[stunnel-users] Stunnel exits with timeout

SP scp.stjohn at gmail.com
Wed Aug 17 22:37:12 CEST 2016 

Summary of problem (configuration and log details below):
I am attempting to configure Stunnel to run a pop3s service on our
server so that users can retrieve email securely.
Stunnel is started as a systemctl service.  If I include both the
following in the stunnel.conf:

accept  = mail.myserver.net:995 
connect = localhost:110

then systemctl will exit immediately with:
Service [pop3s]: Each service must define two endpoints
stunnel.service: Control process exited, code=exited status=1 
Failed to start SSL tunnel for network daemons.

If I comment the connect to 110 then it will start and hang then
eventually timeout:
stunnel.service: Failed with result 'timeout'.

Below is my stunnel.conf and log excerpt from the start with the
connect to 110 commented out.

I would greatly appreciate any advice.

---stunnel.conf

setuid = nobody 
setgid = nobody 
 pid = /usr/local/var/lib/stunnel/var/run/stunnel.pid 

foreground = yes 
;debug = info 
debug = 7 
sslVersion = TLSv1.2 
output = /usr/local/var/lib/stunnel/var/log/stunnel.log 
;ciphers = HIGH:MEDIUM:+DH:!SSLv2:!aNULL:+SHA256:+SHA1:+MD5 
ciphers = HIGH:+3DES:+DH:!aNULL:!SSLv2 

transparent = yes 
delay = no 
fips = no 
compression = deflate 
client = no 

[pop3s] 
accept  = mail.myserver.net:995 
;connect = localhost:110 
cert = /etc/stunnel/stunnel.pem 
key = /etc/stunnel/stunnel.pem 
exec = /usr/local/sbin/gnu-pop3d 
execargs = --debug=000 --mdn --timeout=60 --ipv6 

----log excerpt -----
2016.08.17 15:08:55 LOG7[ui]: Clients allowed=500 
2016.08.17 15:08:55 LOG5[ui]: stunnel 5.35 on x86_64-unknown-linux-gnu
platform 
2016.08.17 15:08:55 LOG5[ui]: Compiled/running with OpenSSL 1.0.2h  3
May 2016 
2016.08.17 15:08:55 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6
TLS:ENGINE,FIPS,OCSP,PSK,SNI 
2016.08.17 15:08:55 LOG7[ui]: errno: (*__errno_location ()) 
2016.08.17 15:08:55 LOG5[ui]: Reading configuration from file
/etc/stunnel/stunnel.conf 
2016.08.17 15:08:55 LOG5[ui]: UTF-8 byte order mark not detected 
2016.08.17 15:08:55 LOG7[cron]: Cron thread initialized 
2016.08.17 15:08:55 LOG5[ui]: FIPS mode disabled 
2016.08.17 15:08:55 LOG6[ui]: Compression enabled: 1 method(s) 
2016.08.17 15:08:55 LOG7[ui]: Snagged 64 random bytes from
/dev/urandom 
2016.08.17 15:08:55 LOG7[ui]: PRNG seeded successfully 
2016.08.17 15:08:55 LOG6[ui]: Initializing service [pop3s] 
2016.08.17 15:08:55 LOG6[ui]: Loading certificate from file:
/etc/stunnel/stunnel.pem 
2016.08.17 15:08:55 LOG6[ui]: Certificate loaded from file:
/etc/stunnel/stunnel.pem 
2016.08.17 15:08:55 LOG6[ui]: Loading private key from file:
/etc/stunnel/stunnel.pem 
2016.08.17 15:08:55 LOG6[ui]: Private key loaded from file:
/etc/stunnel/stunnel.pem 
2016.08.17 15:08:55 LOG7[ui]: Private key check succeeded 
2016.08.17 15:08:55 LOG7[ui]: DH initialization 
2016.08.17 15:08:55 LOG7[ui]: Could not load DH parameters from
/etc/stunnel/stunnel.pem 
2016.08.17 15:08:55 LOG6[ui]: Using dynamic DH parameters 
2016.08.17 15:08:55 LOG7[ui]: ECDH initialization 
2016.08.17 15:08:55 LOG7[ui]: ECDH initialized with curve prime256v1 
2016.08.17 15:08:55 LOG7[ui]: SSL options: 0x03004004 (+0x03004000,
-0x00000000) 
2016.08.17 15:08:55 LOG5[ui]: Configuration successful 
2016.08.17 15:08:55 LOG7[ui]: Listening file descriptor created (FD=7) 
2016.08.17 15:08:55 LOG7[ui]: Option SO_REUSEADDR set on accept socket 
2016.08.17 15:08:55 LOG7[ui]: Service [pop3s] (FD=7) bound to
60.62.114.105:995 
2016.08.17 15:08:55 LOG6[cron]: Executing cron jobs 
2016.08.17 15:08:55 LOG7[ui]: Created pid file
/usr/local/var/lib/stunnel/var/run/stunnel.pid 
2016.08.17 15:08:55 LOG5[cron]: Updating DH parameters 
2016.08.17 15:10:01 LOG5[cron]: DH parameters updated 
2016.08.17 15:10:01 LOG6[cron]: Cron jobs completed in 66 seconds 
2016.08.17 15:10:01 LOG7[cron]: Waiting 86334 seconds 
2016.08.17 15:10:25 LOG7[ui]: Found 1 ready file descriptor(s) 
2016.08.17 15:10:25 LOG7[ui]: FD=4 events=0x2001 revents=0x1 
2016.08.17 15:10:25 LOG7[ui]: FD=7 events=0x2001 revents=0x0 
2016.08.17 15:10:25 LOG7[ui]: Dispatching signals from the signal pipe 
2016.08.17 15:10:25 LOG7[ui]: Processing SIGNAL_TERMINATE 
2016.08.17 15:10:25 LOG5[ui]: Terminated 
2016.08.17 15:10:25 LOG7[ui]: Closing service [pop3s] 
2016.08.17 15:10:25 LOG7[ui]: Service [pop3s] closed (FD=7) 
2016.08.17 15:10:25 LOG7[ui]: Service [pop3s] closed 
2016.08.17 15:10:25 LOG7[ui]: removing pid file
/usr/local/var/lib/stunnel/var/run/stunnel.pid

More information about the stunnel-users mailing list