[stunnel-users] Connection setup for STARTTLS vs. SSL/TLS for POP3/SMTP mail servers?

Peter Pentchev roam at ringlet.net
Fri Oct 20 11:07:21 CEST 2017

On Fri, Oct 20, 2017 at 07:01:04AM +0200, Ben Stover wrote:
> In stunnels *.conf file I can specify the mail server name and the port for a connection.
> How can I tell stunnel to use STARTTLS as connect type?
> How can I tell stunnel to use SSL/TLS as connect type?
> Does stunnel support both connect types at all or only one?
> Is the connect type for SMTP completely determined by port e.g.:
> STARTTLS over port 587 and SSL/TLS over port 465
> or can both connect types use both ports?

Take a look at the excellent stunnel documentation (hint: "protocol").

> Assume I do not get the supported connect type information from my webhoster:

This is highly unlikely; how else are you supposed to configure your
e-mail client?  (assuming you are trying to setup a tunnel to your
provider's e-mail server)

> How can I find it out from my (client) side?

Still, there is a way: if you have somehow managed to guess the correct
hostname and port to connect to, you can use "nc -v" or "telnet".
If the port is 25, or if the server greets you with an SMTP banner
(usually "220 something" or "220-something"), then this is a cleartext
connection and you want to set up STARTTLS (you can test for it by
issuing a couple of SMTP commands and then trying STARTTLS).  If the
server just hangs there and waits for you to send something, then it's
probably a TLS connection; you can test for that by running:

  openssl s_client -connect hostname:port

Still, I do indeed find it highly unlikely that your hosting provider
will not have given you enough information.

> What are there error messages?

Not sure what this question refers to.


Peter Pentchev  roam at ringlet.net roam at FreeBSD.org pp at storpool.com
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20171020/6ebe9929/attachment.sig>

More information about the stunnel-users mailing list