[stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)

• Previous message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Next message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Should I have "protocol = pop3" in my config file?

When I do, I get this from the stunnel log:

2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN)
2005.07.06 12:46:54 LOG7[18045:0]: Waiting 300 second(s) for 3 file 
descriptor(s)
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=4, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN)
2005.07.06 12:46:54 LOG7[18045:2]:  <- .g..
2005.07.06 12:46:54 LOG3[18045:2]: Client does not want TLS
2005.07.06 12:46:54 LOG5[18045:2]: Protocol negotiation failed
2005.07.06 12:46:54 LOG3[18045:2]: Protocol negotiations failed
2005.07.06 12:46:54 LOG7[18045:2]: pop3s finished (0 left)
2005.07.06 12:46:54 LOG7[18045:2]: Context 2 closed
2005.07.06 12:46:54 LOG7[18045:0]: Waiting -1 second(s) for 2 file 
descriptor(s)


Doug P

Douglas Phillipson wrote:

 > I'm not sure it it applies but if I do:
 >
 > openssl s_client -connect 172.20.12.59:995
 >
 > I get the following error:
 >
 > CONNECTED(00000003)
 > 17964:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
failure:s23_lib.c:226:
 >
 >
 > Doug P
 >
 >
 > Douglas Phillipson wrote:
 >
 >> I have a Solaris 2.6 box and am trying to get pop3 over SSL running. 
  I use:
 >>
 >> qpopper 4.0.5
 >> openssl-0.9.7g
 >> stunnel 4.10  compiled with gcc 2.95.3
 >>
 >> When I compiled stunnel it made a private ket and certificate in 
/usr/local/etc/stunnel/stunnel.pem.
 >>
 >> Do I need anything else?
 >>
 >> I have the following configuration:
 >>
 >> Inetd.conf:
 >>
 >> pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S  -t 
/poplog
 >>
 >> stunnel.conf:
 >>
 >> cert = /usr/local/etc/stunnel/stunnel.pem
 >> key = /usr/local/etc/stunnel/stunnel.pem
 >> debug = 7
 >> output = /stunnel.log
 >> pid = /stunnel.pid
 >> client = yes
 >>
 >> [pop3s]
 >> accept  = 995
 >> connect = 110
 >>
 >> I run stunnel and get the following output:
 >>
 >> 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on 
sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
 >> 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
 >> 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
 >> 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient 
entropy for the PRNG
 >> 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
 >> 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: 
/usr/local/etc/stunnel/stunnel.pem
 >> 2005.07.06 11:34:18 LOG7[17873:1]: Key file: 
/usr/local/etc/stunnel/stunnel.pem
 >> 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed 
with 'ulimit -n')
 >> 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit 
for file descriptors
 >> 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
 >> 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
 >> 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
 >> 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
 >> 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept 
socket
 >> 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
 >> 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
 >> 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file 
descriptor(s)
 >>
 >>
 >> I connect via pop3 in thunderbird with ssl and qpopper always says:
 >> (null) at localhost (127.0.0.1): -ERR Unknown command: "".
 >>  (nulI/O error flushing output to client  at localhost [127.0.0.1]: 
Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
 >>
 >> Stunnel says:
 >>
 >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
 >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
 >> 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 
172.20.10.7:45464
 >> 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
 >> 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
 >> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
 >> 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
 >> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local 
socket
 >> 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 
172.20.10.7:45464
 >> 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
 >> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
 >> 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
 >> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote 
socket
 >> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): 
before/connect initialization
 >> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write 
client hello A
 >> 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file 
descriptor(s)
 >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
 >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
 >> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
 >>
 >> The mail never gets delivered to either Thunderbird or outlook express.
 >> I get a certificate approval request from Thunderbird to which I 
grant, then nothing.  If I disable ssl in thunderbird the mail gets 
accepted normally.
 >>
 >> What might I be doing wrong???
 >>
 >> Thanks
 >>
 >> Doug P

• Previous message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Next message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]