[TAG] 2c tip - debugging POP3 over ssl
Benjamin A. Okopnik
ben at linuxgazette.net
Mon Nov 28 17:50:54 MSK 2005
Following up to myself:
> On Mon, Nov 28, 2005 at 07:19:52AM +0000, Neil Youngman wrote:
> > I had to run stunnel as root, as it was unable to create a file it required
> > otherwise. This may not be necessary with all configurations
> > neil ~ 06:44:39 501 > /usr/sbin/stunnel -c -f -d 2020 -r
> > pop.googlemail.com:995
> > 2005.11.28 07:14:55 LOG5[6414:3083712896]: Using 'pop.googlemail.com.995' as
> > tcpwrapper service name
> > 2005.11.28 07:14:55 LOG5[6414:3083712896]: stunnel 3.26 on i486-pc-linux-gnu
> > PTHREAD+LIBWRAP with OpenSSL 0.9.8a 11 Oct 2005
> > 2005.11.28 07:14:55 LOG3[6414:3083712896]: Cannot create pid
> > file /var/run/stunnel/stunnel.pop.googlemail.com.995.pid
> > 2005.11.28 07:14:55 LOG3[6414:3083712896]: create: Permission denied (13)
> > neil ~ 07:14:55 502 >
> This can be avoided by telling 'stunnel' to create a lock in a writeable
> stunnel -c -f -d 2020 -r pop.googlemail.com:995 -P ~/stunnel.lock
> Unfortunately, I can't test this any further - I'm having a little
> network trouble at the moment (although I can still do my mail and web
> stuff), and none of the hosts to which I can SSH have 'stunnel'
> installed. I hope this tiny bit is useful, anyway. :)
The networking problem seems to have gone away, and now I have the
ben at Fenrir:~$ /usr/sbin/stunnel -c -f -d 2020 -r pop.googlemail.com:995 -P ~/stunnel.lock
2005.11.28 08:38:35 LOG5[1976:3082823360]: Using 'pop.googlemail.com.995' as tcpwrapper service name
2005.11.28 08:38:35 LOG5[1976:3082823360]: stunnel 3.26 on i486-pc-linux-gnu PTHREAD+LIBWRAP with OpenSSL 0.9.8a 11 Oct 2005
2005.11.28 08:38:35 LOG5[1976:3082823360]: FD_SETSIZE=1024, file ulimit=1024 -> 500 clients allowed
2005.11.28 08:40:33 LOG5[1976:3082668976]: pop.googlemail.com.995 connected from 127.0.0.1:40461
2005.11.28 08:40:37 LOG5[1976:3082668976]: Connection closed: 0 bytes sent to SSL, 33 bytes sent to socket
2005.11.28 08:42:29 LOG5[1976:3082668976]: pop.googlemail.com.995 connected from 127.0.0.1:40466
2005.11.28 08:42:33 LOG5[1976:3082668976]: Connection closed: 0 bytes sent to SSL, 33 bytes sent to socket
[ more similar lines elided]
In another terminal, I have the following (username and passwd replaced
ben at Fenrir:~$ telnet localhost 2020
Connected to localhost.
Escape character is '^]'.
+OK Gpop n23pf1675297nfc ready.
+OK send PASS
-ERR [SYS/PERM] Your account is not enabled for POP access. Please visit your Gmail settings page and enable your account for POP access.
Connection closed by foreign host.
So, even though I'm not configured for POP, it looks like the recipe
_should_ work. Perhaps telnet is chewing up one or more of your
characters? I've seen it happen before. Try launching it with '-E'
(disable escape characters) option, and maybe with '-d' (debug) and '-n
foo.trace' (create a tracefile).
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://linuxgazette.net *
More information about the TAG