[stunnel-users] Simple SMTP encryption

James Moe jimoe at sohnen-moe.com
Sat May 19 22:08:48 CEST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hello,
  stunnel 4.20 with OpenSSL 0.9.8d 28 Sep 2006
  I wish have my MUA to send messages encrypted to a secure mail server.
Stunnel is set up as a client with the following configuration:

client = yes

[smtps]
accept  = 127.0.0.1:465
connect = smtpauth.earthlink.net:25

  I missed the part somewhere that tells Stunnel to issue a STARTTLS to
the smtp server before attempting to negotiate a TLS connection. The
"failed handshake" bit is because the server is rejecting the command
because of NULLs in the text stream.

501 NULL characters are not allowed in SMTP commands.

  Then there is the "wrong version" error. I suppose that is a side effect
of the handshake failure?

  Here is a typical connection log:
2007.05.19 12:52:42 LOG7[232:4239]: smtps accepted FD=12 from 127.0.0.1:52672
2007.05.19 12:52:42 LOG7[232:4239]: Creating a new thread
2007.05.19 12:52:42 LOG7[232:4239]: New thread created
2007.05.19 12:52:42 LOG7[264:4239]: smtps started
2007.05.19 12:52:42 LOG7[264:4239]: FD 12 in non-blocking mode
2007.05.19 12:52:42 LOG7[264:4239]: TCP_NODELAY option set on local socket
2007.05.19 12:52:42 LOG5[264:4239]: smtps accepted connection from
127.0.0.1:52672
2007.05.19 12:52:42 LOG7[264:4239]: FD 15 in non-blocking mode
2007.05.19 12:52:42 LOG7[264:4239]: smtps connecting 207.69.189.201:25
2007.05.19 12:52:42 LOG7[264:4239]: connect_wait: waiting 10 seconds
2007.05.19 12:52:42 LOG7[264:4239]: connect_wait: connected
2007.05.19 12:52:42 LOG5[264:4239]: smtps connected remote server from
192.168.69.14:52673
2007.05.19 12:52:42 LOG7[264:4239]: Remote FD=15 initialized
2007.05.19 12:52:42 LOG7[264:4239]: TCP_NODELAY option set on remote socket
2007.05.19 12:52:42 LOG7[264:4239]: SSL state (connect): before/connect
initialization
2007.05.19 12:52:42 LOG7[264:4239]: SSL state (connect): SSLv3 write
client hello A
2007.05.19 12:52:42 LOG7[264:4239]: SSL alert (write): fatal: handshake
failure
2007.05.19 12:52:42 LOG3[264:4239]: SSL_connect: 1408F10B:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2007.05.19 12:52:42 LOG5[264:4239]: Connection reset: 0 bytes sent to SSL,
0 bytes sent to socket
2007.05.19 12:52:42 LOG7[264:4239]: smtps finished (0 left)



- --
jimoe (at) sohnen-moe (dot) com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (OS/2)

iD8DBQFGT1lQzTcr8Prq0ZMRAv50AJ9Kydmi3F/VBQ8hvpr+HmodUZhJEgCfQjbz
TRdvnzpATUH/y3gzA1EXMYo=
=jTqm
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list