Summary of problem (configuration and log details below): I am attempting to configure Stunnel to run a pop3s service on our server so that users can retrieve email securely. Stunnel is started as a systemctl service. If I include both the following in the stunnel.conf:
accept = mail.myserver.net:995 connect = localhost:110
then systemctl will exit immediately with: Service [pop3s]: Each service must define two endpoints stunnel.service: Control process exited, code=exited status=1 Failed to start SSL tunnel for network daemons.
If I comment the connect to 110 then it will start and hang then eventually timeout: stunnel.service: Failed with result 'timeout'.
Below is my stunnel.conf and log excerpt from the start with the connect to 110 commented out.
I would greatly appreciate any advice.
---stunnel.conf
setuid = nobody setgid = nobody pid = /usr/local/var/lib/stunnel/var/run/stunnel.pid
foreground = yes ;debug = info debug = 7 sslVersion = TLSv1.2 output = /usr/local/var/lib/stunnel/var/log/stunnel.log ;ciphers = HIGH:MEDIUM:+DH:!SSLv2:!aNULL:+SHA256:+SHA1:+MD5 ciphers = HIGH:+3DES:+DH:!aNULL:!SSLv2
transparent = yes delay = no fips = no compression = deflate client = no
[pop3s] accept = mail.myserver.net:995 ;connect = localhost:110 cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem exec = /usr/local/sbin/gnu-pop3d execargs = --debug=000 --mdn --timeout=60 --ipv6
----log excerpt ----- 2016.08.17 15:08:55 LOG7[ui]: Clients allowed=500 2016.08.17 15:08:55 LOG5[ui]: stunnel 5.35 on x86_64-unknown-linux-gnu platform 2016.08.17 15:08:55 LOG5[ui]: Compiled/running with OpenSSL 1.0.2h 3 May 2016 2016.08.17 15:08:55 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI 2016.08.17 15:08:55 LOG7[ui]: errno: (*__errno_location ()) 2016.08.17 15:08:55 LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf 2016.08.17 15:08:55 LOG5[ui]: UTF-8 byte order mark not detected 2016.08.17 15:08:55 LOG7[cron]: Cron thread initialized 2016.08.17 15:08:55 LOG5[ui]: FIPS mode disabled 2016.08.17 15:08:55 LOG6[ui]: Compression enabled: 1 method(s) 2016.08.17 15:08:55 LOG7[ui]: Snagged 64 random bytes from /dev/urandom 2016.08.17 15:08:55 LOG7[ui]: PRNG seeded successfully 2016.08.17 15:08:55 LOG6[ui]: Initializing service [pop3s] 2016.08.17 15:08:55 LOG6[ui]: Loading certificate from file: /etc/stunnel/stunnel.pem 2016.08.17 15:08:55 LOG6[ui]: Certificate loaded from file: /etc/stunnel/stunnel.pem 2016.08.17 15:08:55 LOG6[ui]: Loading private key from file: /etc/stunnel/stunnel.pem 2016.08.17 15:08:55 LOG6[ui]: Private key loaded from file: /etc/stunnel/stunnel.pem 2016.08.17 15:08:55 LOG7[ui]: Private key check succeeded 2016.08.17 15:08:55 LOG7[ui]: DH initialization 2016.08.17 15:08:55 LOG7[ui]: Could not load DH parameters from /etc/stunnel/stunnel.pem 2016.08.17 15:08:55 LOG6[ui]: Using dynamic DH parameters 2016.08.17 15:08:55 LOG7[ui]: ECDH initialization 2016.08.17 15:08:55 LOG7[ui]: ECDH initialized with curve prime256v1 2016.08.17 15:08:55 LOG7[ui]: SSL options: 0x03004004 (+0x03004000, -0x00000000) 2016.08.17 15:08:55 LOG5[ui]: Configuration successful 2016.08.17 15:08:55 LOG7[ui]: Listening file descriptor created (FD=7) 2016.08.17 15:08:55 LOG7[ui]: Option SO_REUSEADDR set on accept socket 2016.08.17 15:08:55 LOG7[ui]: Service [pop3s] (FD=7) bound to 60.62.114.105:995 2016.08.17 15:08:55 LOG6[cron]: Executing cron jobs 2016.08.17 15:08:55 LOG7[ui]: Created pid file /usr/local/var/lib/stunnel/var/run/stunnel.pid 2016.08.17 15:08:55 LOG5[cron]: Updating DH parameters 2016.08.17 15:10:01 LOG5[cron]: DH parameters updated 2016.08.17 15:10:01 LOG6[cron]: Cron jobs completed in 66 seconds 2016.08.17 15:10:01 LOG7[cron]: Waiting 86334 seconds 2016.08.17 15:10:25 LOG7[ui]: Found 1 ready file descriptor(s) 2016.08.17 15:10:25 LOG7[ui]: FD=4 events=0x2001 revents=0x1 2016.08.17 15:10:25 LOG7[ui]: FD=7 events=0x2001 revents=0x0 2016.08.17 15:10:25 LOG7[ui]: Dispatching signals from the signal pipe 2016.08.17 15:10:25 LOG7[ui]: Processing SIGNAL_TERMINATE 2016.08.17 15:10:25 LOG5[ui]: Terminated 2016.08.17 15:10:25 LOG7[ui]: Closing service [pop3s] 2016.08.17 15:10:25 LOG7[ui]: Service [pop3s] closed (FD=7) 2016.08.17 15:10:25 LOG7[ui]: Service [pop3s] closed 2016.08.17 15:10:25 LOG7[ui]: removing pid file /usr/local/var/lib/stunnel/var/run/stunnel.pid