Hi, a few days ago up to a week my stunnel connection to smtp-gmail.gmail.com. stopped working with the error:
ep 21 17:25:57 stunnel LOG50: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket Sep 21 17:25:57 stunnel LOG30: Remote server is not RFC 1425 compliant Sep 21 17:25:57 stunnel LOG50: Service [to_gmail] connected remote server from xxx.xxx.xxx.xxx:29662
Tried from 2 different Locations / sites (i.e companies) same error. The relay work fine without client settings but that leaves TLS to the endpoint.. Office 365 relay works fine with TLS. Contacted Google support but the claimed nothing have been changed. I assume somehting with the TLS version/ CIPHERS is wrong ?
Conf simply looks like this:
cert = /usr/local/etc/stunnel/stunnel.pem chroot = /var/tmp/stunnel setuid = stunnel setgid = stunnel
[to_gmail] client = yes accept = 0.0.0.0:587 connect = smtp-relay.gmail.com:587 debug = 7 TIMEOUTclose = 0 protocol = smtp
BR, Anton.
Hi Anton,
At a guess, this may be related to the recent hard-deprecation of TLS1.0 and TLS1.1 by many of the large service-providers (eg: Google, MS, et al).
You might need to force TLS1.2 in stunnel.conf.
-Mike
I did try to sett SSLVersion = TLSv1.2 with no change =/
-----Ursprungligt meddelande----- Från: stunnel-users stunnel-users-bounces@stunnel.org För Mike Spooner Skickat: den 22 september 2020 13:38 Till: stunnel-users@stunnel.org Ämne: [stunnel-users] Stunnel to smtp-relay.gmail.com
Hi Anton,
At a guess, this may be related to the recent hard-deprecation of TLS1.0 and TLS1.1 by many of the large service-providers (eg: Google, MS, et al).
You might need to force TLS1.2 in stunnel.conf.
-Mike
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
...and you might prefer connecting to port 465 (implicit SMTP-over-TLS) instead of 587 (SMTP with explicit STARTTLS), if your mail client can do that.
- Mike
I get the same issue with both 465 and 587 =/.
-----Ursprungligt meddelande----- Från: stunnel-users stunnel-users-bounces@stunnel.org För Mike Spooner Skickat: den 22 september 2020 13:38 Till: stunnel-users@stunnel.org Ämne: [stunnel-users] Stunnel to smtp-relay.gmail.com
...and you might prefer connecting to port 465 (implicit SMTP-over-TLS) instead of 587 (SMTP with explicit STARTTLS), if your mail client can do that.
- Mike
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-
Anton Palmgård -
Mike Spooner