stunnel-users October 2023

stunnel-users@stunnel.org

15 participants
15 discussions

How do I hide my browsing?
by Jason Long 20 Oct '23

20 Oct '23

Hello,In an internal network, they monitor web browsing through firewalls (Fortinet and FortiGate). I have two questions: 1- Can I use Stunnel to hide my browsing? 2- Can they capture usernames and passwords for email and other websites? Thank you.

3 2

stunnel cmvp number
by Seray Tokadli 09 Oct '23

09 Oct '23

Hi, for our company i need to find the cvmp number for stunnel however I am not able to find it. Is there anyone who can help me with that? https://csrc.nist.gov/projects/cryptographic-module-validation-program/vali… I could not find stunnel here. -- Seray TOKADLI KILIÇ +420778116052

2 1

Re: stunnel smtp tls frontend server/proxy for remote backend postfix
by James Thornton 09 Oct '23

09 Oct '23

The direction is mail sent from an external email address to stunnel (running on google cloud) for delivery to a postfix mailbox running on a local network. I posted this question on serverfault ( https://serverfault.com/questions/1145279/stunnel-smtp-tls-frontend-server-…), and someone said the problem may be either stunnel strips the ip and/or the the sender is trying to switch to TLS on postfix, not realizing the TLS connection has already been made by stunnel. On Sat, Oct 7, 2023 at 9:22 AM Stewart Anderson <stuson_2000(a)yahoo.co.uk> wrote: > Client and server will both negotiate SSL. Your server mode is presenting > a certificate. > > It's not clear from your config /text which direction your traffic is > going !! > > If it's incoming from Google to your postfix server then server mode is > correct. Stunnel will negotiate the SSL and then forward to postfix in > clear. If the handshake isn't happening, have you put Google's cert in > your CA certs somewhere? > > What confuses it for me is the Google internal IP reference. If you are > getting traffic from Google then stunnel would need to be accepting on the > host where stunnel is, so only a port is required in the accept. This can > be on a machine in your DMZ or behind a firewall, e.g. on or close to your > postfix server. > > Hope that helps. > > > > > Stewart > stuson_2000(a)yahoo.co.uk > > On 6 October 2023 05:51:14 "james(a)jamesthornton.com" < > james(a)jamesthornton.com> wrote: > > I'm running stunnel in server mode and listening on port 587 and trying to >> connect to a remote postfix server running on port 25. >> >> NB: the two servers are connected via zerortier, which may or may no be >> relevant to the issue. >> >> DEBUG = 7 >> >> [ssmtp] >> protocol = smtp >> accept = google_cloud_internal_ip:587 >> connect = remote_zerotier_postfix_ip:25 >> cert = /etc/stunnel/domain.pem >> >> I thought this would set up stunnel to handle the TLS handshake and >> terminate the TLS connection, while proxing to the backend postfix server >> without requiring postfix to worry about TLS. But I'm getting LOG3[0]: >> STARTTLS expected when stunnel tries to connect to postfix. If I put >> stunnel in client mode, then it doesn't negotiate the incoming TLS >> (right?). >> >> What am I missing? >> _______________________________________________ >> stunnel-users mailing list -- stunnel-users(a)stunnel.org >> To unsubscribe send an email to stunnel-users-leave(a)stunnel.org >> > > -- James Thornton, *http://electricspeed.com <http://electricspeed.com>*

2 1

stunnel smtp tls frontend server/proxy for remote backend postfix
by james＠jamesthornton.com 06 Oct '23

06 Oct '23

I'm running stunnel in server mode and listening on port 587 and trying to connect to a remote postfix server running on port 25. NB: the two servers are connected via zerortier, which may or may no be relevant to the issue. DEBUG = 7 [ssmtp] protocol = smtp accept = google_cloud_internal_ip:587 connect = remote_zerotier_postfix_ip:25 cert = /etc/stunnel/domain.pem I thought this would set up stunnel to handle the TLS handshake and terminate the TLS connection, while proxing to the backend postfix server without requiring postfix to worry about TLS. But I'm getting LOG3[0]: STARTTLS expected when stunnel tries to connect to postfix. If I put stunnel in client mode, then it doesn't negotiate the incoming TLS (right?). What am I missing?

1 0

stunnel events
by noel_melvin＠neimanmarcus.com 02 Oct '23

02 Oct '23

Whats the difference between Connection closed: : 2505 byte(s) sent to TLS, 59 byte(s) sent to socket and Connection closed: : 0 byte(s) sent to TLS, 0 byte(s) sent to socket we can see these kind of variations in the stunnel logs. if its 0 bytes doest it mean that client didnt send any data/packet to stunnel server? Need help

1 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

stunnel-users October 2023