Bill Shupp wrote:
http://www.mail-archive.com/[EMAIL PROTECTED]/msg01098.html
Bill
Bill (and all),
I'm still having considerable trouble with this and I'm wondering if a new set of eyes would help out ... Here is my run file :
[EMAIL PROTECTED] qmail-pop3ds]# cat run #!/bin/sh
VPOPMAILUID=`id -u vpopmail` VPOPMAILGID=`id -g vpopmail`
exec /usr/local/bin/tcpserver -l 0 -R -H -v -c 100 \
-u"$VPOPMAILUID" -g"$VPOPMAILGID" 0 995 \
/usr/sbin/stunnel /var/qmail/supervise/qmail-pop3ds/pop3ds.conf 2>&1
And my pop3ds.conf file :
[EMAIL PROTECTED] qmail-pop3ds]# cat pop3ds.conf
debug = 7
foreground = yes
cert = /var/qmail/control/servercert.pem
key = /var/qmail/control/clientcert.pem
exec = /var/qmail/bin/qmail-popup
execargs = qmail-popup alex.emcyber.com /home/vpopmail/bin/vchkpw /var/qmail/bin/qmail-pop3d Maildir
I've tried testing this with a pop3 client, but to no avail. So, I tried to test via redirecting local connections to port 110 to port 995 on the remote machine with a config like this :
[EMAIL PROTECTED] friz] cat test.conf client=yes connect=mail.emcs.net:995 foreground=yes [pop3] accept=localhost:110
I can connect to port 110 and I see the debug output via the pop3ds log. It *appears* to negotiate the cipher correctly, but then just hangs there. I can issue commands via the connection to port 110, but I get no response from the server, nor do I see anything in the pop3ds log. Here's a snippet of the server log :
2004-10-12 10:27:19.714253500 tcpserver: pid 11113 from 204.186.99.52
2004-10-12 10:27:19.714256500 tcpserver: ok 11113 0:206.228.94.41:995 :204.186.99.52::60099
2004-10-12 10:27:19.722243500 2004.10.12 10:27:19 LOG5[11113:3073036416]: stunnel 4.04 on i386-redhat-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.7a Feb 19 2003
2004-10-12 10:27:19.725896500 2004.10.12 10:27:19 LOG7[11113:3073036416]: Snagged 64 random bytes from /dev/urandom
2004-10-12 10:27:19.726237500 2004.10.12 10:27:19 LOG7[11113:3073036416]: RAND_status claims sufficient entropy for the PRNG
2004-10-12 10:27:19.726283500 2004.10.12 10:27:19 LOG6[11113:3073036416]: PRNG seeded successfully
2004-10-12 10:27:19.741438500 2004.10.12 10:27:19 LOG7[11113:3073036416]: Certificate: /var/qmail/control/servercert.pem
2004-10-12 10:27:19.741490500 2004.10.12 10:27:19 LOG7[11113:3073036416]: Key file: /var/qmail/control/clientcert.pem
2004-10-12 10:27:19.742112500 2004.10.12 10:27:19 LOG7[11113:3073036416]: stunnel started
2004-10-12 10:27:19.742680500 2004.10.12 10:27:19 LOG5[11113:3073036416]: stunnel connected from 204.186.99.52:60099
2004-10-12 10:27:19.743057500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): before/accept initialization
2004-10-12 10:27:19.744043500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 read client hello A
2004-10-12 10:27:19.744142500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 write server hello A
2004-10-12 10:27:19.744459500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 write certificate A
2004-10-12 10:27:19.744506500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 write server done A
2004-10-12 10:27:19.744624500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 flush data
2004-10-12 10:27:19.999471500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 read client key exchange A
2004-10-12 10:27:19.999862500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 read finished A
2004-10-12 10:27:19.999918500 2004.10.12 10:27:19 LOG7[11113:3073036416]: SSL state (accept): SSLv3 write change cipher spec A
2004-10-12 10:27:20.000141500 2004.10.12 10:27:20 LOG7[11113:3073036416]: SSL state (accept): SSLv3 write finished A
2004-10-12 10:27:20.000196500 2004.10.12 10:27:20 LOG7[11113:3073036416]: SSL state (accept): SSLv3 flush data
2004-10-12 10:27:20.000422500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 1 items in the session cache
2004-10-12 10:27:20.000428500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 0 client connects (SSL_connect())
2004-10-12 10:27:20.000433500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 0 client connects that finished
2004-10-12 10:27:20.000438500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 0 client renegotiatations requested
2004-10-12 10:27:20.000508500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 1 server connects (SSL_accept())
2004-10-12 10:27:20.000514500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 1 server connects that finished
2004-10-12 10:27:20.000518500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 0 server renegotiatiations requested
2004-10-12 10:27:20.000564500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 0 session cache hits
2004-10-12 10:27:20.000569500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 0 session cache misses
2004-10-12 10:27:20.000611500 2004.10.12 10:27:20 LOG7[11113:3073036416]: 0 session cache timeouts
2004-10-12 10:27:20.000725500 2004.10.12 10:27:20 LOG6[11113:3073036416]: Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
2004-10-12 10:30:29.000148500 2004.10.12 10:30:29 LOG3[11113:3073036416]: connect: Connection timed out (110)
2004-10-12 10:30:29.000258500 2004.10.12 10:30:29 LOG3[11113:3073036416]: Failed to initialize remote connection
2004-10-12 10:30:29.000367500 2004.10.12 10:30:29 LOG7[11113:3073036416]: stunnel finished (0 left)
I'm not a crypto expert, so I'm a little in the dark here... But, from what I can see, it *looks* like it's working ... ?
Any ideas? Anyone? Please help!
Thanks,
-- --------------------------- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --------------------------- "Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming."
