Hi,
I am a new user of stunnel and I am using it to connect to some SSL enabled e-mail accounts. Instead of directly connecting to the mail server I am connecting to it via stunnel so that my e-mail scanner scan the messages before sending it to the mail server (it does not natively support SSL connections)
My setup:
OS: Win XP Home edition. All updates are installed except for service pack 2. E-mail client: Mozilla Thunderbird 0.9 E-mail scanner : Alwil Avast 4.5
I have an e-mail account at myisp.com. To connect to myisp I need to enable SSL. On connecting via SSL I get a certificate which I can choose to accept permanently, temporarily for the current session or reject it.
Alwil Avast mail scanner does not support scanning of e-mail sent and received over SSL. So to enable it to scan such e-mail, my client connects to localhost where stunnel is listening and stunnel forwards the connection to my isp.
This is my stunnel.conf file
# IMAP service, listens on localhost:1200 [myisp-imaps] accept=localhost:1200 connect=myisp.com:993
# SMTP service, listens on localhost:260 [myisp-smtps] accept=localhost:260 connect=myisp.com:25
Unfortunately while the IMAP connection works perfectly the SMTP does not. Thunderbird keeps sending the message until I cancel it.
This is the log file
2004.11.25 03:10:03 LOG5[2508:3848]: myisp-smtps connected from 127.0.0.1:2751 2004.11.25 03:10:08 LOG3[2508:3848]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2004.11.25 03:11:03 LOG5[2508:192]: myisp-smtps connected from 127.0.0.1:2755 2004.11.25 03:11:08 LOG3[2508:192]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2004.11.25 13:36:40 LOG5[2508:2112]: myisp-smtps connected from 127.0.0.1:4818 2004.11.25 13:36:45 LOG3[2508:2112]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2004.11.25 14:01:44 LOG5[2508:3208]: myisp-smtps connected from 127.0.0.1:1188 2004.11.25 14:01:50 LOG3[2508:3208]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
I am guessing the problem is something to do with the handling of the certificate I get when I use my client to connect directly to the SMTP server via SSL.
Can someone explain to me how to make stunnel accept the certificate and continue the SSL transaction? I tried to read through the faq for certificates but I couldn't understand how it was to be done.
Thanks, Shatadal.
--- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0448-0, 11/23/2004 Tested on: 11/25/2004 3:46:33 PM avast! - copyright (c) 2000-2004 ALWIL Software. http://www.avast.com