Anonymous Servers - Reliable/Stunnel help - PLZ

This is Interesting: Free IT Magazines  
Home > Archive > Anonymous Servers > November 2005 > Reliable/Stunnel help - PLZ





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Reliable/Stunnel help - PLZ
testnym

2005-11-13, 5:46 pm

Could somebody(s) give me a hand here?

First, I'm having troubles getting Reliable to work with stunnel to
use a pop account that requires pop3s and smtps access (ie gmail).
I'm pretty sure I've got the cause figured out but here's the facts.

- When I initiate a Reliable Receive cycle it D/L's fine (at least
the couple of test messages I sent there from another account).

- The Process cycle also seems to execute OK (but it's still hard to
tell for sure).

- The send cycle simply generates a sequence of

...

14:02 ERROR SMTP Sending Mail
Unexpected result code returned by server
Moved to C:\Reliable\Mail\MAILOUT\Errors\K93IZ3IH
.Q*
14:02 ERROR SMTP Sending Mail
Unexpected result code returned by server
Moved to C:\Reliable\Mail\MAILOUT\Errors\FL1ILFXW
.Q*
14:02 ERROR SMTP Sending Mail
Unexpected result code returned by server
Moved to C:\Reliable\Mail\MAILOUT\Errors\MKHVX7E7
.Q*
...

- I can access this account using exactly the same smtp server spec
(ie 127.0.0.1) and user name with The BAT (ie my email client)
provided I check the box in The Bat's transport config settings that
says "Perform SMTP Authentication (RFC 2554)". If I don't check this
box I get exactly the same results that I'm seeing with Reliable.


- Stunnel seems to be installing fine

2005.11.14 02:00:59 LOG5[3896:3900]: stunnel 4.14 on
x86-pc-mingw32-gnu WIN32+SELECT+IPv6 with OpenSSL 0.9.7i 14 Oct 2005
2005.11.14 02:01:00 LOG7[3896:3884]: RAND_status claims sufficient
entropy for the PRNG
2005.11.14 02:01:00 LOG6[3896:3884]: PRNG seeded successfully
2005.11.14 02:01:00 LOG5[3896:3884]: No limit detected for the
number of clients
2005.11.14 02:01:00 LOG7[3896:3884]: FD 192 in non-blocking mode
2005.11.14 02:01:00 LOG7[3896:3884]: SO_REUSEADDR option set on
accept socket
2005.11.14 02:01:00 LOG7[3896:3884]: pop3 bound to 127.0.0.1:110
2005.11.14 02:01:00 LOG7[3896:3884]: FD 204 in non-blocking mode
2005.11.14 02:01:00 LOG7[3896:3884]: SO_REUSEADDR option set on
accept socket
2005.11.14 02:01:00 LOG7[3896:3884]: smtp bound to 127.0.0.1:25



- but it genrates the log segment here when I use Reliable:

2005.11.14 02:02:21 LOG7[3896:3884]: pop3 accepted FD=212 from
127.0.0.1:1059
2005.11.14 02:02:21 LOG7[3896:3884]: Creating a new thread
2005.11.14 02:02:21 LOG7[3896:3884]: New thread created
2005.11.14 02:02:21 LOG7[3896:2312]: pop3 started
2005.11.14 02:02:21 LOG7[3896:2312]: FD 212 in non-blocking mode
2005.11.14 02:02:21 LOG5[3896:2312]: pop3 connected from
127.0.0.1:1059
2005.11.14 02:02:21 LOG7[3896:2312]: FD 240 in non-blocking mode
2005.11.14 02:02:21 LOG7[3896:2312]: pop3 connecting
XX.XXX.163.111:995
2005.11.14 02:02:21 LOG7[3896:2312]: connect_wait: waiting 10 seconds
2005.11.14 02:02:21 LOG7[3896:2312]: connect_wait: connected
2005.11.14 02:02:21 LOG7[3896:2312]: Remote FD=240 initialized
2005.11.14 02:02:21 LOG7[3896:2312]: SSL state (connect):
before/connect initialization
2005.11.14 02:02:21 LOG7[3896:2312]: SSL state (connect): SSLv3
write client hello A
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
read server hello A
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
read server certificate A
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
read server done A
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
write client key exchange A
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
write change cipher spec A
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
write finished A
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
flush data
2005.11.14 02:02:22 LOG7[3896:2312]: SSL state (connect): SSLv3
read finished A
2005.11.14 02:02:22 LOG7[3896:2312]: 1 items in the session cache
2005.11.14 02:02:22 LOG7[3896:2312]: 1 client connects
(SSL_connect())
2005.11.14 02:02:22 LOG7[3896:2312]: 1 client connects that
finished
2005.11.14 02:02:22 LOG7[3896:2312]: 0 client renegotiatations
requested
2005.11.14 02:02:22 LOG7[3896:2312]: 0 server connects
(SSL_accept())
2005.11.14 02:02:22 LOG7[3896:2312]: 0 server connects that
finished
2005.11.14 02:02:22 LOG7[3896:2312]: 0 server renegotiatiations
requested
2005.11.14 02:02:22 LOG7[3896:2312]: 0 session cache hits
2005.11.14 02:02:22 LOG7[3896:2312]: 0 session cache misses
2005.11.14 02:02:22 LOG7[3896:2312]: 0 session cache timeouts
2005.11.14 02:02:22 LOG6[3896:2312]: SSL connected: new session
negotiated
2005.11.14 02:02:22 LOG6[3896:2312]: Negotiated ciphers: DES-CBC3-SHA
SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
2005.11.14 02:02:25 LOG7[3896:2312]: Socket closed on read
2005.11.14 02:02:25 LOG7[3896:2312]: SSL socket closed on SSL_read
2005.11.14 02:02:25 LOG7[3896:2312]: Socket write shutdown
2005.11.14 02:02:25 LOG5[3896:2312]: Connection closed: 67 bytes
sent to SSL, 2015 bytes sent to socket
2005.11.14 02:02:25 LOG7[3896:2312]: pop3 finished (0 left)

2005.11.14 02:02:27 LOG7[3896:3884]: smtp accepted FD=228 from
127.0.0.1:1061
2005.11.14 02:02:27 LOG7[3896:3884]: Creating a new thread
2005.11.14 02:02:27 LOG7[3896:3884]: New thread created
2005.11.14 02:02:27 LOG7[3896:4072]: smtp started
2005.11.14 02:02:27 LOG7[3896:4072]: FD 228 in non-blocking mode
2005.11.14 02:02:27 LOG5[3896:4072]: smtp connected from
127.0.0.1:1061
2005.11.14 02:02:27 LOG7[3896:4072]: FD 240 in non-blocking mode
2005.11.14 02:02:27 LOG7[3896:4072]: smtp connecting
XX.XXX.163.111:465
2005.11.14 02:02:27 LOG7[3896:4072]: connect_wait: waiting 10 seconds
2005.11.14 02:02:27 LOG7[3896:4072]: connect_wait: connected
2005.11.14 02:02:27 LOG7[3896:4072]: Remote FD=240 initialized
2005.11.14 02:02:27 LOG7[3896:4072]: SSL state (connect):
before/connect initialization
2005.11.14 02:02:27 LOG7[3896:4072]: SSL state (connect):
SSLv3 write client hello A
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 read server hello A
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 read server certificate A
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 read server done A
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 write client key exchange A
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 write change cipher spec A
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 write finished A
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 flush data
2005.11.14 02:02:28 LOG7[3896:4072]: SSL state (connect):
SSLv3 read finished A
2005.11.14 02:02:28 LOG7[3896:4072]: 2 items in the session cache
2005.11.14 02:02:28 LOG7[3896:4072]: 2 client connects
(SSL_connect())
2005.11.14 02:02:28 LOG7[3896:4072]: 2 client connects that
finished
2005.11.14 02:02:28 LOG7[3896:4072]: 0 client renegotiatations
requested
2005.11.14 02:02:28 LOG7[3896:4072]: 0 server connects
(SSL_accept())
2005.11.14 02:02:28 LOG7[3896:4072]: 0 server connects that
finished
2005.11.14 02:02:28 LOG7[3896:4072]: 0 server renegotiatiations
requested
2005.11.14 02:02:28 LOG7[3896:4072]: 0 session cache hits
2005.11.14 02:02:28 LOG7[3896:4072]: 0 session cache misses
2005.11.14 02:02:28 LOG7[3896:4072]: 0 session cache timeouts
2005.11.14 02:02:28 LOG6[3896:4072]: SSL connected: new session
negotiated
2005.11.14 02:02:28 LOG6[3896:4072]: Negotiated ciphers: DES-CBC3-SHA
SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
2005.11.14 02:02:31 LOG7[3896:4072]: SSL socket closed on SSL_read
2005.11.14 02:02:31 LOG7[3896:4072]: Socket write shutdown
2005.11.14 02:02:31 LOG5[3896:4072]: Connection closed: 197 bytes
sent to SSL,
400 bytes sent to socket
2005.11.14 02:02:31 LOG7[3896:4072]: smtp finished (0 left)



- My firewall log show exactly the expected outbound TCP activity
on 995 and 465


2005/11/13, 14:02:21.668, GMT -0600, 2037, Device 2, Rule 73,
Allowed outgoing TCP packet, src=XX.XX.228.162, dst=XX.XXX.163.111,
sport=1060, dport=995
2005/11/13, 14:02:21.668, GMT -0600, 2037, Device 2, Rule 73,
Allowed outgoing TCP packet, src=XX.XX.228.162, dst=XX.XXX.163.111,
sport=1060, dport=995


and


2005/11/13, 14:02:27.476, GMT -0600, 2037, Device 2, Rule 72,
Allowed outgoing TCP packet, src=XX.XX.228.162, dst=XX.XXX.163.111,
sport=1062, dport=465
2005/11/13, 14:02:27.476, GMT -0600, 2037, Device 2, Rule 72,
Allowed outgoing TCP packet, src=XX.XX.228.162, dst=XX.XXX.163.111,
sport=1062, dport=465



My guess is that Reliable is not doing the "Perform SMTP
Authentication (RFC 2554)" that I can select when doing smtp with
The Bat.

Do I have the problem diagnosed right? How would I get Reliable
to do this? I've been over that miriad of config settings a dozen
times and don't see it. Is there a way to get Stunnel to do this on
it's own? I've spent a week+ reading to get to this point and I really
don't remember seeing anything relavant.

Also, I've installed Mercury /w32 (recently) in the expectation
of switching to using that to interact with my pop3(s) account for
downloading and then sending directly to other remailers (that aren't
going to be doing a reverse DNS lookups on me) for outgoing traffic.
My thinking is that 5000 pieces (/100meg) of incoming traffic a day
through my account isn't going to set off as many warning bells as
5000 outgoing pieces. Is this a workable arrangement? How do I take
advantage to the smtps support provided by ? Mercury /w32 supports
smpts directly but I'm not sure if I can simply append a :25 or
:465 to the end of the server address without screwing up Reliable
(and maybe ever Mercury itself). Anybody know a sensible way to
approach this?

Finally, I'm using pgp2.6.3i and I'm wondering what to do about
amessage, amigo, and antani. If I keep thier conf strings included
"as is" Reliable gives me the message that I don't have thier keys
on my ring. If I attempt to add thier DSA keys I obviously get an
error. From thier Remail-Conf reply and publicly accessable
pgp-rsa.asc files they don't seem to issue RSA keys. I'm thinking I
can "hand mangle" thier conf strings to make them mixmaster only or
I can do as I'm doing now and simply delete them and answer no to
re-adding them after every Reliable Stats update. What do the other
RSA only remailers do here?

Thanks In Advance







panta-admin

2005-11-13, 5:46 pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi !

>- I can access this account using exactly the same smtp server spec
>(ie 127.0.0.1) and user name with The BAT (ie my email client)
>provided I check the box in The Bat's transport config settings that
>says "Perform SMTP Authentication (RFC 2554)". If I don't check this
>box I get exactly the same results that I'm seeing with Reliable.

Reliable does not do SMTP authentication.
If you want SMTPAuth use the Panta Reliable Mod available at:
https://www.panta-rhei.dyndns.org

It will give you a lot of other features and bugfixes as well.

>Finally, I'm using pgp2.6.3i and I'm wondering what to do about
>amessage, amigo, and antani. If I keep thier conf strings included
>"as is" Reliable gives me the message that I don't have thier keys
>on my ring. If I attempt to add thier DSA keys I obviously get an
>error. From thier Remail-Conf reply and publicly accessable
>pgp-rsa.asc files they don't seem to issue RSA keys. I'm thinking I
>can "hand mangle" thier conf strings to make them mixmaster only or
>I can do as I'm doing now and simply delete them and answer no to
>re-adding them after every Reliable Stats update. What do the other
>RSA only remailers do here?

Dont do that. Use PGP 6.5.8ckt and all is good.
You can get that from my webpage as well.

Cheers,
panta-admin

-----BEGIN PGP SIGNATURE-----
Version: N/A

iQA/AwUBQ3fa89crLUqmoDLIEQLOegCfYMklczf/02+yLDZDLZbBYV1EksEAnjND
SQFKqMPHi4XcuiZvg3WwCfJc
=zs4G
-----END PGP SIGNATURE-----
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.



moose

2005-11-14, 2:46 am

-----BEGIN PGP SIGNED MESSAGE-----

>If you want SMTPAuth use the Panta Reliable Mod available at:
>https://www.panta-rhei.dyndns.org
>
>It will give you a lot of other features and bugfixes as well.

Thanks bud... Just D/L'ed it.. I'll get at it tommorow for sure.
I've been checking out several locations for mods and utilities
lately including your fine site. I have D/L'ed a few pkgs already,
but I wanted to identify and install only the ones nessasary to
get things up and running for starters. This definately appears
to fall into that catagory.

I've D/L'ed a couple of things by Frog-admin (mostly stats related)
that I'm a bit leary of. I've been absent from this group for several
years but I hung arounded (and contributed from time to time) back at
the begining of the big skript-kiddie / TJB flood of several years
ago. LOL that Thomas is the one left standing! I'm not sure how
that all worked out but I never got over being suspect of all
things yi.org... Unfortunately my old nym now has a trail right
back to my name, address, and phone number and with the kooks and
trolls here being even more malicious than they used to be.... I've
tentativly entered "moose" in the remailer name blank... does that
name have a history already?

>Use PGP 6.5.8ckt and all is good.

Got it already (thanks)... I'm not sure why I really like NOT using
anything past 2.6.3i... It's a copy I've had for probably 15 years
now and I just feel like if I'm not 100% comfortable with my encryption
package then everything else is for not... That was going to be one of
my future questions actually... Why couldn't I simply import my existing
RSA key instead of having Reliable generate a new one for me? That's
exactly the kind of thing that makes me really paranoid. I was saving
that for after the big "reinstall" to an old (dedicated) 386 machine
I've got lying around though.

Thanks again


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAgUBQ3dGHDfLqdEzX1nVAQHauwQAryOIkZhU
AJZmfUOAtCWhoGTFqqbAGqW4
gqo/ M91sNRCe1OsCZJ1tHnAkMf1terKp+Gy9BhOj3AZI
ROVxF/UFndgOUyX1FFvP
6kBuSHyoy8MU6Um330861mAsstiJwiCQLgvDQ35q
HbAV+aqAR+YgZlw7rBSa03Q4
IHVzt7wWUpo=
=VmuH
-----END PGP SIGNATURE-----
moose

2005-11-14, 2:46 am

-----BEGIN PGP SIGNED MESSAGE-----

Install went great... Trouble is nothing has changed... I looked
through the Panta Mod tab, the Send Tab, all the other configure
options (I think).. I can't figure out how to enable SMTP
authentication. Suggestions?




-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: cp850

iQCVAgUBQ3dtbzfLqdEzX1nVAQHBLAQAlhonZTfA
a8d74I1SPlvl8HvfaffgGzQP
YCGpTVYYUSVFX/ 6xGAhloRIKCIXMzU7YZe6hjOVA2dI9CP22j20LE8
ZFOK61DkfA
mReg3Rao2cuSD4sKzZ4IvUfzvwJGYoEe2ETL6yPH
v40f/IBT2y3mjZMlUWM/M1y0
3ppBLqXL6kY=
=UxXk
-----END PGP SIGNATURE-----
Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com