[stunnel-users] Stunnel exits with timeout

Peter Pentchev roam at ringlet.net
Thu Aug 18 10:34:26 CEST 2016 

On Wed, Aug 17, 2016 at 07:29:23PM -0400, SP wrote:
> On Thu, 2016-08-18 at 01:04 +0300, Peter Pentchev wrote:
> > On Wed, Aug 17, 2016 at 04:37:12PM -0400, SP wrote:
> > > 
> > > Summary of problem (configuration and log details below):
> > > I am attempting to configure Stunnel to run a pop3s service on our
> > > server so that users can retrieve email securely.
> > > Stunnel is started as a systemctl service.  If I include both the
> > > following in the stunnel.conf:
> > > 
> > > accept  = mail.myserver.net:995 
> > > connect = localhost:110
> > > 
> > > then systemctl will exit immediately with:
> > > Service [pop3s]: Each service must define two endpoints
> > > stunnel.service: Control process exited, code=exited status=1 
> > > Failed to start SSL tunnel for network daemons.
> > > 
> > > If I comment the connect to 110 then it will start and hang then
> > > eventually timeout:
> > > stunnel.service: Failed with result 'timeout'.
> > Try uncommenting the "connect" line, then commenting out the "exec"
> > and
> > "execargs" lines; see if this helps.  As it is, you're telling
> > stunnel
> > "listen on port 995, then connect to port 110 and also run a
> > program";
> > that's three things, and it wants you to tell it exactly two.
> > 
> > It's a different question why the "exec" one doesn't work though...
> > In the current configuration, with the "connect" line commented out
> > and
> > the "exec" and "execargs" one uncommented, when you connect to port
> > 995,
> > can you see (with "pstree -l" or "ps awwfux" or something like that)
> > stunnel starting a gnu-pop3d process?  Does the gnu-pop3d process log
> > something somewhere?
> 
> Peter,
> 
> Thank you for your reply.  Commenting out the exec and execargs does
> dispense with the "requires two endpoints" fault.  The programs still
> times out, however with the program and systemctl exiting.

OK, so does the stunnel log show that it is accepting your connection?
Does the stunnel log show that it is connecting to port 110?
Does the log of the program that you have listening on port 110 show
that it is accepting stunnel's connection to it?

G'luck,
Peter

-- 
Peter Pentchev  roam at ringlet.net roam at FreeBSD.org pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20160818/0aa3b5fa/attachment.sig>

More information about the stunnel-users mailing list