Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > demon.ip.support.turnpike > #18562 > unrolled thread
| Started by | Graeme <News@nospam.demon.co.uk> |
|---|---|
| First post | 2026-04-08 15:07 +0100 |
| Last post | 2026-04-09 10:54 +0100 |
| Articles | 20 on this page of 24 — 4 participants |
Back to article view | Back to demon.ip.support.turnpike
Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-08 15:07 +0100
Re: Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-08 15:14 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-08 16:47 +0100
Re: Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-08 18:17 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-08 18:37 +0100
Re: Problem sending e-mail via Zen "J. P. Gilliver" <G6JPG@255soft.uk> - 2026-04-08 22:31 +0100
Re: Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-09 10:13 +0100
Re: Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-09 10:57 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-09 17:02 +0100
Re: Problem sending e-mail via Zen brian <nospam@b-howie.co.uk> - 2026-04-10 19:45 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-10 20:36 +0100
Re: Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-11 09:59 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-11 10:44 +0100
Re: Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-11 11:20 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-11 19:24 +0100
Re: Problem sending e-mail via Zen brian <nospam@b-howie.co.uk> - 2026-04-13 09:48 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-13 10:38 +0100
Re: Problem sending e-mail via Zen brian <nospam@b-howie.co.uk> - 2026-04-13 12:41 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-13 16:54 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-09 11:04 +0100
Re: Problem sending e-mail via Zen "J. P. Gilliver" <G6JPG@255soft.uk> - 2026-04-09 17:50 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-08 18:28 +0100
Re: Problem sending e-mail via Zen Graeme <News@nospam.demon.co.uk> - 2026-04-09 09:45 +0100
Re: Problem sending e-mail via Zen John Hall <john@jhall.co.uk> - 2026-04-09 10:54 +0100
Page 1 of 2 [1] 2 Next page →
| From | Graeme <News@nospam.demon.co.uk> |
|---|---|
| Date | 2026-04-08 15:07 +0100 |
| Subject | Problem sending e-mail via Zen |
| Message-ID | <$NPTA0ATEm1pFwRc@binnsroad.myzen.co.uk> |
My outgoing e-mail has suddenly stopped working, although outgoing is OK. Logging shows : Wed, 8 Apr 2026 15:03:34 SMTP command rejected while talking to mailhost.zen.co.uk: DATA 530-5.7.0 Authentication required. For more information see the guide at 530 5.7.0 https://www.zen.co.uk/help-support/initalsetupemail Long story short, Zen say I need Encryption Type STARTTLS (if available) or TLS/SSL. Does anyone know what that means or, more to the point, how to configure TP appropriately? Thank you! -- Graeme
[toc] | [next] | [standalone]
| From | Graeme <News@nospam.demon.co.uk> |
|---|---|
| Date | 2026-04-08 15:14 +0100 |
| Message-ID | <rdAW0fBuKm1pFwSY@binnsroad.myzen.co.uk> |
| In reply to | #18562 |
In message <$NPTA0ATEm1pFwRc@binnsroad.myzen.co.uk>, Graeme <News@nospam.demon.co.uk> writes > >My outgoing e-mail has suddenly stopped working, although outgoing is >OK. Sorry! That should read : My outgoing e-mail has suddenly stopped working, although INCOMING is OK. -- Graeme
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-08 16:47 +0100 |
| Message-ID | <n3nbkkFpi71U1@mid.individual.net> |
| In reply to | #18562 |
On 08/04/2026 15:07, Graeme wrote:
>
> My outgoing e-mail has suddenly stopped working, although outgoing is OK.
>
> Logging shows :
>
> Wed, 8 Apr 2026 15:03:34 SMTP command rejected while talking to
> mailhost.zen.co.uk: DATA 530-5.7.0 Authentication required. For more
> information see the guide at 530 5.7.0 https://www.zen.co.uk/help-
> support/initalsetupemail
>
> Long story short, Zen say I need Encryption Type STARTTLS (if available)
> or TLS/SSL.
>
> Does anyone know what that means or, more to the point, how to configure
> TP appropriately?
>
> Thank you!
>
It means that you are going to have to use Stunnel as an intermediary
between Turnpike and the mail server, as TP doesn't include built-in
support for TLS or SSL. In recent years, the official Stunnel site has
only provided a 64-bit version of Stunnel. but you can download a 32-bit
version from here:
https://github.com/josealf/stunnel-win32
The most up-to-date version seems to be 5.77.
As I no longer use TP myself - having gone over to a 64-bit PC, I'm
afraid I can no longer remember enough to provide much help with how to
configure Stunnel and TP to work together, but hopefully someone can
step in to assist. Failing that, although Googlegroups is no longer
operating, its archived posts are still searchable on the web.
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | Graeme <News@nospam.demon.co.uk> |
|---|---|
| Date | 2026-04-08 18:17 +0100 |
| Message-ID | <lTs13UCe2o1pFwy3@binnsroad.myzen.co.uk> |
| In reply to | #18564 |
In message <n3nbkkFpi71U1@mid.individual.net>, John Hall <john@jhall.co.uk> writes >On 08/04/2026 15:07, Graeme wrote: >> My outgoing e-mail has suddenly stopped working, although outgoing >>is OK. >It means that you are going to have to use Stunnel as an intermediary >between Turnpike and the mail server, as TP doesn't include built-in >support for TLS or SSL. Thanks John. I do have Stunnel on this machine, and this is the configuration file : debug = 5 output = stunnel.log [zen POP3] client = yes accept = 127.0.0.1:3110 connect = mailhost.zen.co.uk:995 [zen SMTP] protocol = smtp client = yes accept = 127.0.0.1:25 connect = mailhost.zen.co.uk:587 TIMEOUTconnect = 60 Unfortunately, I have no idea where those entries came from or what they mean, or what they should read. Stunnel is not working, or helping, at present. Anyone? -- Graeme
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-08 18:37 +0100 |
| Message-ID | <n3ni1vFqi6cU1@mid.individual.net> |
| In reply to | #18565 |
On 08/04/2026 18:17, Graeme wrote:
> In message <n3nbkkFpi71U1@mid.individual.net>, John Hall
> <john@jhall.co.uk> writes
>> On 08/04/2026 15:07, Graeme wrote:
>>> My outgoing e-mail has suddenly stopped working, although outgoing
>>> is OK.
>
>> It means that you are going to have to use Stunnel as an intermediary
>> between Turnpike and the mail server, as TP doesn't include built-in
>> support for TLS or SSL.
>
> Thanks John. I do have Stunnel on this machine, and this is the
> configuration file :
>
> debug = 5
> output = stunnel.log
> [zen POP3]
> client = yes
> accept = 127.0.0.1:3110
> connect = mailhost.zen.co.uk:995
> [zen SMTP]
> protocol = smtp
> client = yes
> accept = 127.0.0.1:25
> connect = mailhost.zen.co.uk:587
> TIMEOUTconnect = 60
>
> Unfortunately, I have no idea where those entries came from or what they
> mean, or what they should read. Stunnel is not working, or helping, at
> present.
>
> Anyone?
>
I don't think you should need the protocol line. You could also try
updating to the latest version of Stunnel. And check that you are
linking to Stunnel from TP's configuration settings for SMTP as detailed
in the post I've just made before this.
You could also look at the stunnel.log file to ensure that Stunnel is
actually being invoked and, assuming it is, to see what error is being
thrown up. You could also turn on TP's own debugging and wee what that
shows.
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | "J. P. Gilliver" <G6JPG@255soft.uk> |
|---|---|
| Date | 2026-04-08 22:31 +0100 |
| Message-ID | <10r6hep$3skgu$1@dont-email.me> |
| In reply to | #18567 |
On 2026/4/8 18:37:3, John Hall wrote: > On 08/04/2026 18:17, Graeme wrote: >> In message <n3nbkkFpi71U1@mid.individual.net>, John Hall >> <john@jhall.co.uk> writes >>> On 08/04/2026 15:07, Graeme wrote: >>>> My outgoing e-mail has suddenly stopped working, although outgoing >>>> is OK. Sounds like Zen have joined the multitude of providers who suddenly decided to require TLS/SSL. The previous that I know of is plusnet, who claimed their outsourcing to Greenly would be seamless, obviously being unaware that Greenly expected it, or perhaps being unaware that their own servers didn't. (Even for those using compatible software such as Thunderbird, the transition has been far from seamless: Greenly's systems are a lot more flaky - although it's settled down a lot, I still get occasional "unable to connect" popups from Thunderbird, which I had never seen before the outsourcing.) >> >>> It means that you are going to have to use Stunnel as an intermediary >>> between Turnpike and the mail server, as TP doesn't include built-in >>> support for TLS or SSL. >> >> Thanks John. I do have Stunnel on this machine, and this is the >> configuration file : [] >> Unfortunately, I have no idea where those entries came from or what they >> mean, or what they should read. Stunnel is not working, or helping, at >> present. >> >> Anyone? >> > > I don't think you should need the protocol line. You could also try > updating to the latest version of Stunnel. And check that you are > linking to Stunnel from TP's configuration settings for SMTP as detailed > in the post I've just made before this. I suspect that's the real thing: you've got Stunnel, but your TP is still connecting directly to Zen's servers, rather than to Stunnel. > > You could also look at the stunnel.log file to ensure that Stunnel is > actually being invoked and, assuming it is, to see what error is being > thrown up. You could also turn on TP's own debugging and wee what that > shows. -- J. P. Gilliver. UMRA: 1960/<1985 MB++G()ALIS-Ch++(p)Ar++T+H+Sh0!:`)DNAf Radio 4 is one of the reasons being British is good. It's not a subset of Britain - it's almost as if Britain is a subset of Radio 4. - Stephen Fry, in Radio Times, 7-13 June, 2003.
[toc] | [prev] | [next] | [standalone]
| From | Graeme <News@nospam.demon.co.uk> |
|---|---|
| Date | 2026-04-09 10:13 +0100 |
| Message-ID | <4s0C4iH8221pFwSI@binnsroad.myzen.co.uk> |
| In reply to | #18568 |
In message <10r6hep$3skgu$1@dont-email.me>, J. P. Gilliver <G6JPG@255soft.uk> writes > >I suspect that's the real thing: you've got Stunnel, but your TP is >still connecting directly to Zen's servers, rather than to Stunnel. Progress, I think. Updated Stunnel's config file as suggested by John, and changed the mail gateway to 127.0.0.1, and, under POP3 Mail Collection, changed Port from POP3 to 25. Is that correct? Mail now sends, but throws up a TP error : Delivery Status Notification 535 Incorrect authentication data -- Graeme
[toc] | [prev] | [next] | [standalone]
| From | Graeme <News@nospam.demon.co.uk> |
|---|---|
| Date | 2026-04-09 10:57 +0100 |
| Message-ID | <Ue6pUJIHg31pFwEa@binnsroad.myzen.co.uk> |
| In reply to | #18572 |
In message <4s0C4iH8221pFwSI@binnsroad.myzen.co.uk>, Graeme <News@nospam.demon.co.uk> writes >In message <10r6hep$3skgu$1@dont-email.me>, J. P. Gilliver ><G6JPG@255soft.uk> writes >> >>I suspect that's the real thing: you've got Stunnel, but your TP is >>still connecting directly to Zen's servers, rather than to Stunnel. > >Progress, I think. Updated Stunnel's config file as suggested by John, >and changed the mail gateway to 127.0.0.1, and, under POP3 Mail >Collection, changed Port from POP3 to 25. Is that correct? > >Mail now sends, but throws up a TP error : > >Delivery Status Notification > >535 Incorrect authentication data > Changed Port (above) back to POP3. So, "you will need to replace mailhost.zen.co.uk with 127.0.0.1 and also ensure that the associated port is set to 25." How, or where, do I ensure the associated port is set to 25? -- Graeme
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-09 17:02 +0100 |
| Message-ID | <n3q0t2F7t8uU1@mid.individual.net> |
| In reply to | #18574 |
On 09/04/2026 10:57, Graeme wrote:
> In message <4s0C4iH8221pFwSI@binnsroad.myzen.co.uk>, Graeme
> <News@nospam.demon.co.uk> writes
>> In message <10r6hep$3skgu$1@dont-email.me>, J. P. Gilliver
>> <G6JPG@255soft.uk> writes
>>>
>>> I suspect that's the real thing: you've got Stunnel, but your TP is
>>> still connecting directly to Zen's servers, rather than to Stunnel.
>>
>> Progress, I think. Updated Stunnel's config file as suggested by
>> John, and changed the mail gateway to 127.0.0.1, and, under POP3 Mail
>> Collection, changed Port from POP3 to 25. Is that correct?
>>
>> Mail now sends, but throws up a TP error :
>>
>> Delivery Status Notification
>>
>> 535 Incorrect authentication data
>>
> Changed Port (above) back to POP3.
>
> So, "you will need to replace mailhost.zen.co.uk with 127.0.0.1 and also
> ensure that the associated port is set to 25."
>
> How, or where, do I ensure the associated port is set to 25?
>
Hidden away in an old backup on my network-attached disk drive I have
just managed to find a copy of the PDF version of the TP manual, so by
referring to that I can hopefully offer more help. In the "Sending email
(by SMTP" section, for Mail gateway you want 127.0.0.1 Then click on
Password, and ensure the "Logon using" box is ticked, and ensure that
the user name and password as required by Zen's email server has been
supplied. If you've changed anything then click on OK. There doesn't
seem to be anything in that section to set the port, but I think that TP
uses 25 by default for SMTP outbound mail.
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | brian <nospam@b-howie.co.uk> |
|---|---|
| Date | 2026-04-10 19:45 +0100 |
| Message-ID | <leZc9EFBVU2pFwLY@b-howie.co.uk> |
| In reply to | #18574 |
In message <Ue6pUJIHg31pFwEa@binnsroad.myzen.co.uk>, Graeme <News@nospam.demon.co.uk> writes >In message <4s0C4iH8221pFwSI@binnsroad.myzen.co.uk>, Graeme ><News@nospam.demon.co.uk> writes >>In message <10r6hep$3skgu$1@dont-email.me>, J. P. Gilliver >><G6JPG@255soft.uk> writes >>> >>>I suspect that's the real thing: you've got Stunnel, but your TP is >>>still connecting directly to Zen's servers, rather than to Stunnel. >> >>Progress, I think. Updated Stunnel's config file as suggested by >>John, and changed the mail gateway to 127.0.0.1, and, under POP3 Mail >>Collection, changed Port from POP3 to 25. Is that correct? >> >>Mail now sends, but throws up a TP error : >> >>Delivery Status Notification >> >>535 Incorrect authentication data >> >Changed Port (above) back to POP3. > >So, "you will need to replace mailhost.zen.co.uk with 127.0.0.1 and >also ensure that the associated port is set to 25." > >How, or where, do I ensure the associated port is set to 25? > It's hard coded as 25. I tried to run gmail as smtp sending, but TP won't allow 2 ports as far as I can see. Brian (still using Turnpike) -- Brian Howie
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-10 20:36 +0100 |
| Message-ID | <n3t1pdFmed0U1@mid.individual.net> |
| In reply to | #18588 |
On 10/04/2026 19:45, brian wrote:
> In message <Ue6pUJIHg31pFwEa@binnsroad.myzen.co.uk>, Graeme
> <News@nospam.demon.co.uk> writes
>> In message <4s0C4iH8221pFwSI@binnsroad.myzen.co.uk>, Graeme
>> <News@nospam.demon.co.uk> writes
>>> In message <10r6hep$3skgu$1@dont-email.me>, J. P. Gilliver
>>> <G6JPG@255soft.uk> writes
>>>>
>>>> I suspect that's the real thing: you've got Stunnel, but your TP is
>>>> still connecting directly to Zen's servers, rather than to Stunnel.
>>>
>>> Progress, I think. Updated Stunnel's config file as suggested by
>>> John, and changed the mail gateway to 127.0.0.1, and, under POP3 Mail
>>> Collection, changed Port from POP3 to 25. Is that correct?
>>>
>>> Mail now sends, but throws up a TP error :
>>>
>>> Delivery Status Notification
>>>
>>> 535 Incorrect authentication data
>>>
>> Changed Port (above) back to POP3.
>>
>> So, "you will need to replace mailhost.zen.co.uk with 127.0.0.1 and
>> also ensure that the associated port is set to 25."
>>
>> How, or where, do I ensure the associated port is set to 25?
>>
>
> It's hard coded as 25.
Then that's fine. All that matters is that it corresponds to the port
number that you've specified at the Stunnel end of the TP/Stunnel
connection.
I tried to run gmail as smtp sending, but TP
> won't allow 2 ports as far as I can see.
>
> Brian (still using Turnpike)
Yes, you can only have a single specified destination at any one time
for sending SMTP email to, as otherwise TP wouldn't know which one you
wanted to use for any particular outbound message.
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | Graeme <News@nospam.demon.co.uk> |
|---|---|
| Date | 2026-04-11 09:59 +0100 |
| Message-ID | <Ua9plcFW1g2pFwMi@binnsroad.myzen.co.uk> |
| In reply to | #18590 |
Still trying to send mail, without success. Stunnel config File: [smtp] protocol = smtp client = yes accept = 127.0.0.1:25 connect = mailhost.zen.co.uk:587 verifyChain = yes CAfile = ca-certs.pem checkHost = mailhost.zen.co.uk OCSPaia = yes TP Log Window : Sat, 11 Apr 2026 09:56:29 SMTP[C5] Starting to send mail to [127.0.0.1] Sat, 11 Apr 2026 09:56:29 SMTP[C5] <- 220 smarthost01a.ixn.mail.zen.net.uk ESMTP Exim 4.97 Ubuntu Sat, 11 Apr 2026 08:56:29 +0000 Sat, 11 Apr 2026 09:56:29 SMTP[C5] -> EHLO binnsroad.myzen.co.uk Sat, 11 Apr 2026 09:56:29 Error on closing -- Winsock ERROR : Connection aborted Sat, 11 Apr 2026 09:56:29 Mail connection to [127.0.0.1] closed, 0 messages transmitted Stunnel Log : 2026.04.11 09:57:09 LOG5[6]: Service [smtp] accepted connection from 127.0.0.1:55371 2026.04.11 09:57:09 LOG5[6]: s_connect: connected 212.23.1.11:587 2026.04.11 09:57:09 LOG5[6]: Service [smtp] connected remote server from 192.168.178.21:55372 2026.04.11 09:57:09 LOG5[6]: OCSP: Connecting the AIA responder "http://ocsp.usertrust.com" 2026.04.11 09:57:09 LOG5[6]: s_connect: connected 104.18.38.233:80 2026.04.11 09:57:09 LOG5[6]: OCSP: Certificate accepted 2026.04.11 09:57:09 LOG5[6]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com" 2026.04.11 09:57:09 LOG5[6]: s_connect: connected 104.18.38.233:80 2026.04.11 09:57:10 LOG5[6]: OCSP: Certificate accepted 2026.04.11 09:57:10 LOG5[6]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com" 2026.04.11 09:57:10 LOG5[6]: s_connect: connected 104.18.38.233:80 2026.04.11 09:57:10 LOG3[6]: OCSP: OCSP_basic_verify: 27069065: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error 2026.04.11 09:57:10 LOG4[6]: Rejected by OCSP at depth=0: CN=*.zen.co.uk 2026.04.11 09:57:10 LOG3[6]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed 2026.04.11 09:57:10 LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket Way over my head :-( -- Graeme
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-11 10:44 +0100 |
| Message-ID | <n3ujgdFtpb4U1@mid.individual.net> |
| In reply to | #18593 |
On 11/04/2026 09:59, Graeme wrote:
>
> Still trying to send mail, without success.
>
> Stunnel config File:
>
> [smtp]
> protocol = smtp
> client = yes
> accept = 127.0.0.1:25
> connect = mailhost.zen.co.uk:587
> verifyChain = yes
> CAfile = ca-certs.pem
> checkHost = mailhost.zen.co.uk
> OCSPaia = yes
>
> TP Log Window :
>
> Sat, 11 Apr 2026 09:56:29 SMTP[C5] Starting to send mail to [127.0.0.1]
> Sat, 11 Apr 2026 09:56:29 SMTP[C5] <- 220
> smarthost01a.ixn.mail.zen.net.uk ESMTP Exim 4.97 Ubuntu Sat, 11 Apr 2026
> 08:56:29 +0000
> Sat, 11 Apr 2026 09:56:29 SMTP[C5] -> EHLO binnsroad.myzen.co.uk
> Sat, 11 Apr 2026 09:56:29 Error on closing
> -- Winsock ERROR : Connection aborted
> Sat, 11 Apr 2026 09:56:29 Mail connection to [127.0.0.1] closed, 0
> messages transmitted
>
> Stunnel Log :
>
> 2026.04.11 09:57:09 LOG5[6]: Service [smtp] accepted connection from
> 127.0.0.1:55371
> 2026.04.11 09:57:09 LOG5[6]: s_connect: connected 212.23.1.11:587
> 2026.04.11 09:57:09 LOG5[6]: Service [smtp] connected remote server from
> 192.168.178.21:55372
> 2026.04.11 09:57:09 LOG5[6]: OCSP: Connecting the AIA responder "http://
> ocsp.usertrust.com"
> 2026.04.11 09:57:09 LOG5[6]: s_connect: connected 104.18.38.233:80
> 2026.04.11 09:57:09 LOG5[6]: OCSP: Certificate accepted
> 2026.04.11 09:57:09 LOG5[6]: OCSP: Connecting the AIA responder "http://
> ocsp.sectigo.com"
> 2026.04.11 09:57:09 LOG5[6]: s_connect: connected 104.18.38.233:80
> 2026.04.11 09:57:10 LOG5[6]: OCSP: Certificate accepted
> 2026.04.11 09:57:10 LOG5[6]: OCSP: Connecting the AIA responder "http://
> ocsp.sectigo.com"
> 2026.04.11 09:57:10 LOG5[6]: s_connect: connected 104.18.38.233:80
> 2026.04.11 09:57:10 LOG3[6]: OCSP: OCSP_basic_verify: 27069065:
> error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error
> 2026.04.11 09:57:10 LOG4[6]: Rejected by OCSP at depth=0: CN=*.zen.co.uk
> 2026.04.11 09:57:10 LOG3[6]: SSL_connect: 14090086: error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
> 2026.04.11 09:57:10 LOG5[6]: Connection reset: 0 byte(s) sent to TLS, 0
> byte(s) sent to socket
>
> Way over my head :-(
>
It's rather over my head too!
The error seems to be shown up at this point in the stunnel log:
2026.04.11 09:57:10 LOG3[6]: OCSP: OCSP_basic_verify: 27069065:
error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error
It's possible that it means that Zen have failed at register their mail
server with the ca-certs authority, so it's not found in the authority's
list, but I'm only guessing.
You could try commenting out these four lines, to see if it will then work:
verifyChain = yes
CAfile = ca-certs.pem
checkHost = mailhost.zen.co.uk
OCSPaia = yes
(You can do that by just inserting a semi-colon at the start of each line.)
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | Graeme <News@nospam.demon.co.uk> |
|---|---|
| Date | 2026-04-11 11:20 +0100 |
| Message-ID | <bIEKxyGzBi2pFwtT@binnsroad.myzen.co.uk> |
| In reply to | #18596 |
In message <n3ujgdFtpb4U1@mid.individual.net>, John Hall <john@jhall.co.uk> writes > >You could try commenting out these four lines, to see if it will then work: > >verifyChain = yes >CAfile = ca-certs.pem >checkHost = mailhost.zen.co.uk >OCSPaia = yes > >(You can do that by just inserting a semi-colon at the start of each line.) Sadly not :-( New logs : Sat, 11 Apr 2026 11:16:49 SMTP[C125] Starting to send mail to [127.0.0.1] Sat, 11 Apr 2026 11:16:49 SMTP[C125] <- 220 smarthost01c.ixn.mail.zen.net.uk ESMTP Exim 4.97 Ubuntu Sat, 11 Apr 2026 10:16:49 +0000 Sat, 11 Apr 2026 11:16:49 SMTP[C125] -> EHLO binnsroad.myzen.co.uk Sat, 11 Apr 2026 11:16:49 Error on closing -- Winsock ERROR : Connection aborted Sat, 11 Apr 2026 11:16:49 Mail connection to [127.0.0.1] closed, 0 messages transmitted 2026.04.11 11:18:29 LOG5[128]: Service [smtp] accepted connection from 127.0.0.1:56101 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 212.23.1.11:587 2026.04.11 11:18:29 LOG5[128]: Service [smtp] connected remote server from 192.168.178.21:56102 2026.04.11 11:18:29 LOG5[128]: OCSP: Connecting the AIA responder "http://ocsp.usertrust.com" 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 172.64.149.23:80 2026.04.11 11:18:29 LOG5[128]: OCSP: Certificate accepted 2026.04.11 11:18:29 LOG5[128]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com" 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 172.64.149.23:80 2026.04.11 11:18:29 LOG5[128]: OCSP: Certificate accepted 2026.04.11 11:18:29 LOG5[128]: OCSP: Connecting the AIA responder "http://ocsp.sectigo.com" 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 172.64.149.23:80 2026.04.11 11:18:29 LOG3[128]: OCSP: OCSP_basic_verify: 27069065: error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error 2026.04.11 11:18:29 LOG4[128]: Rejected by OCSP at depth=0: CN=*.zen.co.uk 2026.04.11 11:18:29 LOG3[128]: SSL_connect: 14090086: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed 2026.04.11 11:18:29 LOG5[128]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket -- Graeme
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-11 19:24 +0100 |
| Message-ID | <n3vhu3F3u4iU1@mid.individual.net> |
| In reply to | #18597 |
On 11/04/2026 11:20, Graeme wrote:
> In message <n3ujgdFtpb4U1@mid.individual.net>, John Hall
> <john@jhall.co.uk> writes
>>
>> You could try commenting out these four lines, to see if it will then
>> work:
>>
>> verifyChain = yes
>> CAfile = ca-certs.pem
>> checkHost = mailhost.zen.co.uk
>> OCSPaia = yes
>>
>> (You can do that by just inserting a semi-colon at the start of each
>> line.)
>
> Sadly not :-(
That's disappointing.
>
> New logs :
>
> Sat, 11 Apr 2026 11:16:49 SMTP[C125] Starting to send mail to [127.0.0.1]
> Sat, 11 Apr 2026 11:16:49 SMTP[C125] <- 220
> smarthost01c.ixn.mail.zen.net.uk ESMTP Exim 4.97 Ubuntu Sat, 11 Apr 2026
> 10:16:49 +0000
> Sat, 11 Apr 2026 11:16:49 SMTP[C125] -> EHLO binnsroad.myzen.co.uk
> Sat, 11 Apr 2026 11:16:49 Error on closing
> -- Winsock ERROR : Connection aborted
> Sat, 11 Apr 2026 11:16:49 Mail connection to [127.0.0.1] closed, 0
> messages transmitted
>
> 2026.04.11 11:18:29 LOG5[128]: Service [smtp] accepted connection from
> 127.0.0.1:56101
> 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 212.23.1.11:587
> 2026.04.11 11:18:29 LOG5[128]: Service [smtp] connected remote server
> from 192.168.178.21:56102
> 2026.04.11 11:18:29 LOG5[128]: OCSP: Connecting the AIA responder
> "http://ocsp.usertrust.com"
> 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 172.64.149.23:80
> 2026.04.11 11:18:29 LOG5[128]: OCSP: Certificate accepted
> 2026.04.11 11:18:29 LOG5[128]: OCSP: Connecting the AIA responder
> "http://ocsp.sectigo.com"
> 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 172.64.149.23:80
> 2026.04.11 11:18:29 LOG5[128]: OCSP: Certificate accepted
> 2026.04.11 11:18:29 LOG5[128]: OCSP: Connecting the AIA responder
> "http://ocsp.sectigo.com"
> 2026.04.11 11:18:29 LOG5[128]: s_connect: connected 172.64.149.23:80
> 2026.04.11 11:18:29 LOG3[128]: OCSP: OCSP_basic_verify: 27069065:
> error:27069065:OCSP routines:OCSP_basic_verify:certificate verify error
> 2026.04.11 11:18:29 LOG4[128]: Rejected by OCSP at depth=0: CN=*.zen.co.uk
> 2026.04.11 11:18:29 LOG3[128]: SSL_connect: 14090086: error:14090086:SSL
> routines:ssl3_get_server_certificate:certificate verify failed
> 2026.04.11 11:18:29 LOG5[128]: Connection reset: 0 byte(s) sent to TLS,
> 0 byte(s) sent to socket
>
That seems pretty much the same as the previous error. If you are
absolutely sure that you commented out those four lines, remembered to
save the changes, and then restarted Stunnel and Connect to make sure
that the updated config file was being used, then the only other thing I
can suggest to try is in Connect configure for email click on the
Password button in the SMTP section, check the "Logon using" is ticked,
that for the username you have provided your full email address and that
you have set the correct password. If you find you need to change
something, don't forget to click on OK.
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | brian <nospam@b-howie.co.uk> |
|---|---|
| Date | 2026-04-13 09:48 +0100 |
| Message-ID | <bgxzy2En3K3pFwmq@b-howie.co.uk> |
| In reply to | #18588 |
In message <leZc9EFBVU2pFwLY@b-howie.co.uk>, brian <nospam@b-howie.co.uk> writes >In message <Ue6pUJIHg31pFwEa@binnsroad.myzen.co.uk>, Graeme ><News@nospam.demon.co.uk> writes >>In message <4s0C4iH8221pFwSI@binnsroad.myzen.co.uk>, Graeme >><News@nospam.demon.co.uk> writes >>>In message <10r6hep$3skgu$1@dont-email.me>, J. P. Gilliver >>><G6JPG@255soft.uk> writes >>>> >>>>I suspect that's the real thing: you've got Stunnel, but your TP is >>>>still connecting directly to Zen's servers, rather than to Stunnel. >>> >>>Progress, I think. Updated Stunnel's config file as suggested by >>>John, and changed the mail gateway to 127.0.0.1, and, under POP3 Mail >>>Collection, changed Port from POP3 to 25. Is that correct? >>> >>>Mail now sends, but throws up a TP error : >>> >>>Delivery Status Notification >>> >>>535 Incorrect authentication data >>> >>Changed Port (above) back to POP3. >> >>So, "you will need to replace mailhost.zen.co.uk with 127.0.0.1 and >>also ensure that the associated port is set to 25." >> >>How, or where, do I ensure the associated port is set to 25? >> > >It's hard coded as 25. I tried to run gmail as smtp sending, but TP >won't allow 2 ports as far as I can see. > >Brian (still using Turnpike) In the Turnpike configuration windows I have. POP3 and IMAP ticked down one level use 'APOP' authentication Make sure you are using the correct passwords and usernames My POP3 account is brian@b-howie.co.uk but my SMTP user name is b-howie.co.uk _and_ my passwords are different too if you are getting as you say. "<<< 535 Incorrect authentication data" it might be incorrect passwords or user Id I had a few problems with that. My stunnel config. Pop3.hosts is namesco debug = 5 output = stunnel.log [b-howie POP3] client = yes accept = 127.0.0.1:310 connect = pop3.hosts.co.uk:995 [namesco SMTP] protocol = smtp client = yes accept = 127.0.0.1:25 connect = smtp.hosts.co.uk:25 [gmail-pop3] client = yes accept = 127.0.0.1:3110 connect = pop.gmail.com:995 verifyChain = yes CAfile = ca-certs.pem checkHost = pop.gmail.com OCSPaia = yes TIMEOUTconnect = 60 TIMEOUTidle = 40 TIMEOUTbusy = 40 TIMEOUTclose = 40 ;time to wait for close_notify (set to 0 for buggy MSIE) -- Brian Howie
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-13 10:38 +0100 |
| Message-ID | <n43rrtFoejfU1@mid.individual.net> |
| In reply to | #18606 |
On 13/04/2026 09:48, brian wrote:
> In the Turnpike configuration windows I have.
>
> POP3 and IMAP ticked
Do you really want both ticked rather than just POP3?
>
> down one level
>
> use 'APOP' authentication
>
> Make sure you are using the correct passwords and usernames
>
> My POP3 account is brian@b-howie.co.uk
>
> but my SMTP user name is b-howie.co.uk
I would have thought they would have to be the same. You could try
amending the SMTP user name to brian@b-howie.co.uk
>
> _and_ my passwords are different too
> > if you are getting as you say.
>
> "<<< 535 Incorrect authentication data" it might be incorrect passwords
> or user Id
>
> I had a few problems with that.
>
>
> My stunnel config.
>
> Pop3.hosts is namesco
>
> debug = 5
> output = stunnel.log
>
> [b-howie POP3]
> client = yes
> accept = 127.0.0.1:310
> connect = pop3.hosts.co.uk:995
>
> [namesco SMTP]
> protocol = smtp
> client = yes
> accept = 127.0.0.1:25
> connect = smtp.hosts.co.uk:25
Hang on. I thought you said you were using Zen, not Namesco. I'm now
thoroughly confused. Even if it's Namesco that you're using, that port
25 in the connect line almost certainly needs to be something else
(probably 587), if you're having to use TSL/SSL with it.
>
> [gmail-pop3]
> client = yes
> accept = 127.0.0.1:3110
> connect = pop.gmail.com:995
> verifyChain = yes
> CAfile = ca-certs.pem
> checkHost = pop.gmail.com
>
>
>
> OCSPaia = yes
> TIMEOUTconnect = 60
> TIMEOUTidle = 40
> TIMEOUTbusy = 40
> TIMEOUTclose = 40
> ;time to wait for close_notify (set to 0 for buggy MSIE)
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | brian <nospam@b-howie.co.uk> |
|---|---|
| Date | 2026-04-13 12:41 +0100 |
| Message-ID | <oFCvLCNpZN3pFwTY@b-howie.co.uk> |
| In reply to | #18608 |
In message <n43rrtFoejfU1@mid.individual.net>, John Hall <john@jhall.co.uk> writes >On 13/04/2026 09:48, brian wrote: >> In the Turnpike configuration windows I have. >> POP3 and IMAP ticked > >Do you really want both ticked rather than just POP3? >> down one level >> use 'APOP' authentication >> Make sure you are using the correct passwords and usernames >> My POP3 account is brian@b-howie.co.uk >> but my SMTP user name is b-howie.co.uk > >I would have thought they would have to be the same. You could try >amending the SMTP user name to brian@b-howie.co.uk > >> _and_ my passwords are different too >> > if you are getting as you say. >> "<<< 535 Incorrect authentication data" it might be incorrect >>passwords or user Id >> I had a few problems with that. >> My stunnel config. >> Pop3.hosts is namesco >> debug = 5 >> output = stunnel.log >> [b-howie POP3] >> client = yes >> accept = 127.0.0.1:310 >> connect = pop3.hosts.co.uk:995 >> [namesco SMTP] >> protocol = smtp >> client = yes >> accept = 127.0.0.1:25 >> connect = smtp.hosts.co.uk:25 > >Hang on. I thought you said you were using Zen, not Namesco. I'm now >thoroughly confused. Even if it's Namesco that you're using, that port >25 in the connect line almost certainly needs to be something else >(probably 587), if you're having to use TSL/SSL with it. > >> [gmail-pop3] >> client = yes >> accept = 127.0.0.1:3110 >> connect = pop.gmail.com:995 >> verifyChain = yes >> CAfile = ca-certs.pem >> checkHost = pop.gmail.com >> OCSPaia = yes >> TIMEOUTconnect = 60 >> TIMEOUTidle = 40 >> TIMEOUTbusy = 40 >> TIMEOUTclose = 40 >> ;time to wait for close_notify (set to 0 for buggy MSIE) > > I'm using namesco , the OP is using Zen. Mine works. I dare not untick anything . The user ID's are different for POP3 and SMTP for me. I also receive gmail on Turnpike , but as I said it won't send owing to port conflicts Brian -- Brian Howie
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-13 16:54 +0100 |
| Message-ID | <n44htvFrpl0U1@mid.individual.net> |
| In reply to | #18609 |
On 13/04/2026 12:41, brian wrote:
<snip>
> I'm using namesco , the OP is using Zen.
>
> Mine works. I dare not untick anything . The user ID's are different for
> POP3 and SMTP for me.
>
> I also receive gmail on Turnpike , but as I said it won't send owing to
> port conflicts
Sorry, but it hadn't registered with me that some posts were from you
and not from Graeme!
As your set-up works, I agree that it would be unwise to change anything.
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
| From | John Hall <john@jhall.co.uk> |
|---|---|
| Date | 2026-04-09 11:04 +0100 |
| Message-ID | <n3pbucF4mbdU1@mid.individual.net> |
| In reply to | #18572 |
On 09/04/2026 10:13, Graeme wrote:
> In message <10r6hep$3skgu$1@dont-email.me>, J. P. Gilliver
> <G6JPG@255soft.uk> writes
>>
>> I suspect that's the real thing: you've got Stunnel, but your TP is
>> still connecting directly to Zen's servers, rather than to Stunnel.
>
> Progress, I think. Updated Stunnel's config file as suggested by John,
> and changed the mail gateway to 127.0.0.1, and, under POP3 Mail
> Collection, changed Port from POP3 to 25. Is that correct?
I thought that you said in your original post that it was sending mail
you were having trouble with, and that receiving mail was working. If
that's the case then leave all the POP3 mail collection settings alone.
Unfortunately not having TP any more, I can't look at its relevant
Configure page to tell you just where the entries you need to change for
SMTP sending of mail are. Hopefully John Gilliver can help you with that.
>
> Mail now sends, but throws up a TP error :
>
> Delivery Status Notification
>
> 535 Incorrect authentication data
>
--
John Hall
You can divide people into two categories:
those who divide people into two categories and those who don't
[toc] | [prev] | [next] | [standalone]
Page 1 of 2 [1] 2 Next page →
Back to top | Article view | demon.ip.support.turnpike
csiph-web