Ayrıca stunnel.conf parametreleri de şu şekilde: ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Please make sure you understand them (especially the effect of chroot jail)
; Certificate/key is needed in server mode and optional in client mode cert = /usr/local/etc/stunnel/stunnel.pem ;key = /usr/local/etc/stunnel/mail.pem ; Protocol version (all, SSLv2, SSLv3, TLSv1) sslVersion = SSLv3 ; Some security enhancements for UNIX systems - comment them out on Win32 chroot = /usr/local/var/stunnel setuid = stunnel setgid = nogroup ; PID is created inside chroot jail pid = /stunnel.pid ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ;compression = rle ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ; CApath is located inside chroot jail ;CApath = /certs ; It's often easier to use CAfile ;CAfile = /usr/local/etc/stunnel/certs.pem ; Don't forget to c_rehash CRLpath ; CRLpath is located inside chroot jail ;CRLpath = /crls ; Alternatively you can use CRLfile ;CRLfile = /usr/local/etc/stunnel/crls.pem ; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.log ; Use it for client mode ;client = yes ; Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 -----Original Message----- From: Cahit Güçlü [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 28, 2007 10:49 PM To: 'Ismail YENIGUL' Subject: RE: Re[2]: [FreeBSD] stunnel hata /var/log/messages: Feb 28 20:45:11 server stunnel: LOG5[423:134743040]: pop3s accepted connection from 192.168.2.4:1198 Feb 28 20:45:11 server stunnel: LOG3[423:134743040]: SSL_accept: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Feb 28 20:45:11 server stunnel: LOG5[423:134743040]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket Feb 28 20:45:11 server stunnel: LOG5[423:134743552]: pop3s accepted connection from 192.168.2.4:1199 Feb 28 20:45:11 server stunnel: LOG3[423:134743552]: SSL_accept: Peer suddenly disconnected Feb 28 20:45:11 server stunnel: LOG5[423:134743552]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket /var/log/maillog da bununla ilgili kayıt yok. Stunnel.pem dosyasini stunnel ports dizininde make cert komutuyla oluşturdum. -----Original Message----- From: Ismail YENIGUL [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 28, 2007 10:12 PM To: Cahit Güçlü Cc: freebsd@lists.enderunix.org Subject: Re[2]: [FreeBSD] stunnel hata Merhabalar, Sanirim stunnel ayarlari ile ilgili bir sorun var. /var/log/messages veya /var/log/maillog dosyasinda stunnel ile ilgili herhangi bir hata var mi? Wednesday, February 28, 2007, 8:48:01 PM, you wrote: > Stunnel.sh status ile baktığımda stunnel çalışmıyor diyordu. Ama ps ile ve > sockstat ile baktığımda stunnel çalışıyor görünüyor. Ama ssl ile sunucuya > bağlanamıyorum. Bağlantı sunucu tarafından kesildi mesajı alıyorum. telnet > ile bağlandığımda da connection closed foreign host diyor ve bağlantı > kopuyor. Sockstat çıktısı şu şekilde: > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > stunnel stunnel 423 6 tcp4 *:995 *:* > stunnel stunnel 423 7 tcp4 *:993 *:* > stunnel stunnel 423 8 tcp4 *:465 *:* > stunnel stunnel 423 9 tcp4 *:443 *:* > -----Original Message----- > From: "N. Ersen ŞİŞECİ" [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 28, 2007 8:54 AM > To: freebsd@lists.enderunix.org > Subject: Re: [FreeBSD] stunnel hata > Merhaba Cahit Bey, > "Address already in use" hatasini, o socket i daha onceden baska bir > program kullanmaya > basladigindan (bind) dolayi verir. > sockstat -4l (kucuk harf L) > komutu ile 995 inci portu hangi programin dinledigini gorup o programa > ihtiyaciniz > yoksa kapatip, stunnel i tekrar baslatirsaniz probleminiz cozulecektir. > Iyi calismalar dilerim. > Necati Ersen SISECI > EnderUnix Core Team Member > EnderUnix SDT ~ Turkey > http://www.enderunix.org > Cahit Güçlü yazmış: >> >> Stunnel çalıştırmaya çalıştığımda çalışmıyor (amma cümle oldu ha J) >> >> >> >> Feb 28 00:50:26 server stunnel: LOG5[3100:134651904]: >> Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv4 Auth:LIBWRAP >> >> Feb 28 00:50:26 server stunnel: LOG5[3100:134651904]: 791 clients allowed >> >> Feb 28 00:50:26 server stunnel: LOG3[3100:134651904]: Error binding >> pop3s to 0.0.0.0:995 >> >> Feb 28 00:50:26 server stunnel: LOG3[3100:134651904]: bind: Address >> already in use (48) >> >> >> >> Şeklinde loglar düşüyor. Bu hatayı nasıl düzeltebilirim? >> > --------------------------------------------------------------------- > Listeye soru sormadan once lutfen http://ipucu.enderunix.org sitesine > bakiniz. > Cikmak icin, e-mail: [EMAIL PROTECTED] > Liste arsivi: http://lists.enderunix.org > Turkiye'nin ilk FreeBSD kitabi: > http://www.acikakademi.com/catalog/freebsd > --------------------------------------------------------------------- > Listeye soru sormadan once lutfen http://ipucu.enderunix.org sitesine bakiniz. > Cikmak icin, e-mail: [EMAIL PROTECTED] > Liste arsivi: http://lists.enderunix.org > Turkiye'nin ilk FreeBSD kitabi: > http://www.acikakademi.com/catalog/freebsd -- Ismail YENIGUL EnderUNIX Cekirdek Takimi Uyesi Acik Akademi Yayinlari Editoru [EMAIL PROTECTED] http://www.enderunix.org Yayinevi Sanal Magaza: http://dukkan.acikakademi.com endersys: http://www.endersys.com --------------------------------------------------------------------- Listeye soru sormadan once lutfen http://ipucu.enderunix.org sitesine bakiniz. Cikmak icin, e-mail: [EMAIL PROTECTED] Liste arsivi: http://lists.enderunix.org Turkiye'nin ilk FreeBSD kitabi: http://www.acikakademi.com/catalog/freebsd
