[SOLVED] pop3 over stunnel

dgrames · 08-05-2012, 05:34 PM

I am having difficulty setting this up.

Thunderbird connects, and just sits there saying connecting.
The logs show the connection but no data is transfered.

my configuration is;

cert = /etc/ssl/certs/stunnel.pem
sslVersion = all
exec = /usr/sbin/popa3d
execargs = popa3d
output = /var/log/stunnel.log
verify = 1
ciphers = HIGH
debug = 7

called from inetd
pop3s stream tcp nowait root /usr/bin/stunnel stunnel /etc/stunnel/pop.conf

output in the log is;

2012.08.05 22:22:21 LOG5[1989:3074082496]: Reading configuration from file /etc/stunnel/pop.co
nf
2012.08.05 22:22:21 LOG7[1989:3074082496]: PRNG seeded successfully
2012.08.05 22:22:21 LOG6[1989:3074082496]: Could not load DH parameters from /etc/ssl/certs/st
unnel.pem
2012.08.05 22:22:21 LOG7[1989:3074082496]: ECDH initialized
2012.08.05 22:22:21 LOG7[1989:3074082496]: Certificate: /etc/ssl/certs/stunnel.pem
2012.08.05 22:22:21 LOG7[1989:3074082496]: Certificate loaded
2012.08.05 22:22:21 LOG7[1989:3074082496]: Key file: /etc/ssl/certs/stunnel.pem
2012.08.05 22:22:21 LOG7[1989:3074082496]: Private key loaded
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL context initialized for service stunnel
2012.08.05 22:22:21 LOG5[1989:3074082496]: Configuration successful
2012.08.05 22:22:21 LOG5[1989:3074082496]: No limit detected for the number of clients
2012.08.05 22:22:21 LOG7[1989:3074082496]: signal_pipe: FD=4 allocated (blocking mode)
2012.08.05 22:22:21 LOG7[1989:3074082496]: signal_pipe: FD=5 allocated (blocking mode)
2012.08.05 22:22:21 LOG5[1989:3074082496]: stunnel 4.35 on i486-slackware-linux-gnu with OpenS
SL 0.9.8x 10 May 2012
2012.08.05 22:22:21 LOG5[1989:3074082496]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2012.08.05 22:22:21 LOG7[1989:3074082496]: Service stunnel started
2012.08.05 22:22:21 LOG7[1989:3074082496]: Service stunnel permitted by libwrap from 192.168.1.6:40835
2012.08.05 22:22:21 LOG5[1989:3074082496]: Service stunnel accepted connection from 192.168.1.6:40835
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): before/accept initialization
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 read client hello A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 write server hello A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 write certificate A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 write certificate request A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 flush data
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 read client certificate A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 read client key exchange A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 read finished A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 write session ticket A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 write change cipher spec A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 write finished A
2012.08.05 22:22:21 LOG7[1989:3074082496]: SSL state (accept): SSLv3 flush data
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 items in the session cache
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 client connects (SSL_connect())
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 client connects that finished
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 client renegotiations requested
2012.08.05 22:22:21 LOG7[1989:3074082496]: 1 server connects (SSL_accept())
2012.08.05 22:22:21 LOG7[1989:3074082496]: 1 server connects that finished
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 server renegotiations requested
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 session cache hits
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 external session cache hits
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 session cache misses
2012.08.05 22:22:21 LOG7[1989:3074082496]: 0 session cache timeouts
2012.08.05 22:22:21 LOG6[1989:3074082496]: SSL accepted: new session negotiated
2012.08.05 22:22:21 LOG6[1989:3074082496]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2012.08.05 22:22:21 LOG7[1989:3074082496]: socket#1: FD=7 allocated (non-blocking mode)
2012.08.05 22:22:21 LOG7[1989:3074082496]: socket#2: FD=8 allocated (non-blocking mode)
2012.08.05 22:22:21 LOG3[1989:3074082496]: connect: Operation now in progress (115)
2012.08.05 22:22:21 LOG5[1989:3074082496]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2012.08.05 22:22:21 LOG7[1989:3074082496]: Service stunnel finished (0 left)

Thanks.

Don Grames

dgrames · 08-06-2012, 09:53 PM

Hi all,

I upgraded stunnel to 4.5.3 - rebuilt the current package.
Now stunnel works fine. Must have been something with the version in 13.37

Don