stunnel-users November 2013

stunnel-users@stunnel.org

14 participants
11 discussions

Stunnel 4 failing to connect to gmail
by Asif Iqbal 11 Dec '20

11 Dec '20

I am faling to connect to gmail. Not sure what that bind error means. iqbala@ghar:~$ sudo stunnel4 2008.12.15 13:53:17 LOG7[3839:3083650736]: Snagged 64 random bytes from /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: Wrote 1024 new random bytes to /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: RAND_status claims sufficient entropy for the PRNG 2008.12.15 13:53:17 LOG7[3839:3083650736]: PRNG seeded successfully 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: Key file: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Private key loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: SSL context initialized for service ssmtp 2008.12.15 13:53:17 LOG5[3839:3083650736]: stunnel 4.22 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2008.12.15 13:53:17 LOG5[3839:3083650736]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2008.12.15 13:53:17 LOG6[3839:3083650736]: file ulimit = 1024 (can be changed with 'ulimit -n') 2008.12.15 13:53:17 LOG6[3839:3083650736]: poll() used - no FD_SETSIZE limit for file descriptors 2008.12.15 13:53:17 LOG5[3839:3083650736]: 500 clients allowed 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 10 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 11 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 12 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: SO_REUSEADDR option set on accept socket 2008.12.15 13:53:17 LOG3[3839:3083650736]: Error binding ssmtp to 74.125.93.111:587 2008.12.15 13:53:17 LOG3[3839:3083650736]: bind: Cannot assign requested address (99) Here is how my conf file looks like iqbala@ghar:~$ cat /etc/stunnel/stunnel.conf | egrep -v "^;|^$" cert = /etc/stunnel/stunnel.pem foreground = yes sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel4/stunnel.log client = yes [ssmtp] accept = smtp.gmail.com:587 connect = 25 Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu

5 9

stunnel and hosts.allow
by Yousef Alhashemi 05 Jul '16

05 Jul '16

Hi, This may be a little bit off-topic, but does anyone here use stunnel with pan? My connections to stunnel (in pan) are always refused by libwrap. I was looking for the right rule to add to /etc/hosts.allow but nothing seems to work aside from "ALL : ALL" (which is obviously not good) and "nntps: KNOWN". Is the latter reasonable? The hosts_access(5) manpage is confusing to say the least. It mentions that daemon (the first token on any line) is the name of the daemon running the process, which would be "stunnel" in my case, but using "stunnel : LOCAL" or even "stunnel : ALL" doesn't work. The rule that seems to work, as mentioned, is "nntps : KNOWN" ("nntps" being the group name in stunnel.conf). What's even more confusing to me is that "nntps : LOCAL" does not work either. Nor does "nntps : localhost 127.0.0.1", "nntps : localhost", "nntps : 127.0.0.1", or "nntps : 192.168.1.". Pan is running on the same machine as stunnel so all connections must be coming from localhost. Why do these rules not trigger? Either way, I'd like to know the "least permissive" hosts.allow rule that would allow me to connect to my news provider from pan, and/or whether "nntps : KNOWN" is a safe option. Thanks, Yousef

3 6

Hostname verification, support for, and patches
by fslama＠comcast.net 06 Dec '13

06 Dec '13

After scouring the net I've found several isolated discussions regarding stunnel hostname validation. And also some patches that seem to implement hostname validation: https://www.stunnel.org/pipermail/stunnel-users/2010-March/002613.html I have a requirement to have stunnel (4.56) validate client certificates and their identity by comparing the its CNAME against the source address. I recall reading one response (which I can't find at the moment) from Marzena Trojnara indicating that this feature won't be supported. If so, can you explain the rational? Are there sanctioned patches out there today? Regards, -Fred

4 3

setup stunnel problem
by edu.bit.es＠gmail.com 20 Nov '13

20 Nov '13

Hi everybody, I'm absolutely new in stunnel. I came around because of a post in the google forums about making Symantec System Recovery mail through smtp.gmail.com. Symantec is not capable of doing SSL/TLS so I need a solution like stunnel. But I've an issue: it doesn't seem to work :) I installed the program ok, and configured in the following way: cert=stunnel.pem socket = l:TCP_NODELAY=1 socket= r:TCP_NODELAY=1 [gmail-smtp] client=yes accept:127.0.0.1:25 connect= smtp.gamil.com:465 EOF The server is listening on port 127.0.0.1:25 but when I do a telnet to that port gives an error and doesn't seem to tunnel me to smtp.gmail.com. On the other hand, I configured outlook to use that tunnel but gives an error stating it can reach the smtp server. What am I doing wrong? Should I change the TLS version? Best regards and thanks in advance.

2 7

Stunnel with gmail not working on RHEL 6.4
by André Luís 17 Nov '13

17 Nov '13

Hello, I am trying to setup stunnel to send email using gmail smtp server trough Oracle Database. I first tested on my windows machine. I installed and configured stunnel and it worked fine.But now I tried to do the same on our server (RHEL 6.4) and it doesn't work. I can successfuly telnet the 25 port: [root@server1 stunnel]# telnet localhost 25Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.220 mx.google.com ESMTP so2sm18740691pbc.5 - gsmtp When I send the email, i receive this error: SMTP permanent error: 534 5.7.14 54 ef10sm21262349pac.1 - gsmtp anyone have any idea? the stunnel.conf: pid = /stunnel.pidoutput = /var/log/stunnel.logcompression = zlibsslVersion = alloptions = NO_SSLv2debug = 7 [gmail-smtp]client = yesaccept = localhost:25connect = smtp.gmail.com:465 Here is the Stunnel log:2013.11.17 15:58:34 LOG7[23729:139952118699968]: gmail-smtp accepted FD=13 from 127.0.0.1:560892013.11.17 15:58:34 LOG7[23729:139952118695680]: gmail-smtp started2013.11.17 15:58:34 LOG7[23729:139952118695680]: FD 13 in non-blocking mode2013.11.17 15:58:34 LOG7[23729:139952118695680]: Waiting for a libwrap process2013.11.17 15:58:34 LOG7[23729:139952118695680]: Acquired libwrap process #02013.11.17 15:58:34 LOG7[23729:139952118695680]: Releasing libwrap process #02013.11.17 15:58:34 LOG7[23729:139952118695680]: Released libwrap process #02013.11.17 15:58:34 LOG7[23729:139952118695680]: gmail-smtp permitted by libwrap from 127.0.0.1:560892013.11.17 15:58:34 LOG5[23729:139952118695680]: gmail-smtp accepted connection from 127.0.0.1:560892013.11.17 15:58:34 LOG7[23729:139952118695680]: FD 14 in non-blocking mode2013.11.17 15:58:34 LOG6[23729:139952118695680]: connect_blocking: connecting 74.125.129.108:4652013.11.17 15:58:34 LOG7[23729:139952118695680]: connect_blocking: s_poll_wait 74.125.129.108:465: waiting 10 seconds2013.11.17 15:58:34 LOG5[23729:139952118695680]: connect_blocking: connected 74.125.129.108:4652013.11.17 15:58:34 LOG5[23729:139952118695680]: gmail-smtp connected remote server from 172.31.22.161:510672013.11.17 15:58:34 LOG7[23729:139952118695680]: Remote FD=14 initialized2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): before/connect initialization2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv2/v3 write client hello A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 read server hello A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 read server certificate A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 read server done A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 write client key exchange A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 write change cipher spec A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 write finished A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 flush data2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 read server session ticket A2013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 read finished A2013.11.17 15:58:34 LOG7[23729:139952118695680]: 1 items in the session cache2013.11.17 15:58:34 LOG7[23729:139952118695680]: 1 client connects (SSL_connect())2013.11.17 15:58:34 LOG7[23729:139952118695680]: 1 client connects that finished2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 client renegotiations requested2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 server connects (SSL_accept())2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 server connects that finished2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 server renegotiations requested2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 session cache hits2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 external session cache hits2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 session cache misses2013.11.17 15:58:34 LOG7[23729:139952118695680]: 0 session cache timeouts2013.11.17 15:58:34 LOG6[23729:139952118695680]: SSL connected: new session negotiated2013.11.17 15:58:34 LOG6[23729:139952118695680]: Negotiated ciphers: RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA12013.11.17 15:58:34 LOG7[23729:139952118695680]: SSL socket closed on SSL_read2013.11.17 15:58:34 LOG7[23729:139952118695680]: Socket write shutdown2013.11.17 15:58:34 LOG5[23729:139952118695680]: Connection closed: 90 bytes sent to SSL, 860 bytes sent to socket2013.11.17 15:58:34 LOG7[23729:139952118695680]: gmail-smtp finished (0 left)2013.11.17 16:01:01 LOG7[23729:139952118699968]: gmail-smtp accepted FD=13 from 127.0.0.1:561202013.11.17 16:01:01 LOG7[23729:139952118695680]: gmail-smtp started2013.11.17 16:01:01 LOG7[23729:139952118695680]: FD 13 in non-blocking mode2013.11.17 16:01:01 LOG7[23729:139952118695680]: Waiting for a libwrap process2013.11.17 16:01:01 LOG7[23729:139952118695680]: Acquired libwrap process #02013.11.17 16:01:01 LOG7[23729:139952118695680]: Releasing libwrap process #02013.11.17 16:01:01 LOG7[23729:139952118695680]: Released libwrap process #02013.11.17 16:01:01 LOG7[23729:139952118695680]: gmail-smtp permitted by libwrap from 127.0.0.1:561202013.11.17 16:01:01 LOG5[23729:139952118695680]: gmail-smtp accepted connection from 127.0.0.1:561202013.11.17 16:01:01 LOG7[23729:139952118695680]: FD 14 in non-blocking mode2013.11.17 16:01:01 LOG6[23729:139952118695680]: connect_blocking: connecting 74.125.129.109:4652013.11.17 16:01:01 LOG7[23729:139952118695680]: connect_blocking: s_poll_wait 74.125.129.109:465: waiting 10 seconds2013.11.17 16:01:01 LOG5[23729:139952118695680]: connect_blocking: connected 74.125.129.109:4652013.11.17 16:01:01 LOG5[23729:139952118695680]: gmail-smtp connected remote server from 172.31.22.161:569712013.11.17 16:01:01 LOG7[23729:139952118695680]: Remote FD=14 initialized2013.11.17 16:01:01 LOG7[23729:139952118695680]: SSL state (connect): before/connect initialization2013.11.17 16:01:01 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 write client hello A2013.11.17 16:01:01 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 read server hello A2013.11.17 16:01:01 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 read finished A2013.11.17 16:01:01 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 write change cipher spec A2013.11.17 16:01:01 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 write finished A2013.11.17 16:01:01 LOG7[23729:139952118695680]: SSL state (connect): SSLv3 flush data2013.11.17 16:01:01 LOG7[23729:139952118695680]: 1 items in the session cache2013.11.17 16:01:01 LOG7[23729:139952118695680]: 2 client connects (SSL_connect())2013.11.17 16:01:01 LOG7[23729:139952118695680]: 2 client connects that finished2013.11.17 16:01:01 LOG7[23729:139952118695680]: 0 client renegotiations requested2013.11.17 16:01:01 LOG7[23729:139952118695680]: 0 server connects (SSL_accept())2013.11.17 16:01:01 LOG7[23729:139952118695680]: 0 server connects that finished2013.11.17 16:01:01 LOG7[23729:139952118695680]: 0 server renegotiations requested2013.11.17 16:01:01 LOG7[23729:139952118695680]: 1 session cache hits2013.11.17 16:01:01 LOG7[23729:139952118695680]: 0 external session cache hits2013.11.17 16:01:01 LOG7[23729:139952118695680]: 0 session cache misses2013.11.17 16:01:01 LOG7[23729:139952118695680]: 0 session cache timeouts2013.11.17 16:01:01 LOG6[23729:139952118695680]: SSL connected: previous session reused2013.11.17 16:01:02 LOG7[23729:139952118695680]: SSL socket closed on SSL_read2013.11.17 16:01:02 LOG7[23729:139952118695680]: Socket write shutdown2013.11.17 16:01:02 LOG5[23729:139952118695680]: Connection closed: 241 bytes sent to SSL, 825 bytes sent to socket2013.11.17 16:01:02 LOG7[23729:139952118695680]: gmail-smtp finished (0 left) Thanks a lot

1 0

Weird tunneling eMule's web interface
by Javier 17 Nov '13

17 Nov '13

Hi there, lets see: When I setup a server for the eMule's web interface and I access with the browser through https, the result is that the web interface never fully loads. When I setup a server for the web interface and a client connecting to that server and I access with the browser through http and with help of the client, the web interface loads without problems. Ok, at this point you think... "maybe the browser doesn't understand stunnel server at first instance for some reason... and needs the client to have a good SSL connection". So, we complicate things.... ;-) I made the following scenario because, sometimes, you can't use a client in the remote computer (where is not the web interface, if you are lost what with I'm telling). So, now we setup a server for the web interface, a client that connects to the server and a new server that connects to the client to serve to the remote browser... and... happens the same as the first example, as if it was only one server serving the web interface: it never fully loads. (I know, this scenario was quite weird :-P ). In case it was the browser I checked max connections, pipelining, etc, (allowing crazy max connection limits) but that didn't help on success :-( No matter of what web browser I use, they all do the same. They create between 7 to 15 connections with stunnel (sometimes more, others less) and nothing else. With the help of the client, all is smooth with over 150 connections. I tried too to create an html file "similar" to the web interface with the same resources (basically loads of images and therefore requests per second) and with my own web server and, in this case, there was no drama at all. The browsers connect to the stunnel server with over 190 connections in an eye blink and without of an stunnel client. At this point, I'm quite lost :-S Why doesn't load the web interface connecting directly to the stunnel server but does with the help of a client? Any ideas? Probably is the built-in web server of eMule, but it doesn't give problems when there is no stunnel in between or when using an stunnel client to connect to that stunnel server :S If you use eMule, test it and tell me if it works for you. Regards. P.S.: I hope you understood all because, even for me, has been confusing to explain.

1 0

stunnel server configuration requirement to handle CBC protection
by Simner, John 13 Nov '13

13 Nov '13

Hi, Having recently used stunnel on the phone as a server to encrypt the communication between an external client and a simple TCP server socket on the phone, one of the clients have raised the following.... Phone resets a TLS conection from client, when CBC protection is enabled on tomcat server. The phone syslog shows: Oct 28 14:26:14 10 user.crit syslog: CommsChannelExtenderRx(28881): ./src/CommsChannelExtenderRx.cpp:186 Header section invalid To prevent a SSL/TLS BEAST attack (CVE-2011-3389) Oracle Java (JSSE) has implemented a CBC protection which can be set with System Property jsse.enableCBCProtection. The default value is true. What was done: Start client and connect it with a phone. The TLS connection is established, but then the phone resets the connection, and client is not working. When I set jsse.enableCBCProtection to false at the tomcat server, the phone accepts the connection and client is working. To prevent man-in-the-middle attacks, the phone should be able to handle the fragmented TLS block when CBC protection is activated on the client tomcat server. I have been unable to find the appropriate stunnel configuration item to support this. Please could you inform me how this is handled through stunnel. Thank you for your assistance and I look forward to your responses. Thanks.. John John Simner BSc(Hons) MSc CEng. MIET Software Engineer Unify Enterprise Communications Ltd. Devices Development K Block, Technology Drive, Beeston, Nottingham, NG9 1LA Tel.: +44 (0) 19088 17378 Email: john.simner(a)unify.com <mailto:vorname.name@unify.com> www.unify.co.uk<http://www.unify.co.uk/> Follow us: [Social_media_icons] <http://www.unify.com/social-media> Unify Enterprise Communications Limited. Registered Office: Brickhill Street, Willen Lake, Milton Keynes, MK15 0DJ Registered No: 5903714, England. This email contains confidential information and is for the exclusive use of the addressee. If you are not the addressee then any distribution, copying, or use of this email is prohibited. If received in error, please advise the sender and delete immediately. We accept no liability for any loss or damage suffered by any person arising from use of this email.

4 10

Patch for Start TLS for LDAP clients (RFC 2830)
by Bart Dopheide 07 Nov '13

07 Nov '13

Hi, I noticed that latest/greatest stunnel does not support the Start TLS operation for LDAP (RFC2830). Yet, I need it in my organisation as a quick workaround. After fiddling with OpenLDAP, tracing, and reading RFC 2830 a bit, I patched stunnel 4.56 and the patch has not failed me yet. But I must remark that I am no LDAP expert, nor an certified stunnel hacker. So, I will submit this patch as a first suggestion. Will you consider the feature request of implementing the Start TLS feature as described in RFC 2830? Cheers, Bart Dopheide My patch suggestion is: dopheideb@anguish:/tmp$ diff -aur stunnel-4.56 stunnel-4.56-ldap-starttls-patch diff -aur stunnel-4.56/src/protocol.c stunnel-4.56-ldap-starttls-patch/src/protocol.c --- stunnel-4.56/src/protocol.c 2013-03-13 14:41:16.000000000 +0100 +++ stunnel-4.56-ldap-starttls-patch/src/protocol.c 2013-11-05 11:19:10.388365359 +0100 @@ -53,6 +53,7 @@ static void imap_client(CLI *); static void imap_server(CLI *); static void nntp_client(CLI *); +static void openldap_client(CLI *); static void connect_server(CLI *); static void connect_client(CLI *); @@ -82,6 +83,7 @@ {"pop3", {{PROTOCOL_PRE_SSL, pop3_server}, {PROTOCOL_PRE_SSL, pop3_client}}}, {"imap", {{PROTOCOL_PRE_SSL, imap_server}, {PROTOCOL_PRE_SSL, imap_client}}}, {"nntp", {{PROTOCOL_NONE, NULL}, {PROTOCOL_PRE_SSL, nntp_client}}}, + {"openldap",{{PROTOCOL_NONE, NULL}, {PROTOCOL_PRE_SSL, openldap_client}}}, {"connect", {{PROTOCOL_PRE_CONNECT, connect_server}, {PROTOCOL_PRE_SSL, connect_client}}}, {NULL, {{PROTOCOL_NONE, NULL}, {PROTOCOL_NONE, NULL}}} }; @@ -513,6 +515,88 @@ str_free(line); } +/**************************************** LDAP, RFC 2830 */ + +u8 ldap_startssl_message[0x1d + 2] = +{ + 0x30, /* tag = UNIVERSAL SEQUENCE */ + 0x1d, /* len = 29 (the remaining number of bytes in this message) */ + 0x02, /* messageID */ + 0x01, /* len = 1 */ + 0x01, /* value = 1 (this is messageID 1) */ + /* --- */ + 0x77, /* protocolOp = APPLICATION (23) (=ExtendedRequest) + * 0b01xxxxxx => APPLICATION + * 0bxx1xxxxx => ? + * 0xxxx10111 => 23 + */ + 0x18, /* len = 24 */ + 0x80, /* type = requstName? */ + 0x16, /* len = 22 */ + /* OID: 1.3.6.1.4.1.1466.20037 (=LDAP_START_TLS_OID)*/ + '1', '.', + '3', '.', + '6', '.', + '1', '.', + '4', '.', + '1', '.', + '1', '4', '6', '6', '.', + '2', '0', '0', '3', '7' + /* No requestValue, as per RFC2830 (in 2.1: "The requestValue field is absent") */ +}; +static void openldap_client(CLI *c) { + u8 buffer[1]; + u8 ldap_response[256]; + + s_log(LOG_DEBUG, "Requesting LDAP Start TLS"); + write_blocking(c, c->remote_fd.fd, ldap_startssl_message, ldap_startssl_message[1] + 2); + + read_blocking(c, c->remote_fd.fd, buffer, 1); + if(buffer[0] != 0x30) { + s_log(LOG_ERR, "start tag is not UNIVERSAL SEQUENCE"); + longjmp(c->err, 1); + } + + s_log(LOG_DEBUG, "Reading LDAP message size (1 byte)."); + read_blocking(c, c->remote_fd.fd, buffer, 1); + + s_log(LOG_DEBUG, "Reading LDAP message (%u byte(s))", buffer[0]); + read_blocking(c, c->remote_fd.fd, ldap_response, buffer[0]); + + if(ldap_response[0] != 0x02) { + s_log(LOG_ERR, "LDAP response does not start with type messageID"); + longjmp(c->err, 1); + } + if(ldap_response[1] != 0x01) { + s_log(LOG_ERR, "This is not an extendedResp(1)"); + longjmp(c->err, 1); + } + if(ldap_response[2] != 0x01) { + s_log(LOG_ERR, "Non-matching messageID"); + longjmp(c->err, 1); + } + if(ldap_response[3] != 0x78) { + s_log(LOG_ERR, "This is not a protocolOp for APPLICATION ExtendedResponse"); + longjmp(c->err, 1); + } + if(ldap_response[4] != 0x07) { + s_log(LOG_ERR, "Expected 0x07 indicating extendedResp is 7 bytes long"); + longjmp(c->err, 1); + } + if(ldap_response[5] != 0x0a) { + s_log(LOG_ERR, "This is not an extendedResp"); + longjmp(c->err, 1); + } + if(ldap_response[6] != 0x01) { + s_log(LOG_ERR, "This is not an extendedResp"); + longjmp(c->err, 1); + } + if(ldap_response[7] != 0x00) { + s_log(LOG_ERR, "This is not resultCode success"); + longjmp(c->err, 1); + } +} + /**************************************** connect */ static void connect_server(CLI *c) { dopheideb@anguish:/tmp$

3 2

stunnel x forwarded not working
by Libindas 05 Nov '13

05 Nov '13

Hi all, We are facing problem with stunnel + HAproxy + Tomcat Client -----> Stunnel-----> HAProxy----> Tomcat { I need get client IP in Tomcat Servers} I have compiled(stunnel-4.32 + stunnel-4.32-xforwarded-for.diff) and installed but not working. Really appreciate your help Thanks Libin

2 1

Trouble sending email via smtp with a particular gmail address
by Brian Morgan 01 Nov '13

01 Nov '13

I'm having trouble sending email through stunnel with our customer service email address. We use google premium services for our hosted email. I can send through stunnel using my own personal account, but when I switch to the cust service account, I get the error: "Failed to send an E-mail through the specified SMTP server [127.0.0.1]: The SMTP server requires a secure connection or the client was not authenticated. The server response was 5.5.1 Authentication Required." And yes, I double/triple checked credentials and can login through the gmail interface with them just fine. I also tried changing the password to a strong password which did not help. gmail settings in stunnel.conf: [gmail-smtp] client = yes accept = 127.0.0.1:259 connect = smtp.gmail.com:465 I also tried port 587 but that produces another error: "Failed to send an E-mail through the specified SMTP server [127.0.0.1]: Failure sending mail." Any ideas?

2 4

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users November 2013