CGroup: /system.slice/stunnel.service
└─15619 /usr/bin/stunnel
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG4[3]:
CERT: Pre-verification error: unable to get local issuer>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG4[3]:
Rejected by CERT at depth=0: CN=*.guam.net
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]:
TLS alert (write): fatal: unknown CA
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]:
LOG3[3]: SSL_connect: ssl/statem/statem_clnt.c:1889:
error:0A0000>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG5[3]:
Connection closed/reset: 0 byte(s) sent to TLS, 0 byte(s>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]:
Deallocating application specific data for session conne>
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]:
Remote descriptor (FD=16) closed
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]:
local_rfd/local_wfd reset (FD=3)
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]:
Local descriptor (FD=3) closed
Apr 18 14:58:11 setzconote.dyndns.org stunnel[15619]: LOG7[3]:
Service [guamsmtp] finished (0 left)
lines 1-23/23 (END)
Was using the Fedora stunnel the is 5.71, but downloaded the
latest 5.72, but seem to get same results.
Had some issues with nvidia drives that work fine with 6.7.11
kernels, but fail with the 6.8.x drivers, so not sure if it is linked to
that?
+------------------------------------------------------------+
Michael D. Setzer II - Computer Science Instructor (Retired)
mailto:mikes@guam.net
mailto:msetzerii@gmail.com
mailto:msetzerii@gmx.com
Guam - Where America's Day Begins
G4L Disk Imaging Project maintainer
http://sourceforge.net/projects/g4l/
+------------------------------------------------------------+