The Planet Forums > How To: Setup Stunnel for MailEnable Pop3

Full Version: How To: Setup Stunnel for MailEnable Pop3

The Planet Forums > Operating Systems > Microsoft Windows > Windows HOWTOs

DanB

Jan 15 2004, 02:33 AM

Hello,

Currently this only covers how to install and configure Stunnel for POP3 connections. I've currently only tested it with MailEnable, and I've no idea if it'll work with any other mail servers. I've also attempted to configure it to work with SMTP and FTP, but have had no success with either of them. So, if anyone manages to get it to work with other mail servers, or gets it working with SMTP and/or FTP please feel free to post here with the information

What is Stunnel? From the Stunnel site:

The stunnel program is designed to work as SSL encryption wrapper between remote clients and local (inetd-startable) or remote servers. The concept is that having non-SSL aware daemons running on your system you can easily set them up to communicate with clients over secure SSL channels.

Step 1:

Download all the needed packages:

http://djbcomputing.com/files/stunnelsetup.zip - All the needed packages and a copy of this howto

OR

http://gnuwin32.sourceforge.net/packages/openssl.htm - Get the Open SSL installer (Binary Setup Link at bottom of page)

http://www.stunnel.org/download/binaries.html - to get the windows binary

http://www.stunnel.org/download/stunnel/sr...nel-4.04.tar.gz - Download this for the sample config file (stunnel.conf-sample.in) and the stunnel.cnf file (will show up as a speed dial shortcut), after you've extracted these you won't need the archive anymore so it's safe to delete.

Step 2:

If you're using my package, unzip it to a handy directory (desktop or whatever)

Install OpenSSL from the binary setup package. IF you let it install to the default location, you will need to go to: C:Program FilesGnuWin32bin and highlight and copy both of the .dll files here (libeay.dll and libssl.dll) . Make sure you copied them and aren't moving them (you'll need them in this directory later). Now open up a new explorer window and go to C:windowssystem and paste those two files in there. Now you can close this window... but keep the SSL window open.

Step 3:

Move the stunnel.cnf file to C:Program FilesGnuWin32bin

Now, double click on openssl.exe, it should bring up a command prompt like: OpenSSL>

Type or copy in the following:

CODE

req -new -x509 -days 365 -nodes -config stunnel.cnf -out stunnel.pem -keyout stunnel.pem

Answer all of the questions, when it gets to 'Common Name (FQDN)' put in the hostname of your computer or your mailserver's name (eg: mail.myhost.com or svr01.myhost.com). I suggest using your hostname as it allows a little more flexability.

Once you're done, keep the explorer window open, but close the command prompt window.

Step 4:

Create a directory named 'stunnel' in the root of your drive, or wherever. Copy over the stunnel binary (stunnel-4.04.exe) and then copy or move the stunnel.pem file you created in the last step. Once you've done this, feel free to close the SSL window you've been keeping open. At this point you should also copy over the stunnel.conf file and make sure it's named stunnel.conf.

Step 5:

If you downloaded the individual packages, proceed to the next step.

If you're using my package then you're done, just double click on the stunnel binary and it should work for POP3 connections on port 995. If it starts without errors, just poke a hole in your firewall (you are running a firewall... right?) for that port. Configure your mail client to talk to the server securely (in Mozilla: Edit: Mail and Newsgroup Account Settings: Server Settings: Check the box that says Use Secure Connection SSL) and then test it out.

Step 6:

Edit the file: stunnel.conf... notepad works fine for this.

You need to comment out basically EVERYTHING (put the # symbol in front of every single line) except for the following:

CODE

[pop3s]

accept = 995

connect = 110

Once you've done this, you can go ahead and start stunnel by clicking on the binary.

It should now work for POP3 connections on port 995. If it starts without errors, just poke a hole in your firewall (you are running a firewall... right?) for that port. Configure your mail client to talk to the server securely (in Mozilla: Edit: Mail and Newsgroup Account Settings: Server Settings: Check the box that says Use Secure Connection SSL) and then test it out.

Purely optional step:

Running Stunnel at startup or as a service:

Rather than having to log into your server after every single reboot, you can have stunnel start automatically by doing either of the following.

Startup item:
Go to your stunnel folder, right click on the stunnel binary and select copy. In the same folder, pick a blank area and right click again... this time select 'Paste Shortcut'. Now, grab that shortcut and drag it over to your start button... eventually it'll pop up... then go to all programs... and startup. Drop it in that folder once it's fully expanded.

Service:

You could try this... http://www.stunnel.org/faq/run.html#ToC7

I used the previous method and it's working ok, if you have success with this method, let us know.

Well, that should be it, if you have problems, let me know in this thread and I'll try and help you out. If you have success with configuring it for SMTP or FTP, PLEASE let me know by posting in this tread and detailing what you did.

Thank you and good luck!

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.