Hello Graham, Understood. Port 587 accepts plain text connections that can be upgraded to TLS using STARTTLS. This will be handled by Stunnel if you add the line protocol = smtp parameter to your [zen-smtp] stanza. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 protocol = smtp To test you must change your Outlook configuration to use Server 127.0.0.1 and Port 26025 and disable encryption. You can also let stunnel handle the authentication, if you want this, you will need to add 2 more to your [zen-smtp] and disable authentication in Outlook: I recommend you don't try this except if you can successfully connect just by adding the protocol line and re-configuring your Outlook client. protocolUsername = yourUserName (maybe youremail@yourdomain)protocolPassword = yourPassword (Or a generated App password) Regards,Jose On Wednesday, June 3, 2026 at 05:02:30 PM GMT-5, Graham Jones <[email protected]> wrote: Hi Jose, Sorry, I made a typo in my email. The settings that work in Outlook are: Server = mailhost.zen.co.uk Authentication = Yes Port = 587 Encryption = TLS The settings in my stunnel.conf match this: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 If stunnel.conf contains a port number other than 587 (for example 465) there is a 20 second time delay before the WSAECONNRESET message. But using port 587 the response is immediate, as: 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) I think this indicates that there is a service listening on port 587, but that something is wrong with the previous line “TLS state (connect): SSLv3/TLS write client hello”. I know that my Outlook 2010 does not use the most modern cipher suite, which is why I am testing stunnel. Perhaps Outlook 2010 does not use SSLv3/TLS. What do you suggest that I try now? Regards, == Graham From: Jose Alf. [mailto:[email protected]] Sent: 03 June 2026 21:36 To: [email protected]; [email protected] Subject: Re: [stunnel-users] SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) Hi Graham, The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:576 Regards, Jose On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <[email protected]> wrote: I have one connection that works, and another which fails; but they have equivalent settings. Please help me resolve this. A fragment of the config for the connection that works: [Lopham-smtp] client = yes accept = 127.0.0.1:52025 connect = mail.lopham.co.uk:465 The server mail.lopham.co.uk is hosted by a service that I pay for. A fragment of the config for the connection that fails: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054). The server mailhost.zen.co.uk is hosted by my internet connection provider (Zen Internet). When I make the connection without using stunnel the connection works OK. My SMTP settings in Outlook 2010 are: Server = mailhost.zen.co.uk Authentication = Yes Port = 576 Encryption = TLS So I set debug = 7 The log shows: 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started 2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from 127.0.0.1:53292 2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0 2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587 2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting 10 seconds 2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=-- 2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from 127.0.0.1:53293 2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized 2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk 2026.06.02 12:22:48 LOG7[1]: No previous session to resume 2026.06.02 12:22:48 LOG6[1]: Peer certificate required 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) 2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468) 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed 2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504) 2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left) The log does not show me why the connection is reset by the peer. Can anybody help, please? Regards, == Graham _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]