Unable to make SSL connexion work
Hi, Since our company had to migrate to Orange Office365 platform, we cannot send simple SMTP message using smtp.office365.com We have to use SMTP over TLS. While I have to use some applications which cannot use SMTP, I installed and setup STunnel. When I try to send a simple mail like this : telnet myserver 25 ehlo ch-lepuy.fr mail from: toto@ch-lepuy.fr I cannot continue with rcpt to syntax and I have the following message : rcpt to:530 5.7.1 Client was not authenticated In the STunnel log file, I can see that : 2013.08.06 19:20:49 LOG7[1352:2832]: SSL state (connect): before/connect initialization 2013.08.06 19:20:49 LOG7[1352:2832]: SSL state (connect): SSLv3 write client hello A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 read server hello A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 read server certificate A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 read server key exchange A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 read server certificate request A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 read server done A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 write client certificate A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 write client key exchange A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 write certificate verify A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 write change cipher spec A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 write finished A 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 flush data 2013.08.06 19:20:50 LOG7[1352:2832]: SSL state (connect): SSLv3 read finished A 2013.08.06 19:20:50 LOG7[1352:2832]: 1 items in the session cache 2013.08.06 19:20:50 LOG7[1352:2832]: 1 client connects (SSL_connect()) 2013.08.06 19:20:50 LOG7[1352:2832]: 1 client connects that finished 2013.08.06 19:20:50 LOG7[1352:2832]: 0 client renegotiations requested 2013.08.06 19:20:50 LOG7[1352:2832]: 0 server connects (SSL_accept()) 2013.08.06 19:20:50 LOG7[1352:2832]: 0 server connects that finished 2013.08.06 19:20:50 LOG7[1352:2832]: 0 server renegotiations requested 2013.08.06 19:20:50 LOG7[1352:2832]: 0 session cache hits 2013.08.06 19:20:50 LOG7[1352:2832]: 0 external session cache hits 2013.08.06 19:20:50 LOG7[1352:2832]: 0 session cache misses 2013.08.06 19:20:50 LOG7[1352:2832]: 0 session cache timeouts 2013.08.06 19:20:50 LOG7[1352:2832]: Peer certificate was cached (6184 bytes) 2013.08.06 19:20:50 LOG6[1352:2832]: SSL connected: new session negotiated 2013.08.06 19:20:50 LOG6[1352:2832]: Negotiated TLSv1/SSLv3 ciphersuite: ECDHE-RSA-AES256-SHA (256-bit encryption) 2013.08.06 19:20:50 LOG6[1352:2832]: Compression: null, expansion: null 2013.08.06 19:21:13 LOG3[1352:2832]: SSL_read: Connection reset by peer (WSAECONNRESET) (10054) 2013.08.06 19:21:13 LOG5[1352:2832]: Connection reset: 65 byte(s) sent to SSL, 231 byte(s) sent to socket 2013.08.06 19:21:13 LOG7[1352:2832]: Remote socket (FD=316) closed 2013.08.06 19:21:13 LOG7[1352:2832]: Local socket (FD=244) closed 2013.08.06 19:21:13 LOG7[1352:2832]: Service [SMTP Outgoing] finished (0 left) Here is my STunnel setup : client = yes output = stunnel-log.txt debug = 7 taskbar = yes ; Disable FIPS mode to allow non-approved protocols and algorithms ;fips = no ; ************************************************************************** ; * Service defaults may also be specified in individual service sections * ; ************************************************************************** ; Certificate/key is needed in server mode and optional in client mode cert = stunnel.pem ; Disable support for insecure SSLv2 protocol options = NO_SSLv2 [SMTP Outgoing] protocol = smtp accept = 25 connect = smtp.office365.com:587 Does anyone have an idea ? Regards? Patrice Oliver | Centre Hospitalier Emile Roux Responsable Informatique T. 04 71 04 38 30 12 Bd Andr? Chantemesse - 43012 LE PUY EN VELAY Cedex http://www.ch-lepuy.fr
On 2013-08-06 19:35, OLIVER Patrice wrote:
I cannot continue with rcpt to syntax and I have the following message : rcpt to:530 5.7.1 Client was not authenticated [cut] Does anyone have an idea ?
Sure: https://en.wikipedia.org/wiki/SMTP_Authentication In other words: stunnel worked fine and there is nothing you can do with stunnel to deal with your problem. Mike
Hi, I need to understand. You write that my configuration seems to work fine and the problem is out of STunnel. Haw can I sort it ou ? Patrice Oliver | Centre Hospitalier Emile Roux Responsable Informatique T. 04 71 04 38 30 12 Bd Andr? Chantemesse - 43012 LE PUY EN VELAY Cedex http://www.ch-lepuy.fr ________________________________ De : stunnel-users <stunnel-users-bounces@stunnel.org> de la part de Michal Trojnara <Michal.Trojnara@mirt.net> Envoy? : mardi 6 ao?t 2013 19:40 ? : stunnel-users@stunnel.org Objet : Re: [stunnel-users] Unable to make SSL connexion work On 2013-08-06 19:35, OLIVER Patrice wrote: I cannot continue with rcpt to syntax and I have the following message : rcpt to:530 5.7.1 Client was not authenticated [cut] Does anyone have an idea ? Sure: https://en.wikipedia.org/wiki/SMTP_Authentication In other words: stunnel worked fine and there is nothing you can do with stunnel to deal with your problem. Mike
Hi Patrice, Yes it is true, this is not a problem of stunnel. The problem is with your smtp dialog negociation. you will auth to your server like this : telnet myserver 25 ehlo ch-lepuy.fr auth login ... mail from: toto@ch-lepuy.fr Read this : http://www.kongtechnology.com/2008/01/27/smtp-authentication-and-send-emails... Bonne journée !! Ludovic. Le 06/08/2013 19:46, OLIVER Patrice a écrit :
Hi,
I need to understand. You write that my configuration seems to work fine and the problem is out of STunnel. Haw can I sort it ou ?
*Patrice Oliver| Centre Hospitalier Emile Roux* *Responsable Informatique* T. 04 71 04 38 30
12 Bd André Chantemesse - 43012 LE PUY EN VELAY Cedex* *http://www.ch-lepuy.fr
------------------------------------------------------------------------ *De :* stunnel-users <stunnel-users-bounces@stunnel.org> de la part de Michal Trojnara <Michal.Trojnara@mirt.net> *Envoyé :* mardi 6 août 2013 19:40 *À :* stunnel-users@stunnel.org *Objet :* Re: [stunnel-users] Unable to make SSL connexion work On 2013-08-06 19:35, OLIVER Patrice wrote:
I cannot continue with rcpt to syntax and I have the following message : rcpt to:530 5.7.1 Client was not authenticated [cut] Does anyone have an idea ?
Sure: https://en.wikipedia.org/wiki/SMTP_Authentication
In other words: stunnel worked fine and there is nothing you can do with stunnel to deal with your problem.
Mike
_______________________________________________ stunnel-users mailing list stunnel-users@stunnel.org https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
-- ------------------------------------------------------------------------------------------------------------------------- Ce message inclut une signature numérique. Il certifie que l'expéditeur et le contenue du message sont authentiques. Si votre logiciel de messagerie est compatible, Il doit garantir que le document n'a pas été altéré entre l'instant où l'auteur l'a signé et le moment où le lecteur le consulte. Loi n°2000-230 du 13 mars 2000 Art. 1316, 1316-1, 1316-2, 1316-3, 1316-4 du Code civil. La présence d'un fichier joint 'smime.p7s' (fichier signature) indique que votre client messagerie n'est pas compatible. -------------------------------------------------------------------------------------------------------------------------
participants (3)
-
Ludovic LEVET -
Michal Trojnara -
OLIVER Patrice