<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
Thank you Brent,</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
I was able to remove "Service [service name] needs authentication to prevent MITM attacks"</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
from the log by your suggestion.</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
I found if I have Avast running with mail shield enabled I get this error in the Stunnel log window:</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket.</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
This results in no emails being abled to be sent by SMPT.</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
If I disable Avast's mail shield the mail is sent with no errors.</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
Is there a work around for to be able to use Stunnel without disabling Avast's mail shield?</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
Thanks for any help on this issue.</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
<br>
</div>
<div style="color: rgb(0, 0, 0); font-family: Calibri,Helvetica,sans-serif; font-size: 12pt;">
<br>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> stunnel-users <stunnel-users-bounces@stunnel.org> on behalf of Brent Kimberley <brent_kimberley@rogers.com><br>
<b>Sent:</b> Sunday, June 23, 2019 11:11 PM<br>
<b>To:</b> stunnel-users@stunnel.org<br>
<b>Subject:</b> Re: [stunnel-users] stunnel-users Digest, Vol 179, Issue 11</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText"><br>
>>Does anybody know how to prevent this from happening?<br>
Try adding the following:<br>
#verify the peer certificate chain starting from the root CA<br>
#pre-requisite #1: checkHost (OR checkIP)<br>
#pre-requisite #2: CAfile (OR CApath)<br>
verifyChain = yes<br>
checkHost = pop.cox.com<br>
<br>
#verify the peer certificate chain starting from the root CA<br>
#pre-requisite #1: checkHost (ORcheckIP)<br>
#pre-requisite #2: CAfile (OR CApath)<br>
verifyChain = yes<br>
checkHost = smtp.cox.net<br>
<br>
ref:<br>
<a href="https://www.stunnel.org/config_windows.html">https://www.stunnel.org/config_windows.html</a><br>
<a href="https://www.stunnel.org/static/stunnel.html">https://www.stunnel.org/static/stunnel.html</a><br>
<br>
<br>
From: David Yunker <davidyunker@hotmail.com><br>
Subject: [stunnel-users] SOLVED, I cannot get Outlook Express email to work after Cox changes<br>
<br>
To anybody interested,<br>
<br>
Here is how to configure Stunnel for Outlook Express v6 in Windows XP to work:<br>
<br>
Modify Stunnel configuration to this:<br>
<br>
[cox-pop3]<br>
client = yes<br>
accept = 127.0.0.1:110<br>
connect = pop.cox.net:995<br>
CAfile = ca-certs.perm<br>
OCSPaia = yes<br>
<br>
[cox-smtp]<br>
client = yes<br>
accept = 127.0.0.1:25<br>
connect = smtp.cox.net:587<br>
CAfile = ca-certs.perm<br>
OCSPaia = yes<br>
<br>
Now configure Outlook Express as follows:<br>
<br>
Set incoming mail(POP3) to 127.0.0.1<br>
Set outgoing mail(SMTP) to 127.0.0.1<br>
Have "Logon using secure password authentication" unchecked.<br>
Have "My server requires authentication" unchecked<br>
For POP3 set incoming mail (POP3) to port 110.<br>
For SMTP set outgoing mail (SMTP) to port 25.<br>
Have "This server requires a secure connection(SSL)" for POP3 unchecked.<br>
Have "This server requires a secure connection(SSL)" for SMTP unchecked.<br>
<br>
Everything works except I have the following error message in the Stunnel log:<br>
"Service [service name] needs authentication to prevent MITM attacks"<br>
<br>
Does anybody know how to prevent this from happening?<br>
I tried having the "My server requires authentication" checked but I still have the message when Stunnel starts.<br>
<br>
Thank you for any help.<br>
<br>
<br>
_______________________________________________<br>
stunnel-users mailing list<br>
stunnel-users@stunnel.org<br>
<a href="https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users">https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users</a><br>
</div>
</span></font></div>
</body>
</html>