Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: DBMail: users

SSL for POP3/IMAP server (DBMAIL).

  

 
DBMail users RSS feed   Index | Next | Previous | View Threaded


radecki.rafal at gmail

Mar 18, 2011, 2:59 AM

Post #1 of 2 (389 views)
Permalink
SSL for POP3/IMAP server (DBMAIL).
Hi All.
I am using stunnel version 4.15 on CentOS 5.5. I am trying to add SSL to
DBMAIL imap/pop3 server. I am running stunnel through xinetd:
*- /etc/xinetd.d/imaps:*
service imaps
{
disable = no
socket_type = stream
user = root
server = /usr/sbin/stunnel
server_args = /etc/stunnel/imaps.conf
wait = no
protocol = tcp
port = 993
}
*- /etc/xinetd.d/pop3s:*
service pop3s
{
disable = no
socket_type = stream
user = root
server = /usr/sbin/stunnel
server_args = /etc/stunnel/pop3s.conf
protocol = tcp
port = 995
wait = no
}
*- /etc/stunnel/imaps.conf:*
connect = localhost:143
cert = /etc/pki/tls/certs/x.local.crt
key = /etc/pki/tls/private/x.local.key
debug = local1.7
protocol = imap
*- /etc/stunnel/pop3s.conf:*
connect = localhost:110
cert = /etc/pki/tls/certs/x.local.crt
key = /etc/pki/tls/private/x.local.key
debug = local0.7
protocol = pop3

netstat -tlpn | awk -F: '$2 ~ /^993|995|110|143/ {print}':
tcp 0 0 0.0.0.0:993 0.0.0.0:*
LISTEN 2319/xinetd
tcp 0 0 0.0.0.0:995 0.0.0.0:*
LISTEN 2319/xinetd
tcp 0 0 127.0.0.1:110 0.0.0.0:*
LISTEN 2484/dbmail-pop3d
tcp 0 0 127.0.0.1:143 0.0.0.0:*
LISTEN 2453/dbmail-imapd

So whenever there is a connection to port 993/995 xinetd invokes stunnel
with proper config file.
When I *connect to port 993* I get in log file:

*Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel 4.15 on
i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel started
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 0 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 1 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 5 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Connection from
127.0.0.1:45634 permitted by libwrap
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel connected
from 127.0.0.1:45634
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in non-blocking
mode
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel connecting
127.0.0.1:143
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait: waiting
10 seconds
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait:
connected
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Remote FD=4
initialized
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Negotiations for imap
(server side) started
Mar 18 08:29:43 cent5a stunnel: LOG3[3345:3086460624]: Protocol imap not
supported in server mode
Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Connection reset: 0
bytes sent to SSL, 0 bytes sent to socket
Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel finished (0
left)*

From which version of stunnel does option protocol = imap work? What exactly
does it do?

When I *connect to port 995* I get in log file:

*Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel 4.15 on
i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel started
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 0 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 1 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 5 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Connection from
127.0.0.1:33112 permitted by libwrap
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel connected
from 127.0.0.1:33112
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in non-blocking
mode
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel connecting
127.0.0.1:110
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait: waiting
10 seconds
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait:
connected
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Remote FD=4
initialized
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Negotiations for pop3
(server side) started
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: <- +OK DBMAIL pop3
server ready to rock <c1d4da932bdc0419345aa0ebf16550e2 [at] cent5a>
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: -> +OK DBMAIL pop3
server ready to rock <c1d4da932bdc0419345aa0ebf16550e2 [at] cent5a> +
stunnel
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: <- ...
Mar 18 08:31:48 cent5a stunnel: LOG3[3359:3086272208]: Client does not want
TLS
Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Connection reset: 0
bytes sent to SSL, 0 bytes sent to socket
Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel finished (0
left)*

Can anyone help?

Regards,
Rafal.


paul at nfg

Mar 20, 2011, 2:52 AM

Post #2 of 2 (370 views)
Permalink
Re: SSL for POP3/IMAP server (DBMAIL). [In reply to]
Rafai,

I'm using:



service imaps
{
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/stunnel4
server_args = /etc/stunnel/imaps.conf
}


connect = localhost:143
setuid = dbmail
setgid = dbmail
sslVersion = SSLv3
cert = /etc/ssl/mail.nfg.nl.pem
session = 14400
TIMEOUTidle = 14400




On 03/18/2011 10:59 AM, "RafaƂ Radecki" <radecki.rafal [at] gmail>" wrote:
> Hi All.
> I am using stunnel version 4.15 on CentOS 5.5. I am trying to add SSL to
> DBMAIL imap/pop3 server. I am running stunnel through xinetd:
> *- /etc/xinetd.d/imaps:*
> service imaps
> {
> disable = no
> socket_type = stream
> user = root
> server = /usr/sbin/stunnel
> server_args = /etc/stunnel/imaps.conf
> wait = no
> protocol = tcp
> port = 993
> }
> *- /etc/xinetd.d/pop3s:*
> service pop3s
> {
> disable = no
> socket_type = stream
> user = root
> server = /usr/sbin/stunnel
> server_args = /etc/stunnel/pop3s.conf
> protocol = tcp
> port = 995
> wait = no
> }
> *- /etc/stunnel/imaps.conf:*
> connect = localhost:143
> cert = /etc/pki/tls/certs/x.local.crt
> key = /etc/pki/tls/private/x.local...key
> debug = local1.7
> protocol = imap
> *- /etc/stunnel/pop3s.conf:*
> connect = localhost:110
> cert = /etc/pki/tls/certs/x.local.crt
> key = /etc/pki/tls/private/x.local.key
> debug = local0.7
> protocol = pop3
>
> netstat -tlpn | awk -F: '$2 ~ /^993|995|110|143/ {print}':
> tcp 0 0 0.0.0.0:993 <http://0.0.0.0:993/>
> 0.0.0.0:* LISTEN 2319/xinetd
> tcp 0 0 0.0.0.0:995 <http://0.0.0.0:995/>
> 0.0.0.0:* LISTEN 2319/xinetd
> tcp 0 0 127.0.0.1:110 <http://127.0.0.1:110/>
> 0.0.0.0:* LISTEN 2484/dbmail-pop3d
> tcp 0 0 127.0.0.1:143 <http://127.0.0.1:143/>
> 0.0.0.0:* LISTEN 2453/dbmail-imapd
>
> So whenever there is a connection to port 993/995 xinetd invokes stunnel
> with proper config file.
> When I *connect to port 993* I get in log file:
>
> /Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel 4.15 on
> i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Threading:PTHREAD
> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel started
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 0 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 1 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 5 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Connection from
> 127.0.0.1:45634 <http://127.0.0.1:45634/> permitted by libwrap
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: stunnel connected
> from 127.0.0.1:45634 <http://127.0.0.1:45634/>
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: FD 4 in
> non-blocking mode
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel
> connecting 127.0.0.1:143 <http://127.0.0.1:143/>
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait:
> waiting 10 seconds
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: connect_wait:
> connected
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: Remote FD=4
> initialized
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Negotiations for
> imap (server side) started
> Mar 18 08:29:43 cent5a stunnel: LOG3[3345:3086460624]: *Protocol imap
> not supported in server mode*
> Mar 18 08:29:43 cent5a stunnel: LOG5[3345:3086460624]: Connection reset:
> 0 bytes sent to SSL, 0 bytes sent to socket
> Mar 18 08:29:43 cent5a stunnel: LOG7[3345:3086460624]: stunnel finished
> (0 left)/
>
> From which version of stunnel does option protocol = imap work? What
> exactly does it do?
>
> When I *connect to port 995* I get in log file:
>
> /Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel 4.15 on
> i686-redhat-linux-gnu with OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Threading:PTHREAD
> SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel started
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 0 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 1 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 5 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Connection from
> 127.0.0...1:33112 <http://127.0.0.1:33112/> permitted by libwrap
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: stunnel connected
> from 127.0.0.1:33112 <http://127.0.0.1:33112/>
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: FD 4 in
> non-blocking mode
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel
> connecting 127.0.0.1:110 <http://127.0.0.1:110/>
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait:
> waiting 10 seconds
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: connect_wait:
> connected
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: Remote FD=4
> initialized
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Negotiations for
> pop3 (server side) started
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: <- +OK DBMAIL
> pop3 server ready to rock
> <c1d4da932bdc0419345aa0ebf16550e2 [at] cent5a>
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: -> +OK DBMAIL
> pop3 server ready to rock
> <c1d4da932bdc0419345aa0ebf16550e2 [at] cent5a> + stunnel
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: <- ...
> Mar 18 08:31:48 cent5a stunnel: LOG3[3359:3086272208]: *Client does not
> want TLS*
> Mar 18 08:31:48 cent5a stunnel: LOG5[3359:3086272208]: Connection reset:
> 0 bytes sent to SSL, 0 bytes sent to socket
> Mar 18 08:31:48 cent5a stunnel: LOG7[3359:3086272208]: stunnel finished
> (0 left)/
>
> Can anyone help?
>
> Regards,
> Rafal.
>
>
>
> _______________________________________________
> DBmail mailing list
> DBmail [at] dbmail
> http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail


--
________________________________________________________________
Paul Stevens paul at nfg.nl
NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31
The Netherlands________________________________http://www.nfg.nl
_______________________________________________
DBmail mailing list
DBmail [at] dbmail
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail

DBMail users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.