[stunnel-users] Service [SMTP Outgoing] needs authentication to prevent MITM attacks
Eric Poythress
epoythress at airhygiene.com
Wed Sep 2 05:28:19 CEST 2015
My stunnel.conf looks like this:
# Stunnel configuration file for Office 365 SMTP
# Eric Poythress
# GLOBAL OPTIONS
client = yes
output = stunnel-log.txt
debug=7
taskbar=yes
# SERVICE-LEVEL OPTIONS
[SMTP Outgoing]
client = yes
protocol = smtp
accept = 25
connect = smtp.office365.com:587
verify = 2
CAfile = ca-certs.pem
checkHost = smtp.office365.com
A larger sample of my logs looks like this:
2015.09.01 22:15:15 LOG5[1]: s_connect: connected 132.245.70.98:587
2015.09.01 22:15:15 LOG5[1]: Service [SMTP Outgoing] connected remote server from 192.168.100.41:1565
2015.09.01 22:15:15 LOG7[1]: Remote socket (FD=468) initialized
2015.09.01 22:15:15 LOG7[1]: <- 220 SN1PR15CA0037.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 2 Sep 2015 03:13:50 +0000
2015.09.01 22:15:15 LOG7[1]: -> 220 SN1PR15CA0037.outlook.office365.com Microsoft ESMTP MAIL Service ready at Wed, 2 Sep 2015 03:13:50 +0000
2015.09.01 22:15:15 LOG7[1]: -> EHLO localhost
2015.09.01 22:15:15 LOG7[1]: <- 250-SN1PR15CA0037.outlook.office365.com Hello [70.167.26.246]
2015.09.01 22:15:15 LOG7[1]: <- 250-SIZE 157286400
2015.09.01 22:15:15 LOG7[1]: <- 250-PIPELINING
2015.09.01 22:15:15 LOG7[1]: <- 250-DSN
2015.09.01 22:15:15 LOG7[1]: <- 250-ENHANCEDSTATUSCODES
2015.09.01 22:15:15 LOG7[1]: <- 250-STARTTLS
2015.09.01 22:15:15 LOG7[1]: <- 250-8BITMIME
2015.09.01 22:15:15 LOG7[1]: <- 250-BINARYMIME
2015.09.01 22:15:15 LOG7[1]: <- 250 CHUNKING
2015.09.01 22:15:15 LOG7[1]: -> STARTTLS
2015.09.01 22:15:16 LOG7[1]: <- 220 2.0.0 SMTP server ready
2015.09.01 22:15:16 LOG6[1]: SNI: sending servername: smtp.office365.com
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): before/connect initialization
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client hello A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server hello A
2015.09.01 22:15:16 LOG7[1]: Verification started at depth=2: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded
2015.09.01 22:15:16 LOG6[1]: Certificate accepted at depth=2: C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
2015.09.01 22:15:16 LOG7[1]: Verification started at depth=1: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA1
2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded
2015.09.01 22:15:16 LOG6[1]: Certificate accepted at depth=1: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT SSL SHA1
2015.09.01 22:15:16 LOG7[1]: Verification started at depth=0: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=outlook.com
2015.09.01 22:15:16 LOG7[1]: CERT: Pre-verification succeeded
2015.09.01 22:15:16 LOG6[1]: CERT: Host name "smtp.office365.com" matched with "*.office365.com"
2015.09.01 22:15:16 LOG5[1]: Certificate accepted at depth=0: C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft Corporation, CN=outlook.com
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server certificate A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server key exchange A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server certificate request A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read server done A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client certificate A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write client key exchange A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write change cipher spec A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 write finished A
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 flush data
2015.09.01 22:15:16 LOG7[1]: SSL state (connect): SSLv3 read finished A
2015.09.01 22:15:16 LOG7[1]: 2 client connect(s) requested
2015.09.01 22:15:16 LOG7[1]: 2 client connect(s) succeeded
2015.09.01 22:15:16 LOG7[1]: 0 client renegotiation(s) requested
2015.09.01 22:15:16 LOG7[1]: 0 session reuse(s)
2015.09.01 22:15:16 LOG6[1]: SSL connected: new session negotiated
2015.09.01 22:15:16 LOG7[1]: Deallocating application specific data for addr index
2015.09.01 22:15:16 LOG6[1]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA384 (256-bit encryption)
2015.09.01 22:15:16 LOG7[1]: Compression: null, expansion: null
2015.09.01 22:15:21 LOG6[1]: Read socket closed (readsocket)
2015.09.01 22:15:21 LOG7[1]: Sending close_notify alert
2015.09.01 22:15:21 LOG7[1]: SSL alert (write): warning: close notify
2015.09.01 22:15:21 LOG6[1]: SSL_shutdown successfully sent close_notify alert
2015.09.01 22:15:21 LOG6[1]: SSL socket closed (SSL_read)
2015.09.01 22:15:21 LOG7[1]: Sent socket write shutdown
2015.09.01 22:15:21 LOG5[1]: Connection closed: 71 byte(s) sent to SSL, 237 byte(s) sent to socket
2015.09.01 22:15:21 LOG7[1]: Remote socket (FD=468) closed
2015.09.01 22:15:21 LOG7[1]: Local socket (FD=440) closed
2015.09.01 22:15:21 LOG7[1]: Service [SMTP Outgoing] finished (0 left)
-Eric
More information about the stunnel-users
mailing list