Stunnel dumps garbage into the console

[mrrc]

Popa3d+stunnel is configured on the mail server, the latter litters the console with messages like:

Dec 26 15:25:57 mrrc stunnel: LOG3[2200]: SSL_read: Connection reset by peer (54)
Dec 26 15:25:57 mrrc stunnel: LOG3[2201]: SSL_accept: Peer suddenly disconnected
Dec 26 15:27:13 mrrc stunnel: LOG3[2202]: SSL_accept: Peer suddenly disconnected
Dec 26 15:28:28 mrrc stunnel: LOG3[2204]: SSL_accept: Peer suddenly disconnected
Dec 26 18:08:05 mrrc stunnel: LOG3[2285]: SSL_read: Connection reset by peer (54)
Dec 26 18:13:04 mrrc stunnel: LOG3[2289]: SSL_read: Connection reset by peer (54)
Dec 26 20:13:26 mrrc stunnel: LOG3[2421]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Dec 26 20:48:18 mrrc stunnel: LOG3[2459]: SSL_accept: 140760FC: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Dec 26 21:24:51 mrrc stunnel: LOG3[2497]: SSL_accept: 14094418: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca

In /etc/syslog.conf regarding popa3d and stunnel there is:

!popa3d
*.*                                             /var/log/pop.log
!stunnel
*.*                                             /var/tmp/stunnel/stunnel.log

Both log files are filled, while the facility with LOG5 is written in stunnel.log, while its messages in the console are written with LOG3. Both popa3d and stunnel listen for connections from /etc/inetd.conf.
The console messages in /etc/syslog.conf are described as follows:

*.err;kern.warning;auth.notice;mail.crit;mail.none              /dev/console

Tell me what to tweak in order to wrap the LOG3 output also in the general log file specified for stunnel.
FreeBSD 11.1-RELEASE-p15
stunnel-5.41,1\popa3d-standalone-1.0.3

 

[SirDice]

FreeBSD 11.1-RELEASE-p15

End-of-life since September 2018. Maybe not use a version that's been unsupported for 5 years?

Unsupported FreeBSD Releases

FreeBSD is an operating system used to power modern servers, desktops, and embedded platforms.

www.freebsd.org

Topics about unsupported FreeBSD versions

The FreeBSD Forums cater primarily to end-users and systems administrators. As such, the Forums focus almost exclusively on FreeBSD versions that are officially supported according to the official FreeBSD website. Since resources are scarce, the FreeBSD Forums strongly suggest that anyone asking...

forums.freebsd.org

 

[mrrc]

End-of-life since September 2018.

Yes.

Maybe not use a version that's been unsupported for 5 years?

Maybe, but compatibility with certain software requires it. On the merits of the question, without taking into account the outdated OS, how to solve the issue?

 

[SirDice]

compatibility with certain software requires it.

Doubtful. What software?

On the merits of the question, without taking into account the outdated OS, how to solve the issue?

You're getting these errors because of malware attacking your site. Do you really want keep outdated software online? Stuff that's probably riddled with security issues? You know, the kind of issues these bots are looking for?

 

[mrrc]

Doubtful. What software?

Kaspersky. But this has nothing to do with the question.

ou're getting these errors because of malware attacking your site.

These are unsuccessful connection attempts and other garbage, which is a normal situation for any network service. My initial question is how to configure logging of the tunnel to a file allocated for this, so as not to clog the console.

 

[mrrc]

Ok)
FreeBSD 13.2-RELEASE-p9
stunnel-5.71,1
popa3d-1.0.3

Current versions, the issue of garbage in the console remains. How to redirect all output from a tunnel (LOG3) to /var/tmp/stunnel/stunnel.log?

Jan 10 22:22:52 mrrc stunnel[985]: LOG3[0]: SSL_accept: No error: 0 (0)
Jan 10 23:27:05 mrrc stunnel[985]: LOG3[2]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:23 mrrc stunnel[985]: LOG3[5]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:23 mrrc stunnel[985]: LOG3[6]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:23 mrrc stunnel[985]: LOG3[7]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:24 mrrc stunnel[985]: LOG3[8]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:24 mrrc stunnel[985]: LOG3[9]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:25 mrrc stunnel[985]: LOG3[10]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:25 mrrc stunnel[985]: LOG3[11]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:25 mrrc stunnel[985]: LOG3[12]: SSL_accept: Connection reset by peer (54)
Jan 11 00:21:26 mrrc stunnel[985]: LOG3[13]: SSL_accept: /usr/src/crypto/openssl/ssl/statem/statem_srvr.c:1781: error:142090C1:SSL routines:tls_early_post_process_client_hello:no shared cipher
Jan 11 00:21:26 mrrc stunnel[985]: LOG3[14]: SSL_accept: /usr/src/crypto/openssl/ssl/statem/extensions_srvr.c:698: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share
Jan 11 01:21:28 mrrc stunnel[985]: LOG3[15]: SSL_accept: Connection reset by peer (54)
Jan 11 01:21:35 mrrc stunnel[985]: LOG3[18]: SSL_accept: Connection reset by peer (54)
Jan 11 01:21:43 mrrc stunnel[985]: LOG3[21]: SSL_accept: Connection reset by peer (54)
Jan 11 03:55:41 mrrc stunnel[985]: LOG3[24]: SSL_accept: /usr/src/crypto/openssl/ssl/record/ssl3_record.c:363: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Jan 11 04:26:17 mrrc stunnel[985]: LOG3[25]: SSL_accept: No error: 0 (0)
Jan 11 06:27:23 mrrc stunnel[985]: LOG3[26]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:24 mrrc stunnel[985]: LOG3[27]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:24 mrrc stunnel[985]: LOG3[28]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:24 mrrc stunnel[985]: LOG3[29]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:24 mrrc stunnel[985]: LOG3[30]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:25 mrrc stunnel[985]: LOG3[31]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:25 mrrc stunnel[985]: LOG3[32]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:25 mrrc stunnel[985]: LOG3[33]: SSL_accept: Connection reset by peer (54)
Jan 11 06:27:25 mrrc stunnel[985]: LOG3[34]: SSL_accept: /usr/src/crypto/openssl/ssl/statem/statem_srvr.c:1781: error:142090C1:SSL routines:tls_early_post_process_client_hello:no shared cipher
Jan 11 06:27:26 mrrc stunnel[985]: LOG3[35]: SSL_accept: /usr/src/crypto/openssl/ssl/statem/extensions_srvr.c:698: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share

 

[zirias@]

stunnel by default logs to the daemon facility, which should just end up in eihter /var/log/messages or /var/log/daemon.log (depending on the log level) using the default syslog configuration. Incidentally, the daemon facility has the id 3.

So, there's probably more broken with your /etc/syslog.conf. Does it work with the default configuration? It's advisable to add your own service-specific configs in separate files in /etc/syslog.d (or /usr/local/etc/syslog.d), so you don't have to fiddle with the default config.

 

[mrrc]

/etc/syslog.conf. Does it work with the default configuration?

No, in the question part it contains:

!popa3d
*.*                                             /var/log/pop.log
!stunnel
*.*                                             /var/tmp/stunnel/stunnel.log

And I also added:

...;daemon,mail.none            /dev/console
...;daemon,mail.none            /var/log/messages

The stunnel garbage is gone, but I'm not sure if this was the right decision.