[stunnel-users] Trouble with smtp client connection and TLS in Windows

Thu Sep 13 18:26:39 CEST 2012

David,

Perhaps the issue is on the server side.

A quick look to the SMTP server on smtp.smarshmail.com will show

220 smtp.smarshmail.com ESMTP Service is ready on Server 1 (EQ).
EHLO 
250-smtp.smarshmail.com Hello [123.456.790.101]
250-SIZE 36700160
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-STARTTLS
250-AUTH GSSAPI NTLM
250-8BITMIME
250-BINARYMIME
250 CHUNKING
QUIT
221 2.0.0 Service closing transmission channel

I would try adding the following option to your stunnel configuration

protocol = smtp

I'm not certain but looks like you need to issue the STARTTLS to
negociate the secure connection with this server.
Check the stunnel manual for further explanation on the option
http://www.stunnel.org/static/stunnel.html

Hope this helps

-----------------
Leandro Avila

----- Original Message -----
From: David Schomaker <david at schomaker.net>
To: stunnel <stunnel-users at stunnel.org>
Cc: 
Sent: Monday, September 10, 2012 10:32 PM
Subject: [stunnel-users] Trouble with smtp client connection and TLS in Windows

I need to configure stunnel to connect to smtp via TLS and am not able to get it to work either running 4.53 or 4.54beta. Perhaps I have the conf file created incorrectly.

The stunnel.conf is as follows:
+++++++++++++++++++++++++++++++++++++++ 
; Debugging stuff (may useful for troubleshooting)
debug = 7
output = c:\temp\stunnel.log

; Disable FIPS mode to allow non-approved protocols and algorithms
;fips = no

; Disable support for insecure SSLv2 protocol
options = NO_SSLv2

[SMARSH-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.smarshmail.com:995

[SMARSH-smtp]
client = yes
SSLversion=TLSv1
accept = 127.0.0.1:25
connect = smtp.smarshmail.com:587
+++++++++++++++++++++++++

Pop works great. The log on an smtp session is as follows:

+++++++++++++++++++++++++
2012.09.10 12:48:31 LOG7[1984:300]: Service [SMARSH-smtp] accepted (FD=508) from 127.0.0.1:49517
2012.09.10 12:48:31 LOG7[1984:300]: Creating a new thread
2012.09.10 12:48:31 LOG7[1984:300]: New thread created
2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] started
2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] accepted connection from 127.0.0.1:49517
2012.09.10 12:48:31 LOG6[1984:2796]: connect_blocking: connecting 199.47.168.58:587
2012.09.10 12:48:31 LOG7[1984:2796]: connect_blocking: s_poll_wait 199.47.168.58:587: waiting 10 seconds
2012.09.10 12:48:31 LOG5[1984:2796]: connect_blocking: connected 199.47.168.58:587
2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] connected remote server from 192.168.108.158:49518
2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) initialized
2012.09.10 12:48:31 LOG7[1984:2796]: SNI: host name: smtp.smarshmail.com
2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): before/connect initialization
2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): SSLv3 write client hello A
2012.09.10 12:48:31 LOG7[1984:2796]: SSL alert (write): fatal: protocol version
2012.09.10 12:48:31 LOG3[1984:2796]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2012.09.10 12:48:31 LOG5[1984:2796]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) closed
2012.09.10 12:48:31 LOG7[1984:2796]: Local socket (FD=508) closed
2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] finished (0 left)
2012.09.10 12:48:40 LOG7[1984:300]: Dispatching signals from the signal pipe
2012.09.10 12:48:43 LOG7[1984:300]: Processing SIGNAL_TERMINATE
2012.09.10 12:48:43 LOG5[1984:300]: Terminated
++++++++++++++++++++++++++

Is sTunnel using SSLv3 rather than TLSv1? If so how do I force TLS?

Thanks...

_______________________________________________
stunnel-users mailing list
stunnel-users at stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users