[stunnel-users] s_poll_wait timeout errors

I'm trying to set up an SSL connection from stunnel to Postfix, but can not get it to work.

stunnel log says:

2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp started 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 9 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: TCP_NODELAY option set on local socket 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 10 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 11 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: Connection from 192.168.1.12:51469 permitted by libwrap 2006.11.16 11:35:31 LOG5[5240:25188864]: ssmtp connected from 192.168.1.12:51469 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 10 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp connecting 127.0.0.1:25 2006.11.16 11:35:31 LOG7[5240:25188864]: connect_wait: waiting 10 seconds 2006.11.16 11:35:31 LOG7[5240:25188864]: connect_wait: connected 2006.11.16 11:35:31 LOG7[5240:25188864]: Remote FD=10 initialized 2006.11.16 11:35:31 LOG7[5240:25188864]: TCP_NODELAY option set on remote socket 2006.11.16 11:35:31 LOG5[5240:25188864]: Negotiations for smtp (client side) started 2006.11.16 11:35:31 LOG7[5240:2684415368]: Cleaning up the signal pipe 2006.11.16 11:35:31 LOG6[5240:2684415368]: Child process 5251 finished with code 0 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 220 mail3.bordo.com.au ESMTP Postfix 2006.11.16 11:35:31 LOG7[5240:25188864]: -> 220 mail3.bordo.com.au ESMTP Postfix 2006.11.16 11:35:31 LOG7[5240:25188864]: -> EHLO localhost 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-mail3.bordo.com.au 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-SIZE 10240000 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-ETRN 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-AUTH PLAIN LOGIN 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-AUTH=PLAIN LOGIN 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-XFORWARD NAME ADDR PROTO HELO SOURCE 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-ENHANCEDSTATUSCODES 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-8BITMIME 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250 DSN 2006.11.16 11:35:31 LOG7[5240:25188864]: -> STARTTLS 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 220 2.0.0 Ready to start TLS 2006.11.16 11:35:31 LOG5[5240:25188864]: Protocol negotiations succeded 2006.11.16 11:35:31 LOG7[5240:25188864]: SSL state (connect): before/ connect initialization 2006.11.16 11:35:31 LOG7[5240:25188864]: SSL state (connect): SSLv2/ v3 write client hello A 2006.11.16 11:40:31 LOG6[5240:25188864]: init_ssl: s_poll_wait timeout 2006.11.16 11:40:31 LOG5[5240:25188864]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2006.11.16 11:40:31 LOG7[5240:25188864]: ssmtp finished (0 left) 2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp started

Postfix's log shows: Nov 16 11:35:31 Fax-Machine postfix/smtpd[5252]: connect from localhost[127.0.0.1] Nov 16 11:35:31 Fax-Machine postfix/smtpd[5252]: setting up TLS connection from localhost[127.0.0.1] Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: SSL_accept error from localhost[127.0.0.1]: -1 Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: lost connection after STARTTLS from localhost[127.0.0.1] Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: disconnect from localhost[127.0.0.1]

stunnel.conf is: ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment cert = /etc/postfix/smtpd.cert key = /etc/postfix/smtpd.key

debug=7 output=/dev/stdout

; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1

; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile ;CAfile = certs.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.log

; Use it for client mode ;client = yes

; Service-level configuration

protocol = smtp

sslVersion = all

;[pop3s] ;accept = 995 ;connect = 110

;[imaps] ;accept = 993 ;connect = 143

[ssmtp] client = yes accept = 465 connect = 25

;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0

; vim:ft=dosini

Does anyone have any idea where I am going wrong?

Thanks,

James.