Does anybody know how to prevent this from happening?
Try adding the following: #verify the peer certificate chain starting from the root CA #pre-requisite #1: checkHost (OR checkIP) #pre-requisite #2: CAfile (OR CApath) verifyChain = yes checkHost = pop.cox.com
#verify the peer certificate chain starting from the root CA #pre-requisite #1: checkHost (ORcheckIP) #pre-requisite #2: CAfile (OR CApath) verifyChain = yes checkHost = smtp.cox.net
ref: https://www.stunnel.org/config_windows.html https://www.stunnel.org/static/stunnel.html
From: David Yunker davidyunker@hotmail.com Subject: [stunnel-users] SOLVED, I cannot get Outlook Express email to work after Cox changes
To anybody interested,
Here is how to configure Stunnel for Outlook Express v6 in Windows XP to work:
Modify Stunnel configuration to this:
[cox-pop3] client = yes accept = 127.0.0.1:110 connect = pop.cox.net:995 CAfile = ca-certs.perm OCSPaia = yes
[cox-smtp] client = yes accept = 127.0.0.1:25 connect = smtp.cox.net:587 CAfile = ca-certs.perm OCSPaia = yes
Now configure Outlook Express as follows:
Set incoming mail(POP3) to 127.0.0.1 Set outgoing mail(SMTP) to 127.0.0.1 Have "Logon using secure password authentication" unchecked. Have "My server requires authentication" unchecked For POP3 set incoming mail (POP3) to port 110. For SMTP set outgoing mail (SMTP) to port 25. Have "This server requires a secure connection(SSL)" for POP3 unchecked. Have "This server requires a secure connection(SSL)" for SMTP unchecked.
Everything works except I have the following error message in the Stunnel log: "Service [service name] needs authentication to prevent MITM attacks"
Does anybody know how to prevent this from happening? I tried having the "My server requires authentication" checked but I still have the message when Stunnel starts.
Thank you for any help.
Thank you Brent, I was able to remove "Service [service name] needs authentication to prevent MITM attacks" from the log by your suggestion.
I found if I have Avast running with mail shield enabled I get this error in the Stunnel log window:
SSL_connect: 140770FC: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket.
This results in no emails being abled to be sent by SMPT.
If I disable Avast's mail shield the mail is sent with no errors. Is there a work around for to be able to use Stunnel without disabling Avast's mail shield?
Thanks for any help on this issue.
________________________________ From: stunnel-users stunnel-users-bounces@stunnel.org on behalf of Brent Kimberley brent_kimberley@rogers.com Sent: Sunday, June 23, 2019 11:11 PM To: stunnel-users@stunnel.org Subject: Re: [stunnel-users] stunnel-users Digest, Vol 179, Issue 11
Does anybody know how to prevent this from happening?
Try adding the following: #verify the peer certificate chain starting from the root CA #pre-requisite #1: checkHost (OR checkIP) #pre-requisite #2: CAfile (OR CApath) verifyChain = yes checkHost = pop.cox.com
#verify the peer certificate chain starting from the root CA #pre-requisite #1: checkHost (ORcheckIP) #pre-requisite #2: CAfile (OR CApath) verifyChain = yes checkHost = smtp.cox.net
ref: https://www.stunnel.org/config_windows.html https://www.stunnel.org/static/stunnel.html
From: David Yunker davidyunker@hotmail.com Subject: [stunnel-users] SOLVED, I cannot get Outlook Express email to work after Cox changes
To anybody interested,
Here is how to configure Stunnel for Outlook Express v6 in Windows XP to work:
Modify Stunnel configuration to this:
[cox-pop3] client = yes accept = 127.0.0.1:110 connect = pop.cox.net:995 CAfile = ca-certs.perm OCSPaia = yes
[cox-smtp] client = yes accept = 127.0.0.1:25 connect = smtp.cox.net:587 CAfile = ca-certs.perm OCSPaia = yes
Now configure Outlook Express as follows:
Set incoming mail(POP3) to 127.0.0.1 Set outgoing mail(SMTP) to 127.0.0.1 Have "Logon using secure password authentication" unchecked. Have "My server requires authentication" unchecked For POP3 set incoming mail (POP3) to port 110. For SMTP set outgoing mail (SMTP) to port 25. Have "This server requires a secure connection(SSL)" for POP3 unchecked. Have "This server requires a secure connection(SSL)" for SMTP unchecked.
Everything works except I have the following error message in the Stunnel log: "Service [service name] needs authentication to prevent MITM attacks"
Does anybody know how to prevent this from happening? I tried having the "My server requires authentication" checked but I still have the message when Stunnel starts.
Thank you for any help.
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Brent Kimberley -
David Yunker