[stunnel-users] How use certificates with stunnel -- Newbie question

Shatadal shatadal at vfemail.net
Thu Nov 25 22:46:28 CET 2004


Hi,

I am a new user of stunnel and I am using it to connect to some SSL 
enabled e-mail accounts. Instead of directly connecting to the mail 
server I am connecting to it via stunnel so that my e-mail scanner scan 
the messages before sending it to the mail server (it does not natively 
support SSL connections)

My setup:

OS: Win XP Home edition. All updates are installed except for service 
pack 2.
E-mail client: Mozilla Thunderbird 0.9
E-mail scanner : Alwil Avast 4.5

I have an e-mail account at myisp.com. To connect to myisp I need to 
enable SSL. On connecting via SSL I get a certificate which I can choose 
to accept permanently, temporarily for the current session or reject it.

Alwil Avast mail scanner does not support scanning of e-mail sent and 
received over SSL. So to enable it to scan such e-mail, my client 
connects to localhost where stunnel is listening and stunnel forwards 
the connection to my isp.

This is my stunnel.conf file

# IMAP service, listens on localhost:1200
[myisp-imaps]
accept=localhost:1200
connect=myisp.com:993

# SMTP service, listens on localhost:260
[myisp-smtps]
accept=localhost:260
connect=myisp.com:25

Unfortunately while the IMAP connection works perfectly the SMTP does 
not. Thunderbird keeps sending the message until I cancel it.

This is the log file

2004.11.25 03:10:03 LOG5[2508:3848]: myisp-smtps connected from 
127.0.0.1:2751
2004.11.25 03:10:08 LOG3[2508:3848]: SSL_connect: 1408F10B: 
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2004.11.25 03:11:03 LOG5[2508:192]: myisp-smtps connected from 
127.0.0.1:2755
2004.11.25 03:11:08 LOG3[2508:192]: SSL_connect: 1408F10B: 
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2004.11.25 13:36:40 LOG5[2508:2112]: myisp-smtps connected from 
127.0.0.1:4818
2004.11.25 13:36:45 LOG3[2508:2112]: SSL_connect: 1408F10B: 
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2004.11.25 14:01:44 LOG5[2508:3208]: myisp-smtps connected from 
127.0.0.1:1188
2004.11.25 14:01:50 LOG3[2508:3208]: SSL_connect: 1408F10B: 
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

I am guessing the problem is something to do with the handling of the 
certificate I get when I use my client to connect directly to the SMTP 
server via SSL.

Can someone explain to me how to make stunnel accept the certificate and 
continue the SSL transaction? I tried to read through the faq for 
certificates but I couldn't understand how it was to be done.

Thanks,
Shatadal.


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0448-0, 11/23/2004
Tested on: 11/25/2004 3:46:33 PM
avast! - copyright (c) 2000-2004 ALWIL Software.
http://www.avast.com






More information about the stunnel-users mailing list