[stunnel-users] Trouble with smtp client connection and TLS in Windows

Leandro Avila leandro.avila at ymail.com
Thu Sep 13 18:26:39 CEST 2012


Perhaps the issue is on the server side.

A quick look to the SMTP server on smtp.smarshmail.com will show

220 smtp.smarshmail.com ESMTP Service is ready on Server 1 (EQ).
250-smtp.smarshmail.com Hello [123.456.790.101]
250-SIZE 36700160
221 2.0.0 Service closing transmission channel

I would try adding the following option to your stunnel configuration

protocol = smtp

I'm not certain but looks like you need to issue the STARTTLS to
negociate the secure connection with this server.
Check the stunnel manual for further explanation on the option

Hope this helps

Leandro Avila

----- Original Message -----
From: David Schomaker <david at schomaker.net>
To: stunnel <stunnel-users at stunnel.org>
Sent: Monday, September 10, 2012 10:32 PM
Subject: [stunnel-users] Trouble with smtp client connection and TLS in Windows

I need to configure stunnel to connect to smtp via TLS and am not able to get it to work either running 4.53 or 4.54beta. Perhaps I have the conf file created incorrectly.

The stunnel.conf is as follows:
; Debugging stuff (may useful for troubleshooting)
debug = 7
output = c:\temp\stunnel.log

; Disable FIPS mode to allow non-approved protocols and algorithms
;fips = no

; Disable support for insecure SSLv2 protocol
options = NO_SSLv2

client = yes
accept =
connect = pop.smarshmail.com:995

client = yes
accept =
connect = smtp.smarshmail.com:587

Pop works great. The log on an smtp session is as follows:

2012.09.10 12:48:31 LOG7[1984:300]: Service [SMARSH-smtp] accepted (FD=508) from
2012.09.10 12:48:31 LOG7[1984:300]: Creating a new thread
2012.09.10 12:48:31 LOG7[1984:300]: New thread created
2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] started
2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] accepted connection from
2012.09.10 12:48:31 LOG6[1984:2796]: connect_blocking: connecting
2012.09.10 12:48:31 LOG7[1984:2796]: connect_blocking: s_poll_wait waiting 10 seconds
2012.09.10 12:48:31 LOG5[1984:2796]: connect_blocking: connected
2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] connected remote server from
2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) initialized
2012.09.10 12:48:31 LOG7[1984:2796]: SNI: host name: smtp.smarshmail.com
2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): before/connect initialization
2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): SSLv3 write client hello A
2012.09.10 12:48:31 LOG7[1984:2796]: SSL alert (write): fatal: protocol version
2012.09.10 12:48:31 LOG3[1984:2796]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
2012.09.10 12:48:31 LOG5[1984:2796]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) closed
2012.09.10 12:48:31 LOG7[1984:2796]: Local socket (FD=508) closed
2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] finished (0 left)
2012.09.10 12:48:40 LOG7[1984:300]: Dispatching signals from the signal pipe
2012.09.10 12:48:43 LOG7[1984:300]: Processing SIGNAL_TERMINATE
2012.09.10 12:48:43 LOG5[1984:300]: Terminated

Is sTunnel using SSLv3 rather than TLSv1? If so how do I force TLS?


stunnel-users mailing list
stunnel-users at stunnel.org

More information about the stunnel-users mailing list