I am trying to send email over stunnel from a client that doesn't support encryption to a server that does.
The local socket opens just fine, but it never really seems to connect to the remote server. A tcpdump shows only three packets exchanged between the two systems (Syn, Syn/Ack, Ack). The behavior is the same regardless of which tls enabled port I point stunnel at. I am able to connect to these ports via telnet and send email so I know the connection can be negotiated.
I am using the 4.21 build for windows (XP SP2) found on the main webpage.
Help!
--- stunnel.conf ---
; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1
; Workaround for Eudora bug ; my email client isn't eudora, but given how ; it doesn't support standards like encrypted ; transport..... options = DONT_INSERT_EMPTY_FRAGMENTS
; Some debugging stuff useful for troubleshooting debug = 7
; Use it for client mode client = yes
[smtp] accept = 127.0.0.1:25 connect = mailserver.mydomain.tld:587 ;connect = mailserver.mydomain.tld:465 ;connect = mailserver.mydomain.tld:25 protocol = smtp
Pat Riehecky wrote:
[smtp] accept = 127.0.0.1:25 connect = mailserver.mydomain.tld:587 ;connect = mailserver.mydomain.tld:465 ;connect = mailserver.mydomain.tld:25 protocol = smtp
As you're connecting your mailserver running on a separate port you're probably *not* using STARTTLS extension as described in RFC 2487: http://www.ietf.org/rfc/rfc2487.txt
Just delete (or comment-out) "protocol = smtp" line.
Best regards, Mike
-
Michal Trojnara -
Pat Riehecky