http://www.stunnel.org/
Example 11.1. stunnel.conf
# Sample stunnel configuration file # Copyright by Michal Trojnara 2002 # Comment it out on Win32 cert = /etc/stunnel/stunnel.pem # chroot = /usr/var/run/stunnel/ # PID is created inside chroot jail pid = /stunnel.pid #setuid = nobody #setgid = nogroup setuid = root setgid = root # Workaround for Eudora bug #options = DONT_INSERT_EMPTY_FRAGMENTS # Authentication stuff #verify = 2 # don't forget about c_rehash CApath # it is located inside chroot jail: #CApath = /certs # or simply use CAfile instead: #CAfile = /usr/etc/stunnel/certs.pem # Some debugging stuff debug = 7 output = stunnel.log # Use it for client mode #client = yes # Service-level configuration [pop3s] accept = 995 connect = 110 [imaps] accept = 993 connect = 143 [ssmtp] accept = 465 connect = 25 #[https] #accept = 443 #connect = 80 #TIMEOUTclose = 0 [nntps] accept = 563 connect = 119
# SMTP /sbin/iptables -A INPUT -p tcp --dport 25 -j ACCEPT # SMTPS /sbin/iptables -A INPUT -p tcp --dport 465 -j ACCEPT # POP3 /sbin/iptables -A INPUT -p tcp --dport 110 -j ACCEPT # POP3S /sbin/iptables -A INPUT -p tcp --dport 995 -j ACCEPT # IMAP /sbin/iptables -A INPUT -p tcp --dport 143 -j ACCEPT # IMAPS /sbin/iptables -A INPUT -p tcp --dport 993 -j ACCEPT
[root@linuxas3 stunnel]# nmap localhost Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on linuxas3.9812.net (127.0.0.1): (The 1582 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop-3 111/tcp open sunrpc 119/tcp open nntp 143/tcp open imap2 443/tcp open https 465/tcp open smtps 563/tcp open snews 631/tcp open ipp 783/tcp open hp-alarm-mgr 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 5000/tcp open UPnP 5001/tcp open commplex-link 8009/tcp open ajp13 8080/tcp open http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 3 seconds [root@linuxas3 stunnel]#