I am having some issues with getting Stunnel to work for my application. I'm using a logger that is able to email out alarms but it is not encrypted. I have Stunnel on the PC that connects to the logger. Both are able to see each other just fine but I have the following error in the log:
Service [SMTP Outgoing] needs authentication to prevent MITM attacks
I only want mail to go out and on the logger side of things my only inputs are SMTP Server, Use SMTP Authentication check box, Username, Password and Port.
Any help or suggests would be greatly appreciated.
Thank you, Eric Poythress Test Manager
1600 West Tacoma Street Broken Arrow, Oklahoma 74012 [Description: Air Hygiene Office - email signature]
Direct - (918) 994-4171 Fax - (918) 307-9131 Mobile - (573) 587-0226 Toll Free - (888) 461-8778
virtual tour Air Hygiene: http://host.newspin360.net/airhygiene/ e-mail: epoythress@airhygiene.commailto:epoythress@airhygiene.com website: www.airhygiene.comhttp://www.airhygiene.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 01.09.2015 06:11, Eric Poythress wrote:
Both are able to see each other just fine but I have the following error in the log:
Service [SMTP Outgoing] needs authentication to prevent MITM attacks
It is a warning, and not an error. See https://www.stunnel.org/auth.html
You probably need something like:
[SMTP Outgoing] client = yes accept = 127.0.0.1:<src_port> connect = <server_host>:<server_port> verify = 2 CAfile = ca-certs.pem checkHost = <server_host>
Any help or suggests would be greatly appreciated.
Send your stunnel.conf, and a larger sample of your logs.
Preferably, read the following HOWTO: http://catb.org/~esr/faqs/smart-questions.html It will make your life a lot easier!
Mike
My stunnel.conf looks like this:
# Stunnel configuration file for Office 365 SMTP # Eric Poythress # GLOBAL OPTIONS client = yes output = stunnel-log.txt debug=7 taskbar=yes
# SERVICE-LEVEL OPTIONS [SMTP Outgoing] client = yes protocol = smtp accept = 25 connect = smtp.office365.com:587 verify = 2 CAfile = ca-certs.pem checkHost = smtp.office365.com
A larger sample of my logs looks like this:
2015.09.01 22:15:15 LOG5[1]: s_connect: connected 132.245.70.98:587 2015.09.01 22:15:15 LOG5[1]: Service [SMTP Outgoing] connected remote server from 192.168.100.41:1565 2015.09.01 22:15:15 LOG7[1]: Remote socket (FD=468) initialized 2015.09.01 22:15:15 LOG7[1]: <- 220 SN1PR15CA0037.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 2 Sep 2015 03:13:50 +0000 2015.09.01 22:15:15 LOG7[1]: -> 220 SN1PR15CA0037.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 2 Sep 2015 03:13:50 +0000 2015.09.01 22:15:15 LOG7[1]: -> EHLO localhost 2015.09.01 22:15:15 LOG7[1]: <- 250-SN1PR15CA0037.outlook.office365.com Hello [70.167.26.246] 2015.09.01 22:15:15 LOG7[1]: <- 250-SIZE 157286400 2015.09.01 22:15:15 LOG7[1]: <- 250-PIPELINING 2015.09.01 22:15:15 LOG7[1]: <- 250-DSN 2015.09.01 22:15:15 LOG7[1]: <- 250-ENHANCEDSTATUSCODES 2015.09.01 22:15:15 LOG7[1]: <- 250-STARTTLS 2015.09.01 22:15:15 LOG7[1]: <- 250-8BITMIME 2015.09.01 22:15:15 LOG7[1]: <- 250-BINARYMIME 2015.09.01 22:15:15 LOG7[1]: <- 250 CHUNKING 2015.09.01 22:15:15 LOG7[1]: -> STARTTLS 2015.09.01 22:15:16 LOG7[1]: <- 220 2.0.0 SMTP server ready 2015.09.01 22:15:16 LOG6[1]: SNI: sending servername: smtp.office365.com 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): before/connect initialization 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client hello A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server hello A 2015.09.01 22:15:16 LOG7[1]: Verification started at depth=2: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded 2015.09.01 22:15:16 LOG6[1]: Certificate accepted at depth=2: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2015.09.01 22:15:16 LOG7[1]: Verification started at depth=1: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA1 2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded 2015.09.01 22:15:16 LOG6[1]: Certificate accepted at depth=1: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA1 2015.09.01 22:15:16 LOG7[1]: Verification started at depth=0: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=outlook.com 2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded 2015.09.01 22:15:16 LOG6[1]: CERT: Host name "smtp.office365.com" matched with "*.office365.com" 2015.09.01 22:15:16 LOG5[1]: Certificate accepted at depth=0: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=outlook.com 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server certificate A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server key exchange A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server certificate request A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server done A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client certificate A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client key exchange A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write change cipher spec A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write finished A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 flush data 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read finished A 2015.09.01 22:15:16 LOG7[1]: 2 client connect(s) requested 2015.09.01 22:15:16 LOG7[1]: 2 client connect(s) succeeded 2015.09.01 22:15:16 LOG7[1]: 0 client renegotiation(s) requested 2015.09.01 22:15:16 LOG7[1]: 0 session reuse(s) 2015.09.01 22:15:16 LOG6[1]: SSL connected: new session negotiated 2015.09.01 22:15:16 LOG7[1]: Deallocating application specific data for addr index 2015.09.01 22:15:16 LOG6[1]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA384 (256-bit encryption) 2015.09.01 22:15:16 LOG7[1]: Compression: null, expansion: null 2015.09.01 22:15:21 LOG6[1]: Read socket closed (readsocket) 2015.09.01 22:15:21 LOG7[1]: Sending close_notify alert 2015.09.01 22:15:21 LOG7[1]: SSL alert (write): warning: close notify 2015.09.01 22:15:21 LOG6[1]: SSL_shutdown successfully sent close_notify alert 2015.09.01 22:15:21 LOG6[1]: SSL socket closed (SSL_read) 2015.09.01 22:15:21 LOG7[1]: Sent socket write shutdown 2015.09.01 22:15:21 LOG5[1]: Connection closed: 71 byte(s) sent to SSL, 237 byte(s) sent to socket 2015.09.01 22:15:21 LOG7[1]: Remote socket (FD=468) closed 2015.09.01 22:15:21 LOG7[1]: Local socket (FD=440) closed 2015.09.01 22:15:21 LOG7[1]: Service [SMTP Outgoing] finished (0 left)
-Eric
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi Eric,
Everything seems to work just fine. smtp.office365.com advertises IPv6 addresses, but your host does not seem to have IPv6 connectivity.
You may modify the time-out delay with TIMEOUTconnect.
Mike
On 02.09.2015 05:28, Eric Poythress wrote:
My stunnel.conf looks like this:
# Stunnel configuration file for Office 365 SMTP # Eric Poythress # GLOBAL OPTIONS client = yes output = stunnel-log.txt debug=7 taskbar=yes
# SERVICE-LEVEL OPTIONS [SMTP Outgoing] client = yes protocol = smtp accept = 25 connect = smtp.office365.com:587 verify = 2 CAfile = ca-certs.pem checkHost = smtp.office365.com
A larger sample of my logs looks like this:
2015.09.01 22:15:15 LOG5[1]: s_connect: connected 132.245.70.98:587 2015.09.01 22:15:15 LOG5[1]: Service [SMTP Outgoing] connected remote server from 192.168.100.41:1565 2015.09.01 22:15:15 LOG7[1]: Remote socket (FD=468) initialized 2015.09.01 22:15:15 LOG7[1]: <- 220 SN1PR15CA0037.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 2 Sep 2015 03:13:50 +0000 2015.09.01 22:15:15 LOG7[1]: -> 220 SN1PR15CA0037.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 2 Sep 2015 03:13:50 +0000 2015.09.01 22:15:15 LOG7[1]: -> EHLO localhost 2015.09.01 22:15:15 LOG7[1]: <- 250-SN1PR15CA0037.outlook.office365.com Hello [70.167.26.246] 2015.09.01 22:15:15 LOG7[1]: <- 250-SIZE 157286400 2015.09.01 22:15:15 LOG7[1]: <- 250-PIPELINING 2015.09.01 22:15:15 LOG7[1]: <- 250-DSN 2015.09.01 22:15:15 LOG7[1]: <- 250-ENHANCEDSTATUSCODES 2015.09.01 22:15:15 LOG7[1]: <- 250-STARTTLS 2015.09.01 22:15:15 LOG7[1]: <- 250-8BITMIME 2015.09.01 22:15:15 LOG7[1]: <- 250-BINARYMIME 2015.09.01 22:15:15 LOG7[1]: <- 250 CHUNKING 2015.09.01 22:15:15 LOG7[1]: -> STARTTLS 2015.09.01 22:15:16 LOG7[1]: <- 220 2.0.0 SMTP server ready 2015.09.01 22:15:16 LOG6[1]: SNI: sending servername: smtp.office365.com 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): before/connect initialization 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client hello A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server hello A 2015.09.01 22:15:16 LOG7[1]: Verification started at depth=2: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded 2015.09.01 22:15:16 LOG6[1]: Certificate accepted at depth=2: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 2015.09.01 22:15:16 LOG7[1]: Verification started at depth=1: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA1 2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded 2015.09.01 22:15:16 LOG6[1]: Certificate accepted at depth=1: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA1 2015.09.01 22:15:16 LOG7[1]: Verification started at depth=0: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=outlook.com 2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded 2015.09.01 22:15:16 LOG6[1]: CERT: Host name "smtp.office365.com" matched with "*.office365.com" 2015.09.01 22:15:16 LOG5[1]: Certificate accepted at depth=0: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=outlook.com 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server certificate A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server key exchange A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server certificate request A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server done A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client certificate A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client key exchange A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write change cipher spec A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write finished A 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 flush data 2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read finished A 2015.09.01 22:15:16 LOG7[1]: 2 client connect(s) requested 2015.09.01 22:15:16 LOG7[1]: 2 client connect(s) succeeded 2015.09.01 22:15:16 LOG7[1]: 0 client renegotiation(s) requested 2015.09.01 22:15:16 LOG7[1]: 0 session reuse(s) 2015.09.01 22:15:16 LOG6[1]: SSL connected: new session negotiated 2015.09.01 22:15:16 LOG7[1]: Deallocating application specific data for addr index 2015.09.01 22:15:16 LOG6[1]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA384 (256-bit encryption) 2015.09.01 22:15:16 LOG7[1]: Compression: null, expansion: null 2015.09.01 22:15:21 LOG6[1]: Read socket closed (readsocket) 2015.09.01 22:15:21 LOG7[1]: Sending close_notify alert 2015.09.01 22:15:21 LOG7[1]: SSL alert (write): warning: close notify 2015.09.01 22:15:21 LOG6[1]: SSL_shutdown successfully sent close_notify alert 2015.09.01 22:15:21 LOG6[1]: SSL socket closed (SSL_read) 2015.09.01 22:15:21 LOG7[1]: Sent socket write shutdown 2015.09.01 22:15:21 LOG5[1]: Connection closed: 71 byte(s) sent to SSL, 237 byte(s) sent to socket 2015.09.01 22:15:21 LOG7[1]: Remote socket (FD=468) closed 2015.09.01 22:15:21 LOG7[1]: Local socket (FD=440) closed 2015.09.01 22:15:21 LOG7[1]: Service [SMTP Outgoing] finished (0 left)
-Eric
-
Eric Poythress -
Michal Trojnara