[stunnel-users] Stunnel for pop3 on solaris 2.6
Douglas Phillipson
dougp at intermind.net
Wed Jul 6 20:43:49 CEST 2005
I have a Solaris 2.6 box and am trying to get pop3 over SSL running. I
use:
qpopper 4.0.5
openssl-0.9.7g
stunnel 4.10 compiled with gcc 2.95.3
When I compiled stunnel it made a private ket and certificate in
/usr/local/etc/stunnel/stunnel.pem.
Do I need anything else?
I have the following configuration:
Inetd.conf:
pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S -t /poplog
stunnel.conf:
cert = /usr/local/etc/stunnel/stunnel.pem
key = /usr/local/etc/stunnel/stunnel.pem
debug = 7
output = /stunnel.log
pid = /stunnel.pid
client = yes
[pop3s]
accept = 995
connect = 110
I run stunnel and get the following output:
2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6
UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy
for the PRNG
2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
2005.07.06 11:34:18 LOG7[17873:1]: Certificate:
/usr/local/etc/stunnel/stunnel.pem
2005.07.06 11:34:18 LOG7[17873:1]: Key file:
/usr/local/etc/stunnel/stunnel.pem
2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with
'ulimit -n')
2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for
file descriptors
2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket
2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file
descriptor(s)
I connect via pop3 in thunderbird with ssl and qpopper always says:
(null) at localhost (127.0.0.1): -ERR Unknown command: "".
(nulI/O error flushing output to client at localhost [127.0.0.1]:
Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
Stunnel says:
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from
172.20.10.7:45464
2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket
2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464
2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket
2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect
initialization
2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write
client hello A
2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file
descriptor(s)
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
The mail never gets delivered to either Thunderbird or outlook express.
I get a certificate approval request from Thunderbird to which I grant,
then nothing. If I disable ssl in thunderbird the mail gets accepted
normally.
What might I be doing wrong???
Thanks
Doug P
More information about the stunnel-users
mailing list