Stunnel configuratie voor SMTP met SSL voor camera's - Netwerken

zondag 6 augustus 2017 17:21

Acties:

Topicstarter

Ik ben al een geruime tijd bezig om te proberen mijn netwerkcamera's weer werkend te krijgen dat die een email sturen als zij beweging detecteren. In het verleden werkte dit altijd goed alleen sinds meer dan een jaar niet meer. Na wat zoeken lijkt dit te komen doordat Gmail hun SSL instellingen heeft aangepast en mijn camera's deze standaard niet aankunnen.
Na wat onderzoek leek het mooi om een soort gateway hiervoor te gaan gebruiken. Ik heb nog een Raspberry Pi en deze zou dan de pakketten/emails kunnen ontvangen van de camera's en op de juiste manier naar de Gmail SMTP server moeten kunnen sturen. Het leek makkelijk maar na enorm veel pogingen krijg ik het niet voor elkaar.. Ik gebruik hiervoor STunnel.

Dit is mijn Stunnel.conf:

code:

debug = debug
output = /var/log/stunnel4/stunnel.log

;chroot = /var/lib/stunnel4
pid = /var/run/stunnel4/stunnel.pid
;setuid = stunnel4
;setgid = stunnel4

cert = /etc/stunnel/stunnel.pem
;key = /etc/stunnel/stunnel.pem

options = NO_SSLv2
options = SINGLE_ECDH_USE
options = SINGLE_DH_USE

;[gmail-pop3]
;client = yes
;accept = 110
;connect = pop.gmail.com:995
;verify = 2
;CAfile = ca-certs.pem
;checkHost = pop.gmail.com
;OCSPaia = yes

[gmail-smtp]
client = yes
;protocol = smtp
accept = 25
connect = smtp.gmail.com:465
;verify = 2
;verifyChain = yes
;CApath = /etc/ssl/certs
;CAfile = ca-certs.pem
;checkHost = smtp.gmail.com
;OCSPaia = yes
;sslVersion = all

Als ik nu in de logfiles kijk, zie ik het volgende:

code:

2017.08.06 17:02:00 LOG7[24507]: Clients allowed=500
2017.08.06 17:02:00 LOG5[24507]: stunnel 5.06 on arm-unknown-linux-gnueabihf platform
2017.08.06 17:02:00 LOG5[24507]: Compiled with OpenSSL 1.0.1k 8 Jan 2015
2017.08.06 17:02:00 LOG5[24507]: Running  with OpenSSL 1.0.1t  3 May 2016
2017.08.06 17:02:00 LOG5[24507]: Update OpenSSL shared libraries or rebuild stunnel
2017.08.06 17:02:00 LOG5[24507]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
2017.08.06 17:02:00 LOG7[24507]: errno: (*__errno_location ())
2017.08.06 17:02:00 LOG5[24507]: Reading configuration from file /etc/stunnel/stunnel.conf
2017.08.06 17:02:00 LOG5[24507]: FIPS mode disabled
2017.08.06 17:02:00 LOG7[24507]: Compression disabled
2017.08.06 17:02:00 LOG7[24507]: Snagged 64 random bytes from /dev/urandom
2017.08.06 17:02:00 LOG7[24507]: PRNG seeded successfully
2017.08.06 17:02:00 LOG6[24507]: Initializing service [gmail-smtp]
2017.08.06 17:02:00 LOG6[24507]: Loading cert from file: /etc/stunnel/stunnel.pem
2017.08.06 17:02:00 LOG6[24507]: Loading key from file: /etc/stunnel/stunnel.pem
2017.08.06 17:02:00 LOG4[24507]: Insecure file permissions on /etc/stunnel/stunnel.pem
2017.08.06 17:02:00 LOG7[24507]: Private key check succeeded
2017.08.06 17:02:00 LOG7[24507]: SSL options: 0x03180004 (+0x03180000, -0x00000000)
2017.08.06 17:02:00 LOG5[24507]: Configuration successful
2017.08.06 17:02:00 LOG7[24507]: Listening file descriptor created (FD=7)
2017.08.06 17:02:00 LOG7[24507]: Service [gmail-smtp] (FD=7) bound to 0.0.0.0:25
2017.08.06 17:02:00 LOG7[24508]: Created pid file /var/run/stunnel4/stunnel.pid
2017.08.06 17:02:02 LOG7[24508]: Service [gmail-smtp] accepted (FD=3) from 192.168.178.26:44997
2017.08.06 17:02:02 LOG7[24512]: Service [gmail-smtp] started
2017.08.06 17:02:02 LOG5[24512]: Service [gmail-smtp] accepted connection from 192.168.178.26:44997
2017.08.06 17:02:02 LOG6[24512]: s_connect: connecting 108.177.96.109:465
2017.08.06 17:02:02 LOG7[24512]: s_connect: s_poll_wait 108.177.96.109:465: waiting 10 seconds
2017.08.06 17:02:02 LOG5[24512]: s_connect: connected 108.177.96.109:465
2017.08.06 17:02:02 LOG5[24512]: Service [gmail-smtp] connected remote server from 192.168.178.16:42940
2017.08.06 17:02:02 LOG7[24512]: Remote socket (FD=9) initialized
2017.08.06 17:02:02 LOG6[24512]: SNI: sending servername: smtp.gmail.com
2017.08.06 17:02:02 LOG7[24512]: SSL state (connect): before/connect initialization
2017.08.06 17:02:02 LOG7[24512]: SSL state (connect): SSLv2/v3 write client hello A
2017.08.06 17:02:02 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:02 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:02 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:02 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:03 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:03 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:03 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:03 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:03 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:03 LOG7[24512]: SSL state (connect): unknown state
2017.08.06 17:02:03 LOG7[24512]:    0 items in the session cache
2017.08.06 17:02:03 LOG7[24512]:    1 client connects (SSL_connect())
2017.08.06 17:02:03 LOG7[24512]:    1 client connects that finished
2017.08.06 17:02:03 LOG7[24512]:    0 client renegotiations requested
2017.08.06 17:02:03 LOG7[24512]:    0 server connects (SSL_accept())
2017.08.06 17:02:03 LOG7[24512]:    0 server connects that finished
2017.08.06 17:02:03 LOG7[24512]:    0 server renegotiations requested
2017.08.06 17:02:03 LOG7[24512]:    0 session cache hits
2017.08.06 17:02:03 LOG7[24512]:    0 external session cache hits
2017.08.06 17:02:03 LOG7[24512]:    0 session cache misses
2017.08.06 17:02:03 LOG7[24512]:    0 session cache timeouts
2017.08.06 17:02:03 LOG6[24512]: SSL connected: new session negotiated
2017.08.06 17:02:03 LOG7[24512]: Peer certificate was cached (4393 bytes)
2017.08.06 17:02:03 LOG6[24512]: Negotiated TLSv1.2 ciphersuite ECDHE-RSA-AES128-GCM-SHA256 (128-bit encryption)
2017.08.06 17:02:03 LOG6[24512]: Compression: null, expansion: null
2017.08.06 17:02:03 LOG5[24512]: Read socket error: Connection reset by peer (104)
2017.08.06 17:02:03 LOG5[24512]: Connection reset: 106 byte(s) sent to SSL, 53 byte(s) sent to socket
2017.08.06 17:02:03 LOG7[24512]: Remote socket (FD=9) closed
2017.08.06 17:02:03 LOG7[24512]: Local socket (FD=3) closed
2017.08.06 17:02:03 LOG7[24512]: Service [gmail-smtp] finished (0 left)

En als ik in mijn stunnel.conf het argument protocol = smtp actief maak veranderd de foutmelding in de logfiles:

code:

2017.08.06 17:16:44 LOG7[24639]: Clients allowed=500
2017.08.06 17:16:44 LOG5[24639]: stunnel 5.06 on arm-unknown-linux-gnueabihf platform
2017.08.06 17:16:44 LOG5[24639]: Compiled with OpenSSL 1.0.1k 8 Jan 2015
2017.08.06 17:16:44 LOG5[24639]: Running  with OpenSSL 1.0.1t  3 May 2016
2017.08.06 17:16:44 LOG5[24639]: Update OpenSSL shared libraries or rebuild stunnel
2017.08.06 17:16:44 LOG5[24639]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD SSL:ENGINE,OCSP,FIPS Auth:LIBWRAP
2017.08.06 17:16:44 LOG7[24639]: errno: (*__errno_location ())
2017.08.06 17:16:44 LOG5[24639]: Reading configuration from file /etc/stunnel/stunnel.conf
2017.08.06 17:16:44 LOG5[24639]: FIPS mode disabled
2017.08.06 17:16:44 LOG7[24639]: Compression disabled
2017.08.06 17:16:44 LOG7[24639]: Snagged 64 random bytes from /dev/urandom
2017.08.06 17:16:44 LOG7[24639]: PRNG seeded successfully
2017.08.06 17:16:44 LOG6[24639]: Initializing service [gmail-smtp]
2017.08.06 17:16:44 LOG6[24639]: Loading cert from file: /etc/stunnel/stunnel.pem
2017.08.06 17:16:44 LOG6[24639]: Loading key from file: /etc/stunnel/stunnel.pem
2017.08.06 17:16:44 LOG4[24639]: Insecure file permissions on /etc/stunnel/stunnel.pem
2017.08.06 17:16:44 LOG7[24639]: Private key check succeeded
2017.08.06 17:16:44 LOG7[24639]: SSL options: 0x03180004 (+0x03180000, -0x00000000)
2017.08.06 17:16:44 LOG5[24639]: Configuration successful
2017.08.06 17:16:44 LOG7[24639]: Listening file descriptor created (FD=7)
2017.08.06 17:16:44 LOG7[24639]: Service [gmail-smtp] (FD=7) bound to 0.0.0.0:25
2017.08.06 17:16:44 LOG7[24640]: Created pid file /var/run/stunnel4/stunnel.pid
2017.08.06 17:16:50 LOG7[24640]: Service [gmail-smtp] accepted (FD=3) from 192.168.178.26:51669
2017.08.06 17:16:50 LOG7[24644]: Service [gmail-smtp] started
2017.08.06 17:16:50 LOG5[24644]: Service [gmail-smtp] accepted connection from 192.168.178.26:51669
2017.08.06 17:16:50 LOG6[24644]: s_connect: connecting 74.125.128.109:465
2017.08.06 17:16:50 LOG7[24644]: s_connect: s_poll_wait 74.125.128.109:465: waiting 10 seconds
2017.08.06 17:16:50 LOG5[24644]: s_connect: connected 74.125.128.109:465
2017.08.06 17:16:50 LOG5[24644]: Service [gmail-smtp] connected remote server from 192.168.178.16:35054
2017.08.06 17:16:50 LOG7[24644]: Remote socket (FD=9) initialized
2017.08.06 17:17:00 LOG3[24644]: fd_getline: Unexpected socket close
2017.08.06 17:17:00 LOG5[24644]: Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket
2017.08.06 17:17:00 LOG7[24644]: Remote socket (FD=9) closed
2017.08.06 17:17:00 LOG7[24644]: Local socket (FD=3) closed
2017.08.06 17:17:00 LOG7[24644]: Service [gmail-smtp] finished (0 left)

Kan iemand mij in de juiste richting helpen? Doe ik iets verkeerd? Op probeer ik iets onmogelijks? Is er in de tussentijd misschien nog iets veranderd aan de SMTP server van Gmail dat deze oplossing ook niet meer mogelijk is?

zondag 6 augustus 2017 17:23

Acties:

CyBeR

💩

Kun je niet beter een mta draaien ipv stunnel?

All my posts are provided as-is. They come with NO WARRANTY at all.

Reageer