On 04/10/2006, at 9:39 PM, Michal Trojnara wrote:

> James Brown wrote:
>> [ssmtp]
>> client = yes
>> accept = 465
>> connect = 192.168.1.31:25

>
> Port numbers suggest you're going to setup SSL server
> instead of SSL client. Just remove "client = yes" line.
>
> Best regards,
> Mike


Thanks Mike.

I think I want it acting as an SSL server. My mail client (Apple's
Mail) can send using SSL. I want stunnel accept this encrypted
message on port 465 and forward the decrypted email to port 25 of my
mail server. In the above example I actually had stunnel running on
the machine that was running the mail client, as I was just trying to
test it. Sorry if I was a bit misleading there.

If I remove the line I get:

$ sudo stunnel /sw/etc/stunnel/stunnel.conf
2006.10.04 22:13:59 LOG5[6142:2684415368]: stunnel 4.04 on powerpc-
apple-darwin8.7.0 PTHREAD+LIBWRAP with OpenSSL 0.9.7d 17 Mar 2004
2006.10.04 22:13:59 LOG7[6142:2684415368]: Snagged 64 random bytes
from /Users/jlbrown/.rnd
2006.10.04 22:13:59 LOG7[6142:2684415368]: Wrote 1024 new random
bytes to /Users/jlbrown/.rnd
2006.10.04 22:13:59 LOG7[6142:2684415368]: RAND_status claims
sufficient entropy for the PRNG
2006.10.04 22:13:59 LOG6[6142:2684415368]: PRNG seeded successfully
2006.10.04 22:13:59 LOG7[6142:2684415368]: Certificate: /%1.pem
2006.10.04 22:13:59 LOG7[6142:2684415368]: Key file: /%1.pem
2006.10.04 22:13:59 LOG5[6142:2684415368]: FD_SETSIZE=1024, file
ulimit=256 -> 125 clients allowed
2006.10.04 22:13:59 LOG7[6142:2684415368]: FD 6 in non-blocking mode
2006.10.04 22:13:59 LOG7[6142:2684415368]: SO_REUSEADDR option set on
accept socket
2006.10.04 22:13:59 LOG7[6142:2684415368]: secure_mail bound to
0.0.0.0:2525
2006.10.04 22:13:59 LOG7[6142:2684415368]: FD 7 in non-blocking mode
2006.10.04 22:13:59 LOG7[6142:2684415368]: FD 8 in non-blocking mode
mail1-bordo-com-au:/ jlbrown$ 2006.10.04 22:13:59 LOG7
[6143:2684415368]: Created pid file /sw/var/run/stunnel.pid
2006.10.04 22:14:11 LOG7[6143:2684415368]: secure_mail accepted FD=9
from 127.0.0.1:50407
2006.10.04 22:14:11 LOG7[6143:2684415368]: FD 9 in non-blocking mode
2006.10.04 22:14:11 LOG7[6143:25183744]: secure_mail started
2006.10.04 22:14:11 LOG7[6143:25183744]: TCP_NODELAY option set on
local socket
2006.10.04 22:14:11 LOG5[6143:25183744]: secure_mail connected from
127.0.0.1:50407
2006.10.04 22:14:11 LOG7[6143:25183744]: SSL state (accept): before/
accept initialization
2006.10.04 22:14:11 LOG7[6143:25183744]: waitforsocket: FD=9, DIR=read
2006.10.04 22:19:11 LOG7[6143:25183744]: waitforsocket: timeout
2006.10.04 22:19:11 LOG7[6143:25183744]: secure_mail finished (0 left)

With the line in I get the "wrong version number" error, but it seems
to get further.

Thanks,

James.
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org