If you are using stunnel in client mode you may experience connection problems when connecting to your stunnel services.
To avoid these problems make the following changes in your stunnel.conf file:
- Comment out the following line: chroot = /var/lib/stunnel4/
- Update pid file location with this: pid = /var/lib/stunnel4/stunnel4.pid
- Add delay = yes into the service configuration
In this case DNS lookup will be done when the service is needed for the first time.
It is really simple to add POP3 SSL support to your existing e-mail client which does not support it, or whatever SSL support you want using stunnel. I just cannot remember all the steps to set up clean system. So I have created this small guide which will help me in future and may be will help somebody else too.
- Install stunnel if you don’t have it installed already: sudo apt-get install stunnel
- Allow stunnel to autostart by editing stunnel defaults file: sudo gedit /etc/default/stunnel4
- Finally perform the following task on the /etc/stunnel/stunnel.conf file:
- Comment the following line, so that we want have to generate certificate, because we don’t need it in client mode: ;cert = /etc/ssl/certs/stunnel.pem
- Change sslVersion to all if you need support for all SSL types
- Uncomment the following line: client = yes
- Add definition for client vs. server ports. In my case I was redirecting to FastMail:
accept = 1109
connect = mail.messagingengine.com:995