I'm trying to set up a new dbmail box which should only use stunnel4 for access.
I'm running into a number of problems with this set up and I'm not getting any
message back from various applications, which makes it kind of hard to manage.
First. /etc/init.d/dbmail start doesn't nothing.
No errors, no running applications. nothing.
And it doesn't seem to have an ENABLE=0 flags anywhere in the typical locations
(often seen in Debian).
And there's no logs generated at /var/log/dbmail/ -- the directory is there, but
no logs. Nothing on STDOUT, STDERR, or syslog either.
This is a big fat "help!"
Second. I'm trying to set this up using stunnel4.
I've followed the various directions and such to the best that make sense but I
keep getting the same sets of errors, depending on what I do with them.
When I start stunnel4 I get an error that I need to specify a pid= in my
stunnel.conf file. Well, there is one. It's default and it says
'pid=/stunnel.pid' which is confusing.
If I try to connect to the inetd defined port, I get lots of messages (debug is
on) and this is what the client sees:
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Snagged 64 random bytes from
/dev/urandom
2007.10.07 14:54:32 LOG7[2525:47548886098000]: RAND_status claims sufficient
entropy for the PRNG
2007.10.07 14:54:32 LOG7[2525:47548886098000]: PRNG seeded successfully
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate:
/etc/stunnel/stunnel.pem
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate loaded
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Key file:
/etc/stunnel/stunnel.pem
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Private key loaded
2007.10.07 14:54:32 LOG7[2525:47548886098000]: SSL context initialized for
service pop3s
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate:
/etc/ssl/certs/alpha.just-email.com.pem
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Certificate loaded
2007.10.07 14:54:32 LOG7[2525:47548886098000]: Key file:
/etc/stunnel/stunnel.pem
2007.10.07 14:54:32 LOG3[2525:47548886098000]: SSL_CTX_use_RSAPrivateKey_file:
B080074: error:0B080074:x509 certificate routines:X509_check_private_key:key
values mismatch
the syslog is a little different:
Oct 7 14:52:42 alpha stunnel: LOG5[2499:47678091272272]: stunnel 4.18 on
x86_64-pc-linux-gnu with OpenSSL 0.9.8c 05 Sep 2006
Oct 7 14:52:42 alpha stunnel: LOG5[2499:47678091272272]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
Oct 7 14:52:42 alpha stunnel: LOG5[2499:47678091272272]: 500 clients allowed
Oct 7 14:52:42 alpha stunnel: LOG3[2499:47678091272272]: Error binding imaps to
0.0.0.0:993
Oct 7 14:52:42 alpha stunnel: LOG3[2499:47678091272272]: bind: Address already
in use (98)
cd /etc/ssl/certs
PEMFILE="servername.foobar.com.pem"
openssl req -new -x509 -nodes -days 365 -out $PEMFILE -keyout $PEMFILE
chmod 600 $PEMFILE
[ -e temp_file ] && rm -f temp_file
dd if=/dev/urandom of=temp_file count=2
openssl dhparam -rand temp_file 512 >> $PEMFILE
ln -sf $PEMFILE `openssl x509 -noout -hash < $PEMFILE`.0
which was graciously stolen from the dbmail wiki.
complete loss here. The keys should match because I just created them.
I use one .pem file for both cert and key.
I created them thusly:
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
