Thank you very much for working with me on resolving this.
On your first post I didn't see the difference in port numbers. I have corrected that. Thank you for catching it. It did get me closer to resolving the issue.
I'm getting this log from my email client: --- Wed, 12 Jun 2013 12:22:46 --- Connect to 'localhost' port 10115, timeout 60. 12:22:46.960 [*] Connection established to 127.0.0.1 12:22:47.226 >> 0120 220 vms173007pub.verizon.net -- Server ESMTP (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))\0D\0A 12:22:47.226 << 0023 EHLO [192.168.168.11]\0D\0A 12:22:47.288 >> 0030 250-vms173007pub.verizon.net\0D\0A 12:22:47.288 >> 0014 250-8BITMIME\0D\0A 12:22:47.288 >> 0016 250-PIPELINING\0D\0A 12:22:47.288 >> 0014 250-CHUNKING\0D\0A 12:22:47.288 >> 0009 250-DSN\0D\0A 12:22:47.288 >> 0025 250-ENHANCEDSTATUSCODES\0D\0A 12:22:47.288 >> 0010 250-HELP\0D\0A 12:22:47.288 >> 0044 250-XLOOP AD6DF29B04183351BAD9935B9A483ABE\0D\0A 12:22:47.288 >> 0042 250-AUTH DIGEST-MD5 PLAIN LOGIN CRAM-MD5\0D\0A 12:22:47.288 >> 0022 250-AUTH=LOGIN PLAIN\0D\0A 12:22:47.288 >> 0010 250-ETRN\0D\0A 12:22:47.288 >> 0019 250-NO-SOLICITING\0D\0A 12:22:47.288 >> 0019 250 SIZE 20971520\0D\0A 12:22:47.288 << 0015 AUTH CRAM-MD5\0D\0A 12:22:47.335 >> 0050 334 PDEzNTYyOTY5MjEuMTIxMTA1NTFAdm1zMTczMDA3Pg==\0D\0A 12:22:47.335 << 0058 YXR1cHJlcyBkYTlmZTI3MWFjODNjYWUxOTVjNmZhZWQ5ZGE0NTUzYg==\0D\0A 12:22:47.397 >> 0066 500 5.7.0 Unknown AUTH error -1 (Internal authentication error).\0D\0A 12:22:50.845 << 0006 QUIT\0D\0A 12:22:50.892 >> 0034 221 2.3.0 Bye received. Goodbye.\0D\0A 12:22:50.892 --- Connection closed normally at Wed, 12 Jun 2013 12:22:50. ---\0A\0A
I'm getting this in the Stunnel.log 2013.06.12 12:22:46 LOG7[660:2460]: New thread created 2013.06.12 12:22:46 LOG7[660:896]: Service [Verizon-smtp] started 2013.06.12 12:22:46 LOG5[660:896]: Service [Verizon-smtp] accepted connection from 127.0.0.1:52721 2013.06.12 12:22:46 LOG6[660:896]: connect_blocking: connecting 206.46.232.12:465 2013.06.12 12:22:46 LOG7[660:896]: connect_blocking: s_poll_wait 206.46.232.12:465: waiting 10 seconds 2013.06.12 12:22:46 LOG5[660:896]: connect_blocking: connected 206.46.232.12:465 2013.06.12 12:22:46 LOG5[660:896]: Service [Verizon-smtp] connected remote server from 192.168.168.11:52722 2013.06.12 12:22:46 LOG7[660:896]: Remote socket (FD=384) initialized 2013.06.12 12:22:46 LOG7[660:896]: SNI: sending servername: outgoing.verizon.net 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): before/connect initialization 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 write client hello A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 read server hello A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 read server certificate A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 read server key exchange A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 read server done A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 write client key exchange A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 write change cipher spec A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 write finished A 2013.06.12 12:22:46 LOG7[660:896]: SSL state (connect): SSLv3 flush data 2013.06.12 12:22:47 LOG7[660:896]: SSL state (connect): SSLv3 read finished A 2013.06.12 12:22:47 LOG7[660:896]: 2 items in the session cache 2013.06.12 12:22:47 LOG7[660:896]: 2 client connects (SSL_connect()) 2013.06.12 12:22:47 LOG7[660:896]: 2 client connects that finished 2013.06.12 12:22:47 LOG7[660:896]: 0 client renegotiations requested 2013.06.12 12:22:47 LOG7[660:896]: 0 server connects (SSL_accept()) 2013.06.12 12:22:47 LOG7[660:896]: 0 server connects that finished 2013.06.12 12:22:47 LOG7[660:896]: 0 server renegotiations requested 2013.06.12 12:22:47 LOG7[660:896]: 0 session cache hits 2013.06.12 12:22:47 LOG7[660:896]: 0 external session cache hits 2013.06.12 12:22:47 LOG7[660:896]: 0 session cache misses 2013.06.12 12:22:47 LOG7[660:896]: 0 session cache timeouts 2013.06.12 12:22:47 LOG6[660:896]: SSL connected: new session negotiated 2013.06.12 12:22:47 LOG6[660:896]: Negotiated TLSv1/SSLv3 ciphersuite: DHE-RSA-AES256-SHA (256-bit encryption) 2013.06.12 12:22:47 LOG6[660:896]: Compression: null, expansion: null 2013.06.12 12:22:50 LOG6[660:896]: Read socket closed (readsocket) 2013.06.12 12:22:50 LOG7[660:896]: Sending close_notify alert 2013.06.12 12:22:50 LOG7[660:896]: SSL alert (write): warning: close notify 2013.06.12 12:22:50 LOG6[660:896]: SSL_shutdown successfully sent close_notify alert 2013.06.12 12:22:50 LOG7[660:896]: SSL alert (read): warning: close notify 2013.06.12 12:22:50 LOG6[660:896]: SSL closed (SSL_read) 2013.06.12 12:22:50 LOG7[660:896]: Sent socket write shutdown 2013.06.12 12:22:50 LOG5[660:896]: Connection closed: 102 byte(s) sent to SSL, 544 byte(s) sent to socket 2013.06.12 12:22:50 LOG7[660:896]: Remote socket (FD=384) closed 2013.06.12 12:22:50 LOG7[660:896]: Local socket (FD=216) closed 2013.06.12 12:22:50 LOG7[660:896]: Service [Verizon-smtp] finished (0 left)
Do you have any idea why I am getting: 12:22:47.397 >> 0066 500 5.7.0 Unknown AUTH error -1 (Internal authentication error).\0D\0A
Thank you,
Gary
On 12 Jun 2013 at 20:36, Jochen (Jochen Bern Jochen.Bern@LINworks.de) commented about Re: [stunnel-users] Getting Stunnel working with :
On 12.06.2013 19:48, Gary Kuznitz wrote:
Thanks for showing me how to test SSL. I installed openssl and ran the test. This is what I received back.
C:\Programs\OpenSSL-Win32\bin>openssl s_client -connect smtp.verizon.net:465
[...]
Verify return code: 19 (self signed certificate in certificate chain)
At this point, the SSL layer of the connection has been set up (s_client ignores the non-null verification result) and the actual payload protocol can start to do its thing. The payload protocol is SMTP, so the server throws you a hello line:
220 vms173025pub.verizon.net -- Server ESMTP (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009))
and then waits for the client to send its requests. Since you apparently didn't enter anything, the server obviously terminated the connection with:
421 4.4.2 Timeout while waiting for command.
An actual SMTP session with an *attempt* at transferring an e-mail would look like, e.g.:
220 vms173023pub.verizon.net -- Server ESMTP (Sun Java(tm) System Messaging Server 7u2-7.02 32bit (built Apr 16 2009)) HELO this.is.my.laptop 250 vms173023pub.verizon.net OK, [unknown] [213.157.4.156]. MAIL FROM:Jochen.Bern@LINworks.de 550 5.7.1 Authentication Required rSET 250 2.5.0 Ok. QUIT
(The lines starting with a three-digit SMTP status code number are sent by the server; the 5xx code signals a permanent error; the lines starting with a four-letter SMTP command are sent by the client, i.e., I typed them into the s_client; and I typed "rSET" instead of the normal "RSET" because s_client takes every line starting with an *uppercase* 'R' as a command to do an SSL renegotiation.)
It sounds like something is wrong on this end. Any ideas?
What about the two *****DIFFERING***** port numbers I pointed out in your posted data?
On 12.06.2013 05:12, Gary Kuznitz wrote:
[Verizon-smtp] client = yes accept = 11015
^##^^[...]
--- Tue, 11 Jun 2013 16:38:55 --- Connect to 'localhost' port 10115, timeout 60.
^##^^I don't actually use stunnel (subscribed to the list when I had a need that I later fulfilled with socat, but that's Unix/Linux only), so I don't know whether stunnel has a problem with the self-signed cert ...
Regards, J. Bern -- *NEU* - NEC IT-Infrastruktur-Produkte im http://www.linworks-shop.de/: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH http://www.LINworks.de/ Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel
-
Gary Kuznitz