Author Topic: Help with stunnel  (Read 5566 times)

0 Members and 1 Guest are viewing this topic.

shatadal

  • Guest
Help with stunnel
« on: June 16, 2006, 01:33:38 PM »
Hi,

I know that stunnel is not supported by avast but I have seen it advocated in the forums for use with avast to scan e-mail and since I have not got any responses to my e-mail there I am asking for helo from the stunnel users here.

I am using stunnel 4.15, Mozilla Thunderbrd 1.5.0.4 on Windows XP SP1 and avast version 4.7.844.

I facing the problem that when I try to send SMTP over TLS through my gmail account, stunnel crashes.

my relevant stunnel configurations is

client=yes
options=ALL
...
; SMTP service, listens on localhost:250
[gmail-smtps]
protocol=smtp
accept=localhost:250
connect=smtp.gmail.com:587

The stunnel log file is as follows

2006.06.14 03:17:15 LOG5[3956:3512]: stunnel 4.15 on x86-pc-mingw32-gnu
with OpenSSL 0.9.7i 14 Oct 2005
2006.06.14 03:17:15 LOG5[3956:3512]: Threading:WIN32 SSL:ENGINE
Sockets:SELECT,IPv6
2006.06.14 03:17:15 LOG5[3956:3600]: No limit detected for the number of
clients
2006.06.14 03:17:15 LOG7[3956:3600]: FD 172 in non-blocking mode
2006.06.14 03:17:15 LOG7[3956:3600]: SO_REUSEADDR option set on accept
socket
2006.06.14 03:17:15 LOG7[3956:3600]: gmail-pop3s bound to 127.0.0.1:1100
2006.06.14 03:17:15 LOG7[3956:3600]: FD 180 in non-blocking mode
2006.06.14 03:17:15 LOG7[3956:3600]: SO_REUSEADDR option set on accept
socket
2006.06.14 03:17:15 LOG7[3956:3600]: gmail-smtps bound to 127.0.0.1:250

....# info about other mail connections

2006.06.14 03:17:26 LOG7[3956:3600]: gmail-smtps accepted FD=236 from
127.0.0.1:3665
2006.06.14 03:17:26 LOG7[3956:3600]: Creating a new thread
2006.06.14 03:17:26 LOG7[3956:3600]: New thread created
2006.06.14 03:17:26 LOG7[3956:2812]: gmail-smtps started
2006.06.14 03:17:26 LOG7[3956:2812]: FD 236 in non-blocking mode
2006.06.14 03:17:26 LOG7[3956:2812]: TCP_NODELAY option set on local socket
2006.06.14 03:17:26 LOG5[3956:2812]: gmail-smtps connected from
127.0.0.1:3665
2006.06.14 03:17:26 LOG7[3956:2812]: FD 268 in non-blocking mode
2006.06.14 03:17:26 LOG7[3956:2812]: gmail-smtps connecting
64.233.167.111:587
2006.06.14 03:17:26 LOG7[3956:2812]: connect_wait: waiting 10 seconds
2006.06.14 03:17:26 LOG7[3956:2812]: connect_wait: connected
2006.06.14 03:17:26 LOG7[3956:2812]: Remote FD=268 initialized
2006.06.14 03:17:26 LOG7[3956:2812]: TCP_NODELAY option set on remote socket
2006.06.14 03:17:26 LOG5[3956:2812]: Negotiations for smtp (client side)
started
2006.06.14 03:17:26 LOG7[3956:2812]:  <- 220 mx.gmail.com ESMTP
w66sm450524pyw
2006.06.14 03:17:26 LOG7[3956:2812]:  -> 220 mx.gmail.com ESMTP
w66sm450524pyw

<logfile ends>


I have seen it mentioned elsewhere here that people have got SMTP over TLS working via stunnel. Somehow it is not working for me. What mistake am I making that SMTP over TLS via stunnel is not working for me?

Fortunately it seems that gmail supports SMTP over SSL too
(smtp.gmail.com:465) and I am using that. However I am also facing this
problem with another account which unfortunately allows SMTP only over TLS.

Thanks,
Shatadal.

DaveD

  • Guest
Re: Help with stunnel
« Reply #1 on: June 16, 2006, 05:40:07 PM »
Your problem is Stunnel 4.15, period.

You must remove that and install 4.14 because 4.15 is only experimental and very buggy. Remove that, install 4.14 and give it at try. Then post back with any problems you may have.

I personally had no luck getting 4.15 to work AT ALL.

Cheers,
Dave

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Help with stunnel
« Reply #2 on: June 16, 2006, 05:53:36 PM »
I've tested 4.15 and it miserabily failed as David posted  :P

Advanced configuration of SSL: please refer to this post http://forum.avast.com/index.php?topic=8775.msg97026#msg97026
Avast mail scanner and SSL support: http://forum.avast.com/index.php?topic=10428.0
Stunnel 4.14 comes with Open SSL and works fine (http://www.stunnel.org/download/binaries.html)
The best things in life are free.

shatadal

  • Guest
Re: Help with stunnel
« Reply #3 on: June 17, 2006, 09:58:36 AM »
Thanks DaveD. Stunnel 4.14 worked like a charm. Looks like it's time to file a bug report with stunnel.

DaveD

  • Guest
Re: Help with stunnel
« Reply #4 on: June 17, 2006, 04:50:41 PM »
Thanks DaveD. Stunnel 4.14 worked like a charm. Looks like it's time to file a bug report with stunnel.

You're welcome.

I personally follow the ChangeLog for Stunnel whenever upgrading. It will tell you the urgency of the upgrade as well as the changes made. 4.15 had a LOW urgency and also had a warning of "There are a lot of new features in this version.  I recommend to test it well before upgrading your mission-critical systems.

http://www.stunnel.org/download/ChangeLog.txt

joeloucyn

  • Guest
Re: Help with stunnel
« Reply #5 on: June 18, 2006, 12:30:34 AM »
Actually Stunnel is now at  4.16 build 1 which corrects problems in 4.15 . Here is the home ftp site:   ftp://stunnel.mirt.net/stunnel/
Stunnel has well documented problems with smtp and large files, you don't really need it for smtp just use for pop3!
The official changelog is here: http://stunnel.mirt.net/ChangeLog_sdf.html
« Last Edit: February 05, 2007, 06:46:42 AM by Joeloucyn »

DaveD

  • Guest
Re: Help with stunnel
« Reply #6 on: October 05, 2006, 11:52:57 PM »
For anybody interested in Stunnel with avast!:

Stunnel 4.15 was a dud for outgoing e-mail.

Stunnel 4.16 has officially been released and is at a MEDIUM urgency and includes some work sponsored by Hewlett-Packard (not sure exactly what). This release has fixed whatever was causing the outgoing mail not to send on the previous release.

I have thoroughly tested this release with incoming and outgoing mail and have had no problems whatsoever. It works just fine with my existing stunnel.conf file as well.

So now is a good time to upgrade.

joeloucyn

  • Guest
Re: Help with stunnel
« Reply #7 on: October 06, 2006, 07:16:17 AM »
For anybody interested in Stunnel with avast!:

Stunnel 4.15 was a dud for outgoing e-mail.

Stunnel 4.16 has officially been released and is at a MEDIUM urgency and includes some work sponsored by Hewlett-Packard (not sure exactly what). This release has fixed whatever was causing the outgoing mail not to send on the previous release.


I still had problems with 4.16 using smtp but seems to be fixed with stunnel 4.18 from official site here ftp://stunnel.mirt.net/stunnel/

Official changelog here   http://stunnel.mirt.net/ChangeLog_sdf.html

« Last Edit: February 05, 2007, 06:45:59 AM by Joeloucyn »