Hi All.<br>I am using stunnel version 4.15 on CentOS 5.5. I am trying to add SSL to DBMAIL imap/pop3 server. I am running stunnel through xinetd:<br><b>- /etc/xinetd.d/imaps:</b><br>service imaps<br>{<br> disable = no<br>
socket_type = stream<br>
user = root<br> server = /usr/sbin/stunnel<br> server_args = /etc/stunnel/imaps.conf<br> wait = no<br> protocol = tcp<br> port = 993<br>}<br><b>- /etc/xinetd.d/pop3s:</b><br>service pop3s<br>
{<br> disable = no<br> socket_type = stream<br> user = root<br> server = /usr/sbin/stunnel<br> server_args = /etc/stunnel/pop3s.conf<br> protocol = tcp<br> port = 995<br> wait = no<br>
}<br><b>- /etc/stunnel/imaps.conf:</b><br>connect = localhost:143<br>cert = /etc/pki/tls/certs/x.local.crt<br>key = /etc/pki/tls/private/x.local.key<br>debug = local1.7<br>protocol = imap<br>
<b>- /etc/stunnel/pop3s.conf:</b><br>connect = localhost:110<br>cert = /etc/pki/tls/certs/x.local.crt<br>key = /etc/pki/tls/private/x.local.key<br>debug = local0.7<br>protocol = pop3<br>
<br>netstat -tlpn | awk -F: '$2 ~ /^993|995|110|143/ {print}':<br>tcp 0 0 <a href="http://0.0.0.0:993">0.0.0.0:993</a> 0.0.0.0:* LISTEN 2319/xinetd <br>tcp 0 0 <a href="http://0.0.0.0:995">0.0.0.0:995</a> 0.0.0.0:* LISTEN 2319/xinetd <br>
tcp 0 0 <a href="http://127.0.0.1:110">127.0.0.1:110</a> 0.0.0.0:* LISTEN 2484/dbmail-pop3d <br>tcp 0 0 <a href="http://127.0.0.1:143">127.0.0.1:143</a> 0.0.0.0:* LISTEN 2453/dbmail-imapd <br>
<br>So whenever there is a connection to port 993/995 xinetd invokes stunnel with proper config file.<br>When I <b>connect to port 993</b> I get in log file:<br><br><i>Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008<br>
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP<br>Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel started<br>Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 0 in non-blocking mode<br>
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 1 in non-blocking mode<br>Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in non-blocking mode<br>Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 5 in non-blocking mode<br>
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Connection from <a href="http://127.0.0.1:45634">127.0.0.1:45634</a> permitted by libwrap<br>Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel connected from <a href="http://127.0.0.1:45634">127.0.0.1:45634</a><br>
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in non-blocking mode<br>Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel connecting <a href="http://127.0.0.1:143">127.0.0.1:143</a><br>Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait: waiting 10 seconds<br>
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait: connected<br>Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Remote FD=4 initialized<br>Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Negotiations for imap (server side) started<br>
Mar 18 08:29:43 cent5a stunnel: LOG3[3345:3086460624]: <b>Protocol imap not supported in server mode</b><br>Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket<br>
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel finished (0 left)</i><br><br>From which version of stunnel does option protocol = imap work? What exactly does it do?<br><br>When I <b>connect to port 995</b> I get in log file:<br>
<br><i>Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel 4.15 on i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008<br>Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP<br>
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel started<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 0 in non-blocking mode<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 1 in non-blocking mode<br>
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in non-blocking mode<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 5 in non-blocking mode<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Connection from <a href="http://127.0.0.1:33112">127.0.0.1:33112</a> permitted by libwrap<br>
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel connected from <a href="http://127.0.0.1:33112">127.0.0.1:33112</a><br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in non-blocking mode<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel connecting <a href="http://127.0.0.1:110">127.0.0.1:110</a><br>
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait: waiting 10 seconds<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait: connected<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Remote FD=4 initialized<br>
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Negotiations for pop3 (server side) started<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: <- +OK DBMAIL pop3 server ready to rock <c1d4da932bdc0419345aa0ebf16550e2@cent5a.test.local><br>
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: -> +OK DBMAIL pop3 server ready to rock <c1d4da932bdc0419345aa0ebf16550e2@cent5a.test.local> + stunnel<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: <- ...<br>
Mar 18 08:31:48 cent5a stunnel: LOG3[3359:3086272208]: <b>Client does not want TLS</b><br>Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket<br>Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel finished (0 left)</i><br>
<br>Can anyone help?<br><br>Regards,<br>Rafal.<br><br><br>