[stunnel-users] Looking for help - Stunnel works with Gmail but not with my provider

Scott McKeown scott at loadbalancer.org
Thu Apr 5 12:23:16 CEST 2012


Hi Pieter,

Sorry for the delay in my reply I've been away for a few days. However, I'm
not using STunnel on a Windows System so I'm going to advise as best I can
but also please also note that I'm new to STunnel too but learning fast ;)

The thing that I would try first would be to edit your stunnel.conf file to
the following:

==============================================
# GLOBAL OPTIONS

client = yes
output = stunnel-log.txt
debug = 7
fips = no
options = NO_SSLv2
options = NO_SSLv3

# SERVICE-LEVEL OPTIONS

[SMTP Gmail]
 accept = 192.168.3.11:465
 connect = smtp.gmail.com:465
==============================================

If you then try this and if it still does not work send us the debug info
from the stunnel-log.txt file. I'm guessing though that there is some issue
with the SSLv3 certificate between you and Google.


~Yours,
Scott


On 2 April 2012 22:39, Verberne, Pieter <pab.verberne at gmail.com> wrote:

> **
> Hi Scott,
>
> Thank you for your reply.
>
> I'm afraid that this thing is becoming too difficult for me, but
> nevertheless I do want to pursue the issue and I do appreciate your help.
>
> First things first. When running 'stunnel -version' from the command line
> with the config file below, the one that works for Gmail I get this:
>
> stunnel.conf:
> ==============================================
> # GLOBAL OPTIONS
>
> client = yes
> output = stunnel-log.txt
> debug = 0
>
> # SERVICE-LEVEL OPTIONS
>
> [SMTP Gmail]
>  accept = 192.168.3.11:465
>  connect = smtp.gmail.com:465
>
> The result  from running 'stunnel -version':
> ==============================================
> stunnel 4.53 on x86-pc-mingw32-gnu platform
> Compiled/running with OpenSSL 0.9.8s-fips 4 Jan 2012
> Threading:WIN32 SSL:+ENGINE+OCSP+FIPS Auth:none Sockets:SELECT+IPv6
>
> Global options:
> debug           = notice
> RNDbytes        = 64
> RNDoverwrite    = yes
> taskbar         = yes
>
> Service-level options:
> ciphers         = FIPS (with "fips = yes")
> ciphers         = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with
> "fips = no")
> curve           = prime256v1
> session         = 300 seconds
> sslVersion      = TLSv1 (with "fips = yes")
> sslVersion      = TLSv1 for client, all for server (with "fips = no")
> stack           = 65536 bytes
> TIMEOUTbusy     = 300 seconds
> TIMEOUTclose    = 60 seconds
> TIMEOUTconnect  = 10 seconds
> TIMEOUTidle     = 43200 seconds
> verify          = none
>
> Server is down
> ==============================================
> And then this error message
>
>
>
> This beats me because I can send emails with blat and stunnel this way to
> the gmail server end receive the message within seconds.
> When checking with msconfig.exe de stunnel service is up and running.
>
> The error message is clear: my stunnel.conf is invalid! Is it?
> Can you suggest what to change in stunnel.conf?
> If that corrects the problem I can then again try with Ziggo.
>
> I did try all sorts of configurations based on information found on the
> internet
>
> Many thanks for your help en best regards,
>
> Pieter
>
>
>
> Scott McKeown schreef, op 2-4-2012 12:11:
>
> Hi Pieter,
>
> What does stunnel -version show under the 'ciphers' section?
>
> Also have you tried this with the 'options = NO_SSLv3' commented out?
>
>
> ~Scott
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120405/13811e8c/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Error_message.JPG
Type: image/jpeg
Size: 22301 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120405/13811e8c/attachment.jpe>


More information about the stunnel-users mailing list