Re: [stunnel-users] pop3 stunnel nmh to gmail

Mr. Brenner,

Looks like your configuration is a little backwards. The stunnel configuration should be something like this:

[pop3s] accept = 127.0.0.1:110 connect = pop.gmail.com:995

[smtps] accept = 127.0.0.1:25 connect = smtp.gmail.com:465

Notice the ports and where you are connecting. Stunnel runs in local host and takes care of connecting you to the remote machine using SSL.

Same logic applies for your mail client. Your SMTP an POP connections should be to the stunnel process running in localhost.

Hope this helps.

----------------- Leandro Avila

----- Original Message ---- From: Joseph Brenner doomvox@gmail.com To: stunnel-users@mirt.net Sent: Fri, September 24, 2010 2:53:24 PM Subject: [stunnel-users] pop3 stunnel nmh to gmail

I'm an nmh user running ubuntu jaunty, and I want to get my local email working over SSL connections to a gmail account (POP3/SMTP). So I'm trying to get some form of mh to talk over SSL using stunnel4. I'm looking for suggestions on what I might be doing wrong, and hints on how to go about isolating the problems.

I've succeeded in using slypheed to get mail from gmail, so I know the gmail account is working and is set-up for pop3 and so on. When I run mh's inc command, though, it just reports: "inc: no servers available"

I can see that I've got stunnel running by doing a: ps ax | egrep stun | egrep -v egrep

5937 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5938 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5939 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5940 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5941 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5942 ? SNs 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

Google has some instructions up about servers and port numbers (but no examples specific to stunnel): http://mail.google.com/support/bin/answer.py?hl=en&answer=13287

Here's a summary of the kind of configurations I've been trying:

/etc/default/stunnel4:

ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" PPP_RESTART=0

/etc/stunnel/stunnel.conf:

sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1

debug = 7 output = /var/log/stunnel4/stunnel.log

client = yes

[pop3s] accept = 127.0.0.1:995 connect = pop.gmail.com:110

[smtps] accept = 127.0.0.1:465 connect = smtp.gmail.com:25

/etc/nmh/mts.conf:

mts: smtp hostable: /etc/nmh/hosts

localname: smtp.gmail.com # localname: gmail.com

masquerade:

mmdfldir: /var/mail

mmdflfil:

# pophost: localhost # pophost: pop.gmail.com:995 pophost: pop.gmail.com:110 # pophost: pop.gmail.com

# servers: localhost servers: smtp.gmail.com

/var/log/stunnel4/stunnel.log

2010.09.21 11:11:41 LOG7[6528:140533218399984]: Snagged 64 random bytes from /dev/urandom 2010.09.21 11:11:41 LOG7[6528:140533218399984]: RAND_status claims sufficient entropy for the PRNG 2010.09.21 11:11:41 LOG7[6528:140533218399984]: PRNG seeded successfully 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context initialized for service pop3s 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context initialized for service imaps 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context initialized for service smtps 2010.09.21 11:11:41 LOG5[6528:140533218399984]: stunnel 4.22 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2010.09.21 11:11:41 LOG5[6528:140533218399984]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2010.09.21 11:11:41 LOG6[6528:140533218399984]: file ulimit = 1024 (can be changed with 'ulimit -n') 2010.09.21 11:11:41 LOG6[6528:140533218399984]: poll() used - no FD_SETSIZE limit for file descriptors 2010.09.21 11:11:41 LOG5[6528:140533218399984]: 500 clients allowed 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 10 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 11 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 12 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option set on accept socket 2010.09.21 11:11:41 LOG7[6528:140533218399984]: pop3s bound to 127.0.0.1:1109 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 13 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option set on accept socket 2010.09.21 11:11:41 LOG7[6528:140533218399984]: imaps bound to 0.0.0.0:993 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 14 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option set on accept socket 2010.09.21 11:11:41 LOG7[6528:140533218399984]: smtps bound to 127.0.0.1:259 2010.09.21 11:11:41 LOG7[6534:140533218399984]: Created pid file /stunnel4.pid

/var/log/mail.log

Sep 21 13:40:32 fineline gnu-pop3d[15484]: Incoming connection opened Sep 21 13:40:32 fineline gnu-pop3d[15484]: connect from 127.0.0.1 Sep 21 13:40:32 fineline gnu-pop3d[15484]: User `doomvox@gmail.com': nonexistent Sep 21 13:40:32 fineline gnu-pop3d[15484]: Session ended for no user

I'm using the "stunnel4" package for ubuntu jaunty:

/usr/bin/stunnel4 -version stunnel 4.22 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes

Service-level options cert = /etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds stack = 65536 bytes sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none

uname -a Linux fineline 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64 GNU/Linux

gcc -v Using built-in specs. Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.3.3-5ubuntu4' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)

openssl version OpenSSL 0.9.8g 19 Oct 2007 _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users