[stunnel-users] Stunnel for pop3 on solaris 2.6

Douglas Phillipson dougp at intermind.net
Wed Jul 6 20:43:49 CEST 2005 

I have a Solaris 2.6 box and am trying to get pop3 over SSL running.  I 
use:

qpopper 4.0.5
openssl-0.9.7g
stunnel 4.10  compiled with gcc 2.95.3

When I compiled stunnel it made a private ket and certificate in 
/usr/local/etc/stunnel/stunnel.pem.

Do I need anything else?

I have the following configuration:

Inetd.conf:

pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S  -t /poplog

stunnel.conf:

cert = /usr/local/etc/stunnel/stunnel.pem
key = /usr/local/etc/stunnel/stunnel.pem
debug = 7
output = /stunnel.log
pid = /stunnel.pid
client = yes

[pop3s]
accept  = 995
connect = 110

I run stunnel and get the following output:

2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on sparc-sun-solaris2.6 
UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient entropy 
for the PRNG
2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
2005.07.06 11:34:18 LOG7[17873:1]: Certificate: 
/usr/local/etc/stunnel/stunnel.pem
2005.07.06 11:34:18 LOG7[17873:1]: Key file: 
/usr/local/etc/stunnel/stunnel.pem
2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed with 
'ulimit -n')
2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit for 
file descriptors
2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept socket
2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file 
descriptor(s)


I connect via pop3 in thunderbird with ssl and qpopper always says:
(null) at localhost (127.0.0.1): -ERR Unknown command: "".
  (nulI/O error flushing output to client  at localhost [127.0.0.1]: 
Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error

Stunnel says:

2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 
172.20.10.7:45464
2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket
2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464
2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote socket
2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect 
initialization
2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write 
client hello A
2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file 
descriptor(s)
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)

The mail never gets delivered to either Thunderbird or outlook express.
I get a certificate approval request from Thunderbird to which I grant, 
then nothing.  If I disable ssl in thunderbird the mail gets accepted 
normally.

What might I be doing wrong???

Thanks

Doug P

More information about the stunnel-users mailing list