[stunnel-users] SSL for POP3/IMAP server (DBMAIL).

RafaƂ Radecki radecki.rafal at gmail.com
Fri Mar 18 08:34:59 CET 2011


Hi All.
I am using stunnel version 4.15 on CentOS 5.5. I am trying to add SSL to
DBMAIL imap/pop3 server. I am running stunnel through xinetd:
*- /etc/xinetd.d/imaps:*
service imaps
{
        disable = no
        socket_type = stream
        user = root
        server = /usr/sbin/stunnel
        server_args = /etc/stunnel/imaps.conf
        wait = no
        protocol = tcp
        port = 993
}
*- /etc/xinetd.d/pop3s:*
service pop3s
{
        disable = no
        socket_type = stream
        user = root
        server = /usr/sbin/stunnel
        server_args = /etc/stunnel/pop3s.conf
        protocol = tcp
        port = 995
        wait = no
}
*- /etc/stunnel/imaps.conf:*
connect =       localhost:143
cert    =       /etc/pki/tls/certs/x.local.crt
key     =       /etc/pki/tls/private/x.local.key
debug   =       local1.7
protocol = imap
*- /etc/stunnel/pop3s.conf:*
connect =       localhost:110
cert    =       /etc/pki/tls/certs/x.local.crt
key     =       /etc/pki/tls/private/x.local.key
debug   =       local0.7
protocol        =       pop3

netstat -tlpn | awk -F: '$2 ~ /^993|995|110|143/ {print}':
tcp        0      0 0.0.0.0:993                 0.0.0.0:*
LISTEN      2319/xinetd
tcp        0      0 0.0.0.0:995                 0.0.0.0:*
LISTEN      2319/xinetd
tcp        0      0 127.0.0.1:110               0.0.0.0:*
LISTEN      2484/dbmail-pop3d
tcp        0      0 127.0.0.1:143               0.0.0.0:*
LISTEN      2453/dbmail-imapd

So whenever there is a connection to port 993/995 xinetd invokes stunnel
with proper config file.
When I *connect to port 993* I get in log file:

*Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel 4.15 on
i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel started
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 0 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 1 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 5 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Connection from
127.0.0.1:45634 permitted by libwrap
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel connected
from 127.0.0.1:45634
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel connecting
127.0.0.1:143
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait: waiting
10 seconds
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait:
connected
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Remote FD=4
initialized
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Negotiations for imap
(server side) started
Mar 18 08:29:43 cent5a stunnel: LOG3[3345:3086460624]: Protocol imap not
supported in server mode
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Connection reset: 0
bytes sent to SSL, 0 bytes sent to socket
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel finished (0
left)*

>From which version of stunnel does option protocol = imap work? What exactly
does it do?

When I *connect to port 995* I get in log file:

*Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel 4.15 on
i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel started
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 0 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 1 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 5 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Connection from
127.0.0.1:33112 permitted by libwrap
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel connected
from 127.0.0.1:33112
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel connecting
127.0.0.1:110
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait: waiting
10 seconds
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait:
connected
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Remote FD=4
initialized
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Negotiations for pop3
(server side) started
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]:  <- +OK DBMAIL pop3
server ready to rock <c1d4da932bdc0419345aa0ebf16550e2 at cent5a.test.local>
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]:  -> +OK DBMAIL pop3
server ready to rock <c1d4da932bdc0419345aa0ebf16550e2 at cent5a.test.local> +
stunnel
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]:  <- ...
Mar 18 08:31:48 cent5a stunnel: LOG3[3359:3086272208]: Client does not want
TLS
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Connection reset: 0
bytes sent to SSL, 0 bytes sent to socket
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel finished (0
left)*

Can anyone help?

Regards,
Rafal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20110318/2879da5f/attachment.html>


More information about the stunnel-users mailing list