Package: stunnel4
Version: 3:5.77-1
Although stunnel has been working fine, it looks like I developed the
same problem when upgrading my forky system this past weekend. I
starting noticing that mail wasn't going out:
Mar 16 20:04:16 olgas postfix/smtp[45485]: 9F44A6FA0032:
to=<[email protected]>, relay=none, delay=23393,
delays=23393/0.04/0/0, tls=may?, dsn=4.4.1, status=deferred (connect
to 127.0.0.1[127.0.0.1]:12345: Connection refused)
Sure enough, nothing was listening on 12345 (not the real port) and
stunnel wasn't running. When I ran systemctl status on stunnel.target
and [email protected], stunnel was listed as disabled. So I
enabled it and restarted it with systemctl. Still no joy. Here is what
status shows now:
[wohler@olgas stunnel]$ sudo systemctl status stunnel.target
● stunnel.target - TLS tunnels for network services - per-config-file target
Loaded: loaded (/usr/lib/systemd/system/stunnel.target; enabled;
preset: enabled)
Active: active since Mon 2026-03-16 20:08:23 PDT; 3min 44s ago
Invocation: b1aa7e266eae4a76945c6f0073b45a8a
Mar 16 20:08:23 olgas systemd[1]: Stopping stunnel.target - TLS tunnels for
network services - per-config-file target...
Mar 16 20:08:23 olgas systemd[1]: Reached target stunnel.target - TLS
tunnels for network services - per-config-file target.
[wohler@olgas stunnel4]$ sudo systemctl status [email protected]
○ [email protected] - TLS tunnel for network daemons -
per-config-file service
Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled;
preset: enabled)
Active: inactive (dead) since Mon 2026-03-16 20:14:33 PDT; 5min ago
Duration: 78ms
Invocation: 05777fb2ed6c4a2e87713026c1874819
Docs: man:stunnel4(8)
Process: 46582 ExecStart=/usr/bin/stunnel4 /etc/stunnel/stunnel.conf
(code=exited, status=0/SUCCESS)
Main PID: 46582 (code=exited, status=0/SUCCESS)
Mem peak: 3.4M
CPU: 29ms
Mar 16 20:14:33 olgas stunnel[46582]: LOG5[ui]: Compiled/running with
OpenSSL 3.5.5 27 Jan 2026
Mar 16 20:14:33 olgas stunnel[46582]: LOG5[ui]: Threading:PTHREAD
Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,OCSP,PSK,SNI Auth:LIBWRAP
Mar 16 20:14:33 olgas stunnel[46582]: LOG5[ui]: Reading configuration from
file /etc/stunnel/stunnel.conf
Mar 16 20:14:33 olgas stunnel[46582]: LOG5[ui]: UTF-8 byte order mark not
detected
Mar 16 20:14:33 olgas stunnel[46582]: LOG5[ui]: FIPS provider disabled
Mar 16 20:14:33 olgas stunnel[46582]: LOG4[ui]: Service [smtp-tls-wrapper]
needs authentication to prevent MITM attacks
Mar 16 20:14:33 olgas stunnel[46582]: LOG5[ui]: Configuration successful
Mar 16 20:14:33 olgas stunnel[46582]: LOG5[ui]: Binding service
[smtp-tls-wrapper] to :::12345: Address already in use (98)
Mar 16 20:14:33 olgas stunnel[46601]: LOG5[main]: Terminated
Mar 16 20:14:33 olgas systemd[1]: [email protected]: Deactivated
successfully.
Note that I get the "Address already in use message" also. However,
looking back at the logs, I've been getting these since I installed
forky in December and stunnel has been working fine, so that's probably
a red herring.
I took Jonathan's suggestion and started the daemon manually. This time
the log didn't show the last two lines above starting with "Terminated"
and stunnel kept running and kept listening:
[wohler@olgas stunnel]$ sudo /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
[wohler@olgas stunnel]$ pgrep -a stunnel
49058 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
[wohler@olgas stunnel]$ sudo lsof -ni:12345
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
stunnel4 49058 root 9u IPv4 87661 0t0 TCP *:11125 (LISTEN)
[wohler@olgas stunnel]$ sudo ss -tulpn | grep :12345
tcp LISTEN 0 4096 0.0.0.0:12345 0.0.0.0:*
users:(("stunnel4",pid=49058,fd=9))
p.s. Any quick recipes to address the MITM warning appreciated.
--
Bill Wohler <[email protected]> aka <[email protected]>
http://www.newt.com/wohler/, GnuPG ID:610BD9AD
