Greetings.
I'm running the stock stunnel 4.21 on Ubuntu 8.04 (version and configs listed below) as a stand-alone daemon to pass connections between ssl-enabled SMTP, POP3, and IMAP clients and their respective servers, which run on the same machine as stunnel. In previous instances of Stunnel (v4.15) I've managed to successfully get the daemon to switch to a non-root user and use only a single process. I now find, however, that I get 6 processes and 5 continue to run as root with only one (albeit the one listening on the specified sockets) switching down to the specified user. Does anyone have any idea why I both can't set uid/gid and why I've now got so many processes?
# ps aux | grep stunnel
root     22702 0.0 0.1   3604   428 pts/1    S    11:24   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22703 0.0 0.1   3604   428 pts/1    S    11:24   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22704 0.0 0.1   3604   428 pts/1    S    11:24   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22705 0.0 0.1   3604   428 pts/1    S    11:24   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
root     22706 0.0 0.1   3604   428 pts/1    S    11:24   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
stunnel4 22707 0.0 0.2   3720   932 ?        Ss   11:24   0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

# lsof -i | grep stunnel
stunnel4 22707   stunnel4   11u IPv4 55934       TCP emily:pop3s (LISTEN)
stunnel4 22707   stunnel4   12u IPv4 55935       TCP emily:imaps (LISTEN)
stunnel4 22707   stunnel4   13u IPv4 55936       TCP emily:ssmtp (LISTEN)

I'm invoking stunnel simply as /usr/sbin/stunnel4 /etc/stunnel4/stunnel.conf:

cert = /etc/stunnel/stunnel.pem
sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
[pop3s]
accept = 64.5.53.172:995
connect = 64.5.53.172:110
[imaps]
accept = 64.5.53.172:993
connect = 64.5.53.172:143
[ssmtp]
accept = 64.5.53.172:465
connect = 64.5.53.172:25

Version Info:
stunnel 4.21 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug           = 5
pid             = /var/run/stunnel4.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none