Re: [stunnel-users] 4.26 works OK, 4.27 will not POP email - stunnel-users

17 Jun 2009


      Guy, Your suggestion fixed the problem.  Thank you!
Regards,  Jeff
Guy wrote:
...
Jeff Salisbury wrote:
...
Greetings,  We have been using Stunnel 4.26 to facilitate the
sending and receiving of email with an email client that is not
SSL enabled.  Version 4.26 has been working great.  However, when
we upgrade to 4.27, we are unable to POP email (we can send
email).  We did not change our Stunnel.conf file.
Can anyone advise us what we need to do to get 4.27 working?
I've included our Stunnel.conf file contents, and the Stunnel log 
output below.
Try: sslVersion = TLSv1
See below.
Your Modified Configuration File:
#####
# GLOBAL OPTIONS
client = yes
#output = C:\Documents and Settings\All Users\Application Data\stunnel-log.txt
debug = 7
taskbar = yes
sslVersion = TLSv1
# SERVICE-LEVEL OPTIONS
[pop3]
accept=995
connect=mail.OurPOP.com:995
[smtp]
accept=465
connect=mail.OurSMTP.com:465
#
#####
Configuration File Used:
#####
#
client = yes
debug = debug
output = _test.log
rndbytes = 256
rndfile = t:\tmp\randseed.bin
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
sslVersion = TLSv1
[YOUR-POP3S]
accept=TUNNEL-01:110
connect=216.97.239.60:995
[YOUR-SMTPS]
accept=TUNNEL-01:25
connect=216.97.239.60:465
#
#####
Stunnel Debug Output Log:
Snagged 256 random bytes from t:\tmp\randseed.bin
Wrote 1024 new random bytes to t:\tmp\randseed.bin
RAND_status claims sufficient entropy for the PRNG
PRNG seeded successfully
SSL context initialized for service YOUR-POP3S
SSL context initialized for service YOUR-SMTPS
stunnel 4.27 on x86-pc-mingw32-gnu with OpenSSL 0.9.8k 25 Mar 2009
Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
No limit detected for the number of clients
FD 1884 in non-blocking mode
SO_REUSEADDR option set on accept socket
YOUR-POP3S bound to 127.0.10.1:110
FD 1876 in non-blocking mode
SO_REUSEADDR option set on accept socket
YOUR-SMTPS bound to 127.0.10.1:25
YOUR-POP3S accepted FD=1860 from 127.0.10.1:1599
Creating a new thread
New thread created
YOUR-POP3S started
FD 1860 in non-blocking mode
TCP_NODELAY option set on local socket
YOUR-POP3S accepted connection from 127.0.10.1:1599
FD 1836 in non-blocking mode
connect_blocking: connecting 216.97.239.60:995
connect_blocking: s_poll_wait 216.97.239.60:995: waiting 10 seconds
connect_blocking: connected 216.97.239.60:995
YOUR-POP3S connected remote server from 10.10.10.10:1600
Remote FD=1836 initialized
TCP_NODELAY option set on remote socket
SSL state (connect): before/connect initialization
SSL state (connect): SSLv3 write client hello A
SSL state (connect): SSLv3 read server hello A
SSL state (connect): SSLv3 read server certificate A
SSL state (connect): SSLv3 read server done A
SSL state (connect): SSLv3 write client key exchange A
SSL state (connect): SSLv3 write change cipher spec A
SSL state (connect): SSLv3 write finished A
SSL state (connect): SSLv3 flush data
SSL state (connect): SSLv3 read finished A
   1 items in the session cache
   1 client connects (SSL_connect())
   1 client connects that finished
   0 client renegotiations requested
   0 server connects (SSL_accept())
   0 server connects that finished
   0 server renegotiations requested
   0 session cache hits
   0 session cache misses
   0 session cache timeouts
SSL connected: new session negotiated
Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
Socket closed on read
SSL write shutdown
SSL alert (write): warning: close notify
SSL socket closed on SSL_shutdown
Socket write shutdown
Connection closed: 49 bytes sent to SSL, 90 bytes sent to socket
YOUR-POP3S finished (0 left)
YOUR-SMTPS accepted FD=1844 from 127.0.10.1:1601
Creating a new thread
New thread created
YOUR-SMTPS started
FD 1844 in non-blocking mode
TCP_NODELAY option set on local socket
YOUR-SMTPS accepted connection from 127.0.10.1:1601
FD 1836 in non-blocking mode
connect_blocking: connecting 216.97.239.60:465
connect_blocking: s_poll_wait 216.97.239.60:465: waiting 10 seconds
connect_blocking: connected 216.97.239.60:465
YOUR-SMTPS connected remote server from 10.10.10.10:1602
Remote FD=1836 initialized
TCP_NODELAY option set on remote socket
SSL state (connect): before/connect initialization
SSL state (connect): SSLv3 write client hello A
SSL state (connect): SSLv3 read server hello A
SSL state (connect): SSLv3 read server certificate A
SSL state (connect): SSLv3 read server done A
SSL state (connect): SSLv3 write client key exchange A
SSL state (connect): SSLv3 write change cipher spec A
SSL state (connect): SSLv3 write finished A
SSL state (connect): SSLv3 flush data
SSL state (connect): SSLv3 read finished A
   1 items in the session cache
   1 client connects (SSL_connect())
   1 client connects that finished
   0 client renegotiations requested
   0 server connects (SSL_accept())
   0 server connects that finished
   0 server renegotiations requested
   0 session cache hits
   0 session cache misses
   0 session cache timeouts
SSL connected: new session negotiated
Negotiated ciphers: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
Socket closed on read
SSL write shutdown
SSL alert (write): warning: close notify
SSL socket closed on SSL_shutdown
Socket write shutdown
Connection closed: 78 bytes sent to SSL, 423 bytes sent to socket
YOUR-SMTPS finished (0 left)
POP3 Transaction Log:
CONNECT   : Looking up host name TUNNEL-01...
CONNECT   : Host name TUNNEL-01 found
CONNECT   : Connecting to host TUNNEL-01 [127.0.10.1:110]...
CONNECT   : Connected to host TUNNEL-01 [127.0.10.1:110]
POP REPLY : +OK Hello there.
POP SEND  : USER username
POP REPLY : +OK Password required.
POP SEND  : PASS **********
POP REPLY : -ERR Login failed.
POP SEND  : QUIT
POP REPLY : +OK Better luck next time.
DISCONNECT: Disconnected from server
SMTP Transaction Log:
CONNECT   : Looking up host name TUNNEL-01...
CONNECT   : Host name TUNNEL-01 found
CONNECT   : Connecting to host TUNNEL-01 [127.0.10.1:25]...
CONNECT   : Connected to host TUNNEL-01 [127.0.10.1:25]
SMTP REPLY: 220-crimson.lunarbreeze.com ESMTP Exim 4.69 #1 Tue, 16 Jun 2009 14:45:25 -0700
SMTP SEND : EHLO computername
SMTP REPLY: 250-crimson.lunarbreeze.com Hello 123,123.123.123 [123,123.123.123]
SMTP REPLY: 250-SIZE 52428800
SMTP REPLY: 250-PIPELINING
SMTP REPLY: 250-AUTH PLAIN LOGIN
SMTP REPLY: 250 HELP
SMTP SEND : AUTH PLAIN xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx==
SMTP REPLY: 535 Incorrect authentication data
SMTP SEND : QUIT
SMTP REPLY: 221 crimson.lunarbreeze.com closing connection
DISCONNECT: Disconnected from server