I’ve installed stunnel on an Amazon EC2 instance:

 

stunnel 4.56 on x86_64-redhat-linux-gnu platform

Compiled/running with OpenSSL 1.0.1e-fips 11 Feb 2013

Threading:PTHREAD Sockets:POLL,IPv6 SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP

 

Global options:

debug                  = daemon.notice

pid                    = /var/run/stunnel.pid

RNDbytes               = 64

RNDfile                = /dev/urandom

RNDoverwrite           = yes

 

Service-level options:

ciphers                = FIPS (with "fips = yes")

ciphers                = ALL:!SSLv2:!aNULL:!EXP:!LOW:-MEDIUM:RC4:+HIGH (with "fips = no")

curve                  = prime256v1

sessionCacheSize       = 1000

sessionCacheTimeout    = 300 seconds

sslVersion             = TLSv1 (with "fips = yes")

sslVersion             = TLSv1 for client, all for server (with "fips = no")

stack                  = 65536 bytes

TIMEOUTbusy            = 300 seconds

TIMEOUTclose           = 60 seconds

TIMEOUTconnect         = 10 seconds

TIMEOUTidle            = 43200 seconds

verify                 = none

 

I’ve created the stunnel.conf file:

 

[smtp-tls-wrapper]

accept = 2525

client = yes

connect = email-smtp.us-west-2.amazonaws.com:465

protocol=smtp

delay = yes

 

I’ve tested the connection to SES (successfully) via openssl:

 

[ec2-user@ip-172-31-4-68 ~]$ openssl s_client -quiet -crlf -connect email-smtp.us-west-2.amazonaws.com:465

depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5

verify return:1

depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4

verify return:1

depth=0 C = US, ST = Washington, L = Seattle, O = "Amazon.com, Inc.", CN = email-smtp.us-west-2.amazonaws.com

verify return:1

220 email-smtp.amazonaws.com ESMTP SimpleEmailService-2370111491 wa7VtNk9b7c4TX0jNpdG

 

But when I try to access through stunnel via localhost with telnet, I get this:

 

[ec2-user@ip-172-31-4-68 ~]$ telnet localhost 2525

Trying ::1...

telnet: connect to address ::1: Connection refused

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Connection closed by foreign host.

 

I’ve tried everything I can think of; I’ve read all the blogs and pages related to connecting from ec2 to SES via stunnel and I just can’t get it to work.  Does anyone have any suggestions for other things I could try?

 

Thanks in advance,

Rob Allen, CPO

Software Engineer | Eyefinity

NOTICE: This message is intended only for the individual to whom it is addressed and may contain information that is confidential or privileged. If you are not the intended recipient, or the employee or person responsible for delivering it to the intended recipient, you are hereby notified that any dissemination, distribution, copying or use is strictly prohibited. If you have received this communication in error, please notify the sender and destroy or delete this communication immediately.