RE: tcpserver & stunnel

Mon, 10 Jul 2000 19:28:55 -0700 

jamie said:
> Does anyone have a working tcpserver w/stunnel configuration
> they'd like to
> share?  From the list archives I gather a patch is in order
> however the
> last posts on the topic are from '98 and that code appears to
> be out-dated.
>
> I'm using stunnel 3.4a from the Debian packages (potato).
> I'm specifically
> interested in enabling SSL pop3, but seeing any configs for SSL smtp
> wouldn't be uninteresting either.  TIA

I'm running stunnel 3.8, which I downloaded from
<http://mike.daewoo.com.pl/computer/stunnel/>--more info there, take a look.
There's also a site at <http://www.stunnel.org>, which must be new--I ran
into it while researching this email, hadn't seen it before. POP3 over SSL
seems to work fine, at least with Microsoft Outlook 98, which is the only
client I've tested with.

I'm not currently blocking normal POP3 connections, but as I understand it
you use tcpserver to only accept pop3 traffic from localhost (which limits
it to accepting connections forwarded from the s-pop3 port to the pop3 port
using stunnel), in much the same way you configure qmail-smtpd to only relay
mail from specific IPs.

I tried (and failed) to run stunnel under tcpserver in non-daemon
mode--perhaps I was doing something wrong, but I eventually just ran it
stand-alone in daemon mode--I've included my init.d script below. I also
failed to get SMTP over SSL working--from what I understand, it's not enough
just to tunnel it. Maybe someone more knowledgeable can help?

- Bradey

-------
My stunnel-spop3 init.d script, shamelessly stolen from lwq--better
implementations, anyone?

#!/bin/sh -e
# /etc/rc.d/init.d/stunnel-ssmtp: start or stop SMTP-over-SSL tunnel.
# borrowed from http://Web.InfoAve.Net/~dsill/lwq.html#start-qmail
# modified by Bradey Honsinger
# Installed by Bradey Honsinger 6/2/00

case "$1" in
    start)
        echo -n "Starting stunnel-ssmtp"
        env - PATH="/usr/local/sbin:$PATH" \
           stunnel -d ssmtp -r localhost:smtp &
        echo $! > /var/run/stunnel-ssmtp.pid
        echo "."
        ;;
    stop)
         # ERROR-this won't work, pid has changed (stunnel spawned another)
         # Currently, this script will not stop stunnel, since it can't
         # tell the difference between an stunnel running on smtp and
others.
        echo -n "Stopping stunnel-smtp"
        kill `cat /var/run/stunnel-ssmtp.pid`
        echo "."
        ;;
    restart|reload|force-reload)
        $0 stop
        $0 start
        ;;
    *)
        echo 'Usage: /etc/init.d/stunnel-ssmtp {start|stop|restart}'
        exit 1
esac

exit 0

Reply via email to