I'm an nmh user running ubuntu jaunty, and I want to get my local email working over SSL connections to a gmail account (POP3/SMTP). So I'm trying to get some form of mh to talk over SSL using stunnel4. I'm looking for suggestions on what I might be doing wrong, and hints on how to go about isolating the problems.
I've succeeded in using slypheed to get mail from gmail, so I know the gmail account is working and is set-up for pop3 and so on. When I run mh's inc command, though, it just reports: "inc: no servers available"
I can see that I've got stunnel running by doing a: ps ax | egrep stun | egrep -v egrep
5937 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5938 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5939 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5940 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5941 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf 5942 ? SNs 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
Google has some instructions up about servers and port numbers (but no examples specific to stunnel): http://mail.google.com/support/bin/answer.py?hl=en&answer=13287
Here's a summary of the kind of configurations I've been trying:
/etc/default/stunnel4:
ENABLED=1 FILES="/etc/stunnel/*.conf" OPTIONS="" PPP_RESTART=0
/etc/stunnel/stunnel.conf:
sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
debug = 7 output = /var/log/stunnel4/stunnel.log
client = yes
[pop3s] accept = 127.0.0.1:995 connect = pop.gmail.com:110
[smtps] accept = 127.0.0.1:465 connect = smtp.gmail.com:25
/etc/nmh/mts.conf:
mts: smtp hostable: /etc/nmh/hosts
localname: smtp.gmail.com # localname: gmail.com
masquerade:
mmdfldir: /var/mail
mmdflfil:
# pophost: localhost # pophost: pop.gmail.com:995 pophost: pop.gmail.com:110 # pophost: pop.gmail.com
# servers: localhost servers: smtp.gmail.com
/var/log/stunnel4/stunnel.log
2010.09.21 11:11:41 LOG7[6528:140533218399984]: Snagged 64 random bytes from /dev/urandom 2010.09.21 11:11:41 LOG7[6528:140533218399984]: RAND_status claims sufficient entropy for the PRNG 2010.09.21 11:11:41 LOG7[6528:140533218399984]: PRNG seeded successfully 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context initialized for service pop3s 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context initialized for service imaps 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context initialized for service smtps 2010.09.21 11:11:41 LOG5[6528:140533218399984]: stunnel 4.22 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2010.09.21 11:11:41 LOG5[6528:140533218399984]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2010.09.21 11:11:41 LOG6[6528:140533218399984]: file ulimit = 1024 (can be changed with 'ulimit -n') 2010.09.21 11:11:41 LOG6[6528:140533218399984]: poll() used - no FD_SETSIZE limit for file descriptors 2010.09.21 11:11:41 LOG5[6528:140533218399984]: 500 clients allowed 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 10 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 11 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 12 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option set on accept socket 2010.09.21 11:11:41 LOG7[6528:140533218399984]: pop3s bound to 127.0.0.1:1109 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 13 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option set on accept socket 2010.09.21 11:11:41 LOG7[6528:140533218399984]: imaps bound to 0.0.0.0:993 2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 14 in non-blocking mode 2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option set on accept socket 2010.09.21 11:11:41 LOG7[6528:140533218399984]: smtps bound to 127.0.0.1:259 2010.09.21 11:11:41 LOG7[6534:140533218399984]: Created pid file /stunnel4.pid
/var/log/mail.log
Sep 21 13:40:32 fineline gnu-pop3d[15484]: Incoming connection opened Sep 21 13:40:32 fineline gnu-pop3d[15484]: connect from 127.0.0.1 Sep 21 13:40:32 fineline gnu-pop3d[15484]: User `doomvox@gmail.com': nonexistent Sep 21 13:40:32 fineline gnu-pop3d[15484]: Session ended for no user
I'm using the "stunnel4" package for ubuntu jaunty:
/usr/bin/stunnel4 -version stunnel 4.22 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options debug = 5 pid = /var/run/stunnel4.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes
Service-level options cert = /etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /etc/stunnel/stunnel.pem session = 300 seconds stack = 65536 bytes sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none
uname -a Linux fineline 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64 GNU/Linux
gcc -v Using built-in specs. Target: x86_64-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.3.3-5ubuntu4' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu Thread model: posix gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)
openssl version OpenSSL 0.9.8g 19 Oct 2007