If someone knows how to use this thing in Arch and would be willing to share his knowledge...I'm sure many users would benefit from a short howto on stunnel.
As far as I know it's possible to securely(SSL) tunnel services like pop3, smtp ,nntp with this program. I was interested in tunneling nntp in Pan. I figured out that I would need to use stunnel to forward local port e.g. 7000 to the standard port:119 which Pan uses. Then I would have to set newsserver port in Pan to 7000 and voila. I've even found the appropriate config entry:
#[ssl onet.pl] #accept=localhost:7000 #connect=news.onet.pl:119
The problem is that when I try to do ./stunnel start in /etc/rc.d/. The daemon fails to start and I have no clue why it does it to me;)
If neone feels like tinkering with it, go ahead and describe your experiences in this thread
In the meantime I'll be trying to figure it out as well, because seeing my passwords floating in plain text accross my network scares me. I've used ettercap, just to find out that almost any program utilizing my mailbox account sends passwords unencrypted. Scary :?
I have never used stunnel .. only have some article about it layign around I think. Anyway, I think you can secure smtp and pop without a tunnel. They normallty provide encryption themselves if set up with it.
I have no idea abotu ntp.
I have stunnel working fine on my Debian (stable) box.
I can send you my config if you'd like. (Can't do it right now, since I'm not at home.) Debian stable's running an older version of stunnel than Arch, though, so I don't know if the configs would be completely compatible, but it should at least give you a starting point.
Yup. A config may be interesting. The problem is that the newest ver. arch uses is totally different in case of options.
No prob. Here you go:
# stunnel configuration file # by Steve Haslam # Level of verification to use [-v] #VERIFY 1 # Certificate for server mode [-p] SERVERCERT /etc/ssl/certs/stunnel.pem # Trusted certs directory for VERIFY 3 [-a] #TRUSTEDCERTS /etc/ssl/certs # Additional options ADDLOPTS -s nobody -g nogroup # Tunnel definitions (daemon mode) ##TUNNEL -l pop3s /usr/sbin/ipop3d -- ipop3d #TUNNEL pop3s -r pop-3 #TUNNEL imaps -r imap2 #TUNNEL ssmtp -r smtp TUNNEL 210 -c -r mail-server-1:995 TUNNEL 211 -c -r mail-server-2:995
FYI - this is apparently from stunnel v3.22.