stunnel install unter lenny

[dibu]

Hallo zusammen,

habe eben eine apt-get install stunnel unter lenny durchgeführt und das installscript meldete.
kann Benutzer Stunnel UID 112 und Group Stunnel GID 114 nicht anlegen und noch ne Meldung bzgl. pid des stunnel.
apt-get --reinstall install stunnel bring mich nicht wirklich weiter.

Danke Dirk

Habe jetzt das ganze noch mal überprüfung und der User und die Group ist angelegt.
in der etc/default/stunnel4 ist auch enabled=1 gesetzt
läuft momentan noch mit fehlermeldung

Ich möchte per TB daheim auf meinen vserver eine gesicherter Verbindung per ssl über imap herstellen.
Muss ich denn unten noch direkt die Verbindung zu port 143 herstellen?

Dirk

Code: Alles auswählen

Starting SSL tunnels: 2010.08.15 18:26:52 LOG7[18668:3082836864]: Snagged 64 random bytes from /root/.rnd
2010.08.15 18:26:52 LOG7[18668:3082836864]: Wrote 1024 new random bytes to /root/.rnd
2010.08.15 18:26:52 LOG7[18668:3082836864]: RAND_status claims sufficient entropy for the PRNG
2010.08.15 18:26:52 LOG7[18668:3082836864]: PRNG seeded successfully
2010.08.15 18:26:52 LOG4[18668:3082836864]: Wrong permissions on /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Certificate: /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Certificate loaded
2010.08.15 18:26:52 LOG7[18668:3082836864]: Key file: /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Private key loaded
2010.08.15 18:26:52 LOG7[18668:3082836864]: SSL context initialized for service pop3s
2010.08.15 18:26:52 LOG4[18668:3082836864]: Wrong permissions on /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Certificate: /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Certificate loaded
2010.08.15 18:26:52 LOG7[18668:3082836864]: Key file: /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Private key loaded
2010.08.15 18:26:52 LOG7[18668:3082836864]: SSL context initialized for service imaps
2010.08.15 18:26:52 LOG4[18668:3082836864]: Wrong permissions on /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Certificate: /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Certificate loaded
2010.08.15 18:26:52 LOG7[18668:3082836864]: Key file: /etc/stunnel/stunnel.pem
2010.08.15 18:26:52 LOG7[18668:3082836864]: Private key loaded
2010.08.15 18:26:52 LOG7[18668:3082836864]: SSL context initialized for service ssmtp
file /etc/stunnel/stunnel.conf line 67: Each service section must define exactly two endpoints
[Failed: /etc/stunnel/stunnel.conf]
You should check that you have specified the pid= in you configuration file

Code: Alles auswählen

; Certificate/key is needed in server mode and optional in client mode
;cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem
cert = /etc/stunnel/stunnel.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel4/stunnel.log

; Use it for client mode
; client = yes

; Service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
;accept  = 465
;connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini

update: so noch weiterversucht...in stunnel.conf geändert.
cert und key dateien entsprechend eingefügt.

Code: Alles auswählen

; Certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/cert-mail.pem
key = /etc/stunnel/key-mail.pem

Dirk