Problems while stunneling POP3
Hi *! This night I tried to enable SSL tunneling (stunnel-3.8-1) for my POP3 clients with the default stunnel.cnf. I get following in /var/log/messages: Dec 12 05:25:22 localserver xinetd[4218]: Started working: 4 available services ... Dec 12 05:25:34 localserver stunnel[4219]: stunnel started Dec 12 05:25:34 localserver stunnel[4219]: getpeerbyname: Transport endpoint is not connected (107) Dec 12 05:25:34 localserver stunnel[4219]: stunnel finished (0 left) My client is MS Outlook 2000 (SP1), I enabled encrypted password transmission and secure POP3-Server on port 995! Entry in xinetd.conf: service pop3s { flags = REUSE NAMEINARGS socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/stunnel server_args = stunnel -D 7 -p /etc/stunnel/stunnel.pem -l /usr/sbin/popper } Entry in /etc/services: pop3s 995/tcp # pop3 protocol over TLS/SSL (was spop3) Any ideas? Tired, Boris.
My client is MS Outlook 2000 (SP1), I enabled encrypted password transmission and secure POP3-Server on port 995!
encrypted password = APOP. secure POP-3=SSL usually. Two different things. Try disabling secure password in outlook. You server args also look messed up, here's the default entry for pop3s on a redhat 7.0 box: service pop3s { socket_type = stream wait = no user = root server = /usr/sbin/stunnel server_args = -l /usr/sbin/ipop3d -- ipop3d log_on_success += USERID log_on_failure += USERID disable = no } the entry in services has nothing to do with anything really, it's just name to ip mappings like /etc/hosts. Try fixing those two things =).
Entry in xinetd.conf: service pop3s { flags = REUSE NAMEINARGS socket_type = stream protocol = tcp wait = no user = root server = /usr/sbin/stunnel server_args = stunnel -D 7 -p /etc/stunnel/stunnel.pem -l /usr/sbin/popper }
Entry in /etc/services: pop3s 995/tcp # pop3 protocol over TLS/SSL (was spop3)
Any ideas?
Tired, Boris.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi! I fixed the two things, but again receive the error message: Dec 12 13:36:06 localserver xinetd[5160]: Started working: 4 available services Dec 12 13:36:24 localserver stunnel[5162]: Generating 512 bit temporary RSA key... Dec 12 13:36:25 localserver stunnel[5162]: Temporary RSA key generated Dec 12 13:36:25 localserver stunnel[5162]: Certificate: /etc/stunnel/stunnel.pem Dec 12 13:36:25 localserver stunnel[5162]: stunnel 3.8 on i386-redhat-linux-gnu PTHREAD+LIBWRAP Dec 12 13:36:25 localserver stunnel[5162]: ipop3d started Dec 12 13:36:25 localserver stunnel[5162]: getpeerbyname: Transport endpoint is not connected (107) Dec 12 13:36:25 localserver stunnel[5162]: ipop3d finished (0 left) Boris.
encrypted password = APOP. secure POP-3=SSL usually. Two different things. Try disabling secure password in outlook.
service pop3s { socket_type = stream wait = no user = root server = /usr/sbin/stunnel server_args = -p /etc/stunnel/stunnel.pem -D 7 -l /usr/sbin/ipop3d -- ipop3d log_on_success += USERID log_on_failure += USERID disable = no }
On Tue, 12 Dec 2000, Boris Kantwerk wrote:
I fixed the two things, but again receive the error message:
Dec 12 13:36:06 localserver xinetd[5160]: Started working: 4 available services Dec 12 13:36:25 localserver stunnel[5162]: getpeerbyname: Transport endpoint is not connected (107)
The standard xinetd package (SuSE 6.4/7.0) has a bug in the ipv6 code. Maybe this is the reason for this message (it was the source for my problem similar to yours). Bye Andre PS: I put the standard package without ipv6 at http://www.tu-chemnitz.de/~abre/rpms -- permanet eMail: A.Breiler@gmx.net
Dec 12 13:36:25 localserver stunnel[5162]: getpeerbyname: Transport endpoint is not connected (107)
I solve this problem while disabling stunnel in xinetd and start it by example for POP3 by: stunnel -d 995 -l /usr/sbin/popper -- popper -s Greeting Boris.
participants (3)
-
Andre Breiler
-
Boris Kantwerk
-
Kurt Seifried