I am faling to connect to gmail. Not sure what that bind error means.
iqbala@ghar:~$ sudo stunnel4 2008.12.15 13:53:17 LOG7[3839:3083650736]: Snagged 64 random bytes from /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: Wrote 1024 new random bytes to /home/iqbala/.rnd 2008.12.15 13:53:17 LOG7[3839:3083650736]: RAND_status claims sufficient entropy for the PRNG 2008.12.15 13:53:17 LOG7[3839:3083650736]: PRNG seeded successfully 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Certificate loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: Key file: /etc/stunnel/stunnel.pem 2008.12.15 13:53:17 LOG7[3839:3083650736]: Private key loaded 2008.12.15 13:53:17 LOG7[3839:3083650736]: SSL context initialized for service ssmtp 2008.12.15 13:53:17 LOG5[3839:3083650736]: stunnel 4.22 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2008.12.15 13:53:17 LOG5[3839:3083650736]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2008.12.15 13:53:17 LOG6[3839:3083650736]: file ulimit = 1024 (can be changed with 'ulimit -n') 2008.12.15 13:53:17 LOG6[3839:3083650736]: poll() used - no FD_SETSIZE limit for file descriptors 2008.12.15 13:53:17 LOG5[3839:3083650736]: 500 clients allowed 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 10 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 11 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: FD 12 in non-blocking mode 2008.12.15 13:53:17 LOG7[3839:3083650736]: SO_REUSEADDR option set on accept socket 2008.12.15 13:53:17 LOG3[3839:3083650736]: Error binding ssmtp to 74.125.93.111:587 2008.12.15 13:53:17 LOG3[3839:3083650736]: bind: Cannot assign requested address (99)
Here is how my conf file looks like
iqbala@ghar:~$ cat /etc/stunnel/stunnel.conf | egrep -v "^;|^$" cert = /etc/stunnel/stunnel.pem foreground = yes sslVersion = SSLv3 chroot = /var/lib/stunnel4/ setuid = stunnel4 setgid = stunnel4 pid = /stunnel4.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = /var/log/stunnel4/stunnel.log client = yes [ssmtp] accept = smtp.gmail.com:587 connect = 25
Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
On Mon, 2008-12-15 14:14:56 -0500, Asif Iqbal wrote:
I am faling to connect to gmail. Not sure what that bind error means.
[..]
2008.12.15 13:53:17 LOG3[3839:3083650736]: Error binding ssmtp to 74.125.93.111:587 2008.12.15 13:53:17 LOG3[3839:3083650736]: bind: Cannot assign requested address (99)
Looks to me that either port 587 is already in use on your machine, or 74.125.93.111 is not its IP address.
Here is how my conf file looks like
[..]
[ssmtp] accept = smtp.gmail.com:587 connect = 25
Ah, o.k., you told stunnel to bind() to gmail and connect() to localhost. This should be the other way 'round: You want stunnel to accept connections from your mail client to localhost at port 25 and then connect to smtp.gmail.com at port 587.
HTH,
Ludolf
On Mon, Dec 15, 2008 at 2:48 PM, Ludolf Holzheid lholzheid@bihl-wiedemann.de wrote:
On Mon, 2008-12-15 14:14:56 -0500, Asif Iqbal wrote:
I am faling to connect to gmail. Not sure what that bind error means.
[..]
2008.12.15 13:53:17 LOG3[3839:3083650736]: Error binding ssmtp to 74.125.93.111:587 2008.12.15 13:53:17 LOG3[3839:3083650736]: bind: Cannot assign requested address (99)
Looks to me that either port 587 is already in use on your machine, or 74.125.93.111 is not its IP address.
Here is how my conf file looks like
[..]
[ssmtp] accept = smtp.gmail.com:587 connect = 25
Ah, o.k., you told stunnel to bind() to gmail and connect() to localhost. This should be the other way 'round: You want stunnel to accept connections from your mail client to localhost at port 25 and then connect to smtp.gmail.com at port 587.
doh!
It is working now.
Thanks a lot
HTH,
Ludolf
--
Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Floßwörthstraße 41 e-mail: lholzheid@bihl-wiedemann.de D-68199 Mannheim, Germany
On Mon, Dec 15, 2008 at 3:11 PM, Asif Iqbal vadud3@gmail.com wrote:
On Mon, Dec 15, 2008 at 2:48 PM, Ludolf Holzheid lholzheid@bihl-wiedemann.de wrote:
On Mon, 2008-12-15 14:14:56 -0500, Asif Iqbal wrote:
I am faling to connect to gmail. Not sure what that bind error means.
[..]
2008.12.15 13:53:17 LOG3[3839:3083650736]: Error binding ssmtp to 74.125.93.111:587 2008.12.15 13:53:17 LOG3[3839:3083650736]: bind: Cannot assign requested address (99)
Looks to me that either port 587 is already in use on your machine, or 74.125.93.111 is not its IP address.
Here is how my conf file looks like
[..]
[ssmtp] accept = smtp.gmail.com:587 connect = 25
Ah, o.k., you told stunnel to bind() to gmail and connect() to localhost. This should be the other way 'round: You want stunnel to accept connections from your mail client to localhost at port 25 and then connect to smtp.gmail.com at port 587.
doh!
It is working now.
I said it too soon. It passed that bind error but it still failing in ssl. I am seeing `SSL alert (write): fatal: handshake failure'
2008.12.15 15:07:37 LOG7[7614:3084007088]: Snagged 64 random bytes from /home/iqbala/.rnd 2008.12.15 15:07:37 LOG7[7614:3084007088]: Wrote 1024 new random bytes to /home/iqbala/.rnd 2008.12.15 15:07:37 LOG7[7614:3084007088]: RAND_status claims sufficient entropy for the PRNG 2008.12.15 15:07:37 LOG7[7614:3084007088]: PRNG seeded successfully 2008.12.15 15:07:37 LOG7[7614:3084007088]: Certificate: /etc/stunnel/stunnel.pem 2008.12.15 15:07:37 LOG7[7614:3084007088]: Certificate loaded 2008.12.15 15:07:37 LOG7[7614:3084007088]: Key file: /etc/stunnel/stunnel.pem 2008.12.15 15:07:37 LOG7[7614:3084007088]: Private key loaded 2008.12.15 15:07:37 LOG7[7614:3084007088]: SSL context initialized for service ssmtp 2008.12.15 15:07:37 LOG5[7614:3084007088]: stunnel 4.22 on i486-pc-linux-gnu with OpenSSL 0.9.8g 19 Oct 2007 2008.12.15 15:07:37 LOG5[7614:3084007088]: Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP 2008.12.15 15:07:37 LOG6[7614:3084007088]: file ulimit = 1024 (can be changed with 'ulimit -n') 2008.12.15 15:07:43 LOG6[7614:3084007088]: poll() used - no FD_SETSIZE limit for file descriptors 2008.12.15 15:07:43 LOG5[7614:3084007088]: 500 clients allowed 2008.12.15 15:07:43 LOG7[7614:3084007088]: FD 10 in non-blocking mode 2008.12.15 15:07:43 LOG7[7614:3084007088]: FD 11 in non-blocking mode 2008.12.15 15:07:43 LOG7[7614:3084007088]: FD 12 in non-blocking mode 2008.12.15 15:07:43 LOG7[7614:3084007088]: SO_REUSEADDR option set on accept socket 2008.12.15 15:07:43 LOG7[7614:3084007088]: ssmtp bound to 0.0.0.0:25 2008.12.15 15:07:43 LOG7[7614:3084007088]: Created pid file /stunnel4.pid 2008.12.15 20:09:46 LOG7[7614:3084007088]: ssmtp accepted FD=13 from 127.0.0.1:46039 2008.12.15 20:09:46 LOG7[7614:3087547280]: ssmtp started 2008.12.15 20:09:46 LOG7[7614:3087547280]: FD 13 in non-blocking mode 2008.12.15 20:09:46 LOG7[7614:3087547280]: TCP_NODELAY option set on local socket 2008.12.15 20:09:46 LOG7[7614:3087547280]: Waiting for a libwrap process 2008.12.15 20:09:46 LOG7[7614:3087547280]: Acquired libwrap process #0 2008.12.15 20:09:46 LOG7[7614:3087547280]: Releasing libwrap process #0 2008.12.15 20:09:46 LOG7[7614:3087547280]: Released libwrap process #0 2008.12.15 20:09:46 LOG7[7614:3087547280]: ssmtp permitted by libwrap from 127.0.0.1:46039 2008.12.15 20:09:46 LOG5[7614:3087547280]: ssmtp accepted connection from 127.0.0.1:46039 2008.12.15 20:09:46 LOG7[7614:3087547280]: FD 14 in non-blocking mode 2008.12.15 20:09:46 LOG7[7614:3087547280]: ssmtp connecting 74.125.93.111:587 2008.12.15 20:09:46 LOG7[7614:3087547280]: connect_wait: waiting 10 seconds 2008.12.15 20:09:46 LOG7[7614:3087547280]: connect_wait: connected 2008.12.15 20:09:46 LOG5[7614:3087547280]: ssmtp connected remote server from 10.13.136.166:47496 2008.12.15 20:09:46 LOG7[7614:3087547280]: Remote FD=14 initialized 2008.12.15 20:09:46 LOG7[7614:3087547280]: TCP_NODELAY option set on remote socket 2008.12.15 20:09:46 LOG7[7614:3087547280]: SSL state (connect): before/connect initialization 2008.12.15 20:09:46 LOG7[7614:3087547280]: SSL state (connect): SSLv3 write client hello A 2008.12.15 20:09:46 LOG7[7614:3087547280]: SSL alert (write): fatal: handshake failure 2008.12.15 20:09:46 LOG3[7614:3087547280]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2008.12.15 20:09:46 LOG5[7614:3087547280]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2008.12.15 20:09:46 LOG7[7614:3084007088]: ssmtp accepted FD=13 from 127.0.0.1:46041 2008.12.15 20:09:46 LOG7[7614:3083754384]: ssmtp started 2008.12.15 20:09:46 LOG7[7614:3083754384]: FD 13 in non-blocking mode 2008.12.15 20:09:46 LOG7[7614:3083754384]: TCP_NODELAY option set on local socket 2008.12.15 20:09:46 LOG7[7614:3083754384]: Waiting for a libwrap process 2008.12.15 20:09:46 LOG7[7614:3083754384]: Acquired libwrap process #0 2008.12.15 20:09:46 LOG7[7614:3083754384]: Releasing libwrap process #0 2008.12.15 20:09:46 LOG7[7614:3087547280]: ssmtp finished (0 left) 2008.12.15 20:09:46 LOG7[7614:3083754384]: Released libwrap process #0 2008.12.15 20:09:46 LOG7[7614:3083754384]: ssmtp permitted by libwrap from 127.0.0.1:46041 2008.12.15 20:09:46 LOG5[7614:3083754384]: ssmtp accepted connection from 127.0.0.1:46041 2008.12.15 20:09:46 LOG7[7614:3083754384]: FD 14 in non-blocking mode 2008.12.15 20:09:46 LOG7[7614:3083754384]: ssmtp connecting 74.125.93.109:587 2008.12.15 20:09:46 LOG7[7614:3083754384]: connect_wait: waiting 10 seconds 2008.12.15 20:09:46 LOG7[7614:3083754384]: connect_wait: connected 2008.12.15 20:09:46 LOG5[7614:3083754384]: ssmtp connected remote server from 10.13.136.166:38962 2008.12.15 20:09:46 LOG7[7614:3083754384]: Remote FD=14 initialized 2008.12.15 20:09:46 LOG7[7614:3083754384]: TCP_NODELAY option set on remote socket 2008.12.15 20:09:46 LOG7[7614:3083754384]: SSL state (connect): before/connect initialization 2008.12.15 20:09:46 LOG7[7614:3083754384]: SSL state (connect): SSLv3 write client hello A 2008.12.15 20:09:46 LOG7[7614:3083754384]: SSL alert (write): fatal: handshake failure 2008.12.15 20:09:46 LOG3[7614:3083754384]: SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2008.12.15 20:09:46 LOG5[7614:3083754384]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
Thanks a lot
HTH,
Ludolf
--
Ludolf Holzheid Tel: +49 621 339960 Bihl+Wiedemann GmbH Fax: +49 621 3392239 Floßwörthstraße 41 e-mail: lholzheid@bihl-wiedemann.de D-68199 Mannheim, Germany
-- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
"Asif Iqbal" vadud3@gmail.com writes:
[...]
I said it too soon. It passed that bind error but it still failing in ssl. I am seeing `SSL alert (write): fatal: handshake failure'
Hello again Asif, glad you decided to try out stunnel!
Try using port 465 instead of 587.
It looks like Google's STARTTLS command requires an EHLO to be sent first, which is a someqhat unusual requirement. I don't think stunnel does that. Port 465 will start talking SSL directly, without requiring SMTP commands first.
Good luck!
----Scott.
On Mon, Dec 15, 2008 at 4:49 PM, Scott Gifford sgifford@suspectclass.com wrote:
"Asif Iqbal" vadud3@gmail.com writes:
[...]
I said it too soon. It passed that bind error but it still failing in ssl. I am seeing `SSL alert (write): fatal: handshake failure'
Hello again Asif, glad you decided to try out stunnel!
Yep, as you suggested :-)
Try using port 465 instead of 587.
That worked! I were able to send an email and I did receive it. It says the email came from `vadud3@gmail.com' instead of the sender, which is me@myhomecomputer.domain
I am using this in /etc/nullmailer/remotes file
localhost smtp --port=25 --user=vadud3 --pass=s3cr3t
It looks like Google's STARTTLS command requires an EHLO to be sent first, which is a someqhat unusual requirement. I don't think stunnel does that. Port 465 will start talking SSL directly, without requiring SMTP commands first.
Good luck!
----Scott.
Scott Gifford wrote:
It looks like Google's STARTTLS command requires an EHLO to be sent first, which is a someqhat unusual requirement. I don't think stunnel does that. Port 465 will start talking SSL directly, without requiring SMTP commands first.
I've just checked the source code of stunnel-4.26 and it does send EHLO - unfortunately it sends "EHLO localhost"
I bet Gmail is rejecting that connection as "localhost" isn't a valid hostname. I think it should use the current hostname instead - that would tend to be more valid, and if not, is fixable by the host owner.
Jason Haar Jason.Haar@trimble.co.nz writes:
Scott Gifford wrote:
It looks like Google's STARTTLS command requires an EHLO to be sent first, which is a someqhat unusual requirement. I don't think stunnel does that. Port 465 will start talking SSL directly, without requiring SMTP commands first.
I've just checked the source code of stunnel-4.26 and it does send EHLO
- unfortunately it sends "EHLO localhost"
I bet Gmail is rejecting that connection as "localhost" isn't a valid hostname. I think it should use the current hostname instead - that would tend to be more valid, and if not, is fixable by the host owner.
Hrm, interesting, I actually didn't test it with stunnel, just took a guess as to what the problem was. :-)
I tried connecting to smtp.gmail.com:587 and sending "EHLO localhost" then "STARTTLS" and Google didn't complain.
Actually, it looks like Asif didn't have an option to use the SMTP protocol to do STARTTLS. Maybe that's been the problem all along. Asif, I'm not sure what the option is, but I'm sure you can find it by poking around.
-----Scott.
We note that always EHLO command sent by sTunnel to SMTP server always been populated as "localhost". Note some well know SMTP server (or) SMTP relay servers such as smtp-relay.gmail.com, etc reject further communication with SMTP clients (as here sTunnel), if they receive initial handshake EHLO request itself as LOCALHOST.
Please refer this link on why SMTP servers/ relay servers reject EHLO command with LOCALHOST - https://support.google.com/a/answer/2956491. Note because of this reason, we could use sTunnel as our encryption channel to communicate with SMTP server/relay server.
Is there any specific reason behind in hardcoding the EHLO command with LOCALHOST always even in latest version of sTunnel - 5.57 version..? Always what would be in sTunnel functionality, if we change the EHLO command to populate as hostname (or) FQDN instead.
We note that always EHLO command sent by sTunnel to SMTP server always been populated as "localhost". Note some well know SMTP server (or) SMTP relay servers such as smtp-relay.gmail.com, etc reject further communication with SMTP clients (as here sTunnel), if they receive initial handshake EHLO request itself as LOCALHOST.
Please refer this link on why SMTP servers/ relay servers reject EHLO command with LOCALHOST - https://support.google.com/a/answer/2956491. Note because of this reason, we could use sTunnel as our encryption channel to communicate with SMTP server/relay server.
Is there any specific reason behind in hardcoding the EHLO command with LOCALHOST always even in latest version of sTunnel - 5.57 version..? Always what would be in sTunnel functionality, if we change the EHLO command to populate as hostname (or) FQDN instead.
-
Asif Iqbal -
Jason Haar -
Ludolf Holzheid -
Scott Gifford -
sreyas-n@hcl.com