1. Forum
  2. FidoNet
  3. ALT.OS.LINUX.MAGEIA

  • Some stunnel questions

    From Bit Twister@2:250/1 to All on Thu Jul 23 04:53:11 2020
    I am wanting to setup stunnel for a couple of connections.

    What research done so far leaves me with a few questions.

    Spent days trying to get Dovecot to let me access postfix but
    Thunderbird kept complaining about the security cert being invalid.

    I would really appreciate some help with only what needs to be done
    in a Mageia install. Preferably with Usenet which would make it
    easy for me to know I got it working.

    First question is how to tell an application to use it.
    For example, my Usenet client, what do I enter for the Usenet server?

    Currently using NNTPSERVER=snews://reader443.eternal-september.org


    I do not think I need to generate any certificates after install
    not sure of what to change in /etc/stunnel/stunnel.conf.

    As I misunderstand it I can change /etc/stunnel/stunnel.conf:
    from ;include = /etc/stunnel/conf.d
    to include = /etc/stunnel/conf.d

    from ;output = /var/log/stunnel.log
    from output = /var/log/stunnel.log

    mkdir --parents /etc/stunnel/conf.d

    create some configuration files in that directory.

    Question here:
    grep nntp /etc/services
    would suggest I would use the nntps port so what should it be?

    # cat /etc/stunnel/conf.d/xx__nntp.conf

    ;#******************************************
    ;#* Created by /local/bin/stunnel_nntp_changes Wed 22 Jul 22:02 2020 ;#******************************************

    [nntp]
    client = yes
    accept = 127.0.0.1:1111
    connect = news.eternal-september.org:563
    verifyChain = yes
    CAfile = ca-certs.pem
    checkHost = news.eternal-september.org
    OCSPaia = yes

    ;#************** end /etc/stunnel/conf.d/xx__nntp.conf **************

    Create a stunnel log rotate file:

    # cat /etc/logrotate.d/stunnel
    #******************************************
    #* Created by /local/bin/stunnel_logrotate_changes Wed 22 Jul 22:09 2020 #******************************************

    /var/log/stunnel/*.log {
    weekly
    notifempty
    missingok
    compress
    postrotate
    /usr/bin/killall -HUP stunnel
    endscript
    }
    #******** end /etc/logrotate.d/stunnel ********

    Tell systemctl to enable it during boot and start it now.
    systemctl enable stunnel
    systemctl start stunnel

    and create a yearly cron job to renew the cert's expiration date.

    Thanks in advance for any help.

    --- MBSE BBS v1.0.7.17 (GNU/Linux-x86_64)
    * Origin: A noiseless patient Spider (2:250/1@fidonet)