<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Century Gothic";
panose-1:2 11 5 2 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Century Gothic",serif;
color:#2F5496;
font-weight:normal;
font-style:normal;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">I’ve installed stunnel on an Amazon EC2 instance:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">stunnel 4.56 on x86_64-redhat-linux-gnu platform<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">Global options:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">debug = daemon.notice<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">pid = /var/run/stunnel.pid<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">RNDbytes = 64<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">RNDfile = /dev/urandom<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">RNDoverwrite = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496"> <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">Service-level options:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">ciphers = FIPS (with "fips = yes")<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">ciphers = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no")<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">curve = prime256v1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">sessionCacheSize = 1000<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">sessionCacheTimeout = 300 seconds<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">sslVersion = TLSv1 (with "fips = yes")<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">sslVersion = TLSv1 for client, all for server (with "fips = no")<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">stack = 65536 bytes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">TIMEOUTbusy = 300 seconds<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">TIMEOUTclose = 60 seconds<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">TIMEOUTconnect = 10 seconds<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">TIMEOUTidle = 43200 seconds<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">verify = none</span><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">I’ve created the stunnel.conf file:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">[smtp-tls-wrapper]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">accept = 2525<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">client = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">connect = email-smtp.us-west-2.amazonaws.com:465<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">protocol=smtp<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">delay = yes<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">I’ve tested the connection to SES (successfully) via openssl:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">[ec2-user@ip-172-31-4-68 ~]$ openssl s_client -quiet -crlf -connect email-smtp.us-west-2.amazonaws.com:465<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification
Authority - G5<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">verify return:1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">verify return:1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">depth=0 C = US, ST = Washington, L = Seattle, O = "Amazon.com, Inc.", CN = email-smtp.us-west-2.amazonaws.com<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">verify return:1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">220 email-smtp.amazonaws.com ESMTP SimpleEmailService-2370111491 wa7VtNk9b7c4TX0jNpdG<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">But when I try to access through stunnel via localhost with telnet, I get this:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">[ec2-user@ip-172-31-4-68 ~]$ telnet localhost 2525<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">Trying ::1...<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">telnet: connect to address ::1: Connection refused<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">Trying 127.0.0.1...<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">Connected to localhost.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">Escape character is '^]'.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496">Connection closed by foreign host.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Courier",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">I’ve tried everything I can think of; I’ve read all the blogs and pages related to connecting from ec2 to SES via stunnel and I just can’t get it to work.
Does anyone have any suggestions for other things I could try?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Century Gothic",serif;color:#2F5496">Thanks in advance,<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Century Gothic",serif;color:#00B0F0">Rob Allen,
</span></b><span style="font-family:"Century Gothic",serif;color:#00B0F0">CPO<b><o:p></o:p></b></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Century Gothic",serif;color:black">Software Engineer </span><span style="font-size:10.0pt;font-family:"Century Gothic",serif;color:#00B0F0">|</span><span style="font-size:10.0pt;font-family:"Century Gothic",serif;color:black">
Eyefinity</span><o:p></o:p></p>
</div>
NOTICE: This message is intended only for the individual to whom it is addressed and may contain information that is confidential or privileged. If you are not the intended recipient, or the employee or person responsible for delivering it to the intended recipient,
you are hereby notified that any dissemination, distribution, copying or use is strictly prohibited. If you have received this communication in error, please notify the sender and destroy or delete this communication immediately.
</body>
</html>