-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Hannu,
I could not reproduce your problem with the latest stunnel. "2015.04.28 09:17:37 LOG3[0]: SSL_connect: Peer suddenly disconnected" just means that the TCP connection was closed *by the server* during TLS negotiations. BTW: Please *always* update your stunnel to the latest version before reporting anything to the mailing list. Also, you don't need to configure a certificate for your TLS client. office365.com won't verify it anyway. On the other hand you *should* verify the certificate provided by the server. Some examples: https://www.stunnel.org/config_windows.html My logs for comparison: 2015.05.19 09:25:41 LOG7[0]: Service [SSMTP] started 2015.05.19 09:25:41 LOG5[0]: Service [SSMTP] accepted connection from 127.0.0.1:49246 2015.05.19 09:25:41 LOG6[0]: Failover strategy: round-robin 2015.05.19 09:25:41 LOG6[0]: s_connect: connecting 132.245.61.226:587 2015.05.19 09:25:41 LOG7[0]: s_connect: s_poll_wait 132.245.61.226:587: waiting 10 seconds 2015.05.19 09:25:41 LOG5[0]: s_connect: connected 132.245.61.226:587 2015.05.19 09:25:41 LOG5[0]: Service [SSMTP] connected remote server from 172.16.80.132:49247 2015.05.19 09:25:41 LOG7[0]: Remote socket (FD=296) initialized 2015.05.19 09:25:41 LOG7[0]: <- 220 VI1PR06CA0013.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 19 May 2015 07:25:41 +0000 2015.05.19 09:25:41 LOG7[0]: -> 220 VI1PR06CA0013.outlook.office365.com Microsoft ESMTP MAIL Service ready at Tue, 19 May 2015 07:25:41 +0000 2015.05.19 09:25:41 LOG7[0]: -> EHLO localhost 2015.05.19 09:25:42 LOG7[0]: <- 250-VI1PR06CA0013.outlook.office365.com Hello [89.74.9.172] 2015.05.19 09:25:42 LOG7[0]: <- 250-SIZE 157286400 2015.05.19 09:25:42 LOG7[0]: <- 250-PIPELINING 2015.05.19 09:25:42 LOG7[0]: <- 250-DSN 2015.05.19 09:25:42 LOG7[0]: <- 250-ENHANCEDSTATUSCODES 2015.05.19 09:25:42 LOG7[0]: <- 250-STARTTLS 2015.05.19 09:25:42 LOG7[0]: <- 250-8BITMIME 2015.05.19 09:25:42 LOG7[0]: <- 250-BINARYMIME 2015.05.19 09:25:42 LOG7[0]: <- 250 CHUNKING 2015.05.19 09:25:42 LOG7[0]: -> STARTTLS 2015.05.19 09:25:42 LOG7[0]: <- 220 2.0.0 SMTP server ready 2015.05.19 09:25:42 LOG6[0]: SNI: sending servername: outlook.office365.com 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): before/connect initialization 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv2/v3 write client hello A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server hello A 2015.05.19 09:25:42 LOG6[0]: Certificate verification disabled 2015.05.19 09:25:42 LOG6[0]: Certificate verification disabled 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server certificate A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server key exchange A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server certificate request A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read server done A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write client certificate A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write client key exchange A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write change cipher spec A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 write finished A 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 flush data 2015.05.19 09:25:42 LOG7[0]: SSL state (connect): SSLv3 read finished A 2015.05.19 09:25:42 LOG7[0]: 1 client connect(s) requested 2015.05.19 09:25:42 LOG7[0]: 1 client connect(s) succeeded 2015.05.19 09:25:42 LOG7[0]: 0 client renegotiation(s) requested 2015.05.19 09:25:42 LOG7[0]: 0 session reuse(s) 2015.05.19 09:25:42 LOG6[0]: SSL connected: new session negotiated 2015.05.19 09:25:42 LOG7[0]: Peer certificate was cached (4050 bytes) 2015.05.19 09:25:42 LOG6[0]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES256-SHA384 (256-bit encryption) 2015.05.19 09:25:42 LOG7[0]: Compression: null, expansion: null 2015.05.19 09:25:44 LOG6[0]: SSL socket closed (SSL_read) 2015.05.19 09:25:44 LOG7[0]: Sent socket write shutdown 2015.05.19 09:25:44 LOG5[0]: Connection closed: 6 byte(s) sent to SSL, 48 byte(s) sent to socket 2015.05.19 09:25:44 LOG7[0]: Remote socket (FD=296) closed 2015.05.19 09:25:44 LOG7[0]: Local socket (FD=812) closed 2015.05.19 09:25:44 LOG7[0]: Service [SSMTP] finished (0 left) Mike On 19.05.2015 08:42, Hannu Viitala wrote: > Hi, > > > > We cannot get stunnel SMTP to work with Office 365 mail server. We > are using Stunnel 5.13 and below are the config file content and > the the client PC logs. The mail server logs do not reveal anything > more. > > > > Two observations of the test setup: > > > > 1) Using e.g. Mozilla Firebird mail client directly SLL/SMTP > on the same PC connection to same Office 365 mail server works ok, > but via Stunnel it outputs the error log below. > > 2) Also, on the same PC, SSL/SMTP connection via stunnel to > Gmail server works ok. > > > > Stunnel conf-file: > > ============== > > > > output = stunnel_log.txt > > debug = debug > > cert = tstunnel.pem > > client = yes > > > > > [SSMTP] > > > > accept = 127.0.0.1:54500 > > > > connect = xxx.xxx.xxx.xxx:587**(Hannu V: removed IP address from > this mail)** > > protocol = smtp > > > > > > > > > > Client PC logs: > > =========== > > > > 2015.04.28 09:17:36 LOG7[ui]: No limit detected for the number of > clients > > 2015.04.28 09:17:36 LOG5[ui]: stunnel 5.13 on x86-pc-msvc-1500 > platform > > 2015.04.28 09:17:36 LOG5[ui]: Compiled/running with OpenSSL 1.0.2a > 19 Mar 2015 > > 2015.04.28 09:17:36 LOG5[ui]: Threading:WIN32 Sockets:SELECT,IPv6 > TLS:ENGINE,FIPS,OCSP,PSK,SNI > > 2015.04.28 09:17:36 LOG7[ui]: errno: (*_errno()) > > 2015.04.28 09:17:36 LOG5[ui]: Reading configuration from file > tstunnelSmtp_SAUX1_0.conf > > 2015.04.28 09:17:36 LOG5[ui]: UTF-8 byte order mark not detected > > 2015.04.28 09:17:36 LOG5[ui]: FIPS mode disabled > > 2015.04.28 09:17:36 LOG7[ui]: Compression disabled > > 2015.04.28 09:17:36 LOG7[ui]: PRNG seeded successfully > > 2015.04.28 09:17:36 LOG6[ui]: Initializing service [SSmtp] > > 2015.04.28 09:17:36 LOG6[ui]: Loading certificate from file: > tstunnel.pem > > 2015.04.28 09:17:36 LOG6[ui]: Loading key from file: tstunnel.pem > > 2015.04.28 09:17:36 LOG7[ui]: Private key check succeeded > > 2015.04.28 09:17:36 LOG7[ui]: SSL options: 0x03000004 > (+0x03000000, -0x00000000) > > 2015.04.28 09:17:36 LOG5[ui]: Configuration successful > > 2015.04.28 09:17:36 LOG7[ui]: Listening file descriptor created > (FD=448) > > 2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] (FD=448) bound to > 127.0.0.1:8030 > > 2015.04.28 09:17:36 LOG7[ui]: Service [SSmtp] accepted (FD=456) > from 127.0.0.1:54500 > > 2015.04.28 09:17:36 LOG7[ui]: Creating a new thread > > 2015.04.28 09:17:36 LOG7[ui]: New thread created > > 2015.04.28 09:17:36 LOG7[0]: Service [SSmtp] started > > 2015.04.28 09:17:36 LOG5[0]: Service [SSmtp] accepted connection > from 127.0.0.1:54500 > > 2015.04.28 09:17:36 LOG6[0]: s_connect: connecting > xxx.xxx.xxx.xxx:587 (Hannu V: removed IP address from this > mail) > > 2015.04.28 09:17:36 LOG7[0]: s_connect: s_poll_wait connecting > xxx.xxx.xxx.xxx:587 : waiting 10 seconds (Hannu V: removed IP > address from this mail) > > 2015.04.28 09:17:37 LOG5[0]: s_connect: connected connecting > xxx.xxx.xxx.xxx:587 (Hannu V: removed IP address from this > mail) > > 2015.04.28 09:17:37 LOG5[0]: Service [SSmtp] connected remote > server from yyy.yyy.yyy.yyy:54503 (Hannu V: removed IP address from > this mail) > > 2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) initialized > > 2015.04.28 09:17:37 LOG7[0]: <- 220 NNN.outlook.office365.com > Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38 > +0000 > > 2015.04.28 09:17:37 LOG7[0]: -> 220 NNN.outlook.office365.com > Microsoft ESMTP MAIL Service ready at Tue, 28 Apr 2015 14:17:38 > +0000 > > 2015.04.28 09:17:37 LOG7[0]: -> EHLO localhost > > 2015.04.28 09:17:37 LOG7[0]: <- 250-NNN.outlook.office365.com > Hello [xxx.xxx.xxx.161] (Hannu V: removed IP address from this > mail) > > 2015.04.28 09:17:37 LOG7[0]: <- 250-SIZE 157286400 > > 2015.04.28 09:17:37 LOG7[0]: <- 250-PIPELINING > > 2015.04.28 09:17:37 LOG7[0]: <- 250-DSN > > 2015.04.28 09:17:37 LOG7[0]: <- 250-ENHANCEDSTATUSCODES > > 2015.04.28 09:17:37 LOG7[0]: <- 250-STARTTLS > > 2015.04.28 09:17:37 LOG7[0]: <- 250-8BITMIME > > 2015.04.28 09:17:37 LOG7[0]: <- 250-BINARYMIME > > 2015.04.28 09:17:37 LOG7[0]: <- 250 CHUNKING > > 2015.04.28 09:17:37 LOG7[0]: -> STARTTLS > > 2015.04.28 09:17:37 LOG7[0]: <- 220 2.0.0 SMTP server ready > > 2015.04.28 09:17:37 LOG6[0]: SNI: sending servername: > NNN.office365.com > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): before/connect > initialization > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv2/v3 write > client hello A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server > hello A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read > server certificate A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server > key exchange A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read > server certificate request A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 read server > done A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write > client certificate A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write > client key exchange A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write > certificate verify A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write > change cipher spec A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 write > finished A > > 2015.04.28 09:17:37 LOG7[0]: SSL state (connect): SSLv3 flush data > > 2015.04.28 09:17:37 LOG3[0]: SSL_connect: Peer suddenly > disconnected > > 2015.04.28 09:17:37 LOG5[0]: Connection reset: 0 byte(s) sent to > SSL, 0 byte(s) sent to socket > > 2015.04.28 09:17:37 LOG7[0]: Remote socket (FD=472) closed > > 2015.04.28 09:17:37 LOG7[0]: Local socket (FD=456) closed > > 2015.04.28 09:17:37 LOG7[0]: Service [SSmtp] finished (0 left) > > > > > > > > > > --- Hannu > > > > > > _______________________________________________ stunnel-users > mailing list [email protected] > https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVWuloAAoJEC78f/DUFuAUfUIQAMnM99ZF4/5PvyMNNZMBFzUQ HiHZxQoG7UL07htG5eweJBEyxAD8qTk68eqhqAJLD/GRVYN9fpFTwLQy8/qFAtLy iLR9HQ9l7UQ4ZLU7tIu+4+10r5ilKCt5IoQ1tkwzyYr1mbBpWF2dkPIeOa9mHMes QEAT6Gmq7FvBU6sTqHMoMRJIHJqrqvRxjxsNdDFRyEzoHjuiqXzTa+VHSQsiZBXN 53SzAeEwm9r9ssdAzsMEUqBHWwjZbq+5Qccl8jASy8hIznuz608Bv2BwFDU/OU6y 2j+G/JQkkOljypjEkTwhRnf7XTlVmFr72nVRwiaojpC8rh5iaPBHDdRkopKZDlrv hfY9HSVBrPzzsQxwQ1COarMYzPNvuoAmr0vnN/4cuyvvqMNFAxIdxfTBuOzDEXH6 hefXn6gldWIS+4BP3LRoPTJmTU6ZpbPvMHs+ez8S9FMZ806kvF6Wrjwo/nNd69eM KBsRBhiIy60AivEVOfy0uFULG2Kp17kU1jAD2/9x9XUCPGCLCMq9uDH3/9r4DseG BMmznn/WxMaXwviBFUaaq80l/fpjp3N5rENfA9+jTaj92w1EqGWYzYGVsmtxcQ1C kQKrXZCXmyS0bT6xVeePTEON6PF/cKbhgCU1yVdg09egpiLqpit93MqDWkW2QLMh HOX8SY0DbB+M0ZHNxFLd =idz5 -----END PGP SIGNATURE----- _______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
