The new Stunnel Version 4.12 doesn't work well with POPs mail retrieval on my system. Reverting back to 4.11 fixes it perfectly. With 4.12, various emails wouldn't come through, got random timeouts, LONG email retrieval times mainly. Sometimes an email would be impossible to retrieve from the spool file. Running Stunnel with default parameters. Standalone I believe POPs runs off xinetd. % uname -a FreeBSD pipercomputerservices.net 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Wed Aug 28 19:41:18 GMT 2002 root@osbuilder:/usr/src/sys/compile/SERVER i386 % gcc -v Using builtin specs. gcc version 2.95.3 20010315 (release) [FreeBSD] % openssl version OpenSSL 0.9.6e 30 Jul 2002 % stunnel -version stunnel 4.11 on i386-unknown-freebsd4.4 PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6e 30 Jul 2002 Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds
"G J Piper" <stunnel@macpicks.com> wrote:
The new Stunnel Version 4.12 doesn't work well with POPs mail retrieval on my system. Reverting back to 4.11 fixes it perfectly. With 4.12, various emails wouldn't come through, got random timeouts, LONG email retrieval times mainly. Sometimes an email would be impossible to retrieve from the spool file. [cut] OpenSSL 0.9.6e 30 Jul 2002
Could you try to upgrade your OpenSSL library to version 0.9.8? I decided *not* to wait for SSL socket to be ready for reading when OpenSSL signals SSL_want_write and *not* to wait for SSL socket to be ready for writing when OpenSSL signals SSL_want_read. That fixed the problem of another user and I guess it could result in your problem. Could you describe an algorithm for me to reproduce your problem so I could test it? Best regards, Mike
I'm afraid I'm a total newbie when it comes to this. Also, the server I'm running it on is an Interland VPS Root server, so if I change any of the installed libraries, they won't upgrade anything related in the future because I will have broken the hard- and sym-links to the various pieces of the server. Here is an exerpt from my "messages" log that may be of help: ########################## 8419: Oct 3 12:58:06 pipercomputerservices stunnel: LOG5[35903:134610944]: Connection closed: 34452 bytes sent to SSL, 61 bytes sent to socket 8420: Oct 3 12:58:06 pipercomputerservices qpopper[35904]: gregarios at pipercomputerservices.net (66.223.127.146): -ERR SIGHUP or SIGPIPE flagged 8421: Oct 3 12:58:06 pipercomputerservices qpopper[35904]: gregarios at pipercomputerservices.net (66.223.127.146): -ERR POP hangup 8422: Oct 3 12:58:06 pipercomputerservices qpopper[35904]: Stats: gregarios 0 0 35 649483 pipercomputerservices.net 66.223.127.146 8423: Oct 3 12:58:19 pipercomputerservices stunnel: LOG5[35990:134610944]: stunnel 4.12 on i386-unknown-freebsd4.4 PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6e 30 Jul 2002 8424: Oct 3 12:58:19 pipercomputerservices stunnel: LOG5[35990:134610944]: stunnel connected from 209.210.207.212:35931 8432: Oct 3 12:59:06 pipercomputerservices stunnel: LOG5[35990:134610944]: Connection closed: 34452 bytes sent to SSL, 61 bytes sent to socket ########################## Is it possible to upgrade the library just for stunnel? Is the library just a single file that can be replaced, then put back if neccessary? I'd hate to break my SSL capability -- I have many customer domains hosted on the server. ~ Greg Michal Trojnara wrote:
"G J Piper" <stunnel@macpicks.com> wrote:
The new Stunnel Version 4.12 doesn't work well with POPs mail retrieval on my system. Reverting back to 4.11 fixes it perfectly. With 4.12, various emails wouldn't come through, got random timeouts, LONG email retrieval times mainly. Sometimes an email would be impossible to retrieve from the spool file.
[cut]
OpenSSL 0.9.6e 30 Jul 2002
Could you try to upgrade your OpenSSL library to version 0.9.8?
I decided *not* to wait for SSL socket to be ready for reading when OpenSSL signals SSL_want_write and *not* to wait for SSL socket to be ready for writing when OpenSSL signals SSL_want_read. That fixed the problem of another user and I guess it could result in your problem.
Could you describe an algorithm for me to reproduce your problem so I could test it?
Best regards, Mike
participants (2)
-
G J Piper -
Michal Trojnara