| View previous topic :: View next topic |
| Author |
Message |
HomerSimpson
l33t
Joined: 25 Jan 2003
Posts: 869
Location: Ohio, USA
|
 Posted: Mon Feb 17, 2003 3:34 am Post subject: getmail and stunnel help |
 |
|
I am using getmail to get my mail but do not like that my username and password are passed through the internet as plain text. Unfortunately I have been doing this with Outlook for many years. Since I have gotten Gentoo up and running I have been reading and learning. Scary!!!
How do I get getmail to use stunnel to create a secure link to my isp's pop3 server?
I executed:
| Code: | | stunnel -c -d pop-3 -r <my_isp>:pop3s |
Should I see something running when I run ps -ef? I don't.
BTW I am running a pop3 server locally so that my other comp can read the mail downloaded by getmail. If I setup stunnel to redirect my pop3 port for getmail will I also affect the connection coming from my other comp as well?
Any help in the comfiguration of stunnel is greatly appreciated.
Thanks
_________________
The strong must protect the Sweet. |
|
| Back to top |
|
 |
fifo
Guru
Joined: 14 Jan 2003
Posts: 437
|
| Posted: Mon Feb 17, 2003 12:49 pm Post subject: |
|
|
Well I don't know anything about stunnel, but could the problem be that the local pop3 port is already being used by your own pop3 server? Try doing, for example,
| Code: |
stunnel -c -d 12345 -r <my_isp>:pop3s
|
instead, and see if you can get mail from localhost:12345. You can check if the port is being listened on by running
|
|
| Back to top |
|
|
HomerSimpson
l33t
Joined: 25 Jan 2003
Posts: 869
Location: Ohio, USA
|
| Posted: Mon Feb 17, 2003 11:05 pm Post subject: |
|
|
Yeah that is probably it but unfortunately I still can't get get an ssl connection to my isp. It doesn't appear that earthlink supports ssl.
I am fairly new to all this stuff but it is somewhat suprising to me that all isps don't support a secure link for email.
Thanks for your help.
_________________
The strong must protect the Sweet. |
|
| Back to top |
|
|
rtn
Guru
Joined: 15 Nov 2002
Posts: 427
|
| Posted: Tue Feb 18, 2003 7:48 pm Post subject: |
|
|
Yeah, your ISP has to support POP over SSL (pop3s) in order for you to be
able to stunnel your pop connection, else you have nothing on the remote end
to connect to.
It seems that IMAP over SSL (imaps) has been more popular and better supported,
but take that for what it's worth...
--rtn |
|
| Back to top |
|
|
bludger
Guru
Joined: 09 Apr 2003
Posts: 389
|
| Posted: Tue May 06, 2003 11:43 am Post subject: |
|
|
My mail server (web.de) does support ssl, but I still can't get it working. When I start stunnel as a normal user, it does not start, returning no error messages.
When I start it as root, it does start, but when I attempt to connect using getmail, getmail returns
getmail started for username@127.0.0.1:110
POP3 protocol error (-ERR EOF)
and stunnel stops with no messages.
Do I have to setup some certificate stuff or something? |
|
| Back to top |
|
|
bludger
Guru
Joined: 09 Apr 2003
Posts: 389
|
| Posted: Tue May 06, 2003 1:01 pm Post subject: |
|
|
| bludger wrote: | My mail server (web.de) does support ssl, but I still can't get it working. When I start stunnel as a normal user, it does not start, returning no error messages.
When I start it as root, it does start, but when I attempt to connect using getmail, getmail returns
getmail started for username@127.0.0.1:110
POP3 protocol error (-ERR EOF)
and stunnel stops with no messages.
Do I have to setup some certificate stuff or something? |
As usual, I found a couple of answers to my own questions shortly after posting.
Firstly, stunnel starts in background mode, unless you use the -f switch. To see output from stunnel, use the -f switch.
I then saw that the reason it would not start as a non-root user was that it was trying to write to /var/run/xxx.pid. To remove this, I just started it with "-p none".
So when starting it with the following flags, it starts correctly.
/usr/sbin/stunnel -c -d 9110 -r pop3.web.de:pop3s -f -P none -D 7
The output looks as follows:
2003.05.06 14:40:45 LOG5[6961:16384]: Using 'pop3.web.de.pop3s' as tcpwrapper service name
2003.05.06 14:40:45 LOG7[6961:16384]: RAND_status claims sufficient entropy for the PRNG
2003.05.06 14:40:45 LOG6[6961:16384]: PRNG seeded successfully
2003.05.06 14:40:45 LOG5[6961:16384]: stunnel 3.22 on i686-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.6i Feb 19 2003
2003.05.06 14:40:45 LOG7[6961:16384]: No pid file being created
2003.05.06 14:40:45 LOG5[6961:16384]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed
2003.05.06 14:40:45 LOG7[6961:16384]: SO_REUSEADDR option set on accept socket
2003.05.06 14:40:45 LOG7[6961:16384]: pop3.web.de.pop3s bound to 0.0.0.0:9110
Then when I tried to access my mail server with getmail (aimed at localhost:9110), I got the following messages:
2003.05.06 14:42:36 LOG7[6961:16384]: pop3.web.de.pop3s accepted FD=4 from 127.0.0.1:3410
2003.05.06 14:42:36 LOG7[20511:16386]: pop3.web.de.pop3s started
2003.05.06 14:42:36 LOG5[20511:16386]: pop3.web.de.pop3s connected from 127.0.0.1:3410
2003.05.06 14:42:36 LOG7[20511:16386]: pop3.web.de.pop3s connecting 217.72.192.134:995
2003.05.06 14:42:36 LOG7[20511:16386]: Remote FD=7 initialized
2003.05.06 14:42:36 LOG3[20511:16386]: Unable to get access to the SSL private key.
2003.05.06 14:42:36 LOG3[20511:16386]: SSL_get_privatekey: Peer suddenly disconnected
Now why is it trying to access a private key? I understood that this is not necessary in client mode.
This can be easily reproduced by entering the above stunnel command on one terminal and then entering "telnet localhost 9110" on another. |
|
| Back to top |
|
|
bludger
Guru
Joined: 09 Apr 2003
Posts: 389
|
| Posted: Tue May 06, 2003 2:32 pm Post subject: |
|
|
I created a dummy certificate with the following command:
openssl req -new -x509 -days 365 -nodes -config /etc/ssl/openssl.cnnss.cnf -out stunnel.pem -keyout stunnel.pem
This seemed to work, although I am not sure why this is needed for stunnel running as a client. |
|
| Back to top |
|
|
|
Networking & Security
