After a long time of successful usage of stunnel on a Windows 7 system I experienced now permanent problems with sending messages from my local email client over stunnel + SMTP to the remote smtp-server on port 587.
Again: my local client+stunnel setup is/was untouched.
When I send now messages to remote port 587 (as before) they are silently accepted but NOT forwarded to the final destination. No error messages was returned.
The only thing I could imagine is that the webhoster changed the mail server certificate.
How does stunnel handle this scenario? Do I have to tell stunnel that the remote certificate changed? how?
Receiving eMails through POP3 on port 995 works.
WebHoster has no clue what the reason is.
The (anonymized) log below shows the transfer
Any help is welcomed.
Thank you Peter
2017.11.02 13:03:51 LOG7[main]: Found 1 ready file descriptor(s) 2017.11.02 13:03:51 LOG7[main]: FD=388 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=464 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=468 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=472 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=476 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=480 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=484 ifds=r-x ofds=r-- 2017.11.02 13:03:51 LOG7[main]: FD=488 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=492 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=496 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=500 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=504 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=508 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=512 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=516 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=520 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=524 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: FD=528 ifds=r-x ofds=--- 2017.11.02 13:03:51 LOG7[main]: Service [mail-smtp] accepted (FD=904) from 127.0.0.1:47872 2017.11.02 13:03:51 LOG7[main]: Creating a new thread 2017.11.02 13:03:51 LOG7[main]: New thread created 2017.11.02 13:03:51 LOG7[537]: Service [mail-smtp] started 2017.11.02 13:03:51 LOG7[537]: Option TCP_NODELAY set on local socket 2017.11.02 13:03:51 LOG5[537]: Service [mail-smtp] accepted connection from 127.0.0.1:47872 2017.11.02 13:03:51 LOG6[537]: s_connect: connecting 195.54.77.83:587 2017.11.02 13:03:51 LOG7[537]: s_connect: s_poll_wait 195.54.77.83:587: waiting 10 seconds 2017.11.02 13:03:51 LOG5[537]: s_connect: connected 195.54.77.83:587 2017.11.02 13:03:51 LOG5[537]: Service [mail-smtp] connected remote server from 192.168.0.10:47873 2017.11.02 13:03:51 LOG7[537]: Option TCP_NODELAY set on remote socket 2017.11.02 13:03:51 LOG7[537]: Remote descriptor (FD=876) initialized 2017.11.02 13:03:51 LOG7[537]: <- 220 foobar.testserver.com ESMTP Postfix 2017.11.02 13:03:51 LOG7[537]: -> 220 foobar.testserver.com ESMTP Postfix 2017.11.02 13:03:51 LOG7[537]: -> EHLO localhost 2017.11.02 13:03:51 LOG7[537]: <- 250-foobar.testserver.com 2017.11.02 13:03:51 LOG7[537]: <- 250-PIPELINING 2017.11.02 13:03:51 LOG7[537]: <- 250-SIZE 104857600 2017.11.02 13:03:51 LOG7[537]: <- 250-ETRN 2017.11.02 13:03:51 LOG7[537]: <- 250-STARTTLS 2017.11.02 13:03:51 LOG7[537]: <- 250-ENHANCEDSTATUSCODES 2017.11.02 13:03:51 LOG7[537]: <- 250-8BITMIME 2017.11.02 13:03:51 LOG7[537]: <- 250 DSN 2017.11.02 13:03:51 LOG7[537]: -> STARTTLS 2017.11.02 13:03:51 LOG7[537]: <- 220 2.0.0 Ready to start TLS 2017.11.02 13:03:51 LOG6[537]: SNI: sending servername: foobar.testserver.com 2017.11.02 13:03:51 LOG6[537]: Peer certificate not required 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): before/connect initialization 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write client hello A 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server hello A 2017.11.02 13:03:51 LOG6[537]: Certificate verification disabled 2017.11.02 13:03:51 LOG6[537]: Certificate verification disabled 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server certificate A 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server key exchange A 2017.11.02 13:03:51 LOG6[537]: Client certificate not requested 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server done A 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write client key exchange A 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write change cipher spec A 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 write finished A 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 flush data 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read server session ticket A 2017.11.02 13:03:51 LOG7[537]: TLS state (connect): SSLv3 read finished A 2017.11.02 13:03:51 LOG7[537]: 2 client connect(s) requested 2017.11.02 13:03:51 LOG7[537]: 2 client connect(s) succeeded 2017.11.02 13:03:51 LOG7[537]: 0 client renegotiation(s) requested 2017.11.02 13:03:51 LOG7[537]: 0 session reuse(s) 2017.11.02 13:03:51 LOG6[537]: TLS connected: new session negotiated 2017.11.02 13:03:51 LOG7[537]: Deallocating application specific data for session connect address 2017.11.02 13:03:51 LOG6[537]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-GCM-SHA384 (256-bit encryption) 2017.11.02 13:03:51 LOG7[537]: Compression: null, expansion: null 2017.11.02 13:03:52 LOG6[537]: Read socket closed (readsocket) 2017.11.02 13:03:52 LOG7[537]: Sending close_notify alert 2017.11.02 13:03:52 LOG7[537]: TLS alert (write): warning: close notify 2017.11.02 13:03:52 LOG6[537]: SSL_shutdown successfully sent close_notify alert 2017.11.02 13:03:52 LOG7[537]: TLS alert (read): warning: close notify 2017.11.02 13:03:52 LOG6[537]: TLS closed (SSL_read) 2017.11.02 13:03:52 LOG7[537]: Sent socket write shutdown 2017.11.02 13:03:52 LOG5[537]: Connection closed: 2954 byte(s) sent to TLS, 337 byte(s) sent to socket 2017.11.02 13:03:52 LOG7[537]: Remote descriptor (FD=876) closed 2017.11.02 13:03:52 LOG7[537]: Local descriptor (FD=904) closed 2017.11.02 13:03:52 LOG7[537]: Service [mailo-smtp] finished (0 left)
-
Ben Stover