[stunnel-users] Sending original IP (proxy) for smtp

James Brown jlbrown at bordo.com.au
Tue Apr 16 07:52:15 CEST 2019

I’d like stunnel to pass the incoming IP along, not stunnel's IP.

My traffic flow is:

Stunnel (accept on port 465) -> ASSP (an smtp proxy) -> Postfix (accept on port 10026)

I tried:

client = no
accept  = 465
connect = 25
protocol = proxy

But ASSP had:

Apr-15-19 18:50:22 [Worker_1] Connected: session:7FE104AA1870 > >
Apr-15-19 18:50:23 [Worker_1] warning: got reply '502 5.5.2 Error: command not recognized' from
Apr-15-19 18:50:23 id-18223-03317 [Worker_1] info: sending EHLO instead of HELO to
Apr-15-19 18:50:23 id-18223-03317 [Worker_1] disconnected: session:7FE104AA1870 - processing time 1 seconds

And Postfix had:

2019-04-15 18:50:22.995042+1000  localhost smtpd[33360]: connect from localhost[]
2019-04-15 18:50:23.108756+1000  localhost smtpd[33360]: improper command pipelining after EHLO from localhost[]: RSET\r\n
2019-04-15 18:50:23.273664+1000  localhost smtpd[33360]: disconnect from localhost[] ehlo=2 rset=1 quit=1 unknown=0/1 commands=4/5

So I take it protocol=proxy is not the way to do it. Sounds like this only works with haproxy which I do not have installed.

Is there a way to do this?

The problem I am trying to solve is ASSP has lines like:

warning: SMTP authentication failed on

- obviously I don’t want fail2ban to ban

Stunnel log has:

2019.04.15 18:52:26 LOG5[23]: Service [ssmtp] accepted connection from ::ffff:
2019.04.15 18:52:27 LOG3[23]: s_connect: connect ::1:25: Connection refused (61)

Any suggestions?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20190416/ae624717/attachment.html>

More information about the stunnel-users mailing list