Thank you Brent,
I was able to remove "Service [service  name] needs authentication to prevent MITM attacks"
from the log by your suggestion.

I found if I have Avast running with mail shield enabled I get this error in the Stunnel log window:

SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket.

This results in no emails being abled to be sent by SMPT.

If I disable Avast's mail shield the mail is sent with no errors.
Is there a work around for to be able to use Stunnel without disabling Avast's mail shield?

Thanks for any help on this issue.


From: stunnel-users <stunnel-users-bounces@stunnel.org> on behalf of Brent Kimberley <brent_kimberley@rogers.com>
Sent: Sunday, June 23, 2019 11:11 PM
To: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] stunnel-users Digest, Vol 179, Issue 11
 

>>Does anybody know how to prevent this from happening?
Try adding the following:
#verify the peer certificate chain starting from the root CA
#pre-requisite #1: checkHost (OR checkIP)
#pre-requisite #2: CAfile (OR CApath)
verifyChain = yes
checkHost = pop.cox.com

#verify the peer certificate chain starting from the root CA
#pre-requisite #1: checkHost (ORcheckIP)
#pre-requisite #2: CAfile (OR CApath)
verifyChain = yes
checkHost = smtp.cox.net

ref:
https://www.stunnel.org/config_windows.html
https://www.stunnel.org/static/stunnel.html


From: David Yunker <davidyunker@hotmail.com>
Subject: [stunnel-users] SOLVED, I cannot get Outlook Express email to work after Cox changes

To anybody interested,

Here is how to configure Stunnel for Outlook Express v6 in Windows XP to work:

Modify Stunnel configuration to this:

[cox-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.cox.net:995
CAfile = ca-certs.perm
OCSPaia = yes

[cox-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.cox.net:587
CAfile = ca-certs.perm
OCSPaia = yes

Now configure Outlook Express as follows:

Set incoming mail(POP3) to 127.0.0.1
Set outgoing mail(SMTP) to 127.0.0.1
Have "Logon using secure password authentication" unchecked.
Have "My server requires authentication" unchecked
For POP3 set incoming mail (POP3) to port 110.
For SMTP set outgoing mail (SMTP) to port 25.
Have "This server requires a secure connection(SSL)" for POP3 unchecked.
Have "This server requires a secure connection(SSL)" for SMTP unchecked.

Everything works except I have the following error message in the Stunnel log:
"Service [service  name] needs authentication to prevent MITM attacks"

Does anybody know how to prevent this from happening?
I tried having the "My server requires authentication" checked but I still have the message when Stunnel starts.

Thank you for any help.


_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users