1. Provides encryption services for applications without modifying the application.
2. Uses public key encryption.
1. Create stunnel.pem
2. # Generate private key and certificate
4. openssl req -new -newkey rsa:1024 -nodes -x509 -keyout /tmp/key -out /tmp/cert
6. # Create stunnel.pem
8. echo >> /tmp/key
9. cat /tmp/cert >> /tmp/key
10. echo >> /tmp/key
11. rm /tmp/cert
12. mv /tmp/key /usr/share/ssl/certs/stunnel.pem
13. chmod 600 /usr/share/ssl/certs/stunnel.pem
14. Sample IMAPS Configuration
15. stunnel -d 192.168.1.20:993 -r localhost:143
This starts stunnel in daemon mode (-d) and causes it to listen on port 993 of interface 192.168.1.20. Incoming connections received on port 993 are then redirected to port 143.
libwrap NOTE: – Because stunnel uses libwrap, you need to configure access via /etc/hosts.allow and /etc/hosts.deny. When stunnel starts, it will write the name of the service to /var/log/messages that it will be checking for via tcp wrappers. For example, the above stunnel configuration created the following log entry:
stunnel: Using ‘localhost.143’ as tcpwrapper service name
You will need to use “localhost.143” as the service name in /etc/hosts.allow and /etc/hosts.deny.
40. Fetchmail Made Simple (really simple)