stunnel4 and Debian

To: DBMail mailinglist <dbmail@dbmail.org>, Debian User List <debian-user@lists.debian.org>
Subject: stunnel4 and Debian
From: Tom Allison <tom@tacocat.net>
Date: Sun, 07 Oct 2007 15:09:37 -0400
Message-id: <[🔎] 47092EF1.3030704@tacocat.net>

I'm trying to set up a new dbmail box which should only use stunnel4 for access.

I'm running into a number of problems with this set up and I'm not getting anymessage back from various applications, which makes it kind of hard to manage.




First.  /etc/init.d/dbmail start doesn't nothing.
No errors, no running applications.  nothing.

And it doesn't seem to have an ENABLE=0 flags anywhere in the typical locations(often seen in Debian).And there's no logs generated at /var/log/dbmail/ -- the directory is there, butno logs. Nothing on STDOUT, STDERR, or syslog either.


This is a big fat "help!"


Second.  I'm trying to set this up using stunnel4.

I've followed the various directions and such to the best that make sense but Ikeep getting the same sets of errors, depending on what I do with them.

When I start stunnel4 I get an error that I need to specify a pid= in mystunnel.conf file. Well, there is one. It's default and it says'pid=/stunnel.pid' which is confusing.If I try to connect to the inetd defined port, I get lots of messages (debug ison) and this is what the client sees:

2007.10.07 14:54:32 LOG7[2525:47548886098000]: Snagged 64 random bytes from/dev/urandom2007.10.07 14:54:32 LOG7[2525:47548886098000]: RAND_status claims sufficiententropy for the PRNG

2007.10.07 14:54:32 LOG7[2525:47548886098000]: PRNG seeded successfully
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate: /etc/stunnel/stunnel.pem
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate loaded
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Key file: /etc/stunnel/stunnel.pem
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Private key loaded

2007.10.07 14:54:32 LOG7[2525:47548886098000]: SSL context initialized forservice pop3s2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate:/etc/ssl/certs/alpha.just-email.com.pem

2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate loaded
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Key file: /etc/stunnel/stunnel.pem

2007.10.07 14:54:32 LOG3[2525:47548886098000]: SSL_CTX_use_RSAPrivateKey_file:B080074: error:0B080074:x509 certificate routines:X509_check_private_key:keyvalues mismatch



the syslog is a little different:

Oct 7 14:52:42 alpha stunnel: LOG5[2499:47678091272272]: stunnel 4.18 onx86_64-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006Oct 7 14:52:42 alpha stunnel: LOG5[2499:47678091272272]: Threading:PTHREADSSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Oct  7 14:52:42 alpha stunnel: LOG5[2499:47678091272272]: 500 clients allowed

Oct 7 14:52:42 alpha stunnel: LOG3[2499:47678091272272]: Error binding imaps to0.0.0.0:993Oct 7 14:52:42 alpha stunnel: LOG3[2499:47678091272272]: bind: Address alreadyin use (98)


cd /etc/ssl/certs

PEMFILE="servername.foobar.com.pem"

openssl req -new -x509 -nodes -days 365 -out $PEMFILE -keyout $PEMFILE
chmod 600 $PEMFILE
[ -e temp_file ] && rm -f temp_file
dd if=/dev/urandom of=temp_file count=2
openssl dhparam -rand temp_file 512 >> $PEMFILE
ln -sf $PEMFILE `openssl x509 -noout -hash < $PEMFILE`.0

which was graciously stolen from the dbmail wiki.
complete loss here.  The keys should match because I just created them.
I use one .pem file for both cert and key.
I created them thusly:

Reply to:

Follow-Ups:
- Re: [Dbmail] stunnel4 and Debian
  - From: Tom Allison <tom@tacocat.net>

Prev by Date: Re: [SOLVED] Re: stereo on mp3 playback
Next by Date: Re: mdadm segfaults - failed upgrade to Lenny - drops to busybox/initramfs SOLVED
Previous by thread: Re: PCIe Video and Open source 3D drivers
Next by thread: Re: [Dbmail] stunnel4 and Debian
Index(es):
- Date
- Thread