[stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)

• Previous message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Next message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Should I have "protocol = pop3" in my config file?

When I do, I get this from the stunnel log:

2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN)
2005.07.06 12:46:54 LOG7[18045:0]: Waiting 300 second(s) for 3 file 
descriptor(s)
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=4, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 1, FD=6, (IN)->()
2005.07.06 12:46:54 LOG7[18045:0]: CONTEXT 2, FD=0, (IN)->(IN)
2005.07.06 12:46:54 LOG7[18045:2]:  <- .g..
2005.07.06 12:46:54 LOG3[18045:2]: Client does not want TLS
2005.07.06 12:46:54 LOG5[18045:2]: Protocol negotiation failed
2005.07.06 12:46:54 LOG3[18045:2]: Protocol negotiations failed
2005.07.06 12:46:54 LOG7[18045:2]: pop3s finished (0 left)
2005.07.06 12:46:54 LOG7[18045:2]: Context 2 closed
2005.07.06 12:46:54 LOG7[18045:0]: Waiting -1 second(s) for 2 file 
descriptor(s)


Doug P

Douglas Phillipson wrote:
> I'm not sure it it applies but if I do:
> 
> openssl s_client -connect 172.20.12.59:995
> 
> I get the following error:
> 
> CONNECTED(00000003)
> 17964:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
> failure:s23_lib.c:226:
> 
> 
> Doug P
> 
> 
> Douglas Phillipson wrote:
> 
>> I have a Solaris 2.6 box and am trying to get pop3 over SSL running.  
>> I use:
>>
>> qpopper 4.0.5
>> openssl-0.9.7g
>> stunnel 4.10  compiled with gcc 2.95.3
>>
>> When I compiled stunnel it made a private ket and certificate in 
>> /usr/local/etc/stunnel/stunnel.pem.
>>
>> Do I need anything else?
>>
>> I have the following configuration:
>>
>> Inetd.conf:
>>
>> pop3 stream tcp nowait root /usr/local/sbin/popper qpopper -S  -t /poplog
>>
>> stunnel.conf:
>>
>> cert = /usr/local/etc/stunnel/stunnel.pem
>> key = /usr/local/etc/stunnel/stunnel.pem
>> debug = 7
>> output = /stunnel.log
>> pid = /stunnel.pid
>> client = yes
>>
>> [pop3s]
>> accept  = 995
>> connect = 110
>>
>> I run stunnel and get the following output:
>>
>> 2005.07.06 11:34:17 LOG5[17873:1]: stunnel 4.10 on 
>> sparc-sun-solaris2.6 UCONTEXT+POLL+IPv4 with OpenSSL 0.9.7g 11 Apr 2005
>> 2005.07.06 11:34:18 LOG7[17873:1]: Snagged 64 random bytes from //.rnd
>> 2005.07.06 11:34:18 LOG7[17873:1]: Wrote 1024 new random bytes to //.rnd
>> 2005.07.06 11:34:18 LOG7[17873:1]: RAND_status claims sufficient 
>> entropy for the PRNG
>> 2005.07.06 11:34:18 LOG6[17873:1]: PRNG seeded successfully
>> 2005.07.06 11:34:18 LOG7[17873:1]: Certificate: 
>> /usr/local/etc/stunnel/stunnel.pem
>> 2005.07.06 11:34:18 LOG7[17873:1]: Key file: 
>> /usr/local/etc/stunnel/stunnel.pem
>> 2005.07.06 11:34:18 LOG6[17873:1]: file ulimit = 64 (can be changed 
>> with 'ulimit -n')
>> 2005.07.06 11:34:18 LOG6[17873:1]: poll() used - no FD_SETSIZE limit 
>> for file descriptors
>> 2005.07.06 11:34:18 LOG5[17873:1]: 29 clients allowed
>> 2005.07.06 11:34:18 LOG7[17873:1]: FD 4 in non-blocking mode
>> 2005.07.06 11:34:18 LOG7[17873:1]: FD 5 in non-blocking mode
>> 2005.07.06 11:34:18 LOG7[17873:1]: FD 6 in non-blocking mode
>> 2005.07.06 11:34:18 LOG7[17873:1]: SO_REUSEADDR option set on accept 
>> socket
>> 2005.07.06 11:34:18 LOG7[17873:1]: pop3s bound to 0.0.0.0:995
>> 2005.07.06 11:34:18 LOG7[17874:1]: Created pid file /stunnel.pid
>> 2005.07.06 11:34:18 LOG7[17874:0]: Waiting -1 second(s) for 2 file 
>> descriptor(s)
>>
>>
>> I connect via pop3 in thunderbird with ssl and qpopper always says:
>> (null) at localhost (127.0.0.1): -ERR Unknown command: "".
>>  (nulI/O error flushing output to client  at localhost [127.0.0.1]: 
>> Broken pipe (32)l) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
>>
>> Stunnel says:
>>
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->(IN)
>> 2005.07.06 11:37:13 LOG7[17884:1]: pop3s accepted FD=0 from 
>> 172.20.10.7:45464
>> 2005.07.06 11:37:13 LOG7[17884:1]: Creating a new context
>> 2005.07.06 11:37:13 LOG7[17884:1]: Context 2 created
>> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s started
>> 2005.07.06 11:37:13 LOG7[17884:2]: FD 0 in non-blocking mode
>> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on local socket
>> 2005.07.06 11:37:13 LOG5[17884:2]: pop3s connected from 172.20.10.7:45464
>> 2005.07.06 11:37:13 LOG7[17884:2]: FD 1 in non-blocking mode
>> 2005.07.06 11:37:13 LOG7[17884:2]: pop3s connecting 127.0.0.1:110
>> 2005.07.06 11:37:13 LOG7[17884:2]: Remote FD=1 initialized
>> 2005.07.06 11:37:13 LOG7[17884:2]: TCP_NODELAY option set on remote 
>> socket
>> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): before/connect 
>> initialization
>> 2005.07.06 11:37:13 LOG7[17884:2]: SSL state (connect): SSLv3 write 
>> client hello A
>> 2005.07.06 11:37:13 LOG7[17884:0]: Waiting 300 second(s) for 3 file 
>> descriptor(s)
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=4, (IN)->()
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 1, FD=6, (IN)->()
>> 2005.07.06 11:37:13 LOG7[17884:0]: CONTEXT 2, FD=1, (IN)->(IN)
>>
>> The mail never gets delivered to either Thunderbird or outlook express.
>> I get a certificate approval request from Thunderbird to which I 
>> grant, then nothing.  If I disable ssl in thunderbird the mail gets 
>> accepted normally.
>>
>> What might I be doing wrong???
>>
>> Thanks
>>
>> Doug P
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at mirt.net
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>
>>
> 
> 

• Previous message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Next message (by thread): [stunnel-users] Stunnel for pop3 on solaris 2.6 (more info)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]