On Mon, 28 May 2007, abhilash s wrote:
Date: Mon, 28 May 2007 10:38:19 -0400
From: abhilash s <[EMAIL PROTECTED]>
To: [email protected]
Subject: How to configure stunnel Ver. 4
Hi,
I would like to setup the smtps using qpsmtpd : I have followed the
steps of Method 1 in the following link :
http://wiki.qpsmtpd.org/config:smtps
I am using stunnel version stunnel-4.05-3 . so that it shows errors .
I have modified the run script as follows
Step 2 on the page you reference clearly states:
2 - Install stunnel, version 3 (not 4, which uses a different syntax!)
The verion of stunnel-4 that I have installed includes a perl wrapper
called "stunnel3". See if you have that and change your run script to use
that instead. You should fix your last line to look more like (ie.
reinstate the -f -p and -l options):
ssmtp /usr/sbin/stunnel3 -f -p /etc/courier/mail.pem -l $BASEDIR/qpsmtpd 2>&1
-f
# run
---------
#!/bin/sh
QMAILDUID=`id -u smptd`
NOFILESGID=`id -g smptd`
BASEDIR=`pwd`;
echo "starting smtp-ssl service with tcpserver and qpsmtpd basedir
'$BASEDIR'"
exec /usr/local/bin/softlimit -m 25000000 \
/usr/local/bin/tcpserver -c 50 -v -R -p \
-H -x/var/qmail/control/qmail-smtpd.cdb \
-u $QMAILDUID -g $NOFILESGID `head -1 $BASEDIR/config/IP` \
smtps /usr/sbin/stunnel /etc/stunnel/stunnel.conf $BASEDIR/qpsmtpd
2>&1
and the /etc/stunnel/stunnel.conf
foreground = yes
setuid = smtpd
setgid = smtpd
pid =
debug = debug
output = /dev/stdout
CAfile = /usr/share/ssl/private/ca_cert.crt
cert = /usr/share/ssl/private/qpsmptd_stunnel.crt
[smtps]
accept = mail.abc.com:smtps
connect = mail.abc.com:smtp
When I try to telnet to 465 port it shows :
Trying 127.0.0.1...
Connected to abc_server (127.0.0.1).
Escape character is '^]'.
Connection closed by foreign host.
I tried the public IP too for telnetting. When I run the command
before telneting to the server
#netstat -tap|grep smt
tcp 0 0 *:smtps *:*
LISTEN 5925/tcpserver
tcp 0 0 *:smtp *:*
LISTEN 5632/perl
After running telnet command to 465 port it shows
tcp 0 0 *:smtps *:*
LISTEN 5925/tcpserver
tcp 0 0 *:smtp *:*
LISTEN 5632/perl
tcp 0 0 abc_server:smtps abc_server:32917
TIME_WAIT -
It will increment the number of smtps as we run more telnet command to 465
port.
Also the qpsmtpd-ssl log shows :
@40000000465ae74510aba97c tcpserver: status: 1/50
@40000000465ae74510abc4d4 tcpserver: pid 5963 from 127.0.0.1
@40000000465ae74510b31fa4 tcpserver: ok 5963 localhost:127.0.0.1:465
:127.0.0.1::32919
@40000000465ae74511152564 2007.05.28 10:29:15 LOG3[5963:3086502112]:
Unable to open output file: /dev/stdout
@40000000465ae74511167554 2007.05.28 10:29:15 LOG5[5963:3086502112]:
stunnel 4.05 on i686-redhat-linux-gnu PTHREAD+LIBWRAP with OpenSSL
0.9.7a Feb 19 2003
@40000000465ae74511177b0c 2007.05.28 10:29:15 LOG4[5963:3086502112]:
Wrong permissions on /usr/share/ssl/private/qpsmtpd-stunnel.crt
@40000000465ae745117546c4 2007.05.28 10:29:15 LOG7[5963:3086502112]:
Snagged 64 random bytes from /dev/urandom
@40000000465ae7451177bf94 2007.05.28 10:29:15 LOG7[5963:3086502112]:
RAND_status claims sufficient entropy for the PRNG
@40000000465ae745117863a4 2007.05.28 10:29:15 LOG6[5963:3086502112]:
PRNG seeded successfully
@40000000465ae74511fb997c 2007.05.28 10:29:15 LOG7[5963:3086502112]:
Certificate: /usr/share/ssl/private/qpsmtpd-stunnel.crt
@40000000465ae74511fc8bac 2007.05.28 10:29:15 LOG7[5963:3086502112]:
Key file: /usr/share/ssl/private/qpsmtpd-stunnel.crt
@40000000465ae745120117bc 2007.05.28 10:29:15 LOG5[5963:3086502112]:
FD_SETSIZE=1024, file ulimit=1024 -> 500 clients
[EMAIL PROTECTED] 2007.05.28 10:29:15
LOG7[5963:3086502112]: FD 3 in non-blocking mode
@40000000465ae7451203232c 2007.05.28 10:29:15 LOG7[5963:3086502112]:
SO_REUSEADDR option set on accept socket
@40000000465ae74512044824 2007.05.28 10:29:15 LOG3[5963:3086502112]:
Error binding smtps to x.x.x.x:465
@40000000465ae74512051344 2007.05.28 10:29:15 LOG3[5963:3086502112]:
bind: Address already in use (98)
@40000000465ae745122393dc tcpserver: end 5963 status 256
@40000000465ae7451223af34 tcpserver: status: 0/50
and the permission for /usr/share/ssl/private/qpsmtpd-stunnel.crt file is
-rw-r--r-- 1 smtpd smtpd 2676 May 28 05:14
/usr/share/ssl/private/qpsmtpd-stunnel.crt
Please help me to solve this problem
Thanks,
Abhilash.S
