I am wanting to setup stunnel for a couple of connections.
What research done so far leaves me with a few questions.
Spent days trying to get Dovecot to let me access postfix but
Thunderbird kept complaining about the security cert being invalid.
I would really appreciate some help with only what needs to be done
in a Mageia install. Preferably with Usenet which would make it
easy for me to know I got it working.
First question is how to tell an application to use it.
For example, my Usenet client, what do I enter for the Usenet server?
Currently using NNTPSERVER=s
news://reader443.eternal-september.org
I do not think I need to generate any certificates after install
not sure of what to change in /etc/stunnel/stunnel.conf.
As I misunderstand it I can change /etc/stunnel/stunnel.conf:
from ;include = /etc/stunnel/conf.d
to include = /etc/stunnel/conf.d
from ;output = /var/log/stunnel.log
from output = /var/log/stunnel.log
mkdir --parents /etc/stunnel/conf.d
create some configuration files in that directory.
Question here:
grep nntp /etc/services
would suggest I would use the nntps port so what should it be?
# cat /etc/stunnel/conf.d/xx__nntp.conf
;#******************************************
;#* Created by /local/bin/stunnel_nntp_changes Wed 22 Jul 22:02 2020 ;#******************************************
[nntp]
client = yes
accept = 127.0.0.1:1111
connect = news.eternal-september.org:563
verifyChain = yes
CAfile = ca-certs.pem
checkHost = news.eternal-september.org
OCSPaia = yes
;#************** end /etc/stunnel/conf.d/xx__nntp.conf **************
Create a stunnel log rotate file:
# cat /etc/logrotate.d/stunnel
#******************************************
#* Created by /local/bin/stunnel_logrotate_changes Wed 22 Jul 22:09 2020 #******************************************
/var/log/stunnel/*.log {
weekly
notifempty
missingok
compress
postrotate
/usr/bin/killall -HUP stunnel
endscript
}
#******** end /etc/logrotate.d/stunnel ********
Tell systemctl to enable it during boot and start it now.
systemctl enable stunnel
systemctl start stunnel
and create a yearly cron job to renew the cert's expiration date.
Thanks in advance for any help.
--- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)