[stunnel-users] stunnel silently dies

Uffe Vedenbrant sqm at mynta.org
Sun Oct 16 06:54:47 CEST 2005


Finally found why/where stunnel silently dies for me..;-)

In FreeBSD there is a default "catch-all" entry in hosts.allow that 
stunnel does not like if there is any missing service entries the first 
time stunnel is started...

I.e. one needs to have all stunnel.conf service entries configured
in hosts.allow, in my case

SMTPPORT25 : ALL : allow
IMAPPORT143 : ALL : allow

needed to be there...

The "catch-all" looks as below..
--------------

# The rest of the daemons are protected.
ALL : ALL \
        : severity auth.info \
        : twist /bin/echo "You are not welcome to use %d from %h."

-------------

This causes stunnel to silently die with exit code 0..

If this is removed/changed to

-----------------
ALL : ALL : deny
-----------------

everything works as expected..

I.e. libwrap will complain about unauthorized access and keep on 
running, not just die without any logging at all..

I really cannot say however if this is a stunnel or libwrap 
bug/feature.. I.e. is stunnel to sensitive of what it gets back from
libwrap or is libwrap sending more data than needed back to stunnel..


/Uffe









Jan Meijer wrote:
> On Fri, 14 Oct 2005, Uffe Vedenbrant wrote:
> 
> 
>>Is there any possibility to have stunnel to say something about
>>tcpwrapper problems..;-)
> 
> 
> I don't really understand it as I made this config error a couple of times
> myself but it was nicely logged.  Then again, this last happened to me
> with 3.x code so...
> 
> Jan




More information about the stunnel-users mailing list