Hi List, Anyone with advise on this?
Kind regards On 30 April 2018 at 11:44, Ian Coetzee <[email protected]> wrote: > Hi List, > > I have just joined the stunnel community. > > I am in the process of migrating our mailserver's public facing ports to > stunnel for PCI compliance reasons. > > So far i have managed to get working: > > - imap (143/tcp) with starttls > - imaps (993/tcp) > - pop3 (110/tcp) with starttls > - pop3s (995/tcp) > > My trouble is with smtp(25/tcp,587/tcp) with starttls. > > I have now tried a couple different mail clients and everyone of them > tells me that the server does not support the authentication protocols. > > I have installed stunnel 5.44. Tee relevant parts in my config: > > [mail2-imap] > protocol = imap > accept = 143 > connect = <mail-fqdn>:143 > > [mail2-imaps] > accept = 993 > connect = <mail-fqdn>:143 > > [mail2-pop3] > protocol = pop3 > accept = 110 > connect = <mail-fqdn>:110 > > [mail2-pop3s] > accept = 995 > connect = <mail-fqdn>:110 > > [mail2-smtp] > protocol = smtp > accept = 25 > connect = <mail-fqdn>:25 > > [mail2-smtps] > accept = 465 > connect = <mail-fqdn>:465 > > [mail2-smtps-submission] > debug = 7 > protocol = smtp > accept = 587 > connect = <mail-fqdn>:587 > > In the logfile I have the following entries upon connecting > > 2018.04.30 09:20:50 LOG7[5]: Service [mail2-smtps-submission] started > 2018.04.30 09:20:50 LOG7[5]: Option TCP_NODELAY set on local socket > 2018.04.30 09:20:50 LOG5[5]: Service [mail2-smtps-submission] accepted > connection from 41.13.8.49:56890 > 2018.04.30 09:20:50 LOG6[5]: s_connect: connecting 10.10.11.2:587 > 2018.04.30 09:20:50 LOG7[5]: s_connect: s_poll_wait 10.10.11.2:587: > waiting 10 seconds > 2018.04.30 09:20:50 LOG5[5]: s_connect: connected 10.10.11.2:587 > 2018.04.30 09:20:50 LOG5[5]: Service [mail2-smtps-submission] connected > remote server from 10.10.11.11:42466 > 2018.04.30 09:20:50 LOG7[5]: Option TCP_NODELAY set on remote socket > 2018.04.30 09:20:50 LOG7[5]: Remote descriptor (FD=23) initialized > 2018.04.30 09:20:50 LOG7[5]: RFC 2487 detected > 2018.04.30 09:20:50 LOG7[5]: <- 220 <mail-fqdn> ESMTP Postfix > 2018.04.30 09:20:50 LOG7[5]: -> 220 <mail-fqdn> stunnel for ESMTP Postfix > 2018.04.30 09:20:51 LOG7[5]: <- EHLO [100.125.153.220] > 2018.04.30 09:20:51 LOG7[5]: -> 250-<mail-fqdn> > 2018.04.30 09:20:51 LOG7[5]: -> 250 STARTTLS > 2018.04.30 09:20:51 LOG7[5]: <- STARTTLS > 2018.04.30 09:20:51 LOG7[5]: -> 220 Go ahead > 2018.04.30 09:20:51 LOG6[5]: Peer certificate not required > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): before/accept > initialization > 2018.04.30 09:20:51 LOG7[5]: SNI: no virtual services defined > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): SSLv3 read client hello A > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): SSLv3 write server hello A > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): SSLv3 write certificate A > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): SSLv3 write key exchange A > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): SSLv3 write server done A > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): SSLv3 flush data > 2018.04.30 09:20:51 LOG7[5]: TLS state (accept): SSLv3 read client > certificate A > 2018.04.30 09:20:52 LOG7[5]: TLS state (accept): SSLv3 read client key > exchange A > 2018.04.30 09:20:52 LOG7[5]: TLS state (accept): SSLv3 read certificate > verify A > 2018.04.30 09:20:52 LOG7[5]: TLS state (accept): SSLv3 read finished A > 2018.04.30 09:20:52 LOG7[5]: TLS state (accept): SSLv3 write change cipher > spec A > 2018.04.30 09:20:52 LOG7[5]: TLS state (accept): SSLv3 write finished A > 2018.04.30 09:20:52 LOG7[5]: TLS state (accept): SSLv3 flush data > 2018.04.30 09:20:52 LOG7[5]: New session callback > 2018.04.30 09:20:52 LOG7[5]: 2 server accept(s) requested > 2018.04.30 09:20:52 LOG7[5]: 2 server accept(s) succeeded > 2018.04.30 09:20:52 LOG7[5]: 0 server renegotiation(s) requested > 2018.04.30 09:20:52 LOG7[5]: 0 session reuse(s) > 2018.04.30 09:20:52 LOG7[5]: 2 internal session cache item(s) > 2018.04.30 09:20:52 LOG7[5]: 0 internal session cache fill-up(s) > 2018.04.30 09:20:52 LOG7[5]: 0 internal session cache miss(es) > 2018.04.30 09:20:52 LOG7[5]: 0 external session cache hit(s) > 2018.04.30 09:20:52 LOG7[5]: 0 expired session(s) retrieved > 2018.04.30 09:20:52 LOG6[5]: TLS accepted: new session negotiated > 2018.04.30 09:20:52 LOG6[5]: No peer certificate received > 2018.04.30 09:20:52 LOG6[5]: Negotiated TLSv1.2 ciphersuite > ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption) > 2018.04.30 09:20:52 LOG7[5]: Compression: null, expansion: null > 2018.04.30 09:20:52 LOG6[5]: Read socket closed (read hangup) > 2018.04.30 09:20:52 LOG7[5]: Sending close_notify alert > 2018.04.30 09:20:52 LOG7[5]: TLS alert (write): warning: close notify > 2018.04.30 09:20:52 LOG6[5]: SSL_shutdown successfully sent close_notify > alert > 2018.04.30 09:20:52 LOG6[5]: TLS fd: Connection reset by peer (104) > 2018.04.30 09:20:52 LOG6[5]: TLS socket closed (SSL_read) > 2018.04.30 09:20:52 LOG7[5]: Sent socket write shutdown > 2018.04.30 09:20:52 LOG5[5]: Connection closed: 156 byte(s) sent to TLS, > 30 byte(s) sent to socket > 2018.04.30 09:20:52 LOG7[5]: Remote descriptor (FD=23) closed > 2018.04.30 09:20:52 LOG7[5]: Local descriptor (FD=22) closed > 2018.04.30 09:20:52 LOG7[5]: Service [mail2-smtps-submission] finished (4 > left) > > This is the error I am getting from K9-Mail > > > The google mail app just tells me: > > > Alpine (linux commandline smtp client) > > > > Any advise from the gurus? > > Kind regards > Ian > >
_______________________________________________ stunnel-users mailing list [email protected] https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
