[stunnel-users] pop3 stunnel nmh to gmail

Leandro Avila leandro.avila at ymail.com
Mon Sep 27 16:32:25 CEST 2010 

Mr. Brenner,

Looks like your configuration is a little backwards.
The stunnel configuration should be something like this:

   [pop3s]
   accept = 127.0.0.1:110
   connect = pop.gmail.com:995

   [smtps]
   accept = 127.0.0.1:25
   connect = smtp.gmail.com:465

Notice the ports and where you are connecting. Stunnel runs in local host and 
takes care of connecting you to the
remote machine using SSL. 

Same logic applies for your mail client. Your SMTP an POP connections should be 
to the stunnel process running
in localhost.

Hope this helps.

 -----------------
Leandro Avila



----- Original Message ----
From: Joseph Brenner <doomvox at gmail.com>
To: stunnel-users at mirt.net
Sent: Fri, September 24, 2010 2:53:24 PM
Subject: [stunnel-users] pop3 stunnel nmh to gmail

I'm an nmh user running ubuntu jaunty, and I want to get my local
email working over SSL connections to a gmail account (POP3/SMTP).
So I'm trying to get some form of mh to talk over SSL using stunnel4.
I'm looking for suggestions on what I might be doing wrong, and
hints on how to go about isolating the problems.

I've succeeded in using slypheed to get mail from gmail, so I know the
gmail account is working and is set-up for pop3 and so on.  When I
run mh's inc command, though, it just reports:
  "inc: no servers available"

I can see that I've got stunnel running by doing a:
  ps ax | egrep stun | egrep -v egrep

    5937 ?        SN     0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
    5938 ?        SN     0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
    5939 ?        SN     0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
    5940 ?        SN     0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
    5941 ?        SN     0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
    5942 ?        SNs    0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

Google has some instructions up about servers and port numbers
(but no examples specific to stunnel):
  http://mail.google.com/support/bin/answer.py?hl=en&answer=13287

Here's a summary of the kind of configurations I've been trying:

/etc/default/stunnel4:

  ENABLED=1
  FILES="/etc/stunnel/*.conf"
  OPTIONS=""
  PPP_RESTART=0

/etc/stunnel/stunnel.conf:

   sslVersion = SSLv3
   chroot = /var/lib/stunnel4/
   setuid = stunnel4
   setgid = stunnel4
   pid = /stunnel4.pid
   socket = l:TCP_NODELAY=1
   socket = r:TCP_NODELAY=1

   debug = 7
   output = /var/log/stunnel4/stunnel.log

   client = yes

   [pop3s]
   accept = 127.0.0.1:995
   connect = pop.gmail.com:110

   [smtps]
   accept = 127.0.0.1:465
   connect = smtp.gmail.com:25


/etc/nmh/mts.conf:

   mts: smtp
   hostable: /etc/nmh/hosts

   localname: smtp.gmail.com
   # localname: gmail.com

   masquerade:

   mmdfldir: /var/mail

   mmdflfil:

   # pophost: localhost
   # pophost: pop.gmail.com:995
   pophost: pop.gmail.com:110
   # pophost: pop.gmail.com

   # servers: localhost
   servers: smtp.gmail.com



/var/log/stunnel4/stunnel.log

2010.09.21 11:11:41 LOG7[6528:140533218399984]: Snagged 64 random
bytes from /dev/urandom
2010.09.21 11:11:41 LOG7[6528:140533218399984]: RAND_status claims
sufficient entropy for the PRNG
2010.09.21 11:11:41 LOG7[6528:140533218399984]: PRNG seeded successfully
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service pop3s
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service imaps
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service smtps
2010.09.21 11:11:41 LOG5[6528:140533218399984]: stunnel 4.22 on
x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2010.09.21 11:11:41 LOG5[6528:140533218399984]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2010.09.21 11:11:41 LOG6[6528:140533218399984]: file ulimit = 1024
(can be changed with 'ulimit -n')
2010.09.21 11:11:41 LOG6[6528:140533218399984]: poll() used - no
FD_SETSIZE limit for file descriptors
2010.09.21 11:11:41 LOG5[6528:140533218399984]: 500 clients allowed
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 10 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 11 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 12 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: pop3s bound to 127.0.0.1:1109
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 13 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: imaps bound to 0.0.0.0:993
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 14 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: smtps bound to 127.0.0.1:259
2010.09.21 11:11:41 LOG7[6534:140533218399984]: Created pid file /stunnel4.pid

/var/log/mail.log

Sep 21 13:40:32 fineline gnu-pop3d[15484]: Incoming connection opened
Sep 21 13:40:32 fineline gnu-pop3d[15484]: connect from 127.0.0.1
Sep 21 13:40:32 fineline gnu-pop3d[15484]: User `doomvox at gmail.com': nonexistent
Sep 21 13:40:32 fineline gnu-pop3d[15484]: Session ended for no user


I'm using the "stunnel4" package for ubuntu jaunty:

/usr/bin/stunnel4 -version
stunnel 4.22 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug           = 5
pid             = /var/run/stunnel4.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
stack           = 65536 bytes
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none


uname -a
Linux fineline 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008
x86_64 GNU/Linux

gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
4.3.3-5ubuntu4'
--with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr
--enable-shared --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --enable-nls
--with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3
--enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc
--enable-mpfr --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)


openssl version
OpenSSL 0.9.8g 19 Oct 2007
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

More information about the stunnel-users mailing list