[stunnel-users] A Calypso user needs your help with stunnel

Tue Sep 2 01:25:15 CEST 2008

Dear folks:

I am trying to install stunnel so that I can have an SSL capability with Calypso.

I was guided to the stunnel.org site by instructions at:
http://www.windowsbbs.com/courier-email-client/35188-ssl-connection-really-needed.html. (the instructions that I am referring to are duplicated below, under the first line of asterisks - they mention later versions of stunnel, but do not update their instructions for them adequately)

I could not understand the instructions at your site that told about modifying the conf file with the LATEST version of stunnel.exe, which I did download and install and that's as far as I got - couldn't understand the options as clearly as I had the others, so uninstalled it.)

(Tried downloading the  OLD version, 4.05 exe, mentioned in the instructions and the two dll files,and making all the changes to THAT conf.txt file, etc, but THAT did not work because when I ran the shortcut to the conf.txt file that I had put in the Start folder, the computer gave me, when connected, a "cannot find 1 1/4 dll" message, and then an "illegal op" and a "cannot run due to restrictions on your computer" message (when not connected, just the latter two).  I know you don't want to hear about old versions but it was logical for me to try since I could not figure out how to use the latest version.)

So what do I do now?

Thanks!

Lenora (do not give up on me, I have computers in my background, etc. etc)

**************

(Excerpts from the thread at the url listed above)

http://www.windowsbbs.com/courier-email-client/35188-ssl-connection-really-needed.html

A week ago I provided instructions for using stunnel to provide SSL functionality for Calypso/Courier - in case your email provider requires SSL, which Calypso and Courier do not yet support. Those instructions were correct if your email provider uses the dedicated SSL ports - 465 for smtps, 995 for pop3s, 993 for imap4s. They were incomplete if your email provider uses the standard ports - 25 for smtp, 110 for pop3, [N/A - 143 for imap4].

Normally when the SSL ports are being used the entire conversation is encrypted with SSL. stunnel will initiate the session with the standard SSL protocol. However, if the standard ports are being used the session is initiated without SSL and then switches to SSL using an smtp or pop3 specific protocol (STARTTLS or STLS). stunnel needs to be told this, or it wont work on the standard ports. For the standard ports an extra line is required in the configuration file.

To use stunnel do the following:

1) download the following files from http://www.stunnel.org/download/binaries.html

stunnel-4.05.exe (version may be higher when you go there)
libssl32.dll
libeay32.dll

and put them into a directory such as C:\Program Files\Stunnel\

2) create a shortcut to stunnel-4.05.exe in the same directory
[in WinXP do this by right clicking on it and selecting Create Shortcut]

3) edit the shortcut by right clicking on it and selecting Properties

Modify the Target to look like this
"C:\Program Files\Stunnel\stunnel-4.05.exe" stunnel-conf.txt

(Optional) Rename the shortcut to remove the "Shortcut to ".

4) create the file stunnel-conf.txt in the same directory, and put the following lines in it:

----starting with next line----
# GLOBAL OPTIONS

client = yes

output = stunnel-log.txt
debug=4

taskbar = yes

# SERVICE-LEVEL OPTIONS

[POP3 (ISP name)]
accept = 127.0.0.1:108
connect = myISPs.POP3server.net:995

[SMTP (ISP name)]
accept = 127.0.0.1:107
connect = myISPs.SMTPserver.net:465
----ending with previous line----

Change the server names (before colons), and perhaps ports (after colons), to be correct for your ISP. Change ISP name too. Save and exit.

4b) if your email provider uses standard ports for either smtp or pop3, make either or both of the following changes to your stunnel-conf.txt file:

[POP3 (ISP name)]
accept = 127.0.0.1:108
connect = myISPs.POP3server.net:110
protocol = pop3

[SMTP (ISP name)]
accept = 127.0.0.1:107
connect = myISPs.SMTPserver.net:25
protocol = smtp

Once again, change the server names (before colons) to be correct for your ISP. Change ISP name too. Save and exit.

4c) if you have two email providers requiring SSL you can add a second set of services like so:

[POP3 (2nd ISP name)]
accept = 127.0.0.1:106
connect = my2ndISPs.POP3server.net:995

[SMTP (2nd ISP name)]
accept = 127.0.0.1:105
connect = my2ndISPs.SMTPserver.net:465

Each email provider requires its own two ports (e.g. 108+107, 106+105), but 2 email accounts at a single provider can share the same pair of ports. However, if an email provider only uses SSL for one of smtp or pop3, you only need one of the two service sections.

Once again, change the server names (before colons) to be correct for your ISP. Change ISP name too. Save and exit.

5) put a copy of that shortcut into your Start Menu's Programs/Startup folder
[normally, by dragging shortcut over Start button, over Programs, over Startup, then drop it in Startup list.]

6) edit your Calypso/Courier Account Properties to change your mail servers.

Incoming:
Port 108
Server 127.0.0.1

Outgoing:
Port 107
Server 127.0.0.1

[this is done differently for Calypso and Courier, due to Courier's new approach to SMTP servers]

If an email provider only uses SSL for one of smtp or pop3, you only need to change one of the two mail servers. If you set up more than one email provider for SSL, change each account's properties to the corresponding ports.

Now when you check or send email Calypso/Courier will communicate with stunnel, which will connect to your ISP's mail servers via SSL. The shortcut in Startup will rerun stunnel each time you reboot. You should just double-click on the shortcut in the program folder to run stunnel the first time.

Hope this helps.

Greg 

*************

Later addition (later on same thread):

I just reinstalled all of my computer and I forgot to backup my sTunnel config! Anyway, the instructions have changed a bit as of sTunnel version 4.12... sTunnel is now distributed as an installer EXE, and the auxiliary DLLs are installed by default.

The only step that really changes is step 1. All you have to do is to download the sTunnel installer and run it. There is no need to download the other files. The rest stays pretty much the same.

**********

Question from somebody:

First of all, I want to thank you for posting this very useful 'how to' -- this is what foruming is all about  
I have two questions (for anyone):
1. When using Stunnel, does it completely encrypt the user name, password, and the contents of the email, or just the contents?
2. The Stunnel website (www.stunnel.org) mentions that you'd also need the OpenSSL Libraries to make it work. But I did not download them, and still managed to make the Stunnel work with Courier. Am I (still) missing something? 

************

Answer:

1. stunnel establishes an ssl tunnel (hence the name) between your computer and the email server. So every byte travelling between the two is encrypted. It's like establishing a VPN between your computer and the server.

2. As gmagana posted at the start of the month, they seem to have enhanced the installation process - such that you don't need to worry about the extra files. Isn't open source great!

*********

Final comment:

Looks like I can finally use Courier with Google's Gmail (http://gmail.google.com) to send/receive encrypted email. 

(End of excerpts)