Re: [Dbmail] SSL for POP3/IMAP server (DBMAIL).

Paul J Stevens Sun, 20 Mar 2011 02:53:09 -0700


Rafai,


I'm using:


#> cat /etc/xinetd.d/imap

service imaps
{
        socket_type     = stream
        protocol        = tcp
        wait            = no
        user            = root
        server          = /usr/bin/stunnel4
        server_args     = /etc/stunnel/imaps.conf
}

#> cat /etc/stunnel/imaps.conf

connect         = localhost:143
setuid          = dbmail
setgid          = dbmail
sslVersion      = SSLv3
cert            = /etc/ssl/mail.nfg.nl.pem
session         = 14400
TIMEOUTidle     = 14400




On 03/18/2011 10:59 AM, "Rafał Radecki" <[email protected]>" wrote:
> Hi All.
> I am using stunnel version 4.15 on CentOS 5.5. I am trying to add SSL to
> DBMAIL imap/pop3 server. I am running stunnel through xinetd:
> *- /etc/xinetd.d/imaps:*
> service imaps
> {
>         disable = no
>         socket_type = stream
>         user = root
>         server = /usr/sbin/stunnel
>         server_args = /etc/stunnel/imaps.conf
>         wait = no
>         protocol = tcp
>         port = 993
> }
> *- /etc/xinetd.d/pop3s:*
> service pop3s
> {
>         disable = no
>         socket_type = stream
>         user = root
>         server = /usr/sbin/stunnel
>         server_args = /etc/stunnel/pop3s.conf
>         protocol = tcp
>         port = 995
>         wait = no
> }
> *- /etc/stunnel/imaps.conf:*
> connect =       localhost:143
> cert    =       /etc/pki/tls/certs/x.local.crt
> key     =       /etc/pki/tls/private/x.local...key
> debug   =       local1.7
> protocol = imap
> *- /etc/stunnel/pop3s.conf:*
> connect =       localhost:110
> cert    =       /etc/pki/tls/certs/x.local.crt
> key     =       /etc/pki/tls/private/x.local.key
> debug   =       local0.7
> protocol        =       pop3
> 
> netstat -tlpn | awk -F: '$2 ~ /^993|995|110|143/ {print}':
> tcp        0      0 0.0.0.0:993 <http://0.0.0.0:993/>                
> 0.0.0.0:*                   LISTEN      2319/xinetd        
> tcp        0      0 0.0.0.0:995 <http://0.0.0.0:995/>                
> 0.0.0.0:*                   LISTEN      2319/xinetd        
> tcp        0      0 127.0.0.1:110 <http://127.0.0.1:110/>              
> 0.0.0.0:*                   LISTEN      2484/dbmail-pop3d  
> tcp        0      0 127.0.0.1:143 <http://127.0.0.1:143/>              
> 0.0.0.0:*                   LISTEN      2453/dbmail-imapd 
> 
> So whenever there is a connection to port 993/995 xinetd invokes stunnel
> with proper config file.
> When I *connect to port 993* I get in log file:
> 
> /Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel 4.15 on
> i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Threading:PTHREAD
> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel started
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 0 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 1 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 5 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Connection from
> 127.0.0.1:45634 <http://127.0.0.1:45634/> permitted by libwrap
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel connected
> from 127.0.0.1:45634 <http://127.0.0.1:45634/>
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel
> connecting 127.0.0.1:143 <http://127.0.0.1:143/>
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait:
> waiting 10 seconds
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait:
> connected
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Remote FD=4
> initialized
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Negotiations for
> imap (server side) started
> Mar 18 08:29:43 cent5a stunnel: LOG3[3345:3086460624]: *Protocol imap
> not supported in server mode*
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Connection reset:
> 0 bytes sent to SSL, 0 bytes sent to socket
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel finished
> (0 left)/
> 
> From which version of stunnel does option protocol = imap work? What
> exactly does it do?
> 
> When I *connect to port 995* I get in log file:
> 
> /Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel 4.15 on
> i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Threading:PTHREAD
> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel started
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 0 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 1 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 5 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Connection from
> 127.0.0...1:33112 <http://127.0.0.1:33112/> permitted by libwrap
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel connected
> from 127.0.0.1:33112 <http://127.0.0.1:33112/>
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel
> connecting 127.0.0.1:110 <http://127.0.0.1:110/>
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait:
> waiting 10 seconds
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait:
> connected
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Remote FD=4
> initialized
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Negotiations for
> pop3 (server side) started
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]:  <- +OK DBMAIL
> pop3 server ready to rock
> <[email protected]>
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]:  -> +OK DBMAIL
> pop3 server ready to rock
> <[email protected]> + stunnel
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]:  <- ...
> Mar 18 08:31:48 cent5a stunnel: LOG3[3359:3086272208]: *Client does not
> want TLS*
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Connection reset:
> 0 bytes sent to SSL, 0 bytes sent to socket
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel finished
> (0 left)/
> 
> Can anyone help?
> 
> Regards,
> Rafal.
> 
> 
> 
> _______________________________________________
> DBmail mailing list
> [email protected]
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail


-- 
  ________________________________________________________________
  Paul Stevens                                      paul at nfg.nl
  NET FACILITIES GROUP                     GPG/PGP: 1024D/11F8CD31
  The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
[email protected]
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

Re: [Dbmail] SSL for POP3/IMAP server (DBMAIL).

Reply via email to