; Sample stunnel configuration file by Michal Trojnara 2002-2009
;
; some options used here may not be adequate for your particular configuration
; please read the manual and make sure you understand them

; certificate/key is needed in server mode and optional in client mode
cert = /etc/stunnel/mail.crt
;key = /etc/stunnel/mail.key

; protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; security enhancements for UNIX systems - comment them out on Win32
; for chroot a copy of some devices and files is needed within the jail
chroot = /var/run/stunnel/
setuid = nobody
setgid = nobody
; PID is created inside the chroot jail
pid = /stunnel.pid

; performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = zlib

; workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; authentication stuff needs to be configured to prevent MITM attacks
; it is not enabled by default!
;verify = 2
; don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; it's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
;CAfile = /etc/pki/tls/certs/ca-bundle.crt
; don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; alternatively CRLfile can be used
;CRLfile = /etc/stunnel/crls.pem

; debugging stuff (may useful for troubleshooting)
;debug = 7
;output = stunnel.log

; SSL client mode
;client = yes

; service-level configuration

[pop3s]
accept  = 995
connect = 110

[imaps]
accept  = 993
connect = 143

[ssmtp]
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini