[stunnel-users] stunnel hanging during negotation with an smtp server

Jason J. Corso jcorso at gmail.com
Tue Jul 31 22:08:57 CEST 2007

Please help:

I'm trying to use stunnel to connect to a secure SMTP server  -- I'm
using MS Entourage 2004 on an Intel 10.4 Mac.  Entourage cannot
connect directly to the SMTP server over SSL because it no longer
supports NTLM version 1 authentication, which the SMTP server uses.
I believe stunnel can be used to workaround this problem (if I'm
wrong, please say so), i.e., Entourage can connect locally to  stunnel
 which will then connect to the remote server over SSL properly.

I built and installed stunnel version 4.04-12 via Fink (compiled from
source via Fink) and OpenSSL 0.9.7i-4 also via Fink.

I have the following configuration file:

# Comment it out on Win32
cert = /sw/etc/stunnel/stunnel.pem
chroot = /sw/var/run/stunnel/
# PID is created inside chroot jail
pid = /stunnel.pid
setuid = nobody
setgid = nogroup

# Some debugging stuff
debug = 7
output = /dev/stdout
foreground = yes

accept =
connect = xxxxxx:465
protocol = smtp

However, when I try to send a mail, it appears to hang while
negotiating with the remote server.  Here is the output:

2007.07.31 15:41:19 LOG5[5511:2684407808]: stunnel 4.04 on
i386-apple-darwin8.10.1 PTHREAD+LIBWRAP with OpenSSL 0.9.7i 14 Oct
2007.07.31 15:41:19 LOG7[5511:2684407808]: Snagged 64 random bytes from xxx/.rnd
2007.07.31 15:41:19 LOG7[5511:2684407808]: Wrote 1024 new random bytes
to xxx/.rnd
2007.07.31 15:41:19 LOG7[5511:2684407808]: RAND_status claims
sufficient entropy for the PRNG
2007.07.31 15:41:19 LOG6[5511:2684407808]: PRNG seeded successfully
2007.07.31 15:41:19 LOG7[5511:2684407808]: Certificate:
2007.07.31 15:41:19 LOG7[5511:2684407808]: Key file: /sw/etc/stunnel/stunnel.pem
2007.07.31 15:41:19 LOG5[5511:2684407808]: FD_SETSIZE=1024, file
ulimit=256 -> 125 clients allowed
2007.07.31 15:41:19 LOG7[5511:2684407808]: FD 6 in non-blocking mode
2007.07.31 15:41:19 LOG7[5511:2684407808]: SO_REUSEADDR option set on
accept socket
2007.07.31 15:41:19 LOG7[5511:2684407808]: ssmtp bound to
2007.07.31 15:41:19 LOG7[5511:2684407808]: FD 7 in non-blocking mode
2007.07.31 15:41:19 LOG7[5511:2684407808]: FD 8 in non-blocking mode
2007.07.31 15:41:19 LOG7[5511:2684407808]: Created pid file /stunnel.pid
2007.07.31 15:41:25 LOG7[5511:2684407808]: ssmtp accepted FD=9 from
2007.07.31 15:41:25 LOG7[5511:2684407808]: FD 9 in non-blocking mode
2007.07.31 15:41:25 LOG7[5511:25183744]: ssmtp started
2007.07.31 15:41:25 LOG5[5511:25183744]: ssmtp connected from
2007.07.31 15:41:25 LOG7[5511:25183744]: FD 10 in non-blocking mode
2007.07.31 15:41:25 LOG7[5511:25183744]: ssmtp connecting xxx.xxx.xxx.xxx:465
2007.07.31 15:41:25 LOG7[5511:25183744]: remote connect #1:
2007.07.31 15:41:25 LOG7[5511:25183744]: waitforsocket: FD=10, DIR=write
2007.07.31 15:41:25 LOG7[5511:25183744]: waitforsocket: ok
2007.07.31 15:41:25 LOG7[5511:25183744]: Remote FD=10 initialized
2007.07.31 15:41:25 LOG7[5511:25183744]: Negotiations for smtp(server
side) started
2007.07.31 15:41:25 LOG7[5511:25183744]: RFC 2487 detected
2007.07.31 15:41:25 LOG7[5511:25183744]: waitforsocket: FD=10, DIR=read
********* HANGS HERE   ***********

...and I have to kill it.

I am very new to stunnel and openssl.   So, I may be making a simple
mistake.  But, I could not find the solution on the mailing list or
the web.  What am I doing wrong?

To be clear, the server is using SSL for SMTP.  I am able to send mail
directly via the smtp server from other mail clients like Thunderbird.

Thanks.  Any help is much appreciated.

More information about the stunnel-users mailing list