<HEAD><STYLE TYPE="text/css">
<!--
Body {font-size:12pt; font-family:Arial;}
H1 {font-size:12pt; font-family:Arial;}
BodyTimes {font-size:12pt; font-family:Times New Roman;}
-->
</style>
</HEAD>
<BODY>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">Adding "protocol = smtp" was the solution to my problem. Thank you Leonardo!</P>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px"> </P>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">Regards,</P>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px">David Schomaker</P>
<P style="MARGIN-TOP: 0px; MARGIN-BOTTOM: 0px"><BR>----- Original Message -----<BR>From: "Leandro Avila" <leandro.avila@ymail.com><BR>To: "David Schomaker" <david@schomaker.net>,<BR>"stunnel" <stunnel-users@stunnel.org><BR>Date: Thu, 13 Sep 2012 09:26:00 -0700<BR>Subject: Re: [stunnel-users] Trouble with smtp client connection and TLS inWindows<BR><BR><BR><BR>David,<BR><BR>Perhaps the issue is on the server side.<BR><BR>A quick look to the SMTP server on smtp.smarshmail.com will show<BR><BR>220 smtp.smarshmail.com ESMTP Service is ready on Server 1 (EQ).<BR>EHLO <BR>250-smtp.smarshmail.com Hello [123.456.790.101]<BR>250-SIZE 36700160<BR>250-PIPELINING<BR>250-DSN<BR>250-ENHANCEDSTATUSCODES<BR>250-STARTTLS<BR>250-AUTH GSSAPI NTLM<BR>250-8BITMIME<BR>250-BINARYMIME<BR>250 CHUNKING<BR>QUIT<BR>221 2.0.0 Service closing transmission channel<BR><BR>I would try adding the following option to your stunnel configuration<BR><BR>protocol = smtp<BR><BR>I'm not certain but looks like you need to issue the STARTTLS to<BR>negociate the secure connection with this server.<BR>Check the stunnel manual for further explanation on the option<BR>http://www.stunnel.org/static/stunnel.html<BR><BR>Hope this helps<BR><BR><BR>-----------------<BR>Leandro Avila<BR><BR><BR>----- Original Message -----<BR>From: David Schomaker <david@schomaker.net><BR>To: stunnel <stunnel-users@stunnel.org><BR>Cc: <BR>Sent: Monday, September 10, 2012 10:32 PM<BR>Subject: [stunnel-users] Trouble with smtp client connection and TLS in Windows<BR><BR>I need to configure stunnel to connect to smtp via TLS and am not able to get it to work either running 4.53 or 4.54beta. Perhaps I have the conf file created incorrectly.<BR><BR>The stunnel.conf is as follows:<BR>+++++++++++++++++++++++++++++++++++++++ <BR>; Debugging stuff (may useful for troubleshooting)<BR>debug = 7<BR>output = c:\temp\stunnel.log<BR><BR>; Disable FIPS mode to allow non-approved protocols and algorithms<BR>;fips = no<BR><BR>; Disable support for insecure SSLv2 protocol<BR>options = NO_SSLv2<BR><BR>[SMARSH-pop3]<BR>client = yes<BR>accept = 127.0.0.1:110<BR>connect = pop.smarshmail.com:995<BR><BR>[SMARSH-smtp]<BR>client = yes<BR>SSLversion=TLSv1<BR>accept = 127.0.0.1:25<BR>connect = smtp.smarshmail.com:587<BR>+++++++++++++++++++++++++<BR><BR>Pop works great. The log on an smtp session is as follows:<BR><BR>+++++++++++++++++++++++++<BR>2012.09.10 12:48:31 LOG7[1984:300]: Service [SMARSH-smtp] accepted (FD=508) from 127.0.0.1:49517<BR>2012.09.10 12:48:31 LOG7[1984:300]: Creating a new thread<BR>2012.09.10 12:48:31 LOG7[1984:300]: New thread created<BR>2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] started<BR>2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] accepted connection from 127.0.0.1:49517<BR>2012.09.10 12:48:31 LOG6[1984:2796]: connect_blocking: connecting 199.47.168.58:587<BR>2012.09.10 12:48:31 LOG7[1984:2796]: connect_blocking: s_poll_wait 199.47.168.58:587: waiting 10 seconds<BR>2012.09.10 12:48:31 LOG5[1984:2796]: connect_blocking: connected 199.47.168.58:587<BR>2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] connected remote server from 192.168.108.158:49518<BR>2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) initialized<BR>2012.09.10 12:48:31 LOG7[1984:2796]: SNI: host name: smtp.smarshmail.com<BR>2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): before/connect initialization<BR>2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): SSLv3 write client hello A<BR>2012.09.10 12:48:31 LOG7[1984:2796]: SSL alert (write): fatal: protocol version<BR>2012.09.10 12:48:31 LOG3[1984:2796]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number<BR>2012.09.10 12:48:31 LOG5[1984:2796]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket<BR>2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) closed<BR>2012.09.10 12:48:31 LOG7[1984:2796]: Local socket (FD=508) closed<BR>2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] finished (0 left)<BR>2012.09.10 12:48:40 LOG7[1984:300]: Dispatching signals from the signal pipe<BR>2012.09.10 12:48:43 LOG7[1984:300]: Processing SIGNAL_TERMINATE<BR>2012.09.10 12:48:43 LOG5[1984:300]: Terminated<BR>++++++++++++++++++++++++++<BR><BR>Is sTunnel using SSLv3 rather than TLSv1? If so how do I force TLS?<BR><BR>Thanks...<BR><BR><BR>_______________________________________________<BR>stunnel-users mailing list<BR>stunnel-users@stunnel.org<BR>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users<BR>_______________________________________________<BR>stunnel-users mailing list<BR>stunnel-users@stunnel.org<BR>https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users<BR><BR> </P></BODY>