summaryrefslogtreecommitdiffstats
path: root/roles/IMAP-proxy/files/etc/stunnel
diff options
context:
space:
mode:
Diffstat (limited to 'roles/IMAP-proxy/files/etc/stunnel')
-rw-r--r--roles/IMAP-proxy/files/etc/stunnel/stunnel.conf57
1 files changed, 57 insertions, 0 deletions
diff --git a/roles/IMAP-proxy/files/etc/stunnel/stunnel.conf b/roles/IMAP-proxy/files/etc/stunnel/stunnel.conf
new file mode 100644
index 0000000..026bc30
--- /dev/null
+++ b/roles/IMAP-proxy/files/etc/stunnel/stunnel.conf
@@ -0,0 +1,57 @@
+; Sample stunnel configuration file for Unix by Michal Trojnara 2002-2012
+; Some options used here may be inadequate for your particular configuration
+; This sample file does *not* represent stunnel.conf defaults
+; Please consult the manual for detailed description of available options
+
+; **************************************************************************
+; * Global options *
+; **************************************************************************
+
+; A copy of some devices and system files is needed within the chroot jail
+; Chroot conflicts with configuration file reload and many other features
+; Remember also to update the logrotate configuration.
+;chroot = /var/lib/stunnel4/
+; Chroot jail can be escaped if setuid option is not used
+setuid = stunnel4
+setgid = stunnel4
+
+; PID is created inside the chroot jail
+pid = /var/run/stunnel4/stunnel4.pid
+
+; Debugging stuff (may useful for troubleshooting)
+debug = 4
+;output = /var/log/stunnel4/stunnel.log
+
+; **************************************************************************
+; * Service defaults may also be specified in individual service sections *
+; **************************************************************************
+
+; Certificate/key is needed in server mode and optional in client mode
+;cert = /etc/stunnel/mail.pem
+;key = /etc/stunnel/mail.pem
+client = yes
+socket = a:SO_BINDTODEVICE=lo
+
+; Authentication stuff needs to be configured to prevent MITM attacks
+verify = 4
+
+; Disable support for insecure SSLv2 protocol
+options = NO_SSLv2
+; Workaround for Eudora bug
+;options = DONT_INSERT_EMPTY_FRAGMENTS
+
+; These options provide additional security at some performance degradation
+;options = SINGLE_ECDH_USE
+;options = SINGLE_DH_USE
+
+; **************************************************************************
+; * Service definitions (remove all services for inetd mode) *
+; **************************************************************************
+
+[imaps]
+accept = localhost:993
+connect = imap.fripost.org:993
+CAfile = /etc/stunnel/certs/imap.fripost.org.pem
+ciphers = ECDH+AES:DH+AES
+
+; vim:ft=dosini