<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css" style="display:none"><!-- p { margin-top: 0px; margin-bottom: 0px; }--></style>
</head>
<body dir="ltr" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi everyone,<br>
</p>
<p><br>
</p>
<p>I have been working on defending against the POODLE bug for the past couple of weeks, and at the same time I have a Sophos UTM 120 firewall just installed, whereby this update popped up over the weekend:<br>
</p>
<p><br>
</p>
<blockquote style="margin: 0 0 0 40px; border: none; padding: 0px;">
<p><img name="null" title="pastedImage.png" src="cid:2ddc384e-3889-4c09-b55a-9c0519158332"><br>
</p>
</blockquote>
<p><br>
</p>
<p>With the new firewall installed, I was having a lot of issues connecting to Exchange Online using Stunnel 5.06 with the following config:<br>
</p>
<p><br>
</p>
<blockquote style="margin:0 0 0 40px; border:none; padding:0px">
<div><span style="font-family:'Courier New',monospace"># GLOBAL OPTIONS</span></div>
<div><span style="font-family:'Courier New',monospace">client = yes</span></div>
<div><span style="font-family:'Courier New',monospace">output = stunnel-log.txt</span></div>
<div><span style="font-family:'Courier New',monospace">debug = 7</span></div>
<div><span style="font-family:'Courier New',monospace">taskbar = yes</span></div>
<div><br style="font-family:'Courier New',monospace">
</div>
<div><br style="font-family:'Courier New',monospace">
</div>
<div><span style="font-family:'Courier New',monospace"># SERVICE-LEVEL OPTIONS</span></div>
<div><br style="font-family:'Courier New',monospace">
</div>
<div><span style="font-family:'Courier New',monospace">[SMTP Outgoing]</span></div>
<div><span style="font-family:'Courier New',monospace">#Accept connections on port 25 and send to Exchange Online on port 587 over TLS</span></div>
<div><span style="font-family:'Courier New',monospace">accept = 25</span></div>
<div><span style="font-family:'Courier New',monospace">connect = smtp.office365.com:587</span></div>
<div><span style="font-family:'Courier New',monospace">protocol = smtp</span></div>
</blockquote>
<div><br>
<br>
</div>
<div>... when I realised that the smtp.office365.com was not supposed to be configured as a
<em>DNS Host</em>, but instead should have been a<em> DNS Group </em>within the firewall. There are additional IPs for Exchange Online that MS published, and I included these in the firewall configuration.<br>
</div>
<div><br>
</div>
<div>However, I spotted the following in stunnel's logs for a typical email being sent via the relay (highlighted in
<span style="background-color:rgb(255,255,0)">yellow</span>):<br>
</div>
<div><br>
</div>
<blockquote style="margin:0 0 0 40px; border:none; padding:0px">
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4436]: Service [SMTP Outgoing] accepted (FD=476) from 127.0.0.1:61819</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4436]: Creating a new thread</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4436]: New thread created</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4156]: Service [SMTP Outgoing] started</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG5[4156]: Service [SMTP Outgoing] accepted connection from 127.0.0.1:61819</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG6[4156]: s_connect: connecting 132.245.226.18:587</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4156]: s_connect: s_poll_wait 132.245.226.18:587: waiting 10 seconds</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG5[4156]: s_connect: connected 132.245.226.18:587</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG5[4156]: Service [SMTP Outgoing] connected remote server from
<span style="background-color:rgb(0,0,0)">192.168.</span><span style="background-color:rgb(0,0,0)"><span style="background-color:rgb(0,0,0)">200.104</span></span>:61820</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4156]: Remote socket (FD=488) initialized</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4156]: <- 220 DB4PR03CA0002.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 28 Oct 2014 14:35:54 +0000</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4156]: -> 220 DB4PR03CA0002.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 28 Oct 2014 14:35:54 +0000</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:54 LOG7[4156]: -> EHLO localhost</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-DB4PR03CA0002.outlook.office365.com Hello [87.198.240.73]</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-SIZE 78643200</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-PIPELINING</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-DSN</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-ENHANCEDSTATUSCODES</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-STARTTLS</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-8BITMIME</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250-BINARYMIME</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 250 CHUNKING</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: -> STARTTLS</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: <- 220 2.0.0 SMTP server ready</span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,255)"><span style="background-color:rgb(255,255,255)"><span style="background-color:rgb(255,255,255)">2014.10.28 14:35:55 LOG6[4156]: SNI: sending servername: smtp.office365.com</span></span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,255)"><span style="background-color:rgb(255,255,255)"><span style="background-color:rgb(255,255,255)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): before/connect initialization</span></span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write client hello A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 read server hello A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 read server certificate A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 read server key exchange A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 read server certificate request A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 read server done A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write client certificate A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write client key exchange A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write change cipher spec A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 write finished A</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 flush data</span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG7[4156]: SSL state (connect): SSLv3 read finished A</span></span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 80 items in the session cache</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 335 client connects (SSL_connect())</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 335 client connects that finished</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 client renegotiations requested</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 server connects (SSL_accept())</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 server connects that finished</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 server renegotiations requested</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 session cache hits</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 external session cache hits</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 session cache misses</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG7[4156]: 0 session cache timeouts</span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,255)"><span style="background-color:rgb(255,255,255)"><span style="background-color:rgb(255,255,255)">2014.10.28 14:35:55 LOG6[4156]: SSL connected: new session negotiated</span></span></span></div>
<div><span style="font-family:'Courier New',monospace; background-color:rgb(255,255,0)"><span style="background-color:rgb(255,255,0)">2014.10.28 14:35:55 LOG6[4156]: Negotiated TLSv1 ciphersuite ECDHE-RSA-AES256-SHA (256-bit encryption)</span></span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:55 LOG6[4156]: Compression: null, expansion: null</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG6[4156]: Read socket closed (readsocket)</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG7[4156]: Sending close_notify alert</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG7[4156]: SSL alert (write): warning: close notify</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG6[4156]: SSL_shutdown successfully sent close_notify alert</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG6[4156]: SSL socket closed (SSL_read)</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG7[4156]: Sent socket write shutdown</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG5[4156]: Connection closed: 22332 byte(s) sent to SSL, 615 byte(s) sent to socket</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG7[4156]: Remote socket (FD=488) closed</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG7[4156]: Local socket (FD=476) closed</span></div>
<div><span style="font-family:'Courier New',monospace">2014.10.28 14:35:58 LOG7[4156]: Service [SMTP Outgoing] finished (0 left)</span></div>
</blockquote>
<p><br>
</p>
<p>Note that the emails are being generated on the same server (Windows Server 2008 R2, hosted on Hyper-V).<br>
</p>
<div id="Signature">
<div name="divtagdefaultwrapper" style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:; margin:0">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div><font><b><br>
</b></font></div>
<div><font>I have a basic (shaky) understanding that the "handshake" for TLS does downgrade to SSLv3 if newer versions of TLS fail, but I am wondering if I apply the update recommended on the firewall, will this cut the communication for the SMTP relay, the
way I am using it?</font></div>
<div><font><br>
</font></div>
<div><font>However, I also see the TLSv1 ciphersuite being negotiated.</font></div>
<div><font><br>
</font></div>
<div><font>Are there any other settings that I should be using in the .conf file? (I adapted a configuration from MessageOps a few years back.)</font></div>
<div><font><br>
</font></div>
<div><font>Is this something I need to sort out with Microsoft's Office365 team?</font></div>
<div><font><br>
</font></div>
<div><font>Maybe it's my lack of understanding of the log, but I thought I'd check with you guys first that the log file generated as above is OK (or not!).</font></div>
<div><font><br>
</font></div>
<div><font><br>
</font></div>
<div><font>Thanks for taking the time-out top read this, and apologies for all the yellow. ;)</font></div>
<div><font><br>
<strong></strong><br>
<strong>Regards,</strong><br>
<strong>Stephen</strong></font><br>
<p style="font-size:13px; font-family:Tahoma"><strong></strong></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<br>
<hr>
<span style="font-family:"Arial","sans-serif"">
<p><img src="http://dl.dropbox.com/u/16175691/Mila_Logo_RGB_Strapline_EmailSig.png" alt="Mila Logo" align="left">
<span style="font-size:10.0pt">Stephen Hogan </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">System Administrator </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">Mila Limited </span><br>
<span style="font-size:10.0pt">Kilbarrack Industrial Estate, Kilbarrack, Dublin 5, IRELAND
</span><br>
<span style="font-size:10.0pt">Tel: +353 (0)1 839 0402 </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">Fax: +353 (0)1 839 0589 </span><br>
<span style="font-size:10.0pt">Email: shogan@mila.ie </span> <span style="font-size:10.0pt;color:red"><em>|</em></span>
<span style="font-size:10.0pt">Web: www.mila.ie </span><br>
<br>
<span style="font-size:8.0pt">Company Reg. No. 143406. Registered address: 24/26 City Quay, Dublin 2, Ireland.
</span><br clear="all">
<br>
<br>
<span style="font-size:8.0pt"><strong>DISCLAIMER:</strong> This email and any files transmitted with it are confidential and intended solely for the attention and use of the individual or entity to whom they are addressed. No copyright or other intellectual
rights to any material attached to this email, either inline or as an attachment are transferred to the recipient unless explicitly stated. If you have received this email in error please reply to inform us accordingly, prior to deleting the message.
</span><br>
<br>
</p>
</span>
</body>
</html>