I think I've done something stupid but I can't work out what.
I'm running stunnel4 version 4.29 on an Ubuntu server box, using it to tunnel smtp connections to my ISP's mail server. Everything works perfectly until I reboot the server, when it stops working.
In syslog, I get: Apr 24 15:56:11 friedbread stunnel: LOG5[1101:3074997104]: ssmtp accepted connection from 127.0.0.1:50681 Apr 24 15:56:11 friedbread stunnel: LOG3[1101:3074997104]: Error resolving 'smtp.blueyonder.co.uk': Temporary failure in name resolution (EAI_AGAIN) Apr 24 15:56:11 friedbread stunnel: LOG3[1101:3074997104]: No host resolved Apr 24 15:56:11 friedbread stunnel: LOG5[1101:3074997104]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
every time I attempt to send mail. I can ping smtp.blueyonder.co.uk no problem. The problem persists until I restart stunnel4, after which it works perfectly for weeks on end.
Looking at syslog for boot time, it looks like stunnel tries to resolve smtp.blueyonder.co.uk as soon as it starts, but dhcp hasn't finished at this time so it fails. It seems to cache something from the failure and not try again? Even though the error is "Temporary".
All advice gratefully received.
Phil Wieland Liverpool, UK.
###@friedbread:~$ stunnel4 -version stunnel 4.29 on i486-pc-linux-gnu with OpenSSL 0.9.8k 25 Mar 2009 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds stack = 65536 bytes sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none ###@friedbread:~$ cat /etc/stunnel/stunnel.conf ; Sample stunnel configuration file by Michal Trojnara 2002-2009 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of the chroot jail)
; Certificate/key is needed in server mode and optional in client mode cert = /etc/ssl/certs/stunnel.pem ;key = /etc/ssl/certs/stunnel.pem
; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3
; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 ; PID is created inside the chroot jail pid = /stunnel4.pid
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = zlib
; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS
; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /etc/stunnel/crls.pem
; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = /var/log/stunnel4/stunnel.log
; Use it for client mode client = yes
; Service-level configuration
;[pop3s] ;accept = 995 ;connect = 110
;[imaps] ;accept = 993 ;connect = 143
[ssmtp] accept = 55899 connect = smtp.blueyonder.co.uk:465
;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0
; vim:ft=dosini ###@friedbread:~$