[stunnel-users] Problems with stunnel and cox.net on Windows 7

Phil Smith III phs3stuff at cox.net
Thu Jan 18 03:59:42 CET 2018


Cox has been warning us that as of next week, we need to use encrypted POP
and SMTP. I have two reasons to use stunnel now:

1)     I use the K9 Bayesian email proxy for spam filtering, and it doesn't
do TLS

2)     My wife still uses Eudora and doesn't want to switch, and while
Eudora allegedly supports TLS, it's not trivial to make it work (and Cox
certainly won't help)

 

Thus stunnel looks like an ideal solution. But after tinkering for a few
hours on two machines, I'm stumped.

 

While I can type an SMTP or POP transaction in my sleep, I'm not so good at
typing a TLS handshake, so I'm using Outlook 2013 as my test platform (and
that's what I'll be using myself later anyway). I setup a new account, point
to the right ports on 127.0.0.1, and the test times out, with:

 

Log onto incoming mail server (POP3): The operation timed out waiting for a
response from the receiving (POP) server. If you continue to receive this
message, contact your server administrator or Internet service provider
(ISP).

 

Send test e-mail message: The operation timed out waiting for a response
from the sending (SMTP) server. If you continue to receive this message,
contact your server administrator or Internet service provider (ISP).

 

Here's my stunnel.conf, with blank lines and comments removed:

client = yes

output = C:\temp\stunnel-log.txt

taskbar = yes

debug = 7

[POP3 Incoming]

protocol = pop3

accept = 127.0.0.1:1110

connect = pop.cox.net:995

protocol = smtp

accept = 127.0.0.1:25

connect = smtp.cox.net:465

 

Yes, that's port 1110, since K9 is using 110. Shouldn't matter, right? (As
long as I point the client at 1110, obviously!)

Yes, I have protocol = pop3 and protocol = smtp; I've tried commenting them
out individually, no change that I can see.

Yes, I'm running stunnel explicitly, not as a service-I found threads
suggesting that it just doesn't work as a service on Windows 7 for some
reason (and in fact beat my head against that wall for a while first).

 

And here's the stunnel log:

2018.01.17 21:29:24 LOG7[main]: Running on Windows 6.1

2018.01.17 21:29:24 LOG7[main]: No limit detected for the number of clients

2018.01.17 21:29:24 LOG5[main]: stunnel 5.44 on x86-pc-msvc-1500 platform

2018.01.17 21:29:24 LOG5[main]: Compiled/running with OpenSSL 1.0.2m-fips  2
Nov 2017

2018.01.17 21:29:24 LOG5[main]: Threading:WIN32 Sockets:SELECT,IPv6
TLS:ENGINE,FIPS,OCSP,PSK,SNI

2018.01.17 21:29:24 LOG7[main]: errno: (*_errno())

2018.01.17 21:29:24 LOG7[ui]: GUI message loop initialized

2018.01.17 21:29:24 LOG7[main]: Running on Windows 6.1

2018.01.17 21:29:24 LOG5[main]: Reading configuration from file stunnel.conf

2018.01.17 21:29:24 LOG5[main]: UTF-8 byte order mark not detected

2018.01.17 21:29:24 LOG5[main]: FIPS mode disabled

2018.01.17 21:29:24 LOG7[main]: Compression disabled

2018.01.17 21:29:24 LOG7[main]: Snagged 64 random bytes from C:/.rnd

2018.01.17 21:29:24 LOG7[main]: Wrote 0 new random bytes to C:/.rnd

2018.01.17 21:29:24 LOG7[main]: PRNG seeded successfully

2018.01.17 21:29:24 LOG6[main]: Initializing service [POP3 Incoming]

2018.01.17 21:29:24 LOG7[main]: Ciphers: HIGH:!DH:!aNULL:!SSLv2

2018.01.17 21:29:24 LOG7[main]: TLS options: 0x03000004 (+0x03000000,
-0x00000000)

2018.01.17 21:29:24 LOG7[main]: No certificate or private key specified

2018.01.17 21:29:24 LOG4[main]: Service [POP3 Incoming] needs authentication
to prevent MITM attacks

2018.01.17 21:29:24 LOG5[main]: Configuration successful

2018.01.17 21:29:24 LOG7[main]: Binding service [POP3 Incoming]

2018.01.17 21:29:24 LOG7[main]: Listening file descriptor created (FD=460)

2018.01.17 21:29:24 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept
socket

2018.01.17 21:29:24 LOG7[main]: Service [POP3 Incoming] (FD=460) bound to
127.0.0.1:1110

2018.01.17 21:29:24 LOG7[main]: Listening file descriptor created (FD=464)

2018.01.17 21:29:24 LOG7[main]: Option SO_EXCLUSIVEADDRUSE set on accept
socket

2018.01.17 21:29:24 LOG7[main]: Service [POP3 Incoming] (FD=464) bound to
127.0.0.1:25

2018.01.17 21:29:24 LOG7[cron]: Cron thread initialized

2018.01.17 21:29:50 LOG7[main]: Found 1 ready file descriptor(s)

2018.01.17 21:29:50 LOG7[main]: FD=424 ifds=r-x ofds=---

2018.01.17 21:29:50 LOG7[main]: FD=460 ifds=r-x ofds=r--

2018.01.17 21:29:50 LOG7[main]: Service [POP3 Incoming] accepted (FD=488)
from 127.0.0.1:54855

2018.01.17 21:29:50 LOG7[main]: Creating a new thread

2018.01.17 21:29:50 LOG7[main]: New thread created

2018.01.17 21:29:50 LOG7[0]: Service [POP3 Incoming] started

2018.01.17 21:29:50 LOG7[0]: Option TCP_NODELAY set on local socket

2018.01.17 21:29:50 LOG5[0]: Service [POP3 Incoming] accepted connection
from 127.0.0.1:54855

2018.01.17 21:29:50 LOG6[0]: failover: round-robin, starting at entry #1

2018.01.17 21:29:50 LOG6[0]: s_connect: connecting 68.6.19.8:465

2018.01.17 21:29:50 LOG7[0]: s_connect: s_poll_wait 68.6.19.8:465: waiting
10 seconds

2018.01.17 21:29:50 LOG5[0]: s_connect: connected 68.6.19.8:465

2018.01.17 21:29:50 LOG5[0]: Service [POP3 Incoming] connected remote server
from 192.168.1.17:54856

2018.01.17 21:29:50 LOG7[0]: Option TCP_NODELAY set on remote socket

2018.01.17 21:29:50 LOG7[0]: Remote descriptor (FD=508) initialized

2018.01.17 21:30:24 LOG6[cron]: Executing cron jobs

2018.01.17 21:30:24 LOG6[cron]: Cron jobs completed in 0 seconds

2018.01.17 21:30:24 LOG7[cron]: Waiting 86400 seconds

2018.01.17 21:31:05 LOG7[main]: Found 1 ready file descriptor(s)

2018.01.17 21:31:05 LOG7[main]: FD=424 ifds=r-x ofds=---

2018.01.17 21:31:05 LOG7[main]: FD=460 ifds=r-x ofds=---

2018.01.17 21:31:05 LOG7[main]: Service [POP3 Incoming] accepted (FD=528)
from 127.0.0.1:54891

2018.01.17 21:31:05 LOG7[main]: Creating a new thread

2018.01.17 21:31:05 LOG7[main]: New thread created

2018.01.17 21:31:05 LOG7[1]: Service [POP3 Incoming] started

2018.01.17 21:31:05 LOG7[1]: Option TCP_NODELAY set on local socket

2018.01.17 21:31:05 LOG5[1]: Service [POP3 Incoming] accepted connection
from 127.0.0.1:54891

2018.01.17 21:31:05 LOG6[1]: failover: round-robin, starting at entry #0

2018.01.17 21:31:05 LOG6[1]: s_connect: connecting 146.20.147.245:995

2018.01.17 21:31:05 LOG7[1]: s_connect: s_poll_wait 146.20.147.245:995:
waiting 10 seconds

2018.01.17 21:31:05 LOG5[1]: s_connect: connected 146.20.147.245:995

2018.01.17 21:31:05 LOG5[1]: Service [POP3 Incoming] connected remote server
from 192.168.1.17:54892

2018.01.17 21:31:05 LOG7[1]: Option TCP_NODELAY set on remote socket

2018.01.17 21:31:05 LOG7[1]: Remote descriptor (FD=336) initialized

2018.01.17 21:34:05 LOG3[1]: Unexpected socket close (s_read)

2018.01.17 21:34:05 LOG5[1]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket

2018.01.17 21:34:05 LOG7[1]: Remote descriptor (FD=336) closed

2018.01.17 21:34:05 LOG7[1]: Local descriptor (FD=528) closed

2018.01.17 21:34:05 LOG7[1]: Service [POP3 Incoming] finished (1 left)

2018.01.17 21:34:05 LOG7[1]: str_stats: 1 block(s), 32 data byte(s), 58
control byte(s)

2018.01.17 21:34:05 LOG7[1]: str_stats: 32 byte(s) at ..\src\network.c:680

2018.01.17 21:34:50 LOG6[0]: s_read: s_poll_wait: TIMEOUTbusy exceeded:
sending reset

2018.01.17 21:34:50 LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0
byte(s) sent to socket

2018.01.17 21:34:50 LOG7[0]: Remote descriptor (FD=508) closed

2018.01.17 21:34:50 LOG7[0]: Local descriptor (FD=488) closed

2018.01.17 21:34:50 LOG7[0]: Service [POP3 Incoming] finished (0 left)

2018.01.17 21:34:50 LOG7[0]: str_stats: 1 block(s), 32 data byte(s), 58
control byte(s)

2018.01.17 21:34:50 LOG7[0]: str_stats: 32 byte(s) at ..\src\network.c:680

 

It looks like it connects, but then just sits there?!

 

I see these:

No certificate or private key specified

Service [POP3 Incoming] needs authentication to prevent MITM attacks

but that's during startup. Or are those significant?

 

I feel like I'm one setting away from having this all work.!

 

Thanks in advance for any suggestions.

-- 

...phsiii

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20180117/61940212/attachment-0001.html>


More information about the stunnel-users mailing list