[stunnel-users] stunnel and Calypso: pop3 works, smtp error!

Daniel Rahn drahn at suse.com
Fri Dec 13 08:13:59 CET 2013


On Fri, Dec 13, Michael D. Setzer II wrote:
> I tried to ssh mail.gmx.net 465 and got nothing back??

Because it's not an SSH server. Unsurprisingly.

# openssl s_client -host mail.gmx.net -port 465 -status
CONNECTED(00000003)
OCSP response: no response sent
depth=2 C = DE, O = Deutsche Telekom AG, OU = T-TeleSec Trust Center, CN
= Deutsche Telekom Root CA 2
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=DE/O=1&1 Mail & Media
GmbH/ST=Rhineland-Palatinate/L=Montabaur/emailAddress=server-certs at 1und1.de/CN=mail.gmx.net
   i:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust
Center/ST=NRW/postalCode=57250/L=Netphen/street=Untere Industriestr.
20/CN=TeleSec ServerPass DE-1
 1 s:/C=DE/O=T-Systems International GmbH/OU=T-Systems Trust
Center/ST=NRW/postalCode=57250/L=Netphen/street=Untere Industriestr.
20/CN=TeleSec ServerPass DE-1
   i:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche
Telekom Root CA 2
 2 s:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche
Telekom Root CA 2
   i:/C=DE/O=Deutsche Telekom AG/OU=T-TeleSec Trust Center/CN=Deutsche
Telekom Root CA 2
---
Server certificate
[...]
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID:
DE1F866537BEBC918D4ED5F2C80695D00C4EEADC681868184F4600ADEF98DF34
    Session-ID-ctx: 
    Master-Key:
7AA0E1590104F794AAD326298EB469F7A6B24AF4A5D4C4B1CC850D64DAA26C79654E2E9FE361A6BF7975B07B42FBE6A1
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1386917709
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate
chain)
---
220 gmx.com (mrgmx001) Nemesis ESMTP Service ready

I suggest disabling secure password authentication in Calypso. stunnel
already establishes an SSL secured connection.

220 gmx.com (mrgmx001) Nemesis ESMTP Service ready
EHLO charybdis-ext.suse.de
250-gmx.com Hello charybdis-ext.suse.de [195.135.221.2]
250-SIZE 69920427
250 AUTH LOGIN PLAIN


So only auth plain login is supported there.

-Daniel



More information about the stunnel-users mailing list