[stunnel-users] s_poll_wait timeout errors

James Brown jlbrown at bordo.com.au
Thu Nov 16 01:50:32 CET 2006 

I'm trying to set up an SSL connection from stunnel to Postfix, but  
can not get it to work.

stunnel log says:

2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp started
2006.11.16 11:35:31 LOG7[5240:25188864]: FD 9 in non-blocking mode
2006.11.16 11:35:31 LOG7[5240:25188864]: TCP_NODELAY option set on  
local socket
2006.11.16 11:35:31 LOG7[5240:25188864]: FD 10 in non-blocking mode
2006.11.16 11:35:31 LOG7[5240:25188864]: FD 11 in non-blocking mode
2006.11.16 11:35:31 LOG7[5240:25188864]: Connection from  
192.168.1.12:51469 permitted by libwrap
2006.11.16 11:35:31 LOG5[5240:25188864]: ssmtp connected from  
192.168.1.12:51469
2006.11.16 11:35:31 LOG7[5240:25188864]: FD 10 in non-blocking mode
2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp connecting 127.0.0.1:25
2006.11.16 11:35:31 LOG7[5240:25188864]: connect_wait: waiting 10  
seconds
2006.11.16 11:35:31 LOG7[5240:25188864]: connect_wait: connected
2006.11.16 11:35:31 LOG7[5240:25188864]: Remote FD=10 initialized
2006.11.16 11:35:31 LOG7[5240:25188864]: TCP_NODELAY option set on  
remote socket
2006.11.16 11:35:31 LOG5[5240:25188864]: Negotiations for smtp  
(client side) started
2006.11.16 11:35:31 LOG7[5240:2684415368]: Cleaning up the signal pipe
2006.11.16 11:35:31 LOG6[5240:2684415368]: Child process 5251  
finished with code 0
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 220 mail3.bordo.com.au  
ESMTP Postfix
2006.11.16 11:35:31 LOG7[5240:25188864]:  -> 220 mail3.bordo.com.au  
ESMTP Postfix
2006.11.16 11:35:31 LOG7[5240:25188864]:  -> EHLO localhost
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-mail3.bordo.com.au
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-SIZE 10240000
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-ETRN
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-AUTH PLAIN LOGIN
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-AUTH=PLAIN LOGIN
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-XFORWARD NAME ADDR  
PROTO HELO SOURCE
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-ENHANCEDSTATUSCODES
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250-8BITMIME
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 250 DSN
2006.11.16 11:35:31 LOG7[5240:25188864]:  -> STARTTLS
2006.11.16 11:35:31 LOG7[5240:25188864]:  <- 220 2.0.0 Ready to start  
TLS
2006.11.16 11:35:31 LOG5[5240:25188864]: Protocol negotiations succeded
2006.11.16 11:35:31 LOG7[5240:25188864]: SSL state (connect): before/ 
connect initialization
2006.11.16 11:35:31 LOG7[5240:25188864]: SSL state (connect): SSLv2/ 
v3 write client hello A
2006.11.16 11:40:31 LOG6[5240:25188864]: init_ssl: s_poll_wait timeout
2006.11.16 11:40:31 LOG5[5240:25188864]: Connection reset: 0 bytes  
sent to SSL, 0 bytes sent to socket
2006.11.16 11:40:31 LOG7[5240:25188864]: ssmtp finished (0 left)
2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp started

Postfix's log shows:
Nov 16 11:35:31 Fax-Machine postfix/smtpd[5252]: connect from  
localhost[127.0.0.1]
Nov 16 11:35:31 Fax-Machine postfix/smtpd[5252]: setting up TLS  
connection from localhost[127.0.0.1]
Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: SSL_accept error  
from localhost[127.0.0.1]: -1
Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: lost connection  
after STARTTLS from localhost[127.0.0.1]
Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: disconnect from  
localhost[127.0.0.1]

stunnel.conf is:
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular  
configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = /etc/postfix/smtpd.cert
key = /etc/postfix/smtpd.key

debug=7
output=/dev/stdout

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
;debug = 7
;output = stunnel.log

; Use it for client mode
;client = yes

; Service-level configuration

protocol = smtp

sslVersion = all

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

[ssmtp]
client = yes
accept  = 465
connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini




Does anyone have any idea where I am going wrong?

Thanks,

James.

More information about the stunnel-users mailing list