[stunnel-users] Trying to get stunnel to work for forwarding pop3sto ipop3 port

Gonzalo Diethelm gonzalo.diethelm at diethelm.org
Thu Jun 21 18:53:21 CEST 2007


I did a simple search on Google for "stunnel Wrong permissions on" and
followed the very first link:


        http://ipucu.enderunix.org/view.php?id=973&lang=en
        
        "Wrong permissions on /usr/local/etc/stunnel/stunnel.pem" -
        Ýsmail Yenigül - (2006-03-07 19:12:40)   [1934] 
        
        if you get this error message issue the following command to fix
        the permission. 
        
        # chmod 600 /usr/local/etc/stunnel/stunnel.pem


HTH. Regards.

On Thu, 2007-06-21 at 12:23 -0400, Van wrote:

> Getting closer. I now get-
> 
> [van at mailserver ]$ sudo stunnel /usr/local/etc/stunnel/stunnel.conf  
> localhost:ipop3
> 
> 2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/ 
> local/etc/stunnel/mail.pem
> 2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/ 
> local/etc/stunnel/mail.pem
> 2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/ 
> local/etc/stunnel/mail.pem
> 
> But that doesn't make sense to me. mail.pem permissions are the same  
> as my cert's and it works fine.
> 
> [van at mailserver change_passwd]$ ls -al /usr/local/etc/stunnel/mail.pem
> -rw-r--r--  1 root root 2942 Jun 20 18:21 /usr/local/etc/stunnel/ 
> mail.pem
> 
> [van at mailserver change_passwd]$ ls -al /etc/httpd/certs/www.crt
> -rw-r--r--  1 root root 1074 Jun  1 12:30 /etc/httpd/certs/www.crt
> 
> Is the error misleading? Or what should the mail.pem perms be?
> 
> Van
> 
> 
> 
> On Jun 20, 2007, at 9:33 PM, Kevin Cook wrote:
> 
> >
> > If you are using a stunnel.conf file, I would replace the '-d pop3s  
> > -r'
> > with the absolute path to the .conf file:
> >
> > sudo /usr/local/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf
> >
> > I believe command line options were typically used more in older
> > versions, but now all configuration is done in the configuration file.
> >
> >
> > Kevin
> >
> > -----Original Message-----
> > From: Van [mailto:vanyel at medusa.bioc.aecom.yu.edu]
> > Sent: Wednesday, June 20, 2007 6:03 PM
> > To: stunnel-users at mirt.net
> > Subject: [stunnel-users] Trying to get stunnel to work for forwarding
> > pop3sto ipop3 port
> >
> > Hello,
> >
> > This is my introduction to stunnel. I've inherited control of a  
> > pop3 and
> > imap server running Red Hat Linux 4 that I want to access via pop3s  
> > and
> > imaps. I'm starting out with securing the pop3 since most users are
> > using it.
> >
> > I downloaded stunnel 4.20 and compiled it according to the  
> > instructions
> > on stunnel.org.
> >
> > I read the certificates section of the site and made a new .pem file
> > that I named mail.pem and have in the /usr/local/etc/stunnel/  
> > directory
> > that /usr/local/etc/stunnel/stunnel.conf asks for.  But when I try to
> > run stunnel like in the Examples section I get :
> >
> > [van at mailserver ~]$ sudo /usr/local/sbin/stunnel -d pop3s -r
> > localhost:ipop3
> > 2007.06.20 17:59:54 LOG3[25516:3086419648]: -d: No such file or
> > directory (2)
> > Syntax:
> > stunnel [<filename>] ] -fd <n> | -help | -version | -sockets
> >      <filename>  - use specified config file instead of /usr/local/
> > etc/stunnel/stunnel.conf
> >      -fd <n>     - read the config file from a file descriptor
> >      -help       - get config file help
> >      -version    - display version and defaults
> >      -sockets    - display default socket options
> >
> > I'm a little lost here. Never dealt with a .pem file before stunnel.
> > I have a self-signed cert I'm successfully using for https webmail on
> > the server and guessing stunnel couldn't see that, I appended my file
> > 'mailserver.crt' into  my mail.pem file and edited stunnel.conf so it
> > has
> >
> > ;CAfile = /usr/local/etc/stunnel/certs.pem CAfile =
> > /usr/local/etc/stunnel/mail.pem
> >
> > but no dice. Same result.
> >
> > Trying to debug, I find 'stunnel -V' also gives the same result.
> >
> > Can someone point out what's going wrong?
> >
> >
> > -Van
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users at mirt.net
> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >
> >
> 
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> 


-- 
Gonzalo Diethelm
gonzalo.diethelm at diethelm.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20070621/43c73535/attachment.html>


More information about the stunnel-users mailing list