HOWTO: Relay through ISP with Stunnel

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
AltReality
New user
New user
Posts: 7
Joined: 2006-02-12 11:13
Location: Sacramento, CA
Contact:

HOWTO: Relay through ISP with Stunnel

Post by AltReality » 2007-06-25 00:35

Hi All,
I have a problem with relaying email through my ISP's server.
I have AT&T DSL, and not only do they block port 25, they also require SSL based connections to port 465.

From the AT&T email config site:

Code: Select all

Incoming mail server: POP.ATT.YAHOO.COM
Outgoing mail server: SMTP.ATT.YAHOO.COM

Outgoing mail server: Outgoing server (SMTP) requires authentication
Incoming mail port #: 995, secure connection (SSL) checked
Outgoing mail port #: 465, secure connection (SSL) checked

( I know SSL has been covered alot in the forums, and I found one that looks really close to helping...but it was written specifically for gmail and I'm having trouble translating it to my ISP...
http://www.hmailserver.com/forum/viewto ... hlight=ssl )

incoming mail is working perfectly, so I pretty much don't care about all the POP3 stuff right? (I'm not pulling email from the ISP, only trying to relay SMTP....)

I have installed STUNNEL and configured it with the example config file from the post above, with a couple of modifications...

Code: Select all

# Name this file client-stunnel.conf and place
# in your stunnel directory

#Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Use it for client mode
client = yes

; Service-level configuration

service = Stunnel-Client

;# POP3 service, listens on localhost:11111
;[gmail-pop3s]
;accept = localhost:11111
;connect=pop.gmail.com:995

# SMTP service, listens on localhost:11026
[gmail-smtps]
protocol=smtp
accept = localhost:11026
connect=smtp.att.yahoo.com:465
And then in hmailserver, I have configured my relayer to be localhost port 11026
(and get a warning saying not to do that...but I think it's correct)...

This is where I enter my username and password for my ISP's authentication as well...right? seems weird..not sure how that would get passed through stunnel and to the ISP...but that's the only place I can see an option for it. Should the username and password maybe go in the stunnel config file?

Image

anyway..I try to send email, and get a response saying it tried like 10 times and couldn't send it.

I think my config is screwy in either the hmail relay settings or the config file, but either way...some help would be greatly appreciated..

Thanks,
AltReality

GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Post by GlenC » 2007-06-25 01:36

What do you see in your stunnel log? Anything useful?

AltReality
New user
New user
Posts: 7
Joined: 2006-02-12 11:13
Location: Sacramento, CA
Contact:

Post by AltReality » 2007-06-25 01:42

Didn't even realize there was a log...

Code: Select all

2007.06.24 15:41:34 LOG5[3444:3808]: stunnel 4.20 on x86-pc-mingw32-gnu with OpenSSL 0.9.8d 28 Sep 2006
2007.06.24 15:41:34 LOG5[3444:3808]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2007.06.24 15:41:34 LOG5[3444:4064]: No limit detected for the number of clients
2007.06.24 15:43:54 LOG5[3444:1332]: gmail-smtps accepted connection from 127.0.0.1:1278
2007.06.24 15:43:54 LOG5[3444:1332]: gmail-smtps connected remote server from 192.168.1.103:1279
2007.06.24 15:43:54 LOG5[3444:1332]: Negotiations for smtp (client side) started
2007.06.24 15:44:14 LOG3[3444:1332]: readsocket (fdgetline): Connection reset by peer (WSAECONNRESET) (10054)
2007.06.24 15:44:14 LOG5[3444:1332]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2007.06.24 15:45:54 LOG5[3444:3276]: gmail-smtps accepted connection from 127.0.0.1:1280
2007.06.24 15:45:54 LOG5[3444:3276]: gmail-smtps connected remote server from 192.168.1.103:1281
2007.06.24 15:45:54 LOG5[3444:3276]: Negotiations for smtp (client side) started
2007.06.24 15:46:14 LOG3[3444:3276]: readsocket (fdgetline): Connection reset by peer (WSAECONNRESET) (10054)
2007.06.24 15:46:14 LOG5[3444:3276]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
2007.06.24 15:46:47 LOG5[3444:2880]: gmail-smtps accepted connection from 127.0.0.1:1282
2007.06.24 15:46:47 LOG5[3444:2880]: gmail-smtps connected remote server from 192.168.1.103:1283
2007.06.24 15:46:47 LOG5[3444:2880]: Negotiations for smtp (client side) started
2007.06.24 15:47:08 LOG3[3444:2880]: readsocket (fdgetline): Connection reset by peer (WSAECONNRESET) (10054)
2007.06.24 15:47:08 LOG5[3444:2880]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket
Thanks for the help! :)

GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Post by GlenC » 2007-06-25 02:31

I had never tested using gmail as a relay but I just did and it worked. The port number I had provided in the other post was wrong (should have been 465 vice 587), but it worked.

I can't see any configuration differences between your config and mine so it seems it should be working. Is it possible that it is a wrong username/ password issue?

GlenC
Senior user
Senior user
Posts: 680
Joined: 2004-08-17 23:31
Location: Santiago, Chile

Post by GlenC » 2007-06-25 02:48

There appears to be an undesirable side effect using google though. It rewrites the headers as though any mail relayed is from the gmail user account. Which makes this hack for gmail kinda useless. Hopefully you won't have this problem with your ATT account.

AltReality
New user
New user
Posts: 7
Joined: 2006-02-12 11:13
Location: Sacramento, CA
Contact:

Post by AltReality » 2007-06-25 03:57

I've noticed all this time, while I was playing a game, the log in stunnel keeps growing. I'm not trying to send email...

I am pretty sure the username and password are ok, because I'm using the same combonation from thunderbird...to send all my email. (I'm trying to set this up so I can email "directly" from my server)
Not sure what that error means though. kinda weird.
Anyone else have any thoughts?
-AltReality

AltReality
New user
New user
Posts: 7
Joined: 2006-02-12 11:13
Location: Sacramento, CA
Contact:

Post by AltReality » 2007-06-25 04:25

I hope this isn't a stupid question....does OpenSSL need to be installed along with stunnel ?

Again I'm only using client mode, not server mode, because I don't need encrypted access to the server, only to access my ISP through the encrypted tunnel.
-AltReality

Kigen
New user
New user
Posts: 1
Joined: 2007-09-18 12:06

Post by Kigen » 2007-09-18 12:07

stunnel.conf

Code: Select all

service = Stunnel-Client
client=yes
delay=yes

[att-smtps]
accept=localhost:11026
connect=smtp.att.yahoo.com:465
And no, AltReality.

mikew
New user
New user
Posts: 13
Joined: 2007-05-06 11:43

Relaying to SMTP only supporting STARTTLS

Post by mikew » 2009-03-19 19:39

Since hMailServer 5.0 SSL is available for SMTP connections. Port 465 is assigned to this protocol.

However my ISP only supports the "STARTTLS method". Typically, the usual TCP port 25 (or 587) is used for this method. The communication starts unencrypted and enters encryption mode by an explicit command from the SMTP client. hMailServer currently (5.1 was in alpha state when I wrote this) does not support STARTTLS.

But stunnel can also handle this situation. I use the following stunnel configuration and let hMailserver connect to localhost:25025:

Code: Select all

client = yes
taskbar = no

[SMTP with STARTTLS]
accept   = 25025
connect  = smtp.provider.com:25
protocol = smtp

Post Reply