I have one connection that works, and another which fails; but they have equivalent settings. Please help me resolve this. A fragment of the config for the connection that works: [Lopham-smtp] client = yes accept = 127.0.0.1:52025 connect = mail.lopham.co.uk:465 The server mail.lopham.co.uk is hosted by a service that I pay for. A fragment of the config for the connection that fails: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054). The server mailhost.zen.co.uk is hosted by my internet connection provider (Zen Internet). When I make the connection without using stunnel the connection works OK. My SMTP settings in Outlook 2010 are: Server = mailhost.zen.co.uk Authentication = Yes Port = 576 Encryption = TLS So I set debug = 7 The log shows: 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started 2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from 127.0.0.1:53292 2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0 2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587 2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting 10 seconds 2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=-- 2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from 127.0.0.1:53293 2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized 2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk 2026.06.02 12:22:48 LOG7[1]: No previous session to resume 2026.06.02 12:22:48 LOG6[1]: Peer certificate required 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) 2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468) 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed 2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504) 2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left) The log does not show me why the connection is reset by the peer. Can anybody help, please? Regards, == Graham
Hi Graham, "reset by peer" means "the peer sent us a TCP RST packet". Why did it send it? We have no way to know without seeing its logs. It could be an IP blocklist, unsupported TLS version, or something completely different. Sending a generic TCP RST packet rather than a specific TLS alert is a bad, but also quite common practice. I'd try connecting the service with openssl s_client first to identify supported protocols and cipherauites. If you pay for the service, you could likely contact their customer support. Best regards, Mike
Hi Graham, The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:576 Regards,Jose On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <[email protected]> wrote: I have one connection that works, and another which fails; but they have equivalent settings. Please help me resolve this. A fragment of the config for the connection that works: [Lopham-smtp] client = yes accept = 127.0.0.1:52025 connect = mail.lopham.co.uk:465 The server mail.lopham.co.uk is hosted by a service that I pay for. A fragment of the config for the connection that fails: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054). The server mailhost.zen.co.uk is hosted by my internet connection provider (Zen Internet). When I make the connection without using stunnel the connection works OK. My SMTP settings in Outlook 2010 are: Server = mailhost.zen.co.uk Authentication = Yes Port = 576 Encryption = TLS So I set debug = 7 The log shows: 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started 2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from 127.0.0.1:53292 2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0 2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587 2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting 10 seconds 2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=-- 2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from 127.0.0.1:53293 2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized 2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk 2026.06.02 12:22:48 LOG7[1]: No previous session to resume 2026.06.02 12:22:48 LOG6[1]: Peer certificate required 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) 2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468) 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed 2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504) 2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left) The log does not show me why the connection is reset by the peer. Can anybody help, please? Regards, == Graham _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
# nmap mailhost.zen.co.uk Starting Nmap 7.92 ( https://nmap.org ) at 2026-06-04 07:32 ChST Nmap scan report for mailhost.zen.co.uk (212.23.1.11) Host is up (0.16s latency). Other addresses for mailhost.zen.co.uk (not scanned): 212.23.1.19 rDNS record for 212.23.1.11: smarthost01.mail.zen.net.uk Not shown: 998 filtered tcp ports (no-response) PORT STATE SERVICE 587/tcp open submission 995/tcp open pop3s On 3 Jun 2026 at 20:35, Jose Alf. via stunnel-users wrote: Date sent: Wed, 3 Jun 2026 20:35:32 +0000 (UTC) To: "[email protected]" <[email protected]>, "[email protected]" <[email protected]> Subject: [stunnel-users] Re: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) patches" <stunnel-users.lists.stunnel.org> From: "Jose Alf. via stunnel-users" <[email protected]> Send reply to: "Jose Alf." <[email protected]>
Hi Graham,
The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config.
[zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:576
Regards, Jose
On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <[email protected]> wrote:
I have one connection that works, and another which fails; but they have equivalent settings. Please help me resolve this.
A fragment of the config for the connection that works:
[Lopham-smtp] client = yes accept = 127.0.0.1:52025 connect = mail.lopham.co.uk:465
The server mail.lopham.co.uk is hosted by a service that I pay for.
A fragment of the config for the connection that fails:
[zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587
The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054).
The server mailhost.zen.co.uk is hosted by my internet connection provider (Zen Internet). When I make the connection without using stunnel the connection works OK. My SMTP settings in Outlook 2010 are:
Server = mailhost.zen.co.uk Authentication = Yes Port = 576 Encryption = TLS
So I set debug = 7
The log shows:
2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started 2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from 127.0.0.1:53292 2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0 2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587 2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting 10 seconds 2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=-- 2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from 127.0.0.1:53293 2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized 2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk 2026.06.02 12:22:48 LOG7[1]: No previous session to resume 2026.06.02 12:22:48 LOG6[1]: Peer certificate required 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) 2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468) 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed 2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504) 2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left)
The log does not show me why the connection is reset by the peer.
Can anybody help, please?
Regards,
== Graham
_______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
+------------------------------------------------------------+ Michael D. Setzer II - Computer Science Instructor (Retired) mailto:[email protected] mailto:[email protected] mailto:[email protected] Guam - Where America's Day Begins G4L Disk Imaging Project maintainer http://sourceforge.net/projects/g4l/ +------------------------------------------------------------+
Hi Jose, Sorry, I made a typo in my email. The settings that work in Outlook are: Server = mailhost.zen.co.uk Authentication = Yes Port = 587 Encryption = TLS The settings in my stunnel.conf match this: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 If stunnel.conf contains a port number other than 587 (for example 465) there is a 20 second time delay before the WSAECONNRESET message. But using port 587 the response is immediate, as: 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) I think this indicates that there is a service listening on port 587, but that something is wrong with the previous line “TLS state (connect): SSLv3/TLS write client hello”. I know that my Outlook 2010 does not use the most modern cipher suite, which is why I am testing stunnel. Perhaps Outlook 2010 does not use SSLv3/TLS. What do you suggest that I try now? Regards, == Graham From: Jose Alf. [mailto:[email protected]] Sent: 03 June 2026 21:36 To: [email protected]; [email protected] Subject: Re: [stunnel-users] SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) Hi Graham, The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:576 Regards, Jose On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <[email protected]> wrote: I have one connection that works, and another which fails; but they have equivalent settings. Please help me resolve this. A fragment of the config for the connection that works: [Lopham-smtp] client = yes accept = 127.0.0.1:52025 connect = mail.lopham.co.uk:465 The server mail.lopham.co.uk is hosted by a service that I pay for. A fragment of the config for the connection that fails: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054). The server mailhost.zen.co.uk is hosted by my internet connection provider (Zen Internet). When I make the connection without using stunnel the connection works OK. My SMTP settings in Outlook 2010 are: Server = mailhost.zen.co.uk Authentication = Yes Port = 576 Encryption = TLS So I set debug = 7 The log shows: 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started 2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from 127.0.0.1:53292 2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0 2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587 2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting 10 seconds 2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=-- 2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from 127.0.0.1:53293 2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized 2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk 2026.06.02 12:22:48 LOG7[1]: No previous session to resume 2026.06.02 12:22:48 LOG6[1]: Peer certificate required 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) 2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468) 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed 2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504) 2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left) The log does not show me why the connection is reset by the peer. Can anybody help, please? Regards, == Graham _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
Hello Graham, Understood. Port 587 accepts plain text connections that can be upgraded to TLS using STARTTLS. This will be handled by Stunnel if you add the line protocol = smtp parameter to your [zen-smtp] stanza. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 protocol = smtp To test you must change your Outlook configuration to use Server 127.0.0.1 and Port 26025 and disable encryption. You can also let stunnel handle the authentication, if you want this, you will need to add 2 more to your [zen-smtp] and disable authentication in Outlook: I recommend you don't try this except if you can successfully connect just by adding the protocol line and re-configuring your Outlook client. protocolUsername = yourUserName (maybe youremail@yourdomain)protocolPassword = yourPassword (Or a generated App password) Regards,Jose On Wednesday, June 3, 2026 at 05:02:30 PM GMT-5, Graham Jones <[email protected]> wrote: Hi Jose, Sorry, I made a typo in my email. The settings that work in Outlook are: Server = mailhost.zen.co.uk Authentication = Yes Port = 587 Encryption = TLS The settings in my stunnel.conf match this: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 If stunnel.conf contains a port number other than 587 (for example 465) there is a 20 second time delay before the WSAECONNRESET message. But using port 587 the response is immediate, as: 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) I think this indicates that there is a service listening on port 587, but that something is wrong with the previous line “TLS state (connect): SSLv3/TLS write client hello”. I know that my Outlook 2010 does not use the most modern cipher suite, which is why I am testing stunnel. Perhaps Outlook 2010 does not use SSLv3/TLS. What do you suggest that I try now? Regards, == Graham From: Jose Alf. [mailto:[email protected]] Sent: 03 June 2026 21:36 To: [email protected]; [email protected] Subject: Re: [stunnel-users] SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) Hi Graham, The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:576 Regards, Jose On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <[email protected]> wrote: I have one connection that works, and another which fails; but they have equivalent settings. Please help me resolve this. A fragment of the config for the connection that works: [Lopham-smtp] client = yes accept = 127.0.0.1:52025 connect = mail.lopham.co.uk:465 The server mail.lopham.co.uk is hosted by a service that I pay for. A fragment of the config for the connection that fails: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054). The server mailhost.zen.co.uk is hosted by my internet connection provider (Zen Internet). When I make the connection without using stunnel the connection works OK. My SMTP settings in Outlook 2010 are: Server = mailhost.zen.co.uk Authentication = Yes Port = 576 Encryption = TLS So I set debug = 7 The log shows: 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started 2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from 127.0.0.1:53292 2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0 2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587 2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting 10 seconds 2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=-- 2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from 127.0.0.1:53293 2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized 2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk 2026.06.02 12:22:48 LOG7[1]: No previous session to resume 2026.06.02 12:22:48 LOG6[1]: Peer certificate required 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) 2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468) 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed 2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504) 2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left) The log does not show me why the connection is reset by the peer. Can anybody help, please? Regards, == Graham _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
Thanks Jose, That works! Regards, == Graham From: Jose Alf. [mailto:[email protected]] Sent: 04 June 2026 04:44 To: [email protected]; Graham Jones Subject: Re: [stunnel-users] SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) Hello Graham, Understood. Port 587 accepts plain text connections that can be upgraded to TLS using STARTTLS. This will be handled by Stunnel if you add the line protocol = smtp parameter to your [zen-smtp] stanza. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 protocol = smtp To test you must change your Outlook configuration to use Server 127.0.0.1 and Port 26025 and disable encryption. You can also let stunnel handle the authentication, if you want this, you will need to add 2 more to your [zen-smtp] and disable authentication in Outlook: I recommend you don't try this except if you can successfully connect just by adding the protocol line and re-configuring your Outlook client. protocolUsername = yourUserName (maybe youremail@yourdomain) protocolPassword = yourPassword (Or a generated App password) Regards, Jose On Wednesday, June 3, 2026 at 05:02:30 PM GMT-5, Graham Jones <[email protected]> wrote: Hi Jose, Sorry, I made a typo in my email. The settings that work in Outlook are: Server = mailhost.zen.co.uk Authentication = Yes Port = 587 Encryption = TLS The settings in my stunnel.conf match this: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 If stunnel.conf contains a port number other than 587 (for example 465) there is a 20 second time delay before the WSAECONNRESET message. But using port 587 the response is immediate, as: 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) I think this indicates that there is a service listening on port 587, but that something is wrong with the previous line “TLS state (connect): SSLv3/TLS write client hello”. I know that my Outlook 2010 does not use the most modern cipher suite, which is why I am testing stunnel. Perhaps Outlook 2010 does not use SSLv3/TLS. What do you suggest that I try now? Regards, == Graham From: Jose Alf. [mailto:[email protected]] Sent: 03 June 2026 21:36 To: [email protected]; [email protected] Subject: Re: [stunnel-users] SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) Hi Graham, The reason it does not work is because there's no TLS service listening at mailhost.zen.co.uk port 587. You say Your Outlook client connects to port 576 and that is the port you want in your zen-smtp config. [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:576 Regards, Jose On Wednesday, June 3, 2026 at 04:20:04 AM GMT-5, Graham Jones via stunnel-users <[email protected]> wrote: I have one connection that works, and another which fails; but they have equivalent settings. Please help me resolve this. A fragment of the config for the connection that works: [Lopham-smtp] client = yes accept = 127.0.0.1:52025 connect = mail.lopham.co.uk:465 The server mail.lopham.co.uk is hosted by a service that I pay for. A fragment of the config for the connection that fails: [zen-smtp] client = yes accept = 127.0.0.1:26025 connect = mailhost.zen.co.uk:587 The failure in the log is 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054). The server mailhost.zen.co.uk is hosted by my internet connection provider (Zen Internet). When I make the connection without using stunnel the connection works OK. My SMTP settings in Outlook 2010 are: Server = mailhost.zen.co.uk Authentication = Yes Port = 576 Encryption = TLS So I set debug = 7 The log shows: 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] started 2026.06.02 12:22:48 LOG7[1]: Setting local socket options (FD=504) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on local socket 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] accepted connection from 127.0.0.1:53292 2026.06.02 12:22:48 LOG6[1]: failover: priority, starting at entry #0 2026.06.02 12:22:48 LOG6[1]: s_connect: connecting 212.23.1.19:587 2026.06.02 12:22:48 LOG7[1]: s_connect: s_poll_wait 212.23.1.19:587: waiting 10 seconds 2026.06.02 12:22:48 LOG7[1]: FD=468 ifds=rw ofds=-- 2026.06.02 12:22:48 LOG5[1]: s_connect: connected 212.23.1.19:587 2026.06.02 12:22:48 LOG5[1]: Service [zen-smtp] connected remote server from 127.0.0.1:53293 2026.06.02 12:22:48 LOG7[1]: Setting remote socket options (FD=468) 2026.06.02 12:22:48 LOG7[1]: Option TCP_NODELAY set on remote socket 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) initialized 2026.06.02 12:22:48 LOG6[1]: SNI: sending servername: mailhost.zen.co.uk 2026.06.02 12:22:48 LOG7[1]: No previous session to resume 2026.06.02 12:22:48 LOG6[1]: Peer certificate required 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): before SSL initialization 2026.06.02 12:22:48 LOG7[1]: TLS state (connect): SSLv3/TLS write client hello 2026.06.02 12:22:48 LOG3[1]: SSL_connect: Connection reset by peer (WSAECONNRESET) (10054) 2026.06.02 12:22:48 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket 2026.06.02 12:22:48 LOG7[1]: remote_fd reset (FD=468) 2026.06.02 12:22:48 LOG7[1]: Remote descriptor (FD=468) closed 2026.06.02 12:22:48 LOG7[1]: local_rfd/local_wfd reset (FD=504) 2026.06.02 12:22:48 LOG7[1]: Local descriptor (FD=504) closed 2026.06.02 12:22:48 LOG7[1]: Service [zen-smtp] finished (0 left) The log does not show me why the connection is reset by the peer. Can anybody help, please? Regards, == Graham _______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
participants (4)
-
Graham Jones -
Jose Alf. -
Michael D. Setzer II -
Michał Trojnara