[stunnel-users] Stunnel not working with Office 365

Michal Trojnara Michal.Trojnara at mirt.net
Tue May 19 09:42:32 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Hannu,

I could not reproduce your problem with the latest stunnel.

"2015.04.28 09:17:37 LOG3[0]: SSL_connect: Peer suddenly disconnected"
just means that the TCP connection was closed *by the server* during
TLS negotiations.

BTW: Please *always* update your stunnel to the latest version before
reporting anything to the mailing list.

Also, you don't need to configure a certificate for your TLS client.
office365.com won't verify it anyway.  On the other hand you *should*
verify the certificate provided by the server.  Some examples:
https://www.stunnel.org/config_windows.html

My logs for comparison:

2015.05.19 09:25:41 LOG7[0]: Service [SSMTP] started
2015.05.19 09:25:41 LOG5[0]: Service [SSMTP] accepted connection from
127.0.0.1:49246
2015.05.19 09:25:41 LOG6[0]: Failover strategy: round-robin
2015.05.19 09:25:41 LOG6[0]: s_connect: connecting 132.245.61.226:587
2015.05.19 09:25:41 LOG7[0]: s_connect: s_poll_wait
132.245.61.226:587: waiting 10 seconds
2015.05.19 09:25:41 LOG5[0]: s_connect: connected 132.245.61.226:587
2015.05.19 09:25:41 LOG5[0]: Service [SSMTP] connected remote server
from 172.16.80.132:49247
2015.05.19 09:25:41 LOG7[0]: Remote socket (FD=296) initialized
2015.05.19 09:25:41 LOG7[0]:  <- 220
VI1PR06CA0013.outlook.office365.com Microsoft ESMTP MAIL Service ready
at Tue, 19 May 2015 07:25:41 +0000
2015.05.19 09:25:41 LOG7[0]:  -> 220
VI1PR06CA0013.outlook.office365.com Microsoft ESMTP MAIL Service ready
at Tue, 19 May 2015 07:25:41 +0000
2015.05.19 09:25:41 LOG7[0]:  -> EHLO localhost
2015.05.19 09:25:42 LOG7[0]:  <-
250-VI1PR06CA0013.outlook.office365.com Hello [89.74.9.172]
2015.05.19 09:25:42 LOG7[0]:  <- 250-SIZE 157286400
2015.05.19 09:25:42 LOG7[0]:  <- 250-PIPELINING
2015.05.19 09:25:42 LOG7[0]:  <- 250-DSN
2015.05.19 09:25:42 LOG7[0]:  <- 250-ENHANCEDSTATUSCODES
2015.05.19 09:25:42 LOG7[0]:  <- 250-STARTTLS
2015.05.19 09:25:42 LOG7[0]:  <- 250-8BITMIME
2015.05.19 09:25:42 LOG7[0]:  <- 250-BINARYMIME
2015.05.19 09:25:42 LOG7[0]:  <- 250 CHUNKING
2015.05.19 09:25:42 LOG7[0]:  -> STARTTLS
2015.05.19 09:25:42 LOG7[0]:  <- 220 2.0.0 SMTP server ready
2015.05.19 09:25:42 LOG6[0]: SNI: sending servername:
outlook.office365.com
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): before/connect
initialization
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv2/v3 write
client hello A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server
hello A
2015.05.19 09:25:42 LOG6[0]: Certificate verification disabled
2015.05.19 09:25:42 LOG6[0]: Certificate verification disabled
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server
certificate A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server
key exchange A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server
certificate request A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server done A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write client
certificate A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write client
key exchange A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write change
cipher spec A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write finished A
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 flush data
2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read finished A
2015.05.19 09:25:42 LOG7[0]:    1 client connect(s) requested
2015.05.19 09:25:42 LOG7[0]:    1 client connect(s) succeeded
2015.05.19 09:25:42 LOG7[0]:    0 client renegotiation(s) requested
2015.05.19 09:25:42 LOG7[0]:    0 session reuse(s)
2015.05.19 09:25:42 LOG6[0]: SSL connected: new session negotiated
2015.05.19 09:25:42 LOG7[0]: Peer certificate was cached (4050 bytes)
2015.05.19 09:25:42 LOG6[0]: Negotiated TLSv1.2 ciphersuite
ECDHE-RSA-AES256-SHA384 (256-bit encryption)
2015.05.19 09:25:42 LOG7[0]: Compression: null, expansion: null
2015.05.19 09:25:44 LOG6[0]: SSL socket closed (SSL_read)
2015.05.19 09:25:44 LOG7[0]: Sent socket write shutdown
2015.05.19 09:25:44 LOG5[0]: Connection closed: 6 byte(s) sent to SSL,
48 byte(s) sent to socket
2015.05.19 09:25:44 LOG7[0]: Remote socket (FD=296) closed
2015.05.19 09:25:44 LOG7[0]: Local socket (FD=812) closed
2015.05.19 09:25:44 LOG7[0]: Service [SSMTP] finished (0 left)

Mike

On 19.05.2015 08:42, Hannu Viitala wrote:
> Hi,
> 
> 
> 
> We cannot get stunnel SMTP to work with Office 365 mail server. We
> are using Stunnel  5.13 and below are the config file content and
> the the client PC logs. The mail server logs do not reveal anything
> more.
> 
> 
> 
> Two observations of the test setup:
> 
> 
> 
> 1)      Using e.g. Mozilla Firebird mail client directly SLL/SMTP
> on the same PC connection to same Office 365 mail server works ok,
> but via Stunnel it outputs the error log below.
> 
> 2)      Also, on the same PC, SSL/SMTP connection via stunnel to
> Gmail server works ok.
> 
> 
> 
> Stunnel conf-file:
> 
> ==============
> 
> 
> 
> output = stunnel_log.txt
> 
> debug = debug
> 
> cert = tstunnel.pem
> 
> client = yes
> 
> 
> 
> 
> [SSMTP]
> 
> 
> 
> accept = 127.0.0.1:54500
> 
> 
> 
> connect = xxx.xxx.xxx.xxx:587**(Hannu V: removed IP address from
> this mail)**
> 
> protocol = smtp
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Client PC logs:
> 
> ===========
> 
> 
> 
> 2015.04.28 09:17:36 LOG7[ui]: No limit detected for the number of
> clients
> 
> 2015.04.28 09:17:36 LOG5[ui]: stunnel 5.13 on x86-pc-msvc-1500
> platform
> 
> 2015.04.28 09:17:36 LOG5[ui]: Compiled/running with OpenSSL 1.0.2a
> 19 Mar 2015
> 
> 2015.04.28 09:17:36 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 
> TLS:ENGINE,FIPS,OCSP,PSK,SNI
> 
> 2015.04.28 09:17:36 LOG7[ui]: errno: (*_errno())
> 
> 2015.04.28 09:17:36 LOG5[ui]: Reading configuration from file 
> tstunnelSmtp_SAUX1_0.conf
> 
> 2015.04.28 09:17:36 LOG5[ui]: UTF-8 byte order mark not detected
> 
> 2015.04.28 09:17:36 LOG5[ui]: FIPS mode disabled
> 
> 2015.04.28 09:17:36 LOG7[ui]: Compression disabled
> 
> 2015.04.28 09:17:36 LOG7[ui]: PRNG seeded successfully
> 
> 2015.04.28 09:17:36 LOG6[ui]: Initializing service [SSmtp]
> 
> 2015.04.28 09:17:36 LOG6[ui]: Loading certificate from file:
> tstunnel.pem
> 
> 2015.04.28 09:17:36 LOG6[ui]: Loading key from file: tstunnel.pem
> 
> 2015.04.28 09:17:36 LOG7[ui]: Private key check succeeded
> 
> 2015.04.28 09:17:36 LOG7[ui]: SSL options: 0x03000004
> (+0x03000000, -0x00000000)
> 
> 2015.04.28 09:17:36 LOG5[ui]: Configuration successful
> 
> 2015.04.28 09:17:36 LOG7[ui]: Listening file descriptor created
> (FD=448)
> 
> 2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] (FD=448) bound to 
> 127.0.0.1:8030
> 
> 2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] accepted (FD=456)
> from 127.0.0.1:54500
> 
> 2015.04.28 09:17:36 LOG7[ui]: Creating a new thread
> 
> 2015.04.28 09:17:36 LOG7[ui]: New thread created
> 
> 2015.04.28 09:17:36 LOG7[0]: Service [SSmtp] started
> 
> 2015.04.28 09:17:36 LOG5[0]: Service [SSmtp] accepted connection
> from 127.0.0.1:54500
> 
> 2015.04.28 09:17:36 LOG6[0]: s_connect: connecting 
> xxx.xxx.xxx.xxx:587    (Hannu V: removed IP address from this
> mail)
> 
> 2015.04.28 09:17:36 LOG7[0]: s_connect: s_poll_wait connecting 
> xxx.xxx.xxx.xxx:587    : waiting 10 seconds (Hannu V: removed IP
> address from this mail)
> 
> 2015.04.28 09:17:37 LOG5[0]: s_connect: connected connecting 
> xxx.xxx.xxx.xxx:587    (Hannu V: removed IP address from this
> mail)
> 
> 2015.04.28 09:17:37 LOG5[0]: Service [SSmtp] connected remote
> server from yyy.yyy.yyy.yyy:54503 (Hannu V: removed IP address from
> this mail)
> 
> 2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) initialized
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 220 NNN.outlook.office365.com
> Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38
> +0000
> 
> 2015.04.28 09:17:37 LOG7[0]:  -> 220 NNN.outlook.office365.com
> Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38
> +0000
> 
> 2015.04.28 09:17:37 LOG7[0]:  -> EHLO localhost
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-NNN.outlook.office365.com
> Hello [xxx.xxx.xxx.161] (Hannu V: removed IP address from this
> mail)
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-SIZE 157286400
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-PIPELINING
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-DSN
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-ENHANCEDSTATUSCODES
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-STARTTLS
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-8BITMIME
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250-BINARYMIME
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 250 CHUNKING
> 
> 2015.04.28 09:17:37 LOG7[0]:  -> STARTTLS
> 
> 2015.04.28 09:17:37 LOG7[0]:  <- 220 2.0.0 SMTP server ready
> 
> 2015.04.28 09:17:37 LOG6[0]: SNI: sending servername:
> NNN.office365.com
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): before/connect 
> initialization
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv2/v3 write
> client hello A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server
> hello A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read
> server certificate A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server
> key exchange A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read
> server certificate request A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server
> done A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write
> client certificate A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write
> client key exchange A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write 
> certificate verify A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write
> change cipher spec A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write
> finished A
> 
> 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 flush data
> 
> 2015.04.28 09:17:37 LOG3[0]: SSL_connect: Peer suddenly
> disconnected
> 
> 2015.04.28 09:17:37 LOG5[0]: Connection reset: 0 byte(s) sent to
> SSL, 0 byte(s) sent to socket
> 
> 2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) closed
> 
> 2015.04.28 09:17:37 LOG7[0]: Local socket (FD=456) closed
> 
> 2015.04.28 09:17:37 LOG7[0]: Service [SSmtp] finished (0 left)
> 
> 
> 
> 
> 
> 
> 
> 
> 
> --- Hannu
> 
> 
> 
> 
> 
> _______________________________________________ stunnel-users
> mailing list stunnel-users at stunnel.org 
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVWuloAAoJEC78f/DUFuAUfUIQAMnM99ZF4/5PvyMNNZMBFzUQ
HiHZxQoG7UL07htG5eweJBEyxAD8qTk68eqhqAJLD/GRVYN9fpFTwLQy8/qFAtLy
iLR9HQ9l7UQ4ZLU7tIu+4+10r5ilKCt5IoQ1tkwzyYr1mbBpWF2dkPIeOa9mHMes
QEAT6Gmq7FvBU6sTqHMoMRJIHJqrqvRxjxsNdDFRyEzoHjuiqXzTa+VHSQsiZBXN
53SzAeEwm9r9ssdAzsMEUqBHWwjZbq+5Qccl8jASy8hIznuz608Bv2BwFDU/OU6y
2j+G/JQkkOljypjEkTwhRnf7XTlVmFr72nVRwiaojpC8rh5iaPBHDdRkopKZDlrv
hfY9HSVBrPzzsQxwQ1COarMYzPNvuoAmr0vnN/4cuyvvqMNFAxIdxfTBuOzDEXH6
hefXn6gldWIS+4BP3LRoPTJmTU6ZpbPvMHs+ez8S9FMZ806kvF6Wrjwo/nNd69eM
KBsRBhiIy60AivEVOfy0uFULG2Kp17kU1jAD2/9x9XUCPGCLCMq9uDH3/9r4DseG
BMmznn/WxMaXwviBFUaaq80l/fpjp3N5rENfA9+jTaj92w1EqGWYzYGVsmtxcQ1C
kQKrXZCXmyS0bT6xVeePTEON6PF/cKbhgCU1yVdg09egpiLqpit93MqDWkW2QLMh
HOX8SY0DbB+M0ZHNxFLd
=idz5
-----END PGP SIGNATURE-----


More information about the stunnel-users mailing list