[stunnel-users] Problem: eMail over SMTP on port 587 accepted without error but not forwarded

Ben Stover bxstover at yahoo.co.uk
Thu Nov 2 13:11:12 CET 2017


After a long time of successful usage of stunnel on a Windows 7 system I experienced now permanent problems with sending messages
from my local email client over stunnel + SMTP to the remote smtp-server on port 587.

Again: my local client+stunnel setup is/was untouched.

When I send now messages to remote port 587 (as before) they are silently accepted but NOT forwarded to the final destination.
No error messages was returned.

The only thing I could imagine is that the webhoster changed the mail server certificate.

How does stunnel handle this scenario?
Do I have to tell stunnel that the remote certificate changed? how?

Receiving eMails through POP3 on port 995 works.

WebHoster has no clue what the reason is.

The (anonymized) log below shows the transfer

Any help is welcomed.

Thank you
Peter

2017.11.02 13:03:51 LOG7[main]: Found 1 ready file descriptor(s)
2017.11.02 13:03:51 LOG7[main]: FD=388 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=464 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=468 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=472 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=476 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=480 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=484 ifds=r-x ofds=r--
2017.11.02 13:03:51 LOG7[main]: FD=488 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=492 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=496 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=500 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=504 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=508 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=512 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=516 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=520 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=524 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: FD=528 ifds=r-x ofds=---
2017.11.02 13:03:51 LOG7[main]: Service [mail-smtp] accepted (FD=904) from 127.0.0.1:47872
2017.11.02 13:03:51 LOG7[main]: Creating a new thread
2017.11.02 13:03:51 LOG7[main]: New thread created
2017.11.02 13:03:51 LOG7[537]: Service [mail-smtp] started
2017.11.02 13:03:51 LOG7[537]: Option TCP_NODELAY set on local socket
2017.11.02 13:03:51 LOG5[537]: Service [mail-smtp] accepted connection from 127.0.0.1:47872
2017.11.02 13:03:51 LOG6[537]: s_connect: connecting 195.54.77.83:587
2017.11.02 13:03:51 LOG7[537]: s_connect: s_poll_wait 195.54.77.83:587: waiting 10 seconds
2017.11.02 13:03:51 LOG5[537]: s_connect: connected 195.54.77.83:587
2017.11.02 13:03:51 LOG5[537]: Service [mail-smtp] connected remote server from 192.168.0.10:47873
2017.11.02 13:03:51 LOG7[537]: Option TCP_NODELAY set on remote socket
2017.11.02 13:03:51 LOG7[537]: Remote descriptor (FD=876) initialized
2017.11.02 13:03:51 LOG7[537]:  <- 220 foobar.testserver.com ESMTP Postfix
2017.11.02 13:03:51 LOG7[537]:  -> 220 foobar.testserver.com ESMTP Postfix
2017.11.02 13:03:51 LOG7[537]:  -> EHLO localhost
2017.11.02 13:03:51 LOG7[537]:  <- 250-foobar.testserver.com
2017.11.02 13:03:51 LOG7[537]:  <- 250-PIPELINING
2017.11.02 13:03:51 LOG7[537]:  <- 250-SIZE 104857600
2017.11.02 13:03:51 LOG7[537]:  <- 250-ETRN
2017.11.02 13:03:51 LOG7[537]:  <- 250-STARTTLS
2017.11.02 13:03:51 LOG7[537]:  <- 250-ENHANCEDSTATUSCODES
2017.11.02 13:03:51 LOG7[537]:  <- 250-8BITMIME
2017.11.02 13:03:51 LOG7[537]:  <- 250 DSN
2017.11.02 13:03:51 LOG7[537]:  -> STARTTLS
2017.11.02 13:03:51 LOG7[537]:  <- 220 2.0.0 Ready to start TLS
2017.11.02 13:03:51 LOG6[537]: SNI: sending servername: foobar.testserver.com
2017.11.02 13:03:51 LOG6[537]: Peer certificate not required
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): before/connect initialization
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write client hello A
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server hello A
2017.11.02 13:03:51 LOG6[537]: Certificate verification disabled
2017.11.02 13:03:51 LOG6[537]: Certificate verification disabled
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server certificate A
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server key exchange A
2017.11.02 13:03:51 LOG6[537]: Client certificate not requested
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server done A
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write client key exchange A
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write change cipher spec A
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write finished A
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 flush data
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server session ticket A
2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read finished A
2017.11.02 13:03:51 LOG7[537]:      2 client connect(s) requested
2017.11.02 13:03:51 LOG7[537]:      2 client connect(s) succeeded
2017.11.02 13:03:51 LOG7[537]:      0 client renegotiation(s) requested
2017.11.02 13:03:51 LOG7[537]:      0 session reuse(s)
2017.11.02 13:03:51 LOG6[537]: TLS connected: new session negotiated
2017.11.02 13:03:51 LOG7[537]: Deallocating application specific data for session connect address
2017.11.02 13:03:51 LOG6[537]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption)
2017.11.02 13:03:51 LOG7[537]: Compression: null, expansion: null
2017.11.02 13:03:52 LOG6[537]: Read socket closed (readsocket)
2017.11.02 13:03:52 LOG7[537]: Sending close_notify alert
2017.11.02 13:03:52 LOG7[537]: TLS alert (write): warning: close notify
2017.11.02 13:03:52 LOG6[537]: SSL_shutdown successfully sent close_notify alert
2017.11.02 13:03:52 LOG7[537]: TLS alert (read): warning: close notify
2017.11.02 13:03:52 LOG6[537]: TLS closed (SSL_read)
2017.11.02 13:03:52 LOG7[537]: Sent socket write shutdown
2017.11.02 13:03:52 LOG5[537]: Connection closed: 2954 byte(s) sent to TLS, 337 byte(s) sent to socket
2017.11.02 13:03:52 LOG7[537]: Remote descriptor (FD=876) closed
2017.11.02 13:03:52 LOG7[537]: Local descriptor (FD=904) closed
2017.11.02 13:03:52 LOG7[537]: Service [mailo-smtp] finished (0 left)







More information about the stunnel-users mailing list