Hi! New to this list and this product. I posted this on the Amazon forums, but I need to fix this fast, so I thought I would post it here as well.
I am running stunnel 5.04 for Windows on a Windows 2012 R2 instance. I have it working with SES, but after a while it just keeps timing out. I have to manually reload the configuration file to get it to start working again. What am I doing wrong?
Here is a part of the log:
2014.10.09 07:43:57 LOG5964 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:62779 2014.10.09 07:44:07 LOG3964 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.68.86.38:465: TIMEOUTconnect exceeded 2014.10.09 07:44:17 LOG3964 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.68.197.46:465: TIMEOUTconnect exceeded 2014.10.09 07:44:27 LOG3964 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.213.178.250:465: TIMEOUTconnect exceeded 2014.10.09 07:44:27 LOG5964 https://forums.aws.amazon.com/: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.10.09 11:30:18 LOG53224 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:63014 2014.10.09 11:30:28 LOG33224 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.68.197.46:465: TIMEOUTconnect exceeded 2014.10.09 11:30:38 LOG33224 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.213.178.250:465: TIMEOUTconnect exceeded 2014.10.09 11:30:48 LOG33224 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.68.86.38:465: TIMEOUTconnect exceeded 2014.10.09 11:30:48 LOG53224 https://forums.aws.amazon.com/: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.10.09 11:31:34 LOG51000 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:63019 2014.10.09 11:31:44 LOG31000 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.213.178.250:465: TIMEOUTconnect exceeded 2014.10.09 11:31:54 LOG31000 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.68.86.38:465: TIMEOUTconnect exceeded 2014.10.09 11:32:01 LOG5388 https://forums.aws.amazon.com/: Reading configuration from file stunnel.conf 2014.10.09 11:32:01 LOG5388 https://forums.aws.amazon.com/: FIPS mode disabled 2014.10.09 11:32:01 LOG5388 https://forums.aws.amazon.com/: Configuration successful 2014.10.09 11:32:04 LOG31000 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.68.197.46:465: TIMEOUTconnect exceeded 2014.10.09 11:32:04 LOG51000 https://forums.aws.amazon.com/: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket 2014.10.09 11:32:14 LOG5964 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:63024 2014.10.09 11:32:14 LOG5964 https://forums.aws.amazon.com/: s_connect: connected 54.68.159.203:465 2014.10.09 11:32:14 LOG5964 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ connected remote server from 172.31.3.85:63025 2014.10.09 11:32:14 LOG5964 https://forums.aws.amazon.com/: Connection closed: 494 byte(s) sent to SSL, 360 byte(s) sent to socket 2014.10.09 11:32:18 LOG5892 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:63026 2014.10.09 11:32:18 LOG5892 https://forums.aws.amazon.com/: s_connect: connected 54.213.190.197:465 2014.10.09 11:32:18 LOG5892 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ connected remote server from 172.31.3.85:63027 2014.10.09 11:32:18 LOG5892 https://forums.aws.amazon.com/: Connection closed: 1592 byte(s) sent to SSL, 360 byte(s) sent to socket 2014.10.09 12:41:29 LOG53700 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:63100 2014.10.09 12:41:29 LOG53700 https://forums.aws.amazon.com/: s_connect: connected 54.244.8.28:465 2014.10.09 12:41:29 LOG53700 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ connected remote server from 172.31.3.85:63101 2014.10.09 12:41:29 LOG53700 https://forums.aws.amazon.com/: Connection closed: 1609 byte(s) sent to SSL, 360 byte(s) sent to socket 2014.10.09 12:46:13 LOG53428 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:63107 2014.10.09 12:46:13 LOG53428 https://forums.aws.amazon.com/: s_connect: connected 54.68.159.203:465 2014.10.09 12:46:13 LOG53428 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ connected remote server from 172.31.3.85:63108 2014.10.09 12:46:14 LOG53428 https://forums.aws.amazon.com/: Connection closed: 1609 byte(s) sent to SSL, 360 byte(s) sent to socket 2014.10.09 16:32:21 LOG51876 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:63335 2014.10.09 16:32:21 LOG51876 https://forums.aws.amazon.com/: s_connect: connected 54.213.190.197:465 2014.10.09 16:32:21 LOG51876 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ connected remote server from 172.31.3.85:63336 2014.10.09 16:32:21 LOG51876 https://forums.aws.amazon.com/: Connection closed: 1611 byte(s) sent to SSL, 360 byte(s) sent to socket 2014.10.10 01:52:46 LOG5440 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:64017 2014.10.10 01:52:46 LOG5440 https://forums.aws.amazon.com/: s_connect: connected 54.244.8.28:465 2014.10.10 01:52:46 LOG5440 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ connected remote server from 172.31.3.85:64018 2014.10.10 01:52:47 LOG5440 https://forums.aws.amazon.com/: Connection closed: 5129 byte(s) sent to SSL, 360 byte(s) sent to socket 2014.10.10 08:32:20 LOG53548 https://forums.aws.amazon.com/: Service smtp-tls-wrapper https://forums.aws.amazon.com/ accepted connection from 127.0.0.1:64423 2014.10.10 08:32:30 LOG33548 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.68.159.203:465: TIMEOUTconnect exceeded 2014.10.10 08:32:40 LOG33548 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.213.190.197:465: TIMEOUTconnect exceeded 2014.10.10 08:32:50 LOG33548 https://forums.aws.amazon.com/: s_connect: s_poll_wait 54.244.8.28:465: TIMEOUTconnect exceeded 2014.10.10 08:32:50 LOG53548 https://forums.aws.amazon.com/: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
You can see that it stops, then I reload the configuration and it works again, and then eventually stops. Here is my configuration file:
engine = capi
cert = stunnel.pem
options = NO_SSLv2
ssmtp https://forums.aws.amazon.com/ accept = 465 connect = 25
smtp-tls-wrapper https://forums.aws.amazon.com/ accept = 2525 client = yes connect = email-smtp.us-west-2.amazonaws.com:465
Thank you.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Mark Hannig wrote:
I am running stunnel 5.04 for Windows on a Windows 2012 R2 instance. I have it working with SES, but after a while it just keeps timing out. I have to manually reload the configuration file to get it to start working again. What am I doing wrong?
Before reloading the configuration file it tries to connect 54.68.86.38, 54.68.197.46, and 54.213.178.250:
2014.10.09 07:43:57 LOG5964: Service smtp-tls-wrapper accepted connection from 127.0.0.1:62779 2014.10.09 07:44:07 LOG3964: s_connect: s_poll_wait 54.68.86.38:465: TIMEOUTconnect exceeded 2014.10.09 07:44:17 LOG3964: s_connect: s_poll_wait 54.68.197.46:465: TIMEOUTconnect exceeded 2014.10.09 07:44:27 LOG3964: s_connect: s_poll_wait 54.213.178.250:465: TIMEOUTconnect exceeded
After reloading the configuration file it tries to connect 54.244.8.28:
2014.10.09 12:41:29 LOG53700: Service smtp-tls-wrapper accepted connection from 127.0.0.1:63100 2014.10.09 12:41:29 LOG53700: s_connect: connected 54.244.8.28:465 2014.10.09 12:41:29 LOG53700: Service smtp-tls-wrapper connected remote server from 172.31.3.85:63101
As you see the DNS entry has been changed (your target service uses dynamic IP addresses).
The solution is quite simple. All you need is to disallow caching the resolved IP addresses with "delay = yes".
Mike
-
Mark Hannig -
Michal Trojnara