David,
Perhaps the issue is on the server side.
A quick look to the SMTP server on smtp.smarshmail.com will show
220 smtp.smarshmail.com ESMTP Service is ready on Server 1 (EQ). EHLO 250-smtp.smarshmail.com Hello [123.456.790.101] 250-SIZE 36700160 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-STARTTLS 250-AUTH GSSAPI NTLM 250-8BITMIME 250-BINARYMIME 250 CHUNKING QUIT 221 2.0.0 Service closing transmission channel
I would try adding the following option to your stunnel configuration
protocol = smtp
I'm not certain but looks like you need to issue the STARTTLS to negociate the secure connection with this server. Check the stunnel manual for further explanation on the option http://www.stunnel.org/static/stunnel.html
Hope this helps
----------------- Leandro Avila
----- Original Message ----- From: David Schomaker david@schomaker.net To: stunnel stunnel-users@stunnel.org Cc: Sent: Monday, September 10, 2012 10:32 PM Subject: [stunnel-users] Trouble with smtp client connection and TLS in Windows
I need to configure stunnel to connect to smtp via TLS and am not able to get it to work either running 4.53 or 4.54beta. Perhaps I have the conf file created incorrectly.
The stunnel.conf is as follows: +++++++++++++++++++++++++++++++++++++++ ; Debugging stuff (may useful for troubleshooting) debug = 7 output = c:\temp\stunnel.log
; Disable FIPS mode to allow non-approved protocols and algorithms ;fips = no
; Disable support for insecure SSLv2 protocol options = NO_SSLv2
[SMARSH-pop3] client = yes accept = 127.0.0.1:110 connect = pop.smarshmail.com:995
[SMARSH-smtp] client = yes SSLversion=TLSv1 accept = 127.0.0.1:25 connect = smtp.smarshmail.com:587 +++++++++++++++++++++++++
Pop works great. The log on an smtp session is as follows:
+++++++++++++++++++++++++ 2012.09.10 12:48:31 LOG7[1984:300]: Service [SMARSH-smtp] accepted (FD=508) from 127.0.0.1:49517 2012.09.10 12:48:31 LOG7[1984:300]: Creating a new thread 2012.09.10 12:48:31 LOG7[1984:300]: New thread created 2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] started 2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] accepted connection from 127.0.0.1:49517 2012.09.10 12:48:31 LOG6[1984:2796]: connect_blocking: connecting 199.47.168.58:587 2012.09.10 12:48:31 LOG7[1984:2796]: connect_blocking: s_poll_wait 199.47.168.58:587: waiting 10 seconds 2012.09.10 12:48:31 LOG5[1984:2796]: connect_blocking: connected 199.47.168.58:587 2012.09.10 12:48:31 LOG5[1984:2796]: Service [SMARSH-smtp] connected remote server from 192.168.108.158:49518 2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) initialized 2012.09.10 12:48:31 LOG7[1984:2796]: SNI: host name: smtp.smarshmail.com 2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): before/connect initialization 2012.09.10 12:48:31 LOG7[1984:2796]: SSL state (connect): SSLv3 write client hello A 2012.09.10 12:48:31 LOG7[1984:2796]: SSL alert (write): fatal: protocol version 2012.09.10 12:48:31 LOG3[1984:2796]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2012.09.10 12:48:31 LOG5[1984:2796]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2012.09.10 12:48:31 LOG7[1984:2796]: Remote socket (FD=528) closed 2012.09.10 12:48:31 LOG7[1984:2796]: Local socket (FD=508) closed 2012.09.10 12:48:31 LOG7[1984:2796]: Service [SMARSH-smtp] finished (0 left) 2012.09.10 12:48:40 LOG7[1984:300]: Dispatching signals from the signal pipe 2012.09.10 12:48:43 LOG7[1984:300]: Processing SIGNAL_TERMINATE 2012.09.10 12:48:43 LOG5[1984:300]: Terminated ++++++++++++++++++++++++++
Is sTunnel using SSLv3 rather than TLSv1? If so how do I force TLS?
Thanks...
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users