[KLUG Members] Stunnel garbadge in Syslog

Bob Kanaley members@kalamazoolinux.org
Wed, 6 Mar 2002 18:09:55 -0500
Previous message: [KLUG Members] Sorry about the HTML....
Next message: [KLUG Members] Midgard users?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Date: Tue,  5 Mar 2002 15:17:11 -0500
> From: adam@morrison-ind.com
> To: members@kalamazoolinux.org
> Subject: Re: [KLUG Members] Re:Introduction and Logfiles mess, Such as?
> Reply-To: members@kalamazoolinux.org

> >Now, each time a windows client logs in to the mailserver I get:
> >two stunnel SSL_accept error messages in syslog
> >one for no shared cipher and one for unknown protocol
>
> Sorry, don't know anything about stunnel.
>
> >That comes out to hundreds of useless entries a day in my logs.
> >I don't know if the error messages are from stupid windows clients,
> >improper settings for Postfix, Xinetd and Stunnel or improper syslog
settings
> >that are recording useless messages!!!
>
> I'd wager the errors are from stunnel itself.  Possibly because it's
barfing on
> something the Win32 client is sending.  Try and capture a conversation
with
> something like ethereal,  I'm willing to take a look at it.

Thanks for the offer.

Earlier today, I downloaded TCPdump and the windows port windump to try to
capture some more info on my Samba problems (more on that later). Hopefully
this will capture enough of the conversation that you want to look at?

I ran:
windump -w talk host dmz02 mac62 where talk is the file written to, dmz02 is
my SMTP server and mac62 in an NT client running Outlook Express. I
immediately clicked on the Outlook Express Send/Receive button and after the
mailrun finished I killed windump. I don't know if that is what you want to
look at, but here it is:

14:39:19.580592 mac62.agdia.com.1325 > dmz02.agdia.com.995: S
2141119719:2141119719(0) win 8192 <mss 1460> (DF)
14:39:19.582336 dmz02.agdia.com.995 > mac62.agdia.com.1325: S
864518622:864518622(0) ack 2141119720 win 32120 <mss 1460> (DF)
14:39:19.582404 mac62.agdia.com.1325 > dmz02.agdia.com.995: . ack 1 win 8760
(DF)
14:39:19.583238 mac62.agdia.com.1325 > dmz02.agdia.com.995: P 1:97(96) ack 1
win 8760 (DF)
14:39:19.586078 dmz02.agdia.com.995 > mac62.agdia.com.1325: . ack 97 win
32120 (DF)
14:39:19.592210 dmz02.agdia.com.995 > mac62.agdia.com.1325: P 1:123(122) ack
97 win 32120 (DF)
14:39:19.592846 mac62.agdia.com.1325 > dmz02.agdia.com.995: P 97:140(43) ack
123 win 8638 (DF)
14:39:19.600767 dmz02.agdia.com.995 > mac62.agdia.com.1325: . ack 140 win
32120 (DF)
14:39:19.610753 dmz02.agdia.com.995 > mac62.agdia.com.1325: P 123:183(60)
ack 140 win 32120 (DF)
14:39:19.611243 mac62.agdia.com.1325 > dmz02.agdia.com.995: P 140:171(31)
ack 183 win 8578 (DF)
14:39:19.613309 dmz02.agdia.com.995 > mac62.agdia.com.1325: P 183:245(62)
ack 171 win 32120 (DF)
14:39:19.613588 mac62.agdia.com.1325 > dmz02.agdia.com.995: P 171:206(35)
ack 245 win 8516 (DF)
14:39:19.631151 dmz02.agdia.com.995 > mac62.agdia.com.1325: . ack 206 win
32120 (DF)
14:39:21.652431 dmz02.agdia.com.995 > mac62.agdia.com.1325: P 245:296(51)
ack 206 win 32120 (DF)
14:39:21.653207 mac62.agdia.com.1325 > dmz02.agdia.com.995: P 206:233(27)
ack 296 win 8465 (DF)
14:39:21.655045 dmz02.agdia.com.995 > mac62.agdia.com.1325: P 296:326(30)
ack 233 win 32120 (DF)
14:39:21.656106 mac62.agdia.com.1325 > dmz02.agdia.com.995: P 233:260(27)
ack 326 win 8435 (DF)
14:39:21.670953 dmz02.agdia.com.995 > mac62.agdia.com.1325: . ack 260 win
32120 (DF)
14:39:23.672163 dmz02.agdia.com.995 > mac62.agdia.com.1325: P 326:361(35)
ack 260 win 32120 (DF)
14:39:23.672489 mac62.agdia.com.1325 > dmz02.agdia.com.995: F 260:260(0) ack
361 win 8400 (DF)
14:39:23.674979 dmz02.agdia.com.995 > mac62.agdia.com.1325: . ack 261 win
32120 (DF)
14:39:23.675442 dmz02.agdia.com.995 > mac62.agdia.com.1325: F 361:361(0) ack
261 win 32120 (DF)
14:39:23.675533 mac62.agdia.com.1325 > dmz02.agdia.com.995: . ack 362 win
8400 (DF)

I didn't match up the time, but the errors in syslog are:
Mar  6 15:29:36 dmz02 stunnel[17527]: SSL_accept: error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Mar  6 15:29:36 dmz02 stunnel[17529]: SSL_accept: error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher

Is it possible that these errors are from OE and Outlook not keeping the SSL
certificate from the SMTP server. I tried importing the SSL .pem certificate
a couple of different ways into Internet Explorer (Certificate Manager and
MyProfile Import Digital IDs) but Microsoft wants a .cer or some other kind
of cert.
Previous message: [KLUG Members] Sorry about the HTML....
Next message: [KLUG Members] Midgard users?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]