Hello,
I use FreeBSD stunnel under 13.3-RELEASE-p3 to tunnel access via port 587 (SSL) to port 110.
This has not worked for about 24 hours now, and restarting stunnel did not change anything. This had been working without any problems for more than 1 year.
Errors appear in /var/log/messages (see below): ‘OCSP: OCSP responder error: 6: unauthorised’
I wonder whether this is due to the IP addresses permanently compiled into my local_unbound (root hints).
Because a ping to r11.o.lencr.org apparently leads to different results than a dig @127.0.0.1 r11.o.lencr.org (see below).
I have been using local_unbound (unbound 1.20.0 in FreeBSD 13.3) since the beginning of July 2024 without any problems.
Does anyone have an idea what I can do?
Or could it be something else?
Thanks in advance and kind regards
Sidney2017
I use FreeBSD stunnel under 13.3-RELEASE-p3 to tunnel access via port 587 (SSL) to port 110.
This has not worked for about 24 hours now, and restarting stunnel did not change anything. This had been working without any problems for more than 1 year.
Errors appear in /var/log/messages (see below): ‘OCSP: OCSP responder error: 6: unauthorised’
I wonder whether this is due to the IP addresses permanently compiled into my local_unbound (root hints).
Because a ping to r11.o.lencr.org apparently leads to different results than a dig @127.0.0.1 r11.o.lencr.org (see below).
I have been using local_unbound (unbound 1.20.0 in FreeBSD 13.3) since the beginning of July 2024 without any problems.
Does anyone have an idea what I can do?
Or could it be something else?
Thanks in advance and kind regards
Sidney2017
Sep 4 16:03:39 mail stunnel[35842]: LOG5[3159]: Service [pop3s] accepted connection from IP-Address:54129
Sep 4 16:03:39 mail stunnel[35842]: LOG5[3159]: OCSP: Connecting the AIA responder "http://r11.o.lencr.org"
Sep 4 16:03:39 mail stunnel[35842]: LOG5[3159]: s_connect: connected 184.24.77.55:80
Sep 4 16:03:39 mail stunnel[35842]: LOG3[3159]: OCSP: OCSP responder error: 6: unauthorized
Sep 4 16:03:39 mail stunnel[35842]: LOG3[3159]: s_connect: connect ::1:110: Connection refused (61)
Sep 4 16:03:39 mail stunnel[35842]: LOG5[3159]: s_connect: connected 127.0.0.1:110
Sep 4 16:03:39 mail stunnel[35842]: LOG5[3159]: Service [pop3s] connected remote server from 127.0.0.1:45355
Sep 4 16:03:39 mail inetd[1060]: pop3 from 127.0.0.1 exceeded counts/min (limit 60/min)
Sep 4 16:03:39 mail stunnel[35842]: LOG5[3159]: Connection closed: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
===========================================================================
# dig @127.0.0.1 r11.o.lencr.org
; <<>> DiG 9.18.26 <<>> @127.0.0.1 r11.o.lencr.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7170
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;r11.o.lencr.org. IN A
;; ANSWER SECTION:
r11.o.lencr.org. 300 IN CNAME o.lencr.edgesuite.net.
o.lencr.edgesuite.net. 21600 IN CNAME a1887.dscq.akamai.net.
a1887.dscq.akamai.net. 20 IN A 184.24.77.59
a1887.dscq.akamai.net. 20 IN A 184.24.77.61
a1887.dscq.akamai.net. 20 IN A 184.24.77.75
a1887.dscq.akamai.net. 20 IN A 184.24.77.57
a1887.dscq.akamai.net. 20 IN A 184.24.77.72
a1887.dscq.akamai.net. 20 IN A 184.24.77.52
a1887.dscq.akamai.net. 20 IN A 184.24.77.73
a1887.dscq.akamai.net. 20 IN A 184.24.77.70
a1887.dscq.akamai.net. 20 IN A 184.24.77.76
;; Query time: 74 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Sep 05 10:02:56 CEST 2024
;; MSG SIZE rcvd: 255
root@mail:~ # ping r11.o.lencr.org
PING a1887.dscq.akamai.net (184.24.77.46): 56 data bytes
64 bytes from 184.24.77.46: icmp_seq=0 ttl=56 time=4.916 ms
64 bytes from 184.24.77.46: icmp_seq=1 ttl=56 time=4.865 ms
root@mail:~ # ping r11.o.lencr.org
PING a1887.dscq.akamai.net (184.24.77.54): 56 data bytes
64 bytes from 184.24.77.54: icmp_seq=0 ttl=56 time=4.859 ms
64 bytes from 184.24.77.54: icmp_seq=1 ttl=56 time=4.882 ms
64 bytes from 184.24.77.54: icmp_seq=2 ttl=56 time=4.916 ms
root@mail:~ ping r11.o.lencr.org
PING a1887.dscq.akamai.net (23.53.40.144): 56 data bytes
64 bytes from 23.53.40.144: icmp_seq=0 ttl=59 time=4.874 ms