[stunnel-users] pop3 stunnel nmh to gmail
Leandro Avila
leandro.avila at ymail.com
Mon Sep 27 16:32:25 CEST 2010
Mr. Brenner,
Looks like your configuration is a little backwards.
The stunnel configuration should be something like this:
[pop3s]
accept = 127.0.0.1:110
connect = pop.gmail.com:995
[smtps]
accept = 127.0.0.1:25
connect = smtp.gmail.com:465
Notice the ports and where you are connecting. Stunnel runs in local host and
takes care of connecting you to the
remote machine using SSL.
Same logic applies for your mail client. Your SMTP an POP connections should be
to the stunnel process running
in localhost.
Hope this helps.
-----------------
Leandro Avila
----- Original Message ----
From: Joseph Brenner <doomvox at gmail.com>
To: stunnel-users at mirt.net
Sent: Fri, September 24, 2010 2:53:24 PM
Subject: [stunnel-users] pop3 stunnel nmh to gmail
I'm an nmh user running ubuntu jaunty, and I want to get my local
email working over SSL connections to a gmail account (POP3/SMTP).
So I'm trying to get some form of mh to talk over SSL using stunnel4.
I'm looking for suggestions on what I might be doing wrong, and
hints on how to go about isolating the problems.
I've succeeded in using slypheed to get mail from gmail, so I know the
gmail account is working and is set-up for pop3 and so on. When I
run mh's inc command, though, it just reports:
"inc: no servers available"
I can see that I've got stunnel running by doing a:
ps ax | egrep stun | egrep -v egrep
5937 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5938 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5939 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5940 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5941 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5942 ? SNs 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
Google has some instructions up about servers and port numbers
(but no examples specific to stunnel):
http://mail.google.com/support/bin/answer.py?hl=en&answer=13287
Here's a summary of the kind of configurations I've been trying:
/etc/default/stunnel4:
ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
PPP_RESTART=0
/etc/stunnel/stunnel.conf:
sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
debug = 7
output = /var/log/stunnel4/stunnel.log
client = yes
[pop3s]
accept = 127.0.0.1:995
connect = pop.gmail.com:110
[smtps]
accept = 127.0.0.1:465
connect = smtp.gmail.com:25
/etc/nmh/mts.conf:
mts: smtp
hostable: /etc/nmh/hosts
localname: smtp.gmail.com
# localname: gmail.com
masquerade:
mmdfldir: /var/mail
mmdflfil:
# pophost: localhost
# pophost: pop.gmail.com:995
pophost: pop.gmail.com:110
# pophost: pop.gmail.com
# servers: localhost
servers: smtp.gmail.com
/var/log/stunnel4/stunnel.log
2010.09.21 11:11:41 LOG7[6528:140533218399984]: Snagged 64 random
bytes from /dev/urandom
2010.09.21 11:11:41 LOG7[6528:140533218399984]: RAND_status claims
sufficient entropy for the PRNG
2010.09.21 11:11:41 LOG7[6528:140533218399984]: PRNG seeded successfully
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service pop3s
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service imaps
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service smtps
2010.09.21 11:11:41 LOG5[6528:140533218399984]: stunnel 4.22 on
x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2010.09.21 11:11:41 LOG5[6528:140533218399984]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2010.09.21 11:11:41 LOG6[6528:140533218399984]: file ulimit = 1024
(can be changed with 'ulimit -n')
2010.09.21 11:11:41 LOG6[6528:140533218399984]: poll() used - no
FD_SETSIZE limit for file descriptors
2010.09.21 11:11:41 LOG5[6528:140533218399984]: 500 clients allowed
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 10 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 11 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 12 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: pop3s bound to 127.0.0.1:1109
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 13 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: imaps bound to 0.0.0.0:993
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 14 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: smtps bound to 127.0.0.1:259
2010.09.21 11:11:41 LOG7[6534:140533218399984]: Created pid file /stunnel4.pid
/var/log/mail.log
Sep 21 13:40:32 fineline gnu-pop3d[15484]: Incoming connection opened
Sep 21 13:40:32 fineline gnu-pop3d[15484]: connect from 127.0.0.1
Sep 21 13:40:32 fineline gnu-pop3d[15484]: User `doomvox at gmail.com': nonexistent
Sep 21 13:40:32 fineline gnu-pop3d[15484]: Session ended for no user
I'm using the "stunnel4" package for ubuntu jaunty:
/usr/bin/stunnel4 -version
stunnel 4.22 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Global options
debug = 5
pid = /var/run/stunnel4.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes
Service-level options
cert = /etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /etc/stunnel/stunnel.pem
session = 300 seconds
stack = 65536 bytes
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none
uname -a
Linux fineline 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008
x86_64 GNU/Linux
gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
4.3.3-5ubuntu4'
--with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr
--enable-shared --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --enable-nls
--with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3
--enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc
--enable-mpfr --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)
openssl version
OpenSSL 0.9.8g 19 Oct 2007
_______________________________________________
stunnel-users mailing list
stunnel-users at mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users
More information about the stunnel-users
mailing list