[stunnel-users] Connection setup for STARTTLS vs. SSL/TLS for POP3/SMTP mail servers?
roam at ringlet.net
Fri Oct 20 11:07:21 CEST 2017
On Fri, Oct 20, 2017 at 07:01:04AM +0200, Ben Stover wrote:
> In stunnels *.conf file I can specify the mail server name and the port for a connection.
> How can I tell stunnel to use STARTTLS as connect type?
> How can I tell stunnel to use SSL/TLS as connect type?
> Does stunnel support both connect types at all or only one?
> Is the connect type for SMTP completely determined by port e.g.:
> STARTTLS over port 587 and SSL/TLS over port 465
> or can both connect types use both ports?
Take a look at the excellent stunnel documentation (hint: "protocol").
> Assume I do not get the supported connect type information from my webhoster:
This is highly unlikely; how else are you supposed to configure your
e-mail client? (assuming you are trying to setup a tunnel to your
provider's e-mail server)
> How can I find it out from my (client) side?
Still, there is a way: if you have somehow managed to guess the correct
hostname and port to connect to, you can use "nc -v" or "telnet".
If the port is 25, or if the server greets you with an SMTP banner
(usually "220 something" or "220-something"), then this is a cleartext
connection and you want to set up STARTTLS (you can test for it by
issuing a couple of SMTP commands and then trying STARTTLS). If the
server just hangs there and waits for you to send something, then it's
probably a TLS connection; you can test for that by running:
openssl s_client -connect hostname:port
Still, I do indeed find it highly unlikely that your hosting provider
will not have given you enough information.
> What are there error messages?
Not sure what this question refers to.
Peter Pentchev roam at ringlet.net roam at FreeBSD.org pp at storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: not available
More information about the stunnel-users