qpopper (pop3) with ssl encryption (routines:ssl3_get_record:wrong version number)

S

sidney2017

Hello and first of all a "Happy new year 2022!

In advance: I already use another solution (postfix+dovecot+pigeonhole).
But for special reasons I have to set up the sendmail+spamassassin + qpopper - scenario for a few weeks on a special machine.

Among other things, I used the following instructions as a guide for configuring qpopper with SSL/TLS:

Qpop-SSL

www.defcon1.org

I have already tried several hours today to set up qpopper so that an SSL connection can be used from the EMailClient via port 995. For TLS/SSL I use Let's encrypt certificates!
Unfortunately unsuccessful so far (see error messages below, with strange symbols/characters).
In contrast, sendmail-smtp-auth with TLS works fine.

I'm just not getting anywhere here. Have I included the wrong certificate?
I think I read somewhere a while ago that you have to merge two certificates into a single file for qpopper.

Obviously the problem has to do with the SSL-Versionnumber 3 if you have a look at the openssl connection try below.

I would be happy if someone could help me.

Thanks in advance and kind regards
Sidney2017

/var/log/messages
Code: 
Jan 1 12:49:17 MyDomain qpopper[40447]: (null) at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de (X.X.X.X): -ERR Unknown command: "[B][COLOR=rgb(209, 72, 65)]^V^C^A[/COLOR][/B]".
Jan 1 12:49:17 MyDomain qpopper[40447]: (null) at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de (X.X.X.X): -ERR Unknown command: [B][COLOR=rgb(209, 72, 65)]"[/COLOR][/B][COLOR=rgb(209, 72, 65)][B]▒[/B][/COLOR][B][COLOR=rgb(209, 72, 65)]"[/COLOR][/B].
Jan 1 12:49:17 MyDomain qpopper[40447]: (null) at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de (X.X.X.X): -ERR POP EOF or I/O Error
Jan 1 12:49:17 MyDomain qpopper[40447]: I/O error flushing output to client at dslb-XXX-XXX-XXX-XXX.088.064.pools.tcom-ip.de [X.X.X.X]: Operation not permitted (1)

Certbot certificates shows:
Code: 
Certificate Name: MyDomain.tld
Serial Number: 4884fXXXXXXX94dd8a6b77ee31def515a5
Key Type: RSA
Domains: MyDomain.tld imap.MyDomain.tld mail.MyDomain.tld smtp.MyDomain.tld [URL='http://www.MyDomain.tld']www.MyDomain.tld[/URL]
Expiry Date: 2022-03-31 15:50:21+00:00 (VALID: 89 days)
Certificate Path: /usr/local/etc/letsencrypt/live/MyDomain.tld/fullchain.pem
Private Key Path: /usr/local/etc/letsencrypt/live/MyDomain.tld/privkey.pem

Additionally following files exist:
Code: 
/usr/local/etc/letsencrypt/live/MyDomain.tld/chain.pem
/usr/local/etc/letsencrypt/live/MyDomain.tld/cert.pem

/etc/services
Code: 
# pop3 protocol over TLS/SSL
pop3s 995/tcp spop3
pop3s 995/udp spop3

/etc/inetd.conf
Code: 
pop3 stream tcp nowait root /usr/local/libexec/qpopper qpopper -s
pop3s stream tcp nowait root /usr/local/libexec/qpopper qpopper -s -f /etc/mail/pop/[B][COLOR=rgb(65, 168, 95)]qpopper.config[/COLOR][/B]

qpopper.config
Code: 
set tls-support = alternate-port
set tls-version = default
set tls-server-cert-file = /usr/local/etc/letsencrypt/live/MyDomain.tld/cert.pem
I als tried "set tls-support = stls"

rc.conf
Code: 
firewall_myservices="22/tcp 25/tcp 80/tcp 110/tcp 443/tcp 587/tcp 993/tcp 995/tcp 4190/tcp 10000/tcp 11332/tcp 11334/tcp 20000/tcp"

telnet localhost 995
Code: 
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK Qpopper (version 4.1.0) at MyDomain.tld starting. <[EMAIL]41371.1641040644@MyDomain.tld[/EMAIL]>

openssl s_client -connect localhost:995
Code: 
CONNECTED(00000004)
34374492160:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:/usr/src/crypto/openssl/ssl/record/ssl3_record.c:358:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

pkg info qpopper
Code: 
qpopper-4.1.0_6
Name           : qpopper
Version        : 4.1.0_6
Installed on   : Tue Dec 28 12:23:44 2021 CET
Origin         : mail/qpopper
Architecture   : FreeBSD:13:amd64
Prefix         : /usr/local
Categories     : mail
Licenses       : QUALCOMM
Maintainer     : [email]eugen@FreeBSD.org[/email]
WWW            : [URL]http://www.eudora.com/products/unsupported/qpopper/[/URL]
Comment        : Berkeley POP 3 server (now maintained by Qualcomm)
Options        :
        APOP           : on
        APOP_ONLY      : off
        DOCUMENTATION  : off
        FULL_POPD_DEBUG: off
        OPENSSL        : on
        PAM            : off
        POPPASSD       : off
        SAMPLE_POPUSERS: off
        SHY_ENABLED    : off
        STANDALONE_MODE: off
        U_OPTION       : on
Annotations    :
        FreeBSD_version: 1300139
        cpe            : cpe:2.3:a:qualcomm:qpopper:4.1.0:::::freebsd13:x64:6
        repo_type      : binary
        repository     : FreeBSD
 
Last edited by a moderator:
I don't know anything about qpopper, but the error from openssl means that qpopper or whatever is listening on port 995 is not using a certificate at all.
Try: openssl s_client -debug -connect localhost:995 for more output.
With a connection to something that returns a certificate, you should see the presented certificate.
 
Hm, a quick look for qpopper shows some very old info, and the admin guide suggest TLSv1 and ssl v1+2.
Maybe look for something more modern?
I don't think I would install this.
 
BjarneB said:
I don't know anything about qpopper, but the error from openssl means that qpopper or whatever is listening on port 995 is not using a certificate at all.
Try: openssl s_client -debug -connect localhost:995 for more output.
With a connection to something that returns a certificate, you should see the presented certificate.
Click to expand...
Hi,

with the -debug param openssl s_client shows up the same output like before!

Thanks and kind regards
Sidney2017
 
BjarneB said:
Hm, a quick look for qpopper shows some very old info, and the admin guide suggest TLSv1 and ssl v1+2.
Maybe look for something more modern?
I don't think I would install this.
Click to expand...
You are totally right!
Like mentioned in my 1st post I am usually using dovecot but I have to work with qpopper for a short time because of special reasons.

Kind regards
Sidney2017
 
covacat said:
you may be better off with 'normal' qpopper and stunnel
Click to expand...
Hello,

I hear today you for the first time from stunnel and will try to get further information about how to use it with qpopper und FreeBSD.

Thanks and kind regards
Sidney2017
 
stunnel adds ssl/tls support for programs that dont support it
listens on 995 and redirects to 110
pkg install stunnel and read its docs
 
Hello,

several hours later I am still struggling with stunnel although I followed the "HOWTO: Setting up STUNNEL in FreeBSD"-Guide here at FreeBSD.org:
forums.freebsd.org

HOWTO: Setting up STUNNEL in FreeBSD

Say, there is a newsserver which offers additional to port 119 a secure connection on port 563. You have an account with your username and password on that newsserver and you would like to use a newsreader which is unable to handle secure connections (e.g. Knode). For safety reasons stunnel...
forums.freebsd.org forums.freebsd.org

Starting stunnel always results in permission errors:
2022.01.01 21:48:30 LOG5[ui]: Switched to chroot directory: /var/run/stunnel
2022.01.01 21:48:30 LOG3[ui]: Cannot create pid file /stunnel.pid
2022.01.01 21:48:30 LOG3[ui]: create: Permission denied (13)
Click to expand...
and
[.] Switched to chroot directory: /var/run/stunnel
[!] Cannot open log file: /var/log/stunnel.log
Click to expand...
when additionally enabling logging.

Does anyone have an idea why the implementation of the above guide does not work for me?

The current permissions of /var/run/stunnel
drw--w--w- 2 stunnel stunnel stunnel

Thanks in advance and kind regards
Sidney2017

/usr/local/etc/stunnel/stunnel.conf
; **************************************************************************
; * Global options *
; **************************************************************************
; some debugging stuff useful for troubleshooting
setuid = stunnel
setgid = stunnel
chroot = /var/run/stunnel
debug = 7
foreground = yes
;output = /var/log/stunnel.log
client = yes
;pid = /var/run/stunnel/stunnel.pid
pid = /stunnel.pid

[pop3s]
accept = 995
connect = 110
cert = /usr/local/etc/letsencrypt/archive/MyDomain.tld/cert1.pem
key = /usr/local/etc/letsencrypt/archive/MyDomain.tld/privkey1.pem
Click to expand...

/usr/local/etc/rc.d/stunnel start
Starting stunnel.
2022.01.01 21:48:30 LOG6[ui]: Initializing inetd mode configuration
2022.01.01 21:48:30 LOG7[ui]: Clients allowed=917876
2022.01.01 21:48:30 LOG5[ui]: stunnel 5.60 on amd64-portbld-freebsd13.0 platform
2022.01.01 21:48:30 LOG5[ui]: Compiled with OpenSSL 1.1.1k-freebsd 24 Aug 2021
2022.01.01 21:48:30 LOG5[ui]: Running with OpenSSL 1.1.1k-freebsd 25 Mar 2021
2022.01.01 21:48:30 LOG5[ui]: Threading:pTHREAD Sockets:pOLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2022.01.01 21:48:30 LOG7[ui]: errno: (* __error())
2022.01.01 21:48:30 LOG6[ui]: Initializing inetd mode configuration
2022.01.01 21:48:30 LOG5[ui]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
2022.01.01 21:48:30 LOG5[ui]: UTF-8 byte order mark detected
2022.01.01 21:48:30 LOG6[ui]: Compression enabled: 0 methods
2022.01.01 21:48:30 LOG7[ui]: No PRNG seeding was required
2022.01.01 21:48:30 LOG6[ui]: Initializing service [pop3s]
2022.01.01 21:48:30 LOG6[ui]: stunnel default security level set: 2
2022.01.01 21:48:30 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2022.01.01 21:48:30 LOG7[ui]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
2022.01.01 21:48:30 LOG7[ui]: TLS options: 0x02100004 (+0x00000000, -0x00000000)
2022.01.01 21:48:30 LOG6[ui]: Session resumption enabled
2022.01.01 21:48:30 LOG6[ui]: Loading certificate from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/cert1.pem
2022.01.01 21:48:30 LOG6[ui]: Certificate loaded from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/cert1.pem
2022.01.01 21:48:30 LOG6[ui]: Loading private key from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/privkey1.pem
2022.01.01 21:48:30 LOG6[ui]: Private key loaded from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/privkey1.pem
2022.01.01 21:48:30 LOG7[ui]: Private key check succeeded
2022.01.01 21:48:30 LOG4[ui]: Service [pop3s] needs authentication to prevent MITM attacks
2022.01.01 21:48:30 LOG6[ui]: DH initialization skipped: client section
2022.01.01 21:48:30 LOG7[ui]: ECDH initialization
2022.01.01 21:48:30 LOG7[ui]: ECDH initialized with curves X25519:p-256:X448:p-521:p-384
2022.01.01 21:48:30 LOG5[ui]: Configuration successful
2022.01.01 21:48:30 LOG7[ui]: Deallocating deployed section defaults
2022.01.01 21:48:30 LOG7[ui]: Binding service [pop3s]
2022.01.01 21:48:30 LOG7[ui]: Listening file descriptor created (FD=10)
2022.01.01 21:48:30 LOG7[ui]: Setting accept socket options (FD=10)
2022.01.01 21:48:30 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2022.01.01 21:48:30 LOG6[ui]: Service [pop3s] (FD=10) bound to :::995
2022.01.01 21:48:30 LOG7[ui]: Listening file descriptor created (FD=11)
2022.01.01 21:48:30 LOG7[ui]: Setting accept socket options (FD=11)
2022.01.01 21:48:30 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2022.01.01 21:48:30 LOG6[ui]: Service [pop3s] (FD=11) bound to 0.0.0.0:995
2022.01.01 21:48:30 LOG5[ui]: Switched to chroot directory: /var/run/stunnel
2022.01.01 21:48:30 LOG3[ui]: Cannot create pid file /stunnel.pid
2022.01.01 21:48:30 LOG3[ui]: create: Permission denied (13)
2022.01.01 21:48:30 LOG7[ui]: Unbinding service [pop3s]
2022.01.01 21:48:30 LOG7[ui]: Service [pop3s] closed (FD=10)
2022.01.01 21:48:30 LOG7[ui]: Service [pop3s] closed (FD=11)
2022.01.01 21:48:30 LOG7[ui]: Service [pop3s] closed
/usr/local/etc/rc.d/stunnel: WARNING: failed to start stunnel
Click to expand...

Same "permission problem" occurs when setting
output = /var/log/stunnel.log
in /usr/local/etc/stunnel/stunnel.conf

[.] Switched to chroot directory: /var/run/stunnel
[!] Cannot open log file: /var/log/stunnel.log
[ ] Unbinding service [pop3s]
[ ] Service [pop3s] closed (FD=10)
[ ] Service [pop3s] closed (FD=11)
[ ] Service [pop3s] closed
 
Hello,

thank you very much!

Indeed the "chmod 750" of /var/run/stunnel solved the mentionend permission problem ("Cannot create pid file /stunnel.pid")
Obviously "chmod 0622 stunnel" like described in the "HOWTO: Setting up STUNNEL in FreeBSD" is not correct.

Setting "output = /var/log/stunnel.log" in /usr/local/etc/stunnel/stunnel.conf to /stunnel.log solved the trouble with the "stunnel.log"-creation.
/var/log/stunnel.log was outside the chroot-Environment!

So the next step is to test it with my EMail-Client and - if successfull - activating it with inetd.

Kind regards
Sidney2017

/usr/local/etc/rc.d/stunnel start
Starting stunnel.
2022.01.01 22:59:07 LOG6[ui]: Initializing inetd mode configuration
2022.01.01 22:59:07 LOG7[ui]: Clients allowed=917876
2022.01.01 22:59:07 LOG5[ui]: stunnel 5.60 on amd64-portbld-freebsd13.0 platform
2022.01.01 22:59:07 LOG5[ui]: Compiled with OpenSSL 1.1.1k-freebsd 24 Aug 2021
2022.01.01 22:59:07 LOG5[ui]: Running with OpenSSL 1.1.1k-freebsd 25 Mar 2021
2022.01.01 22:59:07 LOG5[ui]: Threading:pTHREAD Sockets:pOLL,IPv6 TLS:ENGINE,OCSP,PSK,SNI
2022.01.01 22:59:07 LOG7[ui]: errno: (* __error())
2022.01.01 22:59:07 LOG6[ui]: Initializing inetd mode configuration
2022.01.01 22:59:07 LOG5[ui]: Reading configuration from file /usr/local/etc/stunnel/stunnel.conf
2022.01.01 22:59:07 LOG5[ui]: UTF-8 byte order mark detected
2022.01.01 22:59:07 LOG6[ui]: Compression enabled: 0 methods
2022.01.01 22:59:07 LOG7[ui]: No PRNG seeding was required
2022.01.01 22:59:07 LOG6[ui]: Initializing service [pop3s]
2022.01.01 22:59:07 LOG6[ui]: stunnel default security level set: 2
2022.01.01 22:59:07 LOG7[ui]: Ciphers: HIGH:!aNULL:!SSLv2:!DH:!kDHEPSK
2022.01.01 22:59:07 LOG7[ui]: TLSv1.3 ciphersuites: TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256
2022.01.01 22:59:07 LOG7[ui]: TLS options: 0x02100004 (+0x00000000, -0x00000000)
2022.01.01 22:59:07 LOG6[ui]: Session resumption enabled
2022.01.01 22:59:07 LOG6[ui]: Loading certificate from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/cert1.pem
2022.01.01 22:59:07 LOG6[ui]: Certificate loaded from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/cert1.pem
2022.01.01 22:59:07 LOG6[ui]: Loading private key from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/privkey1.pem
2022.01.01 22:59:07 LOG6[ui]: Private key loaded from file: /usr/local/etc/letsencrypt/archive/MyDomain.tld/privkey1.pem
2022.01.01 22:59:07 LOG7[ui]: Private key check succeeded
2022.01.01 22:59:07 LOG4[ui]: Service [pop3s] needs authentication to prevent MITM attacks
2022.01.01 22:59:07 LOG6[ui]: DH initialization skipped: client section
2022.01.01 22:59:07 LOG7[ui]: ECDH initialization
2022.01.01 22:59:07 LOG7[ui]: ECDH initialized with curves X25519:p-256:X448:p-521:p-384
2022.01.01 22:59:07 LOG5[ui]: Configuration successful
2022.01.01 22:59:07 LOG7[ui]: Deallocating deployed section defaults
2022.01.01 22:59:07 LOG7[ui]: Binding service [pop3s]
2022.01.01 22:59:07 LOG7[ui]: Listening file descriptor created (FD=10)
2022.01.01 22:59:07 LOG7[ui]: Setting accept socket options (FD=10)
2022.01.01 22:59:07 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2022.01.01 22:59:07 LOG6[ui]: Service [pop3s] (FD=10) bound to :::995
2022.01.01 22:59:07 LOG7[ui]: Listening file descriptor created (FD=11)
2022.01.01 22:59:07 LOG7[ui]: Setting accept socket options (FD=11)
2022.01.01 22:59:07 LOG7[ui]: Option SO_REUSEADDR set on accept socket
2022.01.01 22:59:07 LOG6[ui]: Service [pop3s] (FD=11) bound to 0.0.0.0:995
2022.01.01 22:59:07 LOG5[ui]: Switched to chroot directory: /var/run/stunnel
2022.01.01 22:59:07 LOG7[ui]: Created pid file /stunnel.pid
2022.01.01 22:59:07 LOG7[cron]: Cron thread initialized
2022.01.01 22:59:07 LOG6[cron]: Executing cron jobs
2022.01.01 22:59:07 LOG6[cron]: Cron jobs completed in 0 seconds
2022.01.01 22:59:07 LOG7[cron]: Waiting 86400 seconds
Click to expand...
 
Here we go ...

One may hardly believe it. When I now want to retrieve mails with Thunderbird via port 995 with SSL/TLS via stunnel I get exactly the same error message as when using qpopper, which I had mentioned in my initial post:

2022.01.01 23:19:57 LOG7[3]: TLS state (connect): SSLv3/TLS write client hello
2022.01.01 23:19:57 LOG3[3]: SSL_connect: /usr/src/crypto/openssl/ssl/record/ssl3_record.c:358: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Click to expand...

Now I am exactly where I was with qpopper. :D

Any idea what I could do?

Thanks and kind regards
Sidney2017
 
I tried it with the options mentioned by Adobe (your link)
and further options like

sslVersion = TLSv1.2
sslVersionMin = TLSv1.1
sslVersionMax = TLSv1.2
options = NO_SSLv3

Always the same result:

...
2022.01.02 00:10:29 LOG6[0]: SNI: sending servername: localhost
2022.01.02 00:10:29 LOG6[0]: Peer certificate not required
2022.01.02 00:10:29 LOG7[0]: TLS state (connect): before SSL initialization
2022.01.02 00:10:29 LOG7[0]: Initializing application specific data for session authenticated
2022.01.02 00:10:29 LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
2022.01.02 00:10:29 LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/record/ssl3_record.c:358: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
2022.01.02 00:10:29 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
2022.01.02 00:10:29 LOG7[0]: Deallocating application specific data for session connect address
2022.01.02 00:10:29 LOG7[0]: Remote descriptor (FD=13) closed
2022.01.02 00:10:29 LOG7[0]: Local descriptor (FD=3) closed
2022.01.02 00:10:29 LOG7[0]: Service [pop3s] finished (0 left)
Click to expand...

May it have to do with the openssl version?

/usr/bin/openssl version
OpenSSL 1.1.1k-freebsd 25 Mar 2021

Installed package with "pkg install openssl"

Kind regards
Sidney2017
/usr/local/bin/openssl version
OpenSSL 1.1.1l 24 Aug 2021

How can one make /usr/local/bin/openssl the default openssl?
 
Hello covacat,

thanks for your assistance!

I get the the same results I presented in my first post related to qopper (even same /var/log/messages results).

Kind regards
Sidney2017

openssl s_client -connect MyDomain.tld:995

CONNECTED(00000004)
write:errno=54
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 320 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Click to expand...

/var/log/messages
Jan 2 00:23:38 MyDomain stunnel[56663]: LOG5[ui]: UTF-8 byte order mark detected
Jan 2 00:23:38 MyDomain stunnel[56663]: LOG4[ui]: Service [pop3s] needs authentication to prevent MITM attacks
Jan 2 00:23:38 MyDomain stunnel[56663]: LOG5[ui]: Configuration successful
Jan 2 00:23:38 MyDomain stunnel[56663]: LOG5[ui]: Switched to chroot directory: /var/run/stunnel
Jan 2 00:25:22 MyDomain stunnel[56663]: LOG5[0]: Service [pop3s] accepted connection from 88.64.X.X:65082
Jan 2 00:25:22 MyDomain stunnel[56663]: LOG3[0]: s_connect: connect ::1:110: Connection refused (61)
Jan 2 00:25:22 MyDomain stunnel[56663]: LOG5[0]: s_connect: connected 127.0.0.1:110
Jan 2 00:25:22 MyDomain stunnel[56663]: LOG5[0]: Service [pop3s] connected remote server from 127.0.0.1:59020
Jan 2 00:25:22 MyDomain qpopper[56686]: (null) at localhost (127.0.0.1): -ERR Unknown command: "^V^C^A".
Jan 2 00:25:22 MyDomain stunnel[56663]: LOG3[0]: SSL_connect: /usr/src/crypto/openssl/ssl/record/ssl3_record.c:358: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Jan 2 00:25:22 MyDomain qpopper[56686]: (null) at localhost (127.0.0.1): -ERR Unknown command: "▒^T▒".
Jan 2 00:25:22 MyDomain stunnel[56663]: LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
Jan 2 00:25:22 MyDomain qpopper[56686]: (null) at localhost (127.0.0.1): -ERR POP EOF or I/O Error
Jan 2 00:25:22 MyDomain qpopper[56686]: I/O error flushing output to client at localhost [127.0.0.1]: Operation not permitted (1)
Click to expand...
 
Hello covacat,

removing "client = yes" solved the last problem I had!

Thank you very much for your extraordinary help!

What made you think that it could be the "client = yes" entry?
To be honest I am not aware about what exactly this entry does

Best regards
Sidney2017
 
googled the ssl error and found out its related to ssl connection to non ssl daemon
client = yes made stunnel to try to connect with ssl to qpopper@110
 
You must log in or register to reply here.
Back
Top