[stunnel-users] EXTERNAL: How to setup stunnel für SMTP over STARTTL S (and not pure SSL)?
Jochen.Bern at LINworks.de
Wed Oct 16 18:05:33 CEST 2013
On 16.10.2013 17:45, Michal Trojnara wrote:
> On 10/16/2013 05:07 PM, Ben Stover wrote:
>> Sorry, I went to the webpage with the link you mentioned.
>> There I searched for STARTTLS but NO (!) occurence was found.
> This is because STARTTLS is not a separate protocol, but rather an
> option (usually an extension) of various protocols that can negotiate
> SSL/TLS encryption.
After reading this and the archived listmail, I'm under the impression
that you're confirming my gut reaction of "stunnel doesn't do that, and
won't anytime soon". :-}
In that case: The standard tool to provide STARTTLS functionality for
manual testing is to use OpenSSL's s_client command. It would need to be
started anew for every connection, though, and you might need to change
the actual client's behavior (in particular, s_client needs to do the
HELO/EHLO for you, and any line starting with an *uppercase* 'R' or 'Q'
will make s_client do something undesirable instead of the intended effect).
It *might* be easier to install a second(?), natively STARTTLS-capable
MTA on your client machine, point it to the real server as its relay,
making it listen on a nonstandard port, and have your
not-STARTTLS-capable client talk to *that* instead. Will introduce all
sorts of locally generated headers into the e-mails, though.
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>:
Server--Storage--Virtualisierung--Management SW--Passion for Performance
Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/>
Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt
PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27
Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202
Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel
More information about the stunnel-users