Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

pop3 stunnel nmh to gmail

124 views
Skip to first unread message

Joseph Brenner

unread,
Sep 25, 2010, 7:29:43 PM9/25/10
to

I'm an nmh user running ubuntu jaunty, and I want to get my local
email working over SSL connections to a gmail account (POP3/SMTP).
So I'm trying to get some form of mh to talk over SSL using stunnel4.
I'm looking for suggestions on what I might be doing wrong, and
hints on how to go about isolating the problems.

I've succeeded in using slypheed to get mail from gmail, so I know the
gmail account is working and is set-up for pop3 and so on. When I
run mh's inc command, though, it just reports:
"inc: no servers available"

I can see that I've got stunnel running by doing a:
ps ax | egrep stun | egrep -v egrep

5937 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5938 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5939 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5940 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5941 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5942 ? SNs 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

Google has some instructions up about servers and port numbers
(but no examples specific to stunnel):
http://mail.google.com/support/bin/answer.py?hl=en&answer=13287

Here's a summary of the kind of configurations I've been trying:

/etc/default/stunnel4:

ENABLED=1
FILES="/etc/stunnel/*.conf"
OPTIONS=""
PPP_RESTART=0

/etc/stunnel/stunnel.conf:

sslVersion = SSLv3
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
pid = /stunnel4.pid
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

debug = 7
output = /var/log/stunnel4/stunnel.log

client = yes

[pop3s]
accept = 127.0.0.1:995
connect = pop.gmail.com:110

[smtps]
accept = 127.0.0.1:465
connect = smtp.gmail.com:25


/etc/nmh/mts.conf:

mts: smtp
hostable: /etc/nmh/hosts

localname: smtp.gmail.com
# localname: gmail.com

masquerade:

mmdfldir: /var/mail

mmdflfil:

# pophost: localhost
# pophost: pop.gmail.com:995
pophost: pop.gmail.com:110
# pophost: pop.gmail.com

# servers: localhost
servers: smtp.gmail.com

/var/log/stunnel4/stunnel.log

2010.09.21 11:11:41 LOG7[6528:140533218399984]: Snagged 64 random
bytes from /dev/urandom
2010.09.21 11:11:41 LOG7[6528:140533218399984]: RAND_status claims
sufficient entropy for the PRNG
2010.09.21 11:11:41 LOG7[6528:140533218399984]: PRNG seeded successfully
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service pop3s
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service imaps
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SSL context
initialized for service smtps
2010.09.21 11:11:41 LOG5[6528:140533218399984]: stunnel 4.22 on
x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
2010.09.21 11:11:41 LOG5[6528:140533218399984]: Threading:PTHREAD
SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP
2010.09.21 11:11:41 LOG6[6528:140533218399984]: file ulimit = 1024
(can be changed with 'ulimit -n')
2010.09.21 11:11:41 LOG6[6528:140533218399984]: poll() used - no
FD_SETSIZE limit for file descriptors
2010.09.21 11:11:41 LOG5[6528:140533218399984]: 500 clients allowed
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 10 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 11 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 12 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: pop3s bound to 127.0.0.1:1109
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 13 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: imaps bound to 0.0.0.0:993
2010.09.21 11:11:41 LOG7[6528:140533218399984]: FD 14 in non-blocking mode
2010.09.21 11:11:41 LOG7[6528:140533218399984]: SO_REUSEADDR option
set on accept socket
2010.09.21 11:11:41 LOG7[6528:140533218399984]: smtps bound to 127.0.0.1:259
2010.09.21 11:11:41 LOG7[6534:140533218399984]: Created pid file /stunnel4.pid

/var/log/mail.log

Sep 21 13:40:32 fineline gnu-pop3d[15484]: Incoming connection opened
Sep 21 13:40:32 fineline gnu-pop3d[15484]: connect from 127.0.0.1
Sep 21 13:40:32 fineline gnu-pop3d[15484]: User `doo...@gmail.com': nonexistent
Sep 21 13:40:32 fineline gnu-pop3d[15484]: Session ended for no user


I'm using the "stunnel4" package for ubuntu jaunty:

/usr/bin/stunnel4 -version
stunnel 4.22 on x86_64-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007
Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options
debug = 5
pid = /var/run/stunnel4.pid
RNDbytes = 64
RNDfile = /dev/urandom
RNDoverwrite = yes

Service-level options
cert = /etc/stunnel/stunnel.pem
ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH
key = /etc/stunnel/stunnel.pem
session = 300 seconds
stack = 65536 bytes
sslVersion = SSLv3 for client, all for server
TIMEOUTbusy = 300 seconds
TIMEOUTclose = 60 seconds
TIMEOUTconnect = 10 seconds
TIMEOUTidle = 43200 seconds
verify = none


uname -a
Linux fineline 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008
x86_64 GNU/Linux

gcc -v
Using built-in specs.
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
4.3.3-5ubuntu4'
--with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs
--enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr
--enable-shared --with-system-zlib --libexecdir=/usr/lib
--without-included-gettext --enable-threads=posix --enable-nls
--with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3
--enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc
--enable-mpfr --with-tune=generic --enable-checking=release
--build=x86_64-linux-gnu --host=x86_64-linux-gnu
--target=x86_64-linux-gnu
Thread model: posix
gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)


openssl version
OpenSSL 0.9.8g 19 Oct 2007

HASM

unread,
Sep 27, 2010, 10:30:36 AM9/27/10
to
Joseph Brenner <do...@kzsu.stanford.edu> writes:

> I'm an nmh user running ubuntu jaunty, and I want to get my local
> email working over SSL connections to a gmail account (POP3/SMTP).
> So I'm trying to get some form of mh to talk over SSL using stunnel4.
> I'm looking for suggestions on what I might be doing wrong, and
> hints on how to go about isolating the problems.

Orthogonal answer ...

I use fetchmail/procmail do dump gmail messages into a local file and inc
from there. There's a 5 minute minimum retrial period but other than that
I never had any problems. Guessing you can do the same with slypheed.

-- HASM

Joseph Brenner

unread,
Sep 27, 2010, 6:14:11 PM9/27/10
to

Anyone using stunnel to get mh to talk over SSL?

I'm using nmh running ubuntu jaunty, and I want to get my local


email working over SSL connections to a gmail account (POP3/SMTP).
So I'm trying to get some form of mh to talk over SSL using stunnel4.

I've succeeded in using slypheed to get mail from gmail, so I know the


gmail account is working and is set-up for pop3 and so on. When I
run mh's inc command, though, it just reports:
"inc: no servers available"

I can see that I've got stunnel running by doing a:
ps ax | egrep stun | egrep -v egrep

5937 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5938 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5939 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5940 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5941 ? SN 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf
5942 ? SNs 0:00 /usr/bin/stunnel4 /etc/stunnel/stunnel.conf

I'm looking for suggestions on what I might be doing wrong, and


hints on how to go about isolating the problems.

Here's a summary of the kind of configurations I've been trying:

Mr. Inbetween

unread,
Sep 28, 2010, 6:11:22 PM9/28/10
to

Yes, I'm likely to switch to a fetchmail-based solution, in part
because I'm getting
a resounding silence on my stunnel question.

At the very least fetchmail solutions appear to be better documented,
with lots of tutorial pages out on the web, like so:

http://souptonuts.sourceforge.net/postfix_tutorial.html

One of the reasons I've never played very much with fetchmail, by the
way, is that
reading the documentation I can't seem to find a straight answer to
the question of
"do I *need* to run an MTA (sendmail or equiv?)". But then, I've been
meaning to
play with postfix some time, maybe now is the time.

[My apologizes for the double-post: my newsfeed is playing tricks on
me, which is
why I've switched to a google groups account for now.] -- Joseph
Brenner

HASM

unread,
Oct 2, 2010, 12:07:34 AM10/2/10
to
"Mr. Inbetween" <doo...@gmail.com> writes:

>> I use fetchmail/procmail do dump gmail messages into a local file and inc
>> from there.  There's a 5 minute minimum retrial period but other than that
>> I never had any problems.  Guessing you can do the same with slypheed.

> Yes, I'm likely to switch to a fetchmail-based solution,

> One of the reasons I've never played very much with fetchmail, by the


> way, is that reading the documentation I can't seem to find a straight
> answer to the question of "do I *need* to run an MTA (sendmail or
> equiv?)". But then, I've been meaning to play with postfix some time,
> maybe now is the time.

Probably not to receive, but yes to send. But you can't relay mail through
gmail unless you have a paid account.

-- HASM

0 new messages