[stunnel-users] Setting up TLS for SMTP

James Brown jlbrown at bordo.com.au
Sun Oct 1 16:32:18 CEST 2006


I am trying to set up stunnel so that it accepts SSL encrypted  
traffic from the internet on port 2525 and sends it to my mail server  
on port 25.

To create the certificate, I used:

sudo openssl req -new -outform PEM -out smtpd.cert \
    -newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM \
    -days 365 -x509

My stunnel.conf is:

; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular  
configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
;cert = stunnel.pem
cert = /smtpd.cert
;key = stunnel.pem
key = /smtpd.key

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

;[ssmtp]
;accept  = 465
;connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini

I am trying it in standalone mode.

Using Stunnel 4.04.

OpenSSL 0.9.7i 14 Oct 2005

Output of gcc -v is:

Using built-in specs.
Target: powerpc-apple-darwin8
Configured with: /private/var/tmp/gcc/gcc-5341.obj~1/src/configure -- 
disable-checking -enable-werror --prefix=/usr --mandir=/share/man -- 
enable-languages=c,objc,c++,obj-c++ --program-transform-name=/^[cg] 
[^.-]*$/s/$/-4.0/ --with-gxx-include-dir=/include/c++/4.0.0 --with- 
slibdir=/usr/lib --build=powerpc-apple-darwin8 --host=powerpc-apple- 
darwin8 --target=powerpc-apple-darwin8
Thread model: posix
gcc version 4.0.1 (Apple Computer, Inc. build 5341)

Whenever I try to start Stunnel, I get a message saying that there is  
no such file.

Eg:

$ stunnel -p /smtpd.cert -d 2525 -r 25
2006.10.01 00:36:46 LOG3[638:2684415368]: -p: No such file or  
directory (2)
Syntax:
stunnel [filename] | -help | -version | -sockets
     filename    - use specified config file instead of /sw/etc/ 
stunnel/stunnel.conf
     -help       - get config file help
     -version    - display version and defaults
     -sockets    - display default socket options

I am using Mac OS X 10.4.8, Stunnel was built using Fink.

Does anybody have any suggestions as to what I am doing wrong?

Thanks,

James.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20061002/91915ee4/attachment.html>


More information about the stunnel-users mailing list