Hi,
We cannot get stunnel SMTP to work with Office 365 mail server. We are using Stunnel 5.13 and below are the config file content and the the client PC logs. The mail server logs do not reveal anything more.
Two observations of the test setup:
1) Using e.g. Mozilla Firebird mail client directly SLL/SMTP on the same PC connection to same Office 365 mail server works ok, but via Stunnel it outputs the error log below.
2) Also, on the same PC, SSL/SMTP connection via stunnel to Gmail server works ok.
Stunnel conf-file: ==============
output = stunnel_log.txt debug = debug cert = tstunnel.pem client = yes
[SSMTP] accept = 127.0.0.1:54500 connect = xxx.xxx.xxx.xxx:587 (Hannu V: removed IP address from this mail) protocol = smtp
Client PC logs: ===========
2015.04.28 09:17:36 LOG7[ui]: No limit detected for the number of clients 2015.04.28 09:17:36 LOG5[ui]: stunnel 5.13 on x86-pc-msvc-1500 platform 2015.04.28 09:17:36 LOG5[ui]: Compiled/running with OpenSSL 1.0.2a 19 Mar 2015 2015.04.28 09:17:36 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI 2015.04.28 09:17:36 LOG7[ui]: errno: (*_errno()) 2015.04.28 09:17:36 LOG5[ui]: Reading configuration from file tstunnelSmtp_SAUX1_0.conf 2015.04.28 09:17:36 LOG5[ui]: UTF-8 byte order mark not detected 2015.04.28 09:17:36 LOG5[ui]: FIPS mode disabled 2015.04.28 09:17:36 LOG7[ui]: Compression disabled 2015.04.28 09:17:36 LOG7[ui]: PRNG seeded successfully 2015.04.28 09:17:36 LOG6[ui]: Initializing service [SSmtp] 2015.04.28 09:17:36 LOG6[ui]: Loading certificate from file: tstunnel.pem 2015.04.28 09:17:36 LOG6[ui]: Loading key from file: tstunnel.pem 2015.04.28 09:17:36 LOG7[ui]: Private key check succeeded 2015.04.28 09:17:36 LOG7[ui]: SSL options: 0x03000004 (+0x03000000, -0x00000000) 2015.04.28 09:17:36 LOG5[ui]: Configuration successful 2015.04.28 09:17:36 LOG7[ui]: Listening file descriptor created (FD=448) 2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] (FD=448) bound to 127.0.0.1:8030 2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] accepted (FD=456) from 127.0.0.1:54500 2015.04.28 09:17:36 LOG7[ui]: Creating a new thread 2015.04.28 09:17:36 LOG7[ui]: New thread created 2015.04.28 09:17:36 LOG7[0]: Service [SSmtp] started 2015.04.28 09:17:36 LOG5[0]: Service [SSmtp] accepted connection from 127.0.0.1:54500 2015.04.28 09:17:36 LOG6[0]: s_connect: connecting xxx.xxx.xxx.xxx:587 (Hannu V: removed IP address from this mail) 2015.04.28 09:17:36 LOG7[0]: s_connect: s_poll_wait connecting xxx.xxx.xxx.xxx:587 : waiting 10 seconds (Hannu V: removed IP address from this mail) 2015.04.28 09:17:37 LOG5[0]: s_connect: connected connecting xxx.xxx.xxx.xxx:587 (Hannu V: removed IP address from this mail) 2015.04.28 09:17:37 LOG5[0]: Service [SSmtp] connected remote server from yyy.yyy.yyy.yyy:54503 (Hannu V: removed IP address from this mail) 2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) initialized 2015.04.28 09:17:37 LOG7[0]: <- 220 NNN.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38 +0000 2015.04.28 09:17:37 LOG7[0]: -> 220 NNN.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38 +0000 2015.04.28 09:17:37 LOG7[0]: -> EHLO localhost 2015.04.28 09:17:37 LOG7[0]: <- 250-NNN.outlook.office365.com Hello [xxx.xxx.xxx.161] (Hannu V: removed IP address from this mail) 2015.04.28 09:17:37 LOG7[0]: <- 250-SIZE 157286400 2015.04.28 09:17:37 LOG7[0]: <- 250-PIPELINING 2015.04.28 09:17:37 LOG7[0]: <- 250-DSN 2015.04.28 09:17:37 LOG7[0]: <- 250-ENHANCEDSTATUSCODES 2015.04.28 09:17:37 LOG7[0]: <- 250-STARTTLS 2015.04.28 09:17:37 LOG7[0]: <- 250-8BITMIME 2015.04.28 09:17:37 LOG7[0]: <- 250-BINARYMIME 2015.04.28 09:17:37 LOG7[0]: <- 250 CHUNKING 2015.04.28 09:17:37 LOG7[0]: -> STARTTLS 2015.04.28 09:17:37 LOG7[0]: <- 220 2.0.0 SMTP server ready 2015.04.28 09:17:37 LOG6[0]: SNI: sending servername: NNN.office365.com 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): before/connect initialization 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv2/v3 write client hello A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server hello A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server certificate A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server key exchange A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server certificate request A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server done A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write client certificate A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write client key exchange A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write certificate verify A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write change cipher spec A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write finished A 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 flush data 2015.04.28 09:17:37 LOG3[0]: SSL_connect: Peer suddenly disconnected 2015.04.28 09:17:37 LOG5[0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) closed 2015.04.28 09:17:37 LOG7[0]: Local socket (FD=456) closed 2015.04.28 09:17:37 LOG7[0]: Service [SSmtp] finished (0 left)
--- Hannu
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi Hannu,
I could not reproduce your problem with the latest stunnel.
"2015.04.28 09:17:37 LOG3[0]: SSL_connect: Peer suddenly disconnected" just means that the TCP connection was closed *by the server* during TLS negotiations.
BTW: Please *always* update your stunnel to the latest version before reporting anything to the mailing list.
Also, you don't need to configure a certificate for your TLS client. office365.com won't verify it anyway. On the other hand you *should* verify the certificate provided by the server. Some examples: https://www.stunnel.org/config_windows.html
My logs for comparison:
2015.05.19 09:25:41 LOG7[0]: Service [SSMTP] started 2015.05.19 09:25:41 LOG5[0]: Service [SSMTP] accepted connection from 127.0.0.1:49246 2015.05.19 09:25:41 LOG6[0]: Failover strategy: round-robin 2015.05.19 09:25:41 LOG6[0]: s_connect: connecting 132.245.61.226:587 2015.05.19 09:25:41 LOG7[0]: s_connect: s_poll_wait 132.245.61.226:587: waiting 10 seconds 2015.05.19 09:25:41 LOG5[0]: s_connect: connected 132.245.61.226:587 2015.05.19 09:25:41 LOG5[0]: Service [SSMTP] connected remote server from 172.16.80.132:49247 2015.05.19 09:25:41 LOG7[0]: Remote socket (FD=296) initialized 2015.05.19 09:25:41 LOG7[0]: <- 220 VI1PR06CA0013.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 19 May 2015 07:25:41 +0000 2015.05.19 09:25:41 LOG7[0]: -> 220 VI1PR06CA0013.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 19 May 2015 07:25:41 +0000 2015.05.19 09:25:41 LOG7[0]: -> EHLO localhost 2015.05.19 09:25:42 LOG7[0]: <- 250-VI1PR06CA0013.outlook.office365.com Hello [89.74.9.172] 2015.05.19 09:25:42 LOG7[0]: <- 250-SIZE 157286400 2015.05.19 09:25:42 LOG7[0]: <- 250-PIPELINING 2015.05.19 09:25:42 LOG7[0]: <- 250-DSN 2015.05.19 09:25:42 LOG7[0]: <- 250-ENHANCEDSTATUSCODES 2015.05.19 09:25:42 LOG7[0]: <- 250-STARTTLS 2015.05.19 09:25:42 LOG7[0]: <- 250-8BITMIME 2015.05.19 09:25:42 LOG7[0]: <- 250-BINARYMIME 2015.05.19 09:25:42 LOG7[0]: <- 250 CHUNKING 2015.05.19 09:25:42 LOG7[0]: -> STARTTLS 2015.05.19 09:25:42 LOG7[0]: <- 220 2.0.0 SMTP server ready 2015.05.19 09:25:42 LOG6[0]: SNI: sending servername: outlook.office365.com 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): before/connect initialization 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv2/v3 write client hello A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server hello A 2015.05.19 09:25:42 LOG6[0]: Certificate verification disabled 2015.05.19 09:25:42 LOG6[0]: Certificate verification disabled 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server certificate A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server key exchange A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server certificate request A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server done A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write client certificate A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write client key exchange A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write change cipher spec A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write finished A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 flush data 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read finished A 2015.05.19 09:25:42 LOG7[0]: 1 client connect(s) requested 2015.05.19 09:25:42 LOG7[0]: 1 client connect(s) succeeded 2015.05.19 09:25:42 LOG7[0]: 0 client renegotiation(s) requested 2015.05.19 09:25:42 LOG7[0]: 0 session reuse(s) 2015.05.19 09:25:42 LOG6[0]: SSL connected: new session negotiated 2015.05.19 09:25:42 LOG7[0]: Peer certificate was cached (4050 bytes) 2015.05.19 09:25:42 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA384 (256-bit encryption) 2015.05.19 09:25:42 LOG7[0]: Compression: null, expansion: null 2015.05.19 09:25:44 LOG6[0]: SSL socket closed (SSL_read) 2015.05.19 09:25:44 LOG7[0]: Sent socket write shutdown 2015.05.19 09:25:44 LOG5[0]: Connection closed: 6 byte(s) sent to SSL, 48 byte(s) sent to socket 2015.05.19 09:25:44 LOG7[0]: Remote socket (FD=296) closed 2015.05.19 09:25:44 LOG7[0]: Local socket (FD=812) closed 2015.05.19 09:25:44 LOG7[0]: Service [SSMTP] finished (0 left)
Mike
On 19.05.2015 08:42, Hannu Viitala wrote:
Hi,
We cannot get stunnel SMTP to work with Office 365 mail server. We are using Stunnel 5.13 and below are the config file content and the the client PC logs. The mail server logs do not reveal anything more.
Two observations of the test setup:
Using e.g. Mozilla Firebird mail client directly SLL/SMTPon the same PC connection to same Office 365 mail server works ok, but via Stunnel it outputs the error log below.
Also, on the same PC, SSL/SMTP connection via stunnel toGmail server works ok.
Stunnel conf-file:
==============
output = stunnel_log.txt
debug = debug
cert = tstunnel.pem
client = yes
[SSMTP]
accept = 127.0.0.1:54500
connect = xxx.xxx.xxx.xxx:587**(Hannu V: removed IP address from this mail)**
protocol = smtp
Client PC logs:
===========
2015.04.28 09:17:36 LOG7[ui]: No limit detected for the number of clients
2015.04.28 09:17:36 LOG5[ui]: stunnel 5.13 on x86-pc-msvc-1500 platform
2015.04.28 09:17:36 LOG5[ui]: Compiled/running with OpenSSL 1.0.2a 19 Mar 2015
2015.04.28 09:17:36 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 TLS:ENGINE,FIPS,OCSP,PSK,SNI
2015.04.28 09:17:36 LOG7[ui]: errno: (*_errno())
2015.04.28 09:17:36 LOG5[ui]: Reading configuration from file tstunnelSmtp_SAUX1_0.conf
2015.04.28 09:17:36 LOG5[ui]: UTF-8 byte order mark not detected
2015.04.28 09:17:36 LOG5[ui]: FIPS mode disabled
2015.04.28 09:17:36 LOG7[ui]: Compression disabled
2015.04.28 09:17:36 LOG7[ui]: PRNG seeded successfully
2015.04.28 09:17:36 LOG6[ui]: Initializing service [SSmtp]
2015.04.28 09:17:36 LOG6[ui]: Loading certificate from file: tstunnel.pem
2015.04.28 09:17:36 LOG6[ui]: Loading key from file: tstunnel.pem
2015.04.28 09:17:36 LOG7[ui]: Private key check succeeded
2015.04.28 09:17:36 LOG7[ui]: SSL options: 0x03000004 (+0x03000000, -0x00000000)
2015.04.28 09:17:36 LOG5[ui]: Configuration successful
2015.04.28 09:17:36 LOG7[ui]: Listening file descriptor created (FD=448)
2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] (FD=448) bound to 127.0.0.1:8030
2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] accepted (FD=456) from 127.0.0.1:54500
2015.04.28 09:17:36 LOG7[ui]: Creating a new thread
2015.04.28 09:17:36 LOG7[ui]: New thread created
2015.04.28 09:17:36 LOG7[0]: Service [SSmtp] started
2015.04.28 09:17:36 LOG5[0]: Service [SSmtp] accepted connection from 127.0.0.1:54500
2015.04.28 09:17:36 LOG6[0]: s_connect: connecting xxx.xxx.xxx.xxx:587 (Hannu V: removed IP address from this mail)
2015.04.28 09:17:36 LOG7[0]: s_connect: s_poll_wait connecting xxx.xxx.xxx.xxx:587 : waiting 10 seconds (Hannu V: removed IP address from this mail)
2015.04.28 09:17:37 LOG5[0]: s_connect: connected connecting xxx.xxx.xxx.xxx:587 (Hannu V: removed IP address from this mail)
2015.04.28 09:17:37 LOG5[0]: Service [SSmtp] connected remote server from yyy.yyy.yyy.yyy:54503 (Hannu V: removed IP address from this mail)
2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) initialized
2015.04.28 09:17:37 LOG7[0]: <- 220 NNN.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38 +0000
2015.04.28 09:17:37 LOG7[0]: -> 220 NNN.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38 +0000
2015.04.28 09:17:37 LOG7[0]: -> EHLO localhost
2015.04.28 09:17:37 LOG7[0]: <- 250-NNN.outlook.office365.com Hello [xxx.xxx.xxx.161] (Hannu V: removed IP address from this mail)
2015.04.28 09:17:37 LOG7[0]: <- 250-SIZE 157286400
2015.04.28 09:17:37 LOG7[0]: <- 250-PIPELINING
2015.04.28 09:17:37 LOG7[0]: <- 250-DSN
2015.04.28 09:17:37 LOG7[0]: <- 250-ENHANCEDSTATUSCODES
2015.04.28 09:17:37 LOG7[0]: <- 250-STARTTLS
2015.04.28 09:17:37 LOG7[0]: <- 250-8BITMIME
2015.04.28 09:17:37 LOG7[0]: <- 250-BINARYMIME
2015.04.28 09:17:37 LOG7[0]: <- 250 CHUNKING
2015.04.28 09:17:37 LOG7[0]: -> STARTTLS
2015.04.28 09:17:37 LOG7[0]: <- 220 2.0.0 SMTP server ready
2015.04.28 09:17:37 LOG6[0]: SNI: sending servername: NNN.office365.com
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): before/connect initialization
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv2/v3 write client hello A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server hello A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server certificate A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server key exchange A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server certificate request A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server done A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write client certificate A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write client key exchange A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write certificate verify A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write change cipher spec A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write finished A
2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 flush data
2015.04.28 09:17:37 LOG3[0]: SSL_connect: Peer suddenly disconnected
2015.04.28 09:17:37 LOG5[0]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) closed
2015.04.28 09:17:37 LOG7[0]: Local socket (FD=456) closed
2015.04.28 09:17:37 LOG7[0]: Service [SSmtp] finished (0 left)
--- Hannu
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Hannu Viitala -
Michal Trojnara