Hi and thanks for your response.
Attached is the log file (stunnel.txt) and the config file
(stunnelconf.txt).
Thanks a lot.
-----Original Message-----
From: Peter Pentchev [mailto:r...@ringlet.net]
Sent: Tuesday, November 19, 2013 11:22 PM
To: edu.bit...@gmail.com
Cc: stunnel-users@stunnel.org
Subject: Re: [stunnel-users] setup stunnel problem
On Wed, Nov 20, 2013 at 12:07:58AM +0200, Peter Pentchev wrote:
> On Tue, Nov 19, 2013 at 06:51:37PM +0100, edu.bit...@gmail.com wrote:
> > Hi everybody,
> >
> > I'm absolutely new in stunnel. I came around because of a post in
> > the google forums about making Symantec System Recovery mail through
smtp.gmail.com.
> > Symantec is not capable of doing SSL/TLS so I need a solution like
stunnel.
> >
> > But I've an issue: it doesn't seem to work :)
> >
> > I installed the program ok, and configured in the following way:
> >
> > cert=stunnel.pem
> > socket = l:TCP_NODELAY=1
> > socket= r:TCP_NODELAY=1
> >
> > [gmail-smtp]
> > client=yes
> > accept:127.0.0.1:25
> > connect= smtp.gamil.com:465
>
> Did you copy and paste these lines directly from your configuration
> file, or did you try to reproduce them by hand or by memory? If you
> copied and pasted them, then I believe that the last line should say
> "gmail" instead of "gamil" :)
Oh yeah, and the "accept" line really should say "accept=" instead of
"accept:", so... can you please copy and paste the exact configuration that
you used? :)
> And if you tried to reproduce them by
> hand, then please copy and paste your exact configuration for us to see.
G'luck,
Peter
--
Peter Pentchev r...@ringlet.net r...@freebsd.org p.penc...@storpool.com
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 I am the
thought you are now thinking.
2013.11.20 05:48:14 LOG7[14516:9348]: No limit detected for the number of
clients
2013.11.20 05:48:14 LOG5[14516:9348]: stunnel 4.56 on x86-pc-msvc-1500 platform
2013.11.20 05:48:14 LOG5[14516:9348]: Compiled/running with OpenSSL 1.0.1e-fips
11 Feb 2013
2013.11.20 05:48:14 LOG5[14516:9348]: Threading:WIN32 Sockets:SELECT,IPv6
SSL:ENGINE,OCSP,FIPS
2013.11.20 05:48:14 LOG5[14516:9348]: Reading configuration from file
stunnel.conf
2013.11.20 05:48:14 LOG5[14516:9348]: FIPS mode is disabled
2013.11.20 05:48:14 LOG7[14516:9348]: Compression not enabled
2013.11.20 05:48:14 LOG7[14516:9348]: Snagged 64 random bytes from C:/.rnd
2013.11.20 05:48:14 LOG7[14516:9348]: Wrote 0 new random bytes to C:/.rnd
2013.11.20 05:48:14 LOG7[14516:9348]: PRNG seeded successfully
2013.11.20 05:48:14 LOG6[14516:9348]: Initializing service [gmail-smtp]
2013.11.20 05:48:14 LOG7[14516:9348]: Certificate: stunnel.pem
2013.11.20 05:48:14 LOG7[14516:9348]: Certificate loaded
2013.11.20 05:48:14 LOG7[14516:9348]: Key file: stunnel.pem
2013.11.20 05:48:14 LOG7[14516:9348]: Private key loaded
2013.11.20 05:48:14 LOG7[14516:9348]: SSL options set: 0x01000004
2013.11.20 05:48:14 LOG5[14516:9348]: Configuration successful
2013.11.20 05:48:14 LOG7[14516:9348]: Service [gmail-smtp] (FD=396) bound to
127.0.0.1:25
2013.11.20 05:48:59 LOG7[14516:9348]: Service [gmail-smtp] accepted (FD=452)
from 127.0.0.1:29289
2013.11.20 05:48:59 LOG7[14516:9348]: Creating a new thread
2013.11.20 05:48:59 LOG7[14516:9348]: New thread created
2013.11.20 05:48:59 LOG7[14516:16268]: Service [gmail-smtp] started
2013.11.20 05:48:59 LOG5[14516:16268]: Service [gmail-smtp] accepted connection
from 127.0.0.1:29289
2013.11.20 05:48:59 LOG6[14516:16268]: connect_blocking: connecting
173.194.68.108:587
2013.11.20 05:48:59 LOG7[14516:16268]: connect_blocking: s_poll_wait
173.194.68.108:587: waiting 10 seconds
2013.11.20 05:48:59 LOG5[14516:16268]: connect_blocking: connected
173.194.68.108:587
2013.11.20 05:48:59 LOG5[14516:16268]: Service [gmail-smtp] connected remote
server from 192.168.1.10:29290
2013.11.20 05:48:59 LOG7[14516:16268]: Remote socket (FD=472) initialized
2013.11.20 05:48:59 LOG7[14516:16268]: SNI: sending servername: smtp.gmail.com
2013.11.20 05:48:59 LOG7[14516:16268]: SSL state (connect): before/connect
initialization
2013.11.20 05:48:59 LOG7[14516:16268]: SSL state (connect): SSLv2/v3 write
client hello A
2013.11.20 05:48:59 LOG3[14516:16268]: SSL_connect: 140770FC:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
2013.11.20 05:48:59 LOG5[14516:16268]: Connection reset: 0 byte(s) sent to SSL,
0 byte(s) sent to socket
2013.11.20 05:48:59 LOG7[14516:16268]: Remote socket (FD=472) closed
2013.11.20 05:48:59 LOG7[14516:16268]: Local socket (FD=452) closed
2013.11.20 05:48:59 LOG7[14516:16268]: Service [gmail-smtp] finished (0 left)
; Sample stunnel configuration file for Win32 by Michal Trojnara 2002-2012
; Some options used here may be inadequate for your particular configuration
; This sample file does *not* represent stunnel.conf defaults
; Please consult the manual for detailed description of available options
; **************************************************************************
; * Global options *
; **************************************************************************
; Debugging stuff (may useful for troubleshooting)
debug = 7
;output = stunnel.log
; Disable FIPS mode to allow non-approved protocols and algorithms
fips = no
; **************************************************************************
; * Service defaults may also be specified in individual service sections *
; **************************************************************************
; Certificate/key is needed in server mode and optional in client mode
cert = stunnel.pem
;key = stunnel.pem
; Authentication stuff needs to be configured to prevent MITM attacks
; It is not enabled by default!
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively CRLfile can be used
;CRLfile = crls.pem
; Disable support for insecure SSLv2 protocol
options = NO_SSLv2
; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS
; These options provide additional security at some performance degradation
;options = SINGLE_ECDH_USE
;options = SINGLE_DH_USE
; **************************************************************************
; * Service definitions (at least one service has to be defined) *
; **************************************************************************
; Example SSL server mode services
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
sslVersion=all
;[pop3s]
;accept = 995
;connect = 110
;[imaps]
;accept = 993
;connect = 143
;[ssmtp]
;accept = 465
;connect = 25
; Example SSL client mode services
;[gmail-pop3]
;client = yes
;accept = 127.0.0.1:110
;connect = pop.gmail.com:995
;[gmail-imap]
;client = yes
;accept = 127.0.0.1:143
;connect = imap.gmail.com:993
[gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:587
; Example SSL front-end to a web server
;[https]
;accept = 443
;connect = 80
; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL
; Microsoft implementations do not use SSL close-notify alert and thus
; they are vulnerable to truncation attacks
;TIMEOUTclose = 0
; vim:ft=dosini
_______________________________________________
stunnel-users mailing list
stunnel-users@stunnel.org
https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
