problem ze stunnelem

Przemysław Backiel przemyslaw.backiel w backiel.com.pl
Czw, 12 Paź 2006, 21:35:44 CEST


Witam,

mam taki problem
odpalam stunnela, dla pop3 i smtp

konfig mam taki:
# cat stunnel.conf
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular 
configuration
; Please make sure you understand them (especially the effect of chroot 
jail)

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/stunnel.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
;chroot = /var/lib/stunnel/
setuid = stunnel
setgid = stunnel
; PID is created inside chroot jail
pid = /var/run/stunnel/stunnel.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
CAfile = /etc/stunnel/ca.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

[pop3s]
accept  = 995
connect = 110

;[imaps]
;accept  = 993
;connect = 143

[ssmtp]
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0




logi wyglądają tak:
2006.10.12 21:31:42 LOG5[10780:3083658944]: Received signal 15; terminating
2006.10.12 21:31:42 LOG7[10780:3083658944]: removing pid file 
/var/run/stunnel/stunnel.pid
2006.10.12 21:31:49 LOG5[4026:3083724480]: stunnel 4.17 on 
i686-pld-linux-gnu with OpenSSL 0.9.7k 05 Sep 2006
2006.10.12 21:31:49 LOG5[4026:3083724480]: Threading:PTHREAD SSL:ENGINE 
Sockets:POLL,IPv4 Auth:LIBWRAP
2006.10.12 21:31:49 LOG6[4026:3083724480]: file ulimit = 1024 (can be 
changed with 'ulimit -n')
2006.10.12 21:31:49 LOG6[4026:3083724480]: poll() used - no FD_SETSIZE 
limit for file descriptors
2006.10.12 21:31:49 LOG5[4026:3083724480]: 500 clients allowed
2006.10.12 21:31:49 LOG7[4026:3083724480]: FD 4 in non-blocking mode
2006.10.12 21:31:49 LOG7[4026:3083724480]: FD 5 in non-blocking mode
2006.10.12 21:31:49 LOG7[4026:3083724480]: FD 6 in non-blocking mode
2006.10.12 21:31:49 LOG7[4026:3083724480]: SO_REUSEADDR option set on 
accept socket
2006.10.12 21:31:49 LOG7[4026:3083724480]: pop3s bound to 0.0.0.0:995
2006.10.12 21:31:49 LOG7[4026:3083724480]: FD 7 in non-blocking mode
2006.10.12 21:31:49 LOG7[4026:3083724480]: SO_REUSEADDR option set on 
accept socket
2006.10.12 21:31:49 LOG7[4026:3083724480]: ssmtp bound to 0.0.0.0:465
2006.10.12 21:31:49 LOG7[4027:3083724480]: Created pid file 
/var/run/stunnel/stunnel.pid
2006.10.12 21:32:38 LOG7[4027:3083724480]: pop3s accepted FD=8 from 
194.88.155.44:4094
2006.10.12 21:32:38 LOG7[4027:3083680688]: pop3s started
2006.10.12 21:32:38 LOG7[4027:3083680688]: FD 8 in non-blocking mode
2006.10.12 21:32:38 LOG7[4027:3083680688]: TCP_NODELAY option set on 
local socket
2006.10.12 21:32:38 LOG7[4027:3083680688]: FD 9 in non-blocking mode
2006.10.12 21:32:38 LOG7[4027:3083680688]: FD 10 in non-blocking mode
2006.10.12 21:32:38 LOG7[4027:3083724480]: Cleaning up the signal pipe
2006.10.12 21:32:38 LOG6[4027:3083724480]: Child process 4039 finished 
with code 0
2006.10.12 21:32:38 LOG7[4027:3083680688]: Connection from 
194.88.155.44:4094 permitted by libwrap
2006.10.12 21:32:38 LOG5[4027:3083680688]: pop3s connected from 
194.88.155.44:4094
2006.10.12 21:32:38 LOG7[4027:3083680688]: SSL state (accept): 
before/accept initialization
2006.10.12 21:32:38 LOG3[4027:3083680688]: SSL_accept: 1408F10B: 
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2006.10.12 21:32:38 LOG5[4027:3083680688]: Connection reset: 0 bytes 
sent to SSL, 0 bytes sent to socket
2006.10.12 21:32:38 LOG7[4027:3083680688]: pop3s finished (0 left)
2006.10.12 21:32:44 LOG7[4027:3083724480]: pop3s accepted FD=8 from 
194.88.155.44:4096
2006.10.12 21:32:44 LOG7[4027:3083680688]: pop3s started
2006.10.12 21:32:44 LOG7[4027:3083680688]: FD 8 in non-blocking mode
2006.10.12 21:32:44 LOG7[4027:3083680688]: TCP_NODELAY option set on 
local socket
2006.10.12 21:32:44 LOG7[4027:3083680688]: FD 9 in non-blocking mode
2006.10.12 21:32:44 LOG7[4027:3083680688]: FD 10 in non-blocking mode
2006.10.12 21:32:44 LOG7[4027:3083724480]: Cleaning up the signal pipe
2006.10.12 21:32:44 LOG6[4027:3083724480]: Child process 4041 finished 
with code 0
2006.10.12 21:32:44 LOG7[4027:3083680688]: Connection from 
194.88.155.44:4096 permitted by libwrap
2006.10.12 21:32:44 LOG5[4027:3083680688]: pop3s connected from 
194.88.155.44:4096
2006.10.12 21:32:44 LOG7[4027:3083680688]: SSL state (accept): 
before/accept initialization
2006.10.12 21:32:44 LOG3[4027:3083680688]: SSL_accept: 1408F10B: 
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2006.10.12 21:32:44 LOG5[4027:3083680688]: Connection reset: 0 bytes 
sent to SSL, 0 bytes sent to socket
2006.10.12 21:32:44 LOG7[4027:3083680688]: pop3s finished (0 left)


i efekt jest taki
ze:
nie pyta się mnie o cert,
nic nie przechodzi przez to połączenie

pytanie
co ja zbatoniłem?

-- 
Z powazaniem
Przemyslaw Backiel



Więcej informacji o liście dyskusyjnej pld-users-pl