--- stunnel-5.14/tools/stunnel.conf-sample.in.orig	2015-01-02 15:29:55.000000000 +0100
+++ stunnel-5.14/tools/stunnel.conf-sample.in	2015-04-04 08:16:03.346648179 +0200
@@ -12,11 +12,11 @@
 ; Remember also to update the logrotate configuration.
 ;chroot = @prefix@/var/lib/stunnel/
 ; Chroot jail can be escaped if setuid option is not used
-;setuid = nobody
-;setgid = @DEFAULT_GROUP@
+setuid = stunnel
+setgid = stunnel
 
 ; PID file is created inside the chroot jail (if enabled)
-;pid = @prefix@/var/run/stunnel.pid
+pid = /var/run/stunnel/stunnel.pid
 
 ; Debugging stuff (may be useful for troubleshooting)
 ;debug = 7
@@ -27,8 +27,8 @@
 ; **************************************************************************
 
 ; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = /etc/stunnel/mail.pem
+;key = /etc/stunnel/mail.pem
 
 ; Authentication stuff needs to be configured to prevent MITM attacks
 ; It is not enabled by default!
@@ -37,12 +37,12 @@
 ; CApath is located inside chroot jail
 ;CApath = /certs
 ; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+CAfile = /etc/stunnel/certs.pem
 ; Don't forget to c_rehash CRLpath
 ; CRLpath is located inside chroot jail
 ;CRLpath = /crls
 ; Alternatively CRLfile can be used
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+CRLfile = /etc/stunnel/crls.pem
 
 ; Enable support for the insecure SSLv2 protocol
 ;options = -NO_SSLv2
@@ -61,17 +61,17 @@
 
 ; Example SSL server mode services
 
-[pop3s]
-accept  = 995
-connect = 110
-
-[imaps]
-accept  = 993
-connect = 143
-
-[ssmtp]
-accept  = 465
-connect = 25
+;[pop3s]
+;accept  = 995
+;connect = 110
+
+;[imaps]
+;accept  = 993
+;connect = 143
+
+;[ssmtp]
+;accept  = 465
+;connect = 25
 
 ; Example SSL client mode services