I'm trying to set up an SSL connection from stunnel to Postfix, but can not get it to work. stunnel log says: 2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp started 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 9 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: TCP_NODELAY option set on local socket 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 10 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 11 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: Connection from 192.168.1.12:51469 permitted by libwrap 2006.11.16 11:35:31 LOG5[5240:25188864]: ssmtp connected from 192.168.1.12:51469 2006.11.16 11:35:31 LOG7[5240:25188864]: FD 10 in non-blocking mode 2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp connecting 127.0.0.1:25 2006.11.16 11:35:31 LOG7[5240:25188864]: connect_wait: waiting 10 seconds 2006.11.16 11:35:31 LOG7[5240:25188864]: connect_wait: connected 2006.11.16 11:35:31 LOG7[5240:25188864]: Remote FD=10 initialized 2006.11.16 11:35:31 LOG7[5240:25188864]: TCP_NODELAY option set on remote socket 2006.11.16 11:35:31 LOG5[5240:25188864]: Negotiations for smtp (client side) started 2006.11.16 11:35:31 LOG7[5240:2684415368]: Cleaning up the signal pipe 2006.11.16 11:35:31 LOG6[5240:2684415368]: Child process 5251 finished with code 0 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 220 mail3.bordo.com.au ESMTP Postfix 2006.11.16 11:35:31 LOG7[5240:25188864]: -> 220 mail3.bordo.com.au ESMTP Postfix 2006.11.16 11:35:31 LOG7[5240:25188864]: -> EHLO localhost 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-mail3.bordo.com.au 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-SIZE 10240000 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-ETRN 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-AUTH PLAIN LOGIN 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-AUTH=PLAIN LOGIN 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-XFORWARD NAME ADDR PROTO HELO SOURCE 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-ENHANCEDSTATUSCODES 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250-8BITMIME 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 250 DSN 2006.11.16 11:35:31 LOG7[5240:25188864]: -> STARTTLS 2006.11.16 11:35:31 LOG7[5240:25188864]: <- 220 2.0.0 Ready to start TLS 2006.11.16 11:35:31 LOG5[5240:25188864]: Protocol negotiations succeded 2006.11.16 11:35:31 LOG7[5240:25188864]: SSL state (connect): before/ connect initialization 2006.11.16 11:35:31 LOG7[5240:25188864]: SSL state (connect): SSLv2/ v3 write client hello A 2006.11.16 11:40:31 LOG6[5240:25188864]: init_ssl: s_poll_wait timeout 2006.11.16 11:40:31 LOG5[5240:25188864]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2006.11.16 11:40:31 LOG7[5240:25188864]: ssmtp finished (0 left) 2006.11.16 11:35:31 LOG7[5240:25188864]: ssmtp started Postfix's log shows: Nov 16 11:35:31 Fax-Machine postfix/smtpd[5252]: connect from localhost[127.0.0.1] Nov 16 11:35:31 Fax-Machine postfix/smtpd[5252]: setting up TLS connection from localhost[127.0.0.1] Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: SSL_accept error from localhost[127.0.0.1]: -1 Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: lost connection after STARTTLS from localhost[127.0.0.1] Nov 16 11:40:31 Fax-Machine postfix/smtpd[5252]: disconnect from localhost[127.0.0.1] stunnel.conf is: ; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment cert = /etc/postfix/smtpd.cert key = /etc/postfix/smtpd.key debug=7 output=/dev/stdout ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile ;CAfile = certs.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem ; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.log ; Use it for client mode ;client = yes ; Service-level configuration protocol = smtp sslVersion = all ;[pop3s] ;accept = 995 ;connect = 110 ;[imaps] ;accept = 993 ;connect = 143 [ssmtp] client = yes accept = 465 connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 ; vim:ft=dosini Does anyone have any idea where I am going wrong? Thanks, James.