The new Stunnel Version 4.12 doesn't work well with POPs mail retrieval on my system. Reverting back to 4.11 fixes it perfectly. With 4.12, various emails wouldn't come through, got random timeouts, LONG email retrieval times mainly. Sometimes an email would be impossible to retrieve from the spool file.
Running Stunnel with default parameters. Standalone I believe
POPs runs off xinetd.
% uname -a FreeBSD pipercomputerservices.net 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Wed Aug 28 19:41:18 GMT 2002 root@osbuilder:/usr/src/sys/compile/SERVER i386
% gcc -v Using builtin specs. gcc version 2.95.3 20010315 (release) [FreeBSD]
% openssl version OpenSSL 0.9.6e 30 Jul 2002
% stunnel -version stunnel 4.11 on i386-unknown-freebsd4.4 PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6e 30 Jul 2002
Global options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = ALL:!ADH:+RC4:@STRENGTH debug = 5 key = /usr/local/etc/stunnel/stunnel.pem pid = /usr/local/var/run/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes session = 300 seconds verify = none
Service-level options TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds
"G J Piper" stunnel@macpicks.com wrote:
The new Stunnel Version 4.12 doesn't work well with POPs mail retrieval on my system. Reverting back to 4.11 fixes it perfectly. With 4.12, various emails wouldn't come through, got random timeouts, LONG email retrieval times mainly. Sometimes an email would be impossible to retrieve from the spool file.
[cut]
OpenSSL 0.9.6e 30 Jul 2002
Could you try to upgrade your OpenSSL library to version 0.9.8?
I decided *not* to wait for SSL socket to be ready for reading when OpenSSL signals SSL_want_write and *not* to wait for SSL socket to be ready for writing when OpenSSL signals SSL_want_read. That fixed the problem of another user and I guess it could result in your problem.
Could you describe an algorithm for me to reproduce your problem so I could test it?
Best regards, Mike
I'm afraid I'm a total newbie when it comes to this. Also, the server I'm running it on is an Interland VPS Root server, so if I change any of the installed libraries, they won't upgrade anything related in the future because I will have broken the hard- and sym-links to the various pieces of the server. Here is an exerpt from my "messages" log that may be of help:
##########################
8419: Oct 3 12:58:06 pipercomputerservices stunnel: LOG5[35903:134610944]: Connection closed: 34452 bytes sent to SSL, 61 bytes sent to socket
8420: Oct 3 12:58:06 pipercomputerservices qpopper[35904]: gregarios at pipercomputerservices.net (66.223.127.146): -ERR SIGHUP or SIGPIPE flagged
8421: Oct 3 12:58:06 pipercomputerservices qpopper[35904]: gregarios at pipercomputerservices.net (66.223.127.146): -ERR POP hangup
8422: Oct 3 12:58:06 pipercomputerservices qpopper[35904]: Stats: gregarios 0 0 35 649483 pipercomputerservices.net 66.223.127.146
8423: Oct 3 12:58:19 pipercomputerservices stunnel: LOG5[35990:134610944]: stunnel 4.12 on i386-unknown-freebsd4.4 PTHREAD+POLL+IPv4+LIBWRAP with OpenSSL 0.9.6e 30 Jul 2002
8424: Oct 3 12:58:19 pipercomputerservices stunnel: LOG5[35990:134610944]: stunnel connected from 209.210.207.212:35931
8432: Oct 3 12:59:06 pipercomputerservices stunnel: LOG5[35990:134610944]: Connection closed: 34452 bytes sent to SSL, 61 bytes sent to socket
##########################
Is it possible to upgrade the library just for stunnel? Is the library just a single file that can be replaced, then put back if neccessary?
I'd hate to break my SSL capability -- I have many customer domains hosted on the server.
~ Greg
Michal Trojnara wrote:
"G J Piper" stunnel@macpicks.com wrote:
The new Stunnel Version 4.12 doesn't work well with POPs mail retrieval on my system. Reverting back to 4.11 fixes it perfectly. With 4.12, various emails wouldn't come through, got random timeouts, LONG email retrieval times mainly. Sometimes an email would be impossible to retrieve from the spool file.
[cut]
OpenSSL 0.9.6e 30 Jul 2002
Could you try to upgrade your OpenSSL library to version 0.9.8?
I decided *not* to wait for SSL socket to be ready for reading when OpenSSL signals SSL_want_write and *not* to wait for SSL socket to be ready for writing when OpenSSL signals SSL_want_read. That fixed the problem of another user and I guess it could result in your problem.
Could you describe an algorithm for me to reproduce your problem so I could test it?
Best regards, Mike
-
G J Piper -
Michal Trojnara