I'm trying to tunnel imap but I'm not getting past this:
2007.10.08 05:56:28 LOG5[5355:47656983060560]: stunnel 4.18 on x86_64-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006 2007.10.08 05:56:28 LOG5[5355:47656983060560]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2007.10.08 05:56:28 LOG6[5355:47656983060560]: file ulimit = 1024 (can be changed with 'ulimit -n') 2007.10.08 05:56:28 LOG6[5355:47656983060560]: poll() used - no FD_SETSIZE limit for file descriptors 2007.10.08 05:56:28 LOG5[5355:47656983060560]: 500 clients allowed 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 4 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 5 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 6 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: SO_REUSEADDR option set on accept socket 2007.10.08 05:56:28 LOG3[5355:47656983060560]: Error binding imaps to 0.0.0.0:993 2007.10.08 05:56:28 LOG3[5355:47656983060560]: bind: Address already in use (98)
I can't find where to begin. I set SO_REUSEADDR and it didn't do anything different. How do I test this stuff sanely?
Please post your config,
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of Tom Allison Sent: 10 October 2007 04:11 AM To: stunnel-users@mirt.net Subject: [stunnel-users] almost working
I'm trying to tunnel imap but I'm not getting past this:
2007.10.08 05:56:28 LOG5[5355:47656983060560]: stunnel 4.18 on x86_64-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006 2007.10.08 05:56:28 LOG5[5355:47656983060560]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2007.10.08 05:56:28 LOG6[5355:47656983060560]: file ulimit = 1024 (can be changed with 'ulimit -n') 2007.10.08 05:56:28 LOG6[5355:47656983060560]: poll() used - no FD_SETSIZE limit for file descriptors 2007.10.08 05:56:28 LOG5[5355:47656983060560]: 500 clients allowed 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 4 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 5 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 6 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: SO_REUSEADDR option set on accept socket 2007.10.08 05:56:28 LOG3[5355:47656983060560]: Error binding imaps to 0.0.0.0:993 2007.10.08 05:56:28 LOG3[5355:47656983060560]: bind: Address already in use (98)
I can't find where to begin. I set SO_REUSEADDR and it didn't do anything different. How do I test this stuff sanely? _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
It sounds like there is already a process listening on port 993. Netstat -l would show you what process that is. I haven't worked with imap so I don't know the details, but one basic approach would be to run the imap process on a open non-standard port and have stunnel listen on on 993 and forward to that port. The requester also needs to know use stunnel to connect to imap.
Another approach might be as follows:
client stunnel.conf
[imaps] accept = 127.0.0.2:993 connect = server:20993 client = yes
Server stunnel.conf
[imap-in] accept = 20993 connect = 993 client = no
The 20993 could be any open port. With this setup, you use 127.0.0.2 rather than the Server IP address to get to imap.
Carter
Craig Retief wrote:
Please post your config,
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users-bounces@mirt.net] On Behalf Of Tom Allison Sent: 10 October 2007 04:11 AM To: stunnel-users@mirt.net Subject: [stunnel-users] almost working
I'm trying to tunnel imap but I'm not getting past this:
2007.10.08 05:56:28 LOG5[5355:47656983060560]: stunnel 4.18 on x86_64-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006 2007.10.08 05:56:28 LOG5[5355:47656983060560]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2007.10.08 05:56:28 LOG6[5355:47656983060560]: file ulimit = 1024 (can be changed with 'ulimit -n') 2007.10.08 05:56:28 LOG6[5355:47656983060560]: poll() used - no FD_SETSIZE limit for file descriptors 2007.10.08 05:56:28 LOG5[5355:47656983060560]: 500 clients allowed 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 4 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 5 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 6 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: SO_REUSEADDR option set on accept socket 2007.10.08 05:56:28 LOG3[5355:47656983060560]: Error binding imaps to 0.0.0.0:993 2007.10.08 05:56:28 LOG3[5355:47656983060560]: bind: Address already in use (98)
I can't find where to begin. I set SO_REUSEADDR and it didn't do anything different. How do I test this stuff sanely? _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
netstat -ltp shows inetd is listening to port 993.
Here's my config.
cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem
sslVersion = SSLv3
chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid service=inetd
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
debug = 7 output = /var/log/stunnel4/stunnel.log
[imaps] accept = 993 connect = 143 cert = /etc/ssl/certs/alpha.just-email.com.pem key = /etc/ssl/certs/alpha.just-email.com.pem session = 14400 TIMEOUTidle = 14400
On Oct 12, 2007, at 7:27 AM, Craig Retief wrote:
Please post your config,
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users- bounces@mirt.net] On Behalf Of Tom Allison Sent: 10 October 2007 04:11 AM To: stunnel-users@mirt.net Subject: [stunnel-users] almost working
I'm trying to tunnel imap but I'm not getting past this:
2007.10.08 05:56:28 LOG5[5355:47656983060560]: stunnel 4.18 on x86_64-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006 2007.10.08 05:56:28 LOG5[5355:47656983060560]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2007.10.08 05:56:28 LOG6[5355:47656983060560]: file ulimit = 1024 (can be changed with 'ulimit -n') 2007.10.08 05:56:28 LOG6[5355:47656983060560]: poll() used - no FD_SETSIZE limit for file descriptors 2007.10.08 05:56:28 LOG5[5355:47656983060560]: 500 clients allowed 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 4 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 5 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 6 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: SO_REUSEADDR option set on accept socket 2007.10.08 05:56:28 LOG3[5355:47656983060560]: Error binding imaps to 0.0.0.0:993 2007.10.08 05:56:28 LOG3[5355:47656983060560]: bind: Address already in use (98)
I can't find where to begin. I set SO_REUSEADDR and it didn't do anything different. How do I test this stuff sanely? _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
netstat -ltp shows inetd is listening to port 993.
If inetd is listening on port 993 then stunnel will not be able to bind to that port since inetd has already bind to it.
If you will only be connecting to the inetd via stunnel then I recommend that you change your listening port for inetd to something else than 993 on the inetd config itself and restart inetd. Then you change your stunnel conf to reflect this.
[imaps] accept = 993
connect = 127.0.0.1:<the_new_inetd_port>
cert = /etc/ssl/certs/alpha.just-email.com.pem key = /etc/ssl/certs/alpha.just-email.com.pem session = 14400 TIMEOUTidle = 14400
Where <the_new_inetd_port> = the new port you specified in the inetd config file.
Hope this helps
Let me know if you get stuck.
Craig
Here's my config.
cert = /etc/stunnel/stunnel.pem key = /etc/stunnel/stunnel.pem
sslVersion = SSLv3
chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid service=inetd
socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
debug = 7 output = /var/log/stunnel4/stunnel.log
[imaps] accept = 993 connect = 143 cert = /etc/ssl/certs/alpha.just-email.com.pem key = /etc/ssl/certs/alpha.just-email.com.pem session = 14400 TIMEOUTidle = 14400
On Oct 12, 2007, at 7:27 AM, Craig Retief wrote:
Please post your config,
-----Original Message----- From: stunnel-users-bounces@mirt.net [mailto:stunnel-users- bounces@mirt.net] On Behalf Of Tom Allison Sent: 10 October 2007 04:11 AM To: stunnel-users@mirt.net Subject: [stunnel-users] almost working
I'm trying to tunnel imap but I'm not getting past this:
2007.10.08 05:56:28 LOG5[5355:47656983060560]: stunnel 4.18 on x86_64-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006 2007.10.08 05:56:28 LOG5[5355:47656983060560]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2007.10.08 05:56:28 LOG6[5355:47656983060560]: file ulimit = 1024 (can be changed with 'ulimit -n') 2007.10.08 05:56:28 LOG6[5355:47656983060560]: poll() used - no FD_SETSIZE limit for file descriptors 2007.10.08 05:56:28 LOG5[5355:47656983060560]: 500 clients allowed 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 4 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 5 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: FD 6 in non-blocking mode 2007.10.08 05:56:28 LOG7[5355:47656983060560]: SO_REUSEADDR option set on accept socket 2007.10.08 05:56:28 LOG3[5355:47656983060560]: Error binding imaps to 0.0.0.0:993 2007.10.08 05:56:28 LOG3[5355:47656983060560]: bind: Address already in use (98)
I can't find where to begin. I set SO_REUSEADDR and it didn't do anything different. How do I test this stuff sanely? _______________________________________________ stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
stunnel-users mailing list stunnel-users@mirt.net http://stunnel.mirt.net/mailman/listinfo/stunnel-users
Craig Retief wrote:
netstat -ltp shows inetd is listening to port 993.
If inetd is listening on port 993 then stunnel will not be able to bind to that port since inetd has already bind to it.
If you will only be connecting to the inetd via stunnel then I recommend that you change your listening port for inetd to something else than 993 on the inetd config itself and restart inetd. Then you change your stunnel conf to reflect this.
As I understood it, I was using inetd to start the stunnel session to connection from 993 to 143.
143 works. I've already tested that completely.
As a maybe related issue. If I start stunnel from the /etc/init.d script from debian -- it fails calling for a pid= to be defined. As you can see from my conf file, pid= is already defined.
Please send me the output of netstat -tunap.
Thanks
-----Original Message----- From: Tom Allison [mailto:tom@tacocat.net] Sent: 15 October 2007 03:15 AM To: Craig Retief Cc: stunnel-users@mirt.net Subject: Re: [stunnel-users] almost working
Craig Retief wrote:
netstat -ltp shows inetd is listening to port 993.
If inetd is listening on port 993 then stunnel will not be able to
bind to
that port since inetd has already bind to it.
If you will only be connecting to the inetd via stunnel then I
recommend
that you change your listening port for inetd to something else than
993 on
the inetd config itself and restart inetd. Then you change your
stunnel conf
to reflect this.
As I understood it, I was using inetd to start the stunnel session to connection from 993 to 143.
143 works. I've already tested that completely.
As a maybe related issue. If I start stunnel from the /etc/init.d script from debian -- it fails calling for a pid= to be defined. As you can see from my conf file, pid= is already defined.
Nigh 2007-10-13 20:30 -0400, Tom Allison spoke:
netstat -ltp shows inetd is listening to port 993.
$ grep imaps /etc/inetd.conf
If you already have inetd listening on that port, perhaps you already have a functioning IMAPS server, and don't need stunnel at all. What do you get when you
$ openssl s_client -connect localhost:993
If it looks like imap with lots of SSL handshake first, then you've already got IMAPS. Pat yourself on the back and call it a day .
Else, you can remove the entry from /etc/inetd.conf and HUP inetd, and then your stunnel should be able to bind port 993.
It is also possible you don't have the imap server listening on port 143 (cleartext) at all. Again, 'grep imap /etc/inetd.conf' to see what it has. You can use exec in stunnel if you don't already have imap listening on 143.
On Oct 9, 2007, at 10:10 PM, Tom Allison wrote:
I'm trying to tunnel imap but I'm not getting past this:
OK, this has been nothing but a bust. searching the internet I'm the only person on the planet to have this problem in the last 3 years.
the error keeps saying that port 993 is already in use. but there is not one shred of evidence to show that this port is being occupied by anything other than the intended application: stunnel via inetd.
So are there any alternatives besides the Windows-ish approaches of A) give up B) format and reinstall
bleah!
-
Brian Hatch -
Carter Browne -
Craig Retief -
Tom Allison