Hi Graham,

The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config.

[zen-smtp]
client = yes
accept = 127.0.0.1:26025
connect = mailhost.zen.co.uk:576


Regards,
Jose


On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <stunnel-users@lists.stunnel.org> wrote:


I have one connection that works, and another which fails; but they have
equivalent settings.  Please help me resolve this.

A fragment of the config for the connection that works:

[Lopham-smtp]
client = yes
accept = 127.0.0.1:52025
connect = mail.lopham.co.uk:465

The server mail.lopham.co.uk is hosted by a service that I pay for.

A fragment of the config for the connection that fails:

[zen-smtp]
client = yes
accept = 127.0.0.1:26025
connect = mailhost.zen.co.uk:587

The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect:
Connection reset by peer (WSAECONNRESET) (10054).

The server mailhost.zen.co.uk is hosted by my internet connection provider
(Zen Internet).  When I make the connection without using stunnel the
connection works OK.  My SMTP settings in Outlook 2010 are:

Server = mailhost.zen.co.uk
Authentication     = Yes
Port = 576
Encryption = TLS

So I set debug = 7

The log shows:

2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started
2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504)
2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket
2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from
127.0.0.1:53292
2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0
2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587
2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting
10 seconds
2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=--
2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587
2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from
127.0.0.1:53293
2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468)
2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket
2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized
2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk
2026.06.02 12:22:48 LOG7[1]: No previous session to resume
2026.06.02 12:22:48 LOG6[1]: Peer certificate required
2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization
2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client
hello
2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer
(WSAECONNRESET) (10054)
2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket
2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468)
2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed
2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504)
2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed
2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left)

The log does not show me why the connection is reset by the peer. 

Can anybody help, please?


Regards,

== Graham




_______________________________________________
stunnel-users mailing list -- stunnel-users@lists.stunnel.org
To unsubscribe send an email to stunnel-users-leave@lists.stunnel.org