[stunnel-users] Temporary failure in name resolution

Phil Wieland phil at philwieland.com
Mon Apr 25 21:16:56 CEST 2011 

I think I've done something stupid but I can't work out what.

I'm running stunnel4 version 4.29 on an Ubuntu server box, using it to 
tunnel smtp connections to my ISP's mail server.  Everything works 
perfectly until I reboot the server, when it stops working.

In syslog, I get:
Apr 24 15:56:11 friedbread stunnel: LOG5[1101:3074997104]: ssmtp 
accepted connection from 127.0.0.1:50681
Apr 24 15:56:11 friedbread stunnel: LOG3[1101:3074997104]: Error 
resolving 'smtp.blueyonder.co.uk': Temporary failure in name resolution 
(EAI_AGAIN)
Apr 24 15:56:11 friedbread stunnel: LOG3[1101:3074997104]: No host resolved
Apr 24 15:56:11 friedbread stunnel: LOG5[1101:3074997104]: Connection 
reset: 0 bytes sent to SSL, 0 bytes sent to socket

every time I attempt to send mail.  I can ping smtp.blueyonder.co.uk no 
problem.  The problem persists until I restart stunnel4, after which it 
works perfectly for weeks on end.

Looking at syslog for boot time, it looks like stunnel tries to resolve 
smtp.blueyonder.co.uk as soon as it starts, but dhcp hasn't finished at 
this time so it fails.  It seems to cache something from the failure and 
not try again?  Even though the error is "Temporary".

All advice gratefully received.

Phil Wieland
Liverpool, UK.

###@friedbread:~$ stunnel4 -version
stunnel 4.29 on i486-pc-linux-gnu with OpenSSL 0.9.8k 25 Mar 2009
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug           = 5
pid             = /var/run/stunnel4.pid
RNDbytes        = 64
RNDfile         = /dev/urandom
RNDoverwrite    = yes

Service-level options
cert            = /etc/stunnel/stunnel.pem
ciphers         = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key             = /etc/stunnel/stunnel.pem
session         = 300 seconds
stack           = 65536 bytes
sslVersion      = SSLv3 for client, all for server
TIMEOUTbusy     = 300 seconds
TIMEOUTclose    = 60 seconds
TIMEOUTconnect  = 10 seconds
TIMEOUTidle     = 43200 seconds
verify          = none
###@friedbread:~$ cat /etc/stunnel/stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2009
; Some options used here may not be adequate for your particular 
configuration
; Please make sure you understand them (especially the effect of the 
chroot jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/ssl/certs/stunnel.pem
;key = /etc/ssl/certs/stunnel.pem


; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside the chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = /var/log/stunnel4/stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

[ssmtp]
accept  = 55899
connect = smtp.blueyonder.co.uk:465

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini
###@friedbread:~$

More information about the stunnel-users mailing list