I’d like stunnel to pass the incoming IP along, not stunnel's IP.

My traffic flow is:

Stunnel (accept on port 465) -> ASSP (an smtp proxy) -> Postfix (accept on port 10026)

I tried:

[ssmtp] client = no accept = 465 connect = 25 protocol = proxy

But ASSP had:

Apr-15-19 18:50:22 [Worker_1] Connected: session:7FE104AA1870 127.0.0.1:58954 > 127.0.0.1:25 > 127.0.0.1:10026 Apr-15-19 18:50:23 [Worker_1] 127.0.0.1 warning: got reply '502 5.5.2 Error: command not recognized' from 127.0.0.1 Apr-15-19 18:50:23 id-18223-03317 [Worker_1] 127.0.0.1 info: sending EHLO instead of HELO to 127.0.0.1 Apr-15-19 18:50:23 id-18223-03317 [Worker_1] 127.0.0.1 disconnected: session:7FE104AA1870 127.0.0.1 - processing time 1 seconds

And Postfix had:

2019-04-15 18:50:22.995042+1000 localhost smtpd[33360]: connect from localhost[127.0.0.1] 2019-04-15 18:50:23.108756+1000 localhost smtpd[33360]: improper command pipelining after EHLO from localhost[127.0.0.1]: RSET\r\n 2019-04-15 18:50:23.273664+1000 localhost smtpd[33360]: disconnect from localhost[127.0.0.1] ehlo=2 rset=1 quit=1 unknown=0/1 commands=4/5

So I take it protocol=proxy is not the way to do it. Sounds like this only works with haproxy which I do not have installed.

Is there a way to do this?

The problem I am trying to solve is ASSP has lines like:

warning: SMTP authentication failed on 127.0.0.1

- obviously I don’t want fail2ban to ban 127.0.0.1.

Stunnel log has:

2019.04.15 18:52:26 LOG5[23]: Service [ssmtp] accepted connection from ::ffff:185.222.209.66:53642 2019.04.15 18:52:27 LOG3[23]: s_connect: connect ::1:25: Connection refused (61)

Any suggestions?

Thanks,

James.