Thanks Jose,
That works!
Regards,
== Graham
From: Jose Alf. [mailto:josealf@rocketmail.com]
Sent: 04 June 2026 04:44
To: stunnel-users@lists.stunnel.org; Graham Jones
Subject: Re: [stunnel-users] SSL_connect: Connection reset by peer (WSAECONNRESET) (10054)
Hello Graham,
Understood. Port 587 accepts plain text connections that can be upgraded to TLS using STARTTLS. This will be handled by Stunnel if you add the line protocol = smtp parameter to your [zen-smtp] stanza.
[zen-smtp]
client = yes
accept = 127.0.0.1:26025
connect = mailhost.zen.co.uk:587
protocol = smtp
To test you must change your Outlook configuration to use Server 127.0.0.1 and Port 26025 and disable encryption.
You can also let stunnel handle the authentication, if you want this, you will need to add 2 more to your [zen-smtp] and disable authentication in Outlook: I recommend you don't try this except if you can successfully connect just by adding the protocol line and re-configuring your Outlook client.
protocolUsername = yourUserName (maybe youremail@yourdomain)
protocolPassword = yourPassword (Or a generated App password)
Regards,
Jose
On Wednesday, June 3, 2026 at 05:02:30 PM GMT-5, Graham Jones <graham@lorien56.co.uk> wrote:
Hi Jose,
Sorry, I made a typo in my email. The settings that work in Outlook are:
Server = mailhost.zen.co.uk
Authentication = Yes
Port = 587
Encryption = TLS
The settings in my stunnel.conf match this:
[zen-smtp]
client = yes
accept = 127.0.0.1:26025
connect = mailhost.zen.co.uk:587
If stunnel.conf contains a port number other than 587 (for example 465) there is a 20 second time delay before the WSAECONNRESET message. But using port 587 the response is immediate, as:
2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello
2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054)
I think this indicates that there is a service listening on port 587, but that something is wrong with the previous line “TLS state (connect): SSLv3/TLS write client hello”.
I know that my Outlook 2010 does not use the most modern cipher suite, which is why I am testing stunnel. Perhaps Outlook 2010 does not use SSLv3/TLS.
What do you suggest that I try now?
Regards,
== Graham
From: Jose Alf. [mailto:josealf@rocketmail.com]
Sent: 03 June 2026 21:36
To: stunnel-users@lists.stunnel.org; graham@lorien56.co.uk
Subject: Re: [stunnel-users] SSL_connect: Connection reset by peer (WSAECONNRESET) (10054)
Hi Graham,
The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config.
[zen-smtp]
client = yes
accept = 127.0.0.1:26025
connect = mailhost.zen.co.uk:576
Regards,
Jose
On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <stunnel-users@lists.stunnel.org> wrote:
I have one connection that works, and another which fails; but they have
equivalent settings. Please help me resolve this.
A fragment of the config for the connection that works:
[Lopham-smtp]
client = yes
accept = 127.0.0.1:52025
connect = mail.lopham.co.uk:465
The server mail.lopham.co.uk is hosted by a service that I pay for.
A fragment of the config for the connection that fails:
[zen-smtp]
client = yes
accept = 127.0.0.1:26025
connect = mailhost.zen.co.uk:587
The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect:
Connection reset by peer (WSAECONNRESET) (10054).
The server mailhost.zen.co.uk is hosted by my internet connection provider
(Zen Internet). When I make the connection without using stunnel the
connection works OK. My SMTP settings in Outlook 2010 are:
Server = mailhost.zen.co.uk
Authentication = Yes
Port = 576
Encryption = TLS
So I set debug = 7
The log shows:
2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started
2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504)
2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket
2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from
127.0.0.1:53292
2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0
2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587
2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting
10 seconds
2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=--
2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587
2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from
127.0.0.1:53293
2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468)
2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket
2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized
2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk
2026.06.02 12:22:48 LOG7[1]: No previous session to resume
2026.06.02 12:22:48 LOG6[1]: Peer certificate required
2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization
2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client
hello
2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer
(WSAECONNRESET) (10054)
2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468)
2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed
2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504)
2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed
2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left)
The log does not show me why the connection is reset by the peer.
Can anybody help, please?
Regards,
== Graham
_______________________________________________
stunnel-users mailing list -- stunnel-users@lists.stunnel.org
To unsubscribe send an email to stunnel-users-leave@lists.stunnel.org