Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
getmail and stunnel help
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
HomerSimpson
l33t
l33t


Joined: 25 Jan 2003
Posts: 869
Location: Ohio, USA

PostPosted: Mon Feb 17, 2003 3:34 am    Post subject: getmail and stunnel help Reply with quote

I am using getmail to get my mail but do not like that my username and password are passed through the internet as plain text. Unfortunately I have been doing this with Outlook for many years. Since I have gotten Gentoo up and running I have been reading and learning. Scary!!!

How do I get getmail to use stunnel to create a secure link to my isp's pop3 server?

I executed:

Code:
 stunnel -c -d pop-3 -r <my_isp>:pop3s


Should I see something running when I run ps -ef? I don't.

BTW I am running a pop3 server locally so that my other comp can read the mail downloaded by getmail. If I setup stunnel to redirect my pop3 port for getmail will I also affect the connection coming from my other comp as well?

Any help in the comfiguration of stunnel is greatly appreciated.

Thanks
_________________
The strong must protect the Sweet.
Back to top
View user's profile Send private message
fifo
Guru
Guru


Joined: 14 Jan 2003
Posts: 437

PostPosted: Mon Feb 17, 2003 12:49 pm    Post subject: Reply with quote

Well I don't know anything about stunnel, but could the problem be that the local pop3 port is already being used by your own pop3 server? Try doing, for example,
Code:

stunnel -c -d 12345 -r <my_isp>:pop3s

instead, and see if you can get mail from localhost:12345. You can check if the port is being listened on by running
Code:

netstat -a
Back to top
View user's profile Send private message
HomerSimpson
l33t
l33t


Joined: 25 Jan 2003
Posts: 869
Location: Ohio, USA

PostPosted: Mon Feb 17, 2003 11:05 pm    Post subject: Reply with quote

Yeah that is probably it but unfortunately I still can't get get an ssl connection to my isp. It doesn't appear that earthlink supports ssl.

I am fairly new to all this stuff but it is somewhat suprising to me that all isps don't support a secure link for email.

Thanks for your help.
_________________
The strong must protect the Sweet.
Back to top
View user's profile Send private message
rtn
Guru
Guru


Joined: 15 Nov 2002
Posts: 427

PostPosted: Tue Feb 18, 2003 7:48 pm    Post subject: Reply with quote

Yeah, your ISP has to support POP over SSL (pop3s) in order for you to be
able to stunnel your pop connection, else you have nothing on the remote end
to connect to.

It seems that IMAP over SSL (imaps) has been more popular and better supported,
but take that for what it's worth...

--rtn
Back to top
View user's profile Send private message
bludger
Guru
Guru


Joined: 09 Apr 2003
Posts: 389

PostPosted: Tue May 06, 2003 11:43 am    Post subject: Reply with quote

My mail server (web.de) does support ssl, but I still can't get it working. When I start stunnel as a normal user, it does not start, returning no error messages.

When I start it as root, it does start, but when I attempt to connect using getmail, getmail returns

getmail started for username@127.0.0.1:110
POP3 protocol error (-ERR EOF)

and stunnel stops with no messages.

Do I have to setup some certificate stuff or something?
Back to top
View user's profile Send private message
bludger
Guru
Guru


Joined: 09 Apr 2003
Posts: 389

PostPosted: Tue May 06, 2003 1:01 pm    Post subject: Reply with quote

bludger wrote:
My mail server (web.de) does support ssl, but I still can't get it working. When I start stunnel as a normal user, it does not start, returning no error messages.

When I start it as root, it does start, but when I attempt to connect using getmail, getmail returns

getmail started for username@127.0.0.1:110
POP3 protocol error (-ERR EOF)

and stunnel stops with no messages.

Do I have to setup some certificate stuff or something?


As usual, I found a couple of answers to my own questions shortly after posting.

Firstly, stunnel starts in background mode, unless you use the -f switch. To see output from stunnel, use the -f switch.

I then saw that the reason it would not start as a non-root user was that it was trying to write to /var/run/xxx.pid. To remove this, I just started it with "-p none".

So when starting it with the following flags, it starts correctly.
/usr/sbin/stunnel -c -d 9110 -r pop3.web.de:pop3s -f -P none -D 7

The output looks as follows:
2003.05.06 14:40:45 LOG5[6961:16384]: Using 'pop3.web.de.pop3s' as tcpwrapper service name
2003.05.06 14:40:45 LOG7[6961:16384]: RAND_status claims sufficient entropy for the PRNG
2003.05.06 14:40:45 LOG6[6961:16384]: PRNG seeded successfully
2003.05.06 14:40:45 LOG5[6961:16384]: stunnel 3.22 on i686-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.6i Feb 19 2003
2003.05.06 14:40:45 LOG7[6961:16384]: No pid file being created
2003.05.06 14:40:45 LOG5[6961:16384]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed
2003.05.06 14:40:45 LOG7[6961:16384]: SO_REUSEADDR option set on accept socket
2003.05.06 14:40:45 LOG7[6961:16384]: pop3.web.de.pop3s bound to 0.0.0.0:9110


Then when I tried to access my mail server with getmail (aimed at localhost:9110), I got the following messages:
2003.05.06 14:42:36 LOG7[6961:16384]: pop3.web.de.pop3s accepted FD=4 from 127.0.0.1:3410
2003.05.06 14:42:36 LOG7[20511:16386]: pop3.web.de.pop3s started
2003.05.06 14:42:36 LOG5[20511:16386]: pop3.web.de.pop3s connected from 127.0.0.1:3410
2003.05.06 14:42:36 LOG7[20511:16386]: pop3.web.de.pop3s connecting 217.72.192.134:995
2003.05.06 14:42:36 LOG7[20511:16386]: Remote FD=7 initialized
2003.05.06 14:42:36 LOG3[20511:16386]: Unable to get access to the SSL private key.
2003.05.06 14:42:36 LOG3[20511:16386]: SSL_get_privatekey: Peer suddenly disconnected

Now why is it trying to access a private key? I understood that this is not necessary in client mode.

This can be easily reproduced by entering the above stunnel command on one terminal and then entering "telnet localhost 9110" on another.
Back to top
View user's profile Send private message
bludger
Guru
Guru


Joined: 09 Apr 2003
Posts: 389

PostPosted: Tue May 06, 2003 2:32 pm    Post subject: Reply with quote

I created a dummy certificate with the following command:
openssl req -new -x509 -days 365 -nodes -config /etc/ssl/openssl.cnnss.cnf -out stunnel.pem -keyout stunnel.pem

This seemed to work, although I am not sure why this is needed for stunnel running as a client.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum