Re: [stunnel-users] Trying to get stunnel to work for

This is a discussion on Re: [stunnel-users] Trying to get stunnel to work for within the Stunnel Users forums, part of the Networking and Network Related category; --===============0691741123== Content-Type: multipart/alternative; boundary="=-e+gMmC78SN4mT2RoG0I7" --=-e+gMmC78SN4mT2RoG0I7 Content-Type: text/plain; charset=utf-8 Content-...

		Usenet Forums > Networking and Network Related > Stunnel Users
Re: [stunnel-users] Trying to get stunnel to work for

LinkBack

Thread Tools

Display Modes

#1 (permalink)

06-21-2007

Gonzalo Diethelm

Posts: n/a

Re: [stunnel-users] Trying to get stunnel to work for

--===============0691741123==
Content-Type: multipart/alternative; boundary="=-e+gMmC78SN4mT2RoG0I7"

--=-e+gMmC78SN4mT2RoG0I7
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit

I did a simple search on Google for "stunnel Wrong permissions on" and
followed the very first link:

http://ipucu.enderunix.org/view.php?id=973&lang=en

"Wrong permissions on /usr/local/etc/stunnel/stunnel.pem" -
Ýsmail Yenigül - (2006-03-07 19:12:40) [1934]

if you get this error message issue the following command to fix
the permission.

# chmod 600 /usr/local/etc/stunnel/stunnel.pem

HTH. Regards.

On Thu, 2007-06-21 at 12:23 -0400, Van wrote:

> Getting closer. I now get-
>
> [van@mailserver ]$ sudo stunnel /usr/local/etc/stunnel/stunnel.conf
> localhost:ipop3
>
> 2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/
> local/etc/stunnel/mail.pem
> 2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/
> local/etc/stunnel/mail.pem
> 2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/
> local/etc/stunnel/mail.pem
>
> But that doesn't make sense to me. mail.pem permissions are the same
> as my cert's and it works fine.
>
> [van@mailserver change_passwd]$ ls -al /usr/local/etc/stunnel/mail.pem
> -rw-r--r-- 1 root root 2942 Jun 20 18:21 /usr/local/etc/stunnel/
> mail.pem
>
> [van@mailserver change_passwd]$ ls -al /etc/httpd/certs/www.crt
> -rw-r--r-- 1 root root 1074 Jun 1 12:30 /etc/httpd/certs/www.crt
>
> Is the error misleading? Or what should the mail.pem perms be?
>
> Van
>
>
>
> On Jun 20, 2007, at 9:33 PM, Kevin Cook wrote:
>
> >
> > If you are using a stunnel.conf file, I would replace the '-d pop3s
> > -r'
> > with the absolute path to the .conf file:
> >
> > sudo /usr/local/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf
> >
> > I believe command line options were typically used more in older
> > versions, but now all configuration is done in the configuration file.
> >
> >
> > Kevin
> >
> > -----Original Message-----
> > From: Van [mailto:vanyel@medusa.bioc.aecom.yu.edu]
> > Sent: Wednesday, June 20, 2007 6:03 PM
> > To: stunnel-users@mirt.net
> > Subject: [stunnel-users] Trying to get stunnel to work for forwarding
> > pop3sto ipop3 port
> >
> > Hello,
> >
> > This is my introduction to stunnel. I've inherited control of a
> > pop3 and
> > imap server running Red Hat Linux 4 that I want to access via pop3s
> > and
> > imaps. I'm starting out with securing the pop3 since most users are
> > using it.
> >
> > I downloaded stunnel 4.20 and compiled it according to the
> > instructions
> > on stunnel.org.
> >
> > I read the certificates section of the site and made a new .pem file
> > that I named mail.pem and have in the /usr/local/etc/stunnel/
> > directory
> > that /usr/local/etc/stunnel/stunnel.conf asks for. But when I try to
> > run stunnel like in the Examples section I get :
> >
> > [van@mailserver ~]$ sudo /usr/local/sbin/stunnel -d pop3s -r
> > localhost:ipop3
> > 2007.06.20 17:59:54 LOG3[25516:3086419648]: -d: No such file or
> > directory (2)
> > Syntax:
> > stunnel [<filename>] ] -fd <n> | -help | -version | -sockets
> > <filename> - use specified config file instead of /usr/local/
> > etc/stunnel/stunnel.conf
> > -fd <n> - read the config file from a file descriptor
> > -help - get config file help
> > -version - display version and defaults
> > -sockets - display default socket options
> >
> > I'm a little lost here. Never dealt with a .pem file before stunnel.
> > I have a self-signed cert I'm successfully using for https webmail on
> > the server and guessing stunnel couldn't see that, I appended my file
> > 'mailserver.crt' into my mail.pem file and edited stunnel.conf so it
> > has
> >
> > ;CAfile = /usr/local/etc/stunnel/certs.pem CAfile =
> > /usr/local/etc/stunnel/mail.pem
> >
> > but no dice. Same result.
> >
> > Trying to debug, I find 'stunnel -V' also gives the same result.
> >
> > Can someone point out what's going wrong?
> >
> >
> > -Van
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users@mirt.net
> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >
> >
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users@mirt.net
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>

--
Gonzalo Diethelm
gonzalo.diethelm@diethelm.org

--=-e+gMmC78SN4mT2RoG0I7
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.12.1">
</HEAD>
<BODY>
I did a simple search on Google for "stunnel Wrong permissions on" and followed the very first link: 
 
<BLOCKQUOTE>
<A HREF="http://ipucu.enderunix.org/view.php?id=973&lang=en">http://ipucu.enderunix.org/view.php?id=973&lang=en</A> 
 
<TT>"Wrong permissions on /usr/local/etc/stunnel/stunnel.pem"</TT><TT> </TT><TT>- Ýsmail Yenigü</TT><TT>l -</TT><TT> (2006-03-07 19:12:40)  </TT><TT> </TT><TT>[1934]</TT><TT> </TT> 
 
<TT>if you get this error message issue the following command to fix the permission. </TT> 
 
<TT># chmod 600 /usr/local/etc/stunnel/stunnel.pem</TT> 
</BLOCKQUOTE>
 
HTH. Regards. 
 
On Thu, 2007-06-21 at 12:23 -0400, Van wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
Getting closer. I now get-

[van@mailserver ]$ sudo stunnel /usr/local/etc/stunnel/stunnel.conf 
localhost:ipop3

2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/ 
local/etc/stunnel/mail.pem
2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/ 
local/etc/stunnel/mail.pem
2007.06.21 11:51:27 LOG4[15899:3086476992]: Wrong permissions on /usr/ 
local/etc/stunnel/mail.pem

But that doesn't make sense to me. mail.pem permissions are the same 
as my cert's and it works fine.

[van@mailserver change_passwd]$ ls -al /usr/local/etc/stunnel/mail.pem
-rw-r--r-- 1 root root 2942 Jun 20 18:21 /usr/local/etc/stunnel/ 
mail.pem

[van@mailserver change_passwd]$ ls -al /etc/httpd/certs/www.crt
-rw-r--r-- 1 root root 1074 Jun 1 12:30 /etc/httpd/certs/www.crt

Is the error misleading? Or what should the mail.pem perms be?

Van

On Jun 20, 2007, at 9:33 PM, Kevin Cook wrote:

>
> If you are using a stunnel.conf file, I would replace the '-d pop3s 
> -r'
> with the absolute path to the .conf file:
>
> sudo /usr/local/sbin/stunnel /usr/local/etc/stunnel/stunnel.conf
>
> I believe command line options were typically used more in older
> versions, but now all configuration is done in the configuration file.
>
>
> Kevin
>
> -----Original Message-----
> From: Van [mailto:<A HREF="mailto:vanyel@medusa.bioc.aecom.yu.edu">vany el@medusa.bioc.aecom.yu.edu</A>]
> Sent: Wednesday, June 20, 2007 6:03 PM
> To: <A HREF="mailto:stunnel-users@mirt.net">stunnel-users@mirt.net</A>
> Subject: [stunnel-users] Trying to get stunnel to work for forwarding
> pop3sto ipop3 port
>
> Hello,
>
> This is my introduction to stunnel. I've inherited control of a 
> pop3 and
> imap server running Red Hat Linux 4 that I want to access via pop3s 
> and
> imaps. I'm starting out with securing the pop3 since most users are
> using it.
>
> I downloaded stunnel 4.20 and compiled it according to the 
> instructions
> on stunnel.org.
>
> I read the certificates section of the site and made a new .pem file
> that I named mail.pem and have in the /usr/local/etc/stunnel/ 
> directory
> that /usr/local/etc/stunnel/stunnel.conf asks for. But when I try to
> run stunnel like in the Examples section I get :
>
> [van@mailserver ~]$ sudo /usr/local/sbin/stunnel -d pop3s -r
> localhost:ipop3
> 2007.06.20 17:59:54 LOG3[25516:3086419648]: -d: No such file or
> directory (2)
> Syntax:
> stunnel [<filename>] ] -fd <n> | -help | -version | -sockets
> <filename> - use specified config file instead of /usr/local/
> etc/stunnel/stunnel.conf
> -fd <n> - read the config file from a file descriptor
> -help - get config file help
> -version - display version and defaults
> -sockets - display default socket options
>
> I'm a little lost here. Never dealt with a .pem file before stunnel.
> I have a self-signed cert I'm successfully using for https webmail on
> the server and guessing stunnel couldn't see that, I appended my file
> 'mailserver.crt' into my mail.pem file and edited stunnel.conf so it
> has
>
> ;CAfile = /usr/local/etc/stunnel/certs.pem CAfile =
> /usr/local/etc/stunnel/mail.pem
>
> but no dice. Same result.
>
> Trying to debug, I find 'stunnel -V' also gives the same result.
>
> Can someone point out what's going wrong?
>
>
> -Van
> _______________________________________________
> stunnel-users mailing list
> <A HREF="mailto:stunnel-users@mirt.net">stunnel-users@mirt.net</A>
> <A HREF="http://stunnel.mirt.net/mailman/listinfo/stunnel-users">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</A>
>
>

__________________________________ _____________
stunnel-users mailing list
<A HREF="mailto:stunnel-users@mirt.net">stunnel-users@mirt.net</A>
<A HREF="http://stunnel.mirt.net/mailman/listinfo/stunnel-users">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</A>

</PRE>
</BLOCKQUOTE>
<TABLE CELLSPACING="0" CELLPADDING="0" WIDTH="100%">
<TR>
<TD>
 
-- 
Gonzalo Diethelm 
gonzalo.diethelm@diethelm.org
</TD>
</TR>
</TABLE>
</BODY>
</HTML>

--=-e+gMmC78SN4mT2RoG0I7--

--===============0691741123==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
stunnel-users mailing list
stunnel-users@mirt.net
http://stunnel.mirt.net/mailman/listinfo/stunnel-users

--===============0691741123==--

« Previous Thread | Next Thread »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are Off [IMG] code is Off HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

All times are GMT +1. The time now is 01:36 PM.