3

I am trying to install stunnel on a CentOS 7 server, but I am getting an Unknown TCP Service error. How can I resolve this error to complete the stunnel installation?

I installed and tested stunnel as follows: 

# yum install stunnel
# yum install telnet  
# vi /etc/stunnel/stunnel.conf  (creates new file)

Add the following contents: 

    client=yes
    [rev-smtps]
    accept=127.0.0.1:2525
    connect=the.mail.server.url  
    Esc :wq

Then back to command line: 

# stunnel &
# telnet 127.0.0.1 2525  
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
Connection closed by foreign host.
[1]+  Done                    stunnel

I am interpreting this to say that stunnel is not connecting to the remote mail server, because this tutorial says that I should expect results similar to the following: 

[root@dev xinetd.d]# telnet localhost 2525
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 smtp104.sbc.mail.re3.yahoo.com ESMTP
EHLO
250-smtp104.sbc.mail.re3.yahoo.com
250-AUTH LOGIN PLAIN XYMCOOKIE
250-PIPELINING
250 8BITMIME
quit

Connection closed by foreign host.

Note that, in the above config, the.mail.server.url is the exact url that works for my MS Outlook to connect to the same mail server to retrieve mail for BOTH smtps and imaps.

Also, the temporary firewall rules on this development server at the moment of these tests are: 

[root@localhost stunnel]# firewall-cmd --list-all
public (default, active)
  interfaces: ens7 eth0
  sources: 
  services: dhcpv6-client http imaps smtp ssh
  ports: 8080/tcp
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules:

And note that the smtp.xml filewalld config file specifies port 465 as the port for smtp. There does not seem to be an smtps.xml file.

Typing journalctl immediately after running telnet localhost 2525 resulted in the following appended at the end of the logs: 

Oct 19 15:56:40 localhost.localdomain stunnel[6657]: LOG5[6657:140496905537280]: Service [rev-smtps] accepted connection from 127.0.0.1:43872
Oct 19 15:56:40 localhost.localdomain stunnel[6657]: LOG3[6657:140496905537280]: Unknown TCP service 'the.mail.server.url'
Oct 19 15:56:40 localhost.localdomain stunnel[6657]: LOG3[6657:140496905537280]: No host resolved
Oct 19 15:56:40 localhost.localdomain stunnel[6657]: LOG5[6657:140496905537280]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

So how can I confirm that stunnel is working?

CodeMed
  • 5,079
  • 45
  • 100
  • 147
  • did you really put `Esc :wq` in stunnel.conf? if so, delete that line. – cas Oct 20 '15 at 00:12
  • why are you even using stunnel for this? every common MTA already supports smtps, and can be configured to use it if it's available, always use it (and refuse to use unencrypted smtp), and/or to use it for specific hosts. – cas Oct 20 '15 at 00:20
  • @cas Because another user said to look into it. If you have a better suggestion, I would eagerly explore it. Here is the question that got me into stunnel: http://unix.stackexchange.com/questions/237235/enabling-smtp-on-port-465-and-imap-on-port-993-for-webapps-running-on-centos-7 – CodeMed Oct 20 '15 at 00:27
  • My suggestion is to use an MTA like postfix or exim. It's not the app's job to handle mail routing, delivery, queueing, bounce-handling, etc. An app should hand off the mail to the Mail Transfer Agent and forget about it, job done, finished. – cas Oct 20 '15 at 00:33
  • easiest way would be to install postfix and configure it to use your remote mail server as a smart-host, using port 465. – cas Oct 20 '15 at 00:36
  • @cas Thank you. If I use postfix, do I also use mailx and dovecot for the use case described in the link? – CodeMed Oct 20 '15 at 00:37
  • as derobert said, you only install `dovecot` if you want to host your own mail, dovecot is an imap/pop server, not a client. as for `mailx`, it won't hurt to install it - it's a useful command-line tool for sending mail - but i have no idea if JavaMail uses it or not. – cas Oct 20 '15 at 00:43
  • @cas Thank you. And postfix will enable me to use the remote mail server for my smtp? – CodeMed Oct 20 '15 at 00:47
  • yes, if you configure it correctly. by default, postfix will try to deliver mail directly (it is an MTA, after all, that's it's job). but if you configure it to use a smart-host aka relayhost, it will relay all outbound mail via that smart-host. – cas Oct 20 '15 at 00:49
  • @cas Looks like I need an ssl certificate to do that. The remote web host told me that they only accept signed certificates. Do I have to buy a certificate? Or is there a signed certificate that comes installed with postfix? Here is the link that says I need a signed certificate: http://freelinuxtutorials.com/quick-tips-and-tricks/configure-postfix-to-use-gmail-in-rhelcentos/ – CodeMed Oct 20 '15 at 01:08
  • @cas I set up a relayhost as you suggested. It can non-SSL email from my development server through the relayhost and out to others on the internet. But it is throwing an error when I try to use port 465, which is SSL only. Are you willing to look at the problem? Here is the link: http://unix.stackexchange.com/questions/237304/client-wrappermode-port-smtps-465-is-unimplemented – CodeMed Oct 20 '15 at 03:58

1 Answers1

2
client=yes
[rev-smtps]
accept=127.0.0.1:2525
connect=the.mail.server.url

Is it possible that you forgot to tell stunnel, to which port it should connect? 

connect=mail.server.url:port

should be the right syntax.

  • I already tried that. The config has `connect=the.mail.server.url:465`, which is the port that I use in MS Outlook to connect to the same server. Not sure what else I should try as the port number. – CodeMed Oct 19 '15 at 23:44
  • Unless there is some systemctl command to restart after adding the port number? The error message does not specify the port number even when the config file does specify the port. – CodeMed Oct 19 '15 at 23:48
  • Of course, after editing the config you have to restart the programm. –  Oct 19 '15 at 23:50
  • What command do I use for that? `systemctl restart stunnel` does not work. – CodeMed Oct 19 '15 at 23:51
  • `kill `cat /var/run/stunnel/stunnel.pid`` also does not work, causing `cat: /var/run/stunnel/stunnel.pid: No such file or directory`. – CodeMed Oct 20 '15 at 00:00