Please help:
I'm trying to use stunnel to connect to a secure SMTP server -- I'm using MS Entourage 2004 on an Intel 10.4 Mac. Entourage cannot connect directly to the SMTP server over SSL because it no longer supports NTLM version 1 authentication, which the SMTP server uses. I believe stunnel can be used to workaround this problem (if I'm wrong, please say so), i.e., Entourage can connect locally to stunnel which will then connect to the remote server over SSL properly.
I built and installed stunnel version 4.04-12 via Fink (compiled from source via Fink) and OpenSSL 0.9.7i-4 also via Fink.
I have the following configuration file:
------ # Comment it out on Win32 cert = /sw/etc/stunnel/stunnel.pem chroot = /sw/var/run/stunnel/ # PID is created inside chroot jail pid = /stunnel.pid setuid = nobody setgid = nogroup
# Some debugging stuff debug = 7 output = /dev/stdout foreground = yes
[ssmtp] accept = 127.0.0.1:25 connect = xxxxxx:465 protocol = smtp -------
However, when I try to send a mail, it appears to hang while negotiating with the remote server. Here is the output:
2007.07.31 15:41:19 LOG5[5511:2684407808]: stunnel 4.04 on i386-apple-darwin8.10.1 PTHREAD+LIBWRAP with OpenSSL 0.9.7i 14 Oct 2005 2007.07.31 15:41:19 LOG7[5511:2684407808]: Snagged 64 random bytes from xxx/.rnd 2007.07.31 15:41:19 LOG7[5511:2684407808]: Wrote 1024 new random bytes to xxx/.rnd 2007.07.31 15:41:19 LOG7[5511:2684407808]: RAND_status claims sufficient entropy for the PRNG 2007.07.31 15:41:19 LOG6[5511:2684407808]: PRNG seeded successfully 2007.07.31 15:41:19 LOG7[5511:2684407808]: Certificate: /sw/etc/stunnel/stunnel.pem 2007.07.31 15:41:19 LOG7[5511:2684407808]: Key file: /sw/etc/stunnel/stunnel.pem 2007.07.31 15:41:19 LOG5[5511:2684407808]: FD_SETSIZE=1024, file ulimit=256 -> 125 clients allowed 2007.07.31 15:41:19 LOG7[5511:2684407808]: FD 6 in non-blocking mode 2007.07.31 15:41:19 LOG7[5511:2684407808]: SO_REUSEADDR option set on accept socket 2007.07.31 15:41:19 LOG7[5511:2684407808]: ssmtp bound to 127.0.0.1:25 2007.07.31 15:41:19 LOG7[5511:2684407808]: FD 7 in non-blocking mode 2007.07.31 15:41:19 LOG7[5511:2684407808]: FD 8 in non-blocking mode 2007.07.31 15:41:19 LOG7[5511:2684407808]: Created pid file /stunnel.pid 2007.07.31 15:41:25 LOG7[5511:2684407808]: ssmtp accepted FD=9 from 127.0.0.1:50091 2007.07.31 15:41:25 LOG7[5511:2684407808]: FD 9 in non-blocking mode 2007.07.31 15:41:25 LOG7[5511:25183744]: ssmtp started 2007.07.31 15:41:25 LOG5[5511:25183744]: ssmtp connected from 127.0.0.1:50091 2007.07.31 15:41:25 LOG7[5511:25183744]: FD 10 in non-blocking mode 2007.07.31 15:41:25 LOG7[5511:25183744]: ssmtp connecting xxx.xxx.xxx.xxx:465 2007.07.31 15:41:25 LOG7[5511:25183744]: remote connect #1: EINPROGRESS: retrying 2007.07.31 15:41:25 LOG7[5511:25183744]: waitforsocket: FD=10, DIR=write 2007.07.31 15:41:25 LOG7[5511:25183744]: waitforsocket: ok 2007.07.31 15:41:25 LOG7[5511:25183744]: Remote FD=10 initialized 2007.07.31 15:41:25 LOG7[5511:25183744]: Negotiations for smtp(server side) started 2007.07.31 15:41:25 LOG7[5511:25183744]: RFC 2487 detected 2007.07.31 15:41:25 LOG7[5511:25183744]: waitforsocket: FD=10, DIR=read ********* HANGS HERE ***********
...and I have to kill it.
I am very new to stunnel and openssl. So, I may be making a simple mistake. But, I could not find the solution on the mailing list or the web. What am I doing wrong?
To be clear, the server is using SSL for SMTP. I am able to send mail directly via the smtp server from other mail clients like Thunderbird.
Thanks. Any help is much appreciated. Jason