[stunnel-users] Goldmine 6.7 behind a Server

Jeff Salisbury Jeff at BeaconPlanning.com
Thu Sep 15 17:09:21 CEST 2011


On 9/15/2011 7:57 AM, Blake Miller wrote:
> Thanks Jeff,
>
> Sounds similar, It's early morning here and I can't access remote clients
> machine through my remotely connected server so can't hack around much until
> later this morning when we get into the offices.
>
> To reconfirm - we ARE able to send/receive email directly from the server,
> running a local instance of GM.  We only have problems when we run GM from a
> client machine, that's running GM from the server.
I may be misunderstanding your config and mistakenly assuming 
similarities to our config because our stunnel config and functionality 
is identical on our Goldmine server and Goldmine workstations.  If it 
works on the server I don't see how it wouldn't work on the workstations.

> But a few
> questions/comments to yours:
>
> 1. Thanks for the confi file.  Looks similar.  Was that from the Server or
> the multiple client machines?  Or both?
We use the same config file on all machines -- both client and server.  
Perhaps our client-server config is different that yours.  Here's our:

1) Our Goldmine server machine is internal to our LAN.
2) Our Goldmine client machines are internal to our LAN.
3) Our email server is external to our LAN .  Our email server is a 
different machine than our Goldmine server.
>
>
> 2. Yes, we'll see how our setup works with those similar parameters.  Can't
> get there yet to test/trial, but that's to be our next step - testing the
> different POP/email settings to see the behaviors.
>
> 3. Thanks, that helps.  So question would be if the config you posted was
> same on both server and local machines?  (I'll be able to test later today,
> but just curious on the meantime)
>
> Thanks again for the help!
> Blake
>
>
> -----Original Message-----
> From: Jeff Salisbury [mailto:Jeff at BeaconPlanning.com]
> Sent: Wednesday, September 14, 2011 3:43 PM
> To: stunnel-users at stunnel.org
> Subject: Re: [stunnel-users] Goldmine 6.7 behind a Server
>
> Hi Blake,  We've been using Goldmine 6.7 and stunnel for years.   At the
> bottom of my email, I've pasted our stunnel config file.  Some thoughts:
>
> 1) I'm not a stunnel expert at all.  The config file you see below was
> pulled right from the download and then tweaked slightly to make it
> work.  I received the tweak help from this forum.  I could be mistaken
> because its been a few years, but I believe one of the key tweaks was
> the addition of the line:  sslVersion = TLSv1
>
> 2) We looked at one time at using the gmail servers, but their POP
> servers are non-standard.  In Goldmine, this was very relevant to us
> because we wanted Goldmine to delete and email from the POP server if
> that email was found to match a contact in Goldmine.  The gmail servers
> refused to do this so we avoided gmail and found a standard POP server
> provider.
>
> 3) We use the same network installation and mapped network drive
> configuration for Goldmine that you describe.  We found that the stunnel
> installation must be on the local machine.
>
> Regards,  Jeff
>
> ====================================================
> # Configuration File Syntax:
> # http://www.stunnel.org/faq/stunnel.html#configuration_file
>
> # GLOBAL OPTIONS
>
> client = yes
> output = C:\Documents and Settings\All Users\Application
> Data\stunnel-log.txt
> debug = 5
> taskbar = yes
> sslVersion = TLSv1
>
> # Some performance tunings
> socket = l:TCP_NODELAY=1
> socket = r:TCP_NODELAY=1
>
>
> # SERVICE-LEVEL OPTIONS
>
> [pop3]
> accept=995
> connect=mypop3.com:995
>
> [smtp]
> accept=465
> connect=mail.mysmtp.com:465
>
>
> On 9/14/2011 2:04 PM, Blake Miller wrote:
>> We are planning to transition our email service to Google Apps with our
>> Goldmine 6.7 Corporate Edition so need to use Stunnel.  We have Goldmine
>> setup and run from a central Server and a shared/networked drive F:   Each
>> client machine runs Goldmine, BUT via the server path noted earlier.  When
>> logged in locally to the server and running Goldmine locally, everything
>> works great. Stunnel is connected, we're able to send/receive email, etc.
>>
>> However from a remote machine, it doesn't work.  Have tried installing
>> stunnel on the local machine.  Have tried accessing the said ports via the
>> Server's IP address from within the network.  And have hacked around
>> different config setups without luck.
>>
>> Being a NOOB with Stunnel, we're at a loss with further configuration
>> without literally 'hacking around' in the dark any further.
>>
>> Our config file is just below
>>
>> Thanks in advance.
>> Blake
>>
>>
>> ;
>>
> ****************************************************************************
>> *
>> ; * Global Options
>> *
>> ;
>>
> ****************************************************************************
>> *
>>
>> ; Debugging stuff (may useful for troubleshooting)
>> debug = 7
>> output = stunnel.log
>>
>> ;
>>
> ****************************************************************************
>> *
>> ; * Service Defaults (may also be specified in individual service
> sections)
>> *
>> ;
>>
> ****************************************************************************
>> *
>>
>> ; Certificate/key is needed in server mode and optional in client mode
>> cert = stunnel.pem
>> ;key = stunnel.pem
>>
>> ; Authentication stuff needs to be configured to prevent MITM attacks
>> ; It is not enabled by default!
>> ;verify = 2
>> ; Don't forget to c_rehash CApath
>> ;CApath = certs
>> ; It's often easier to use CAfile
>> ;CAfile = certs.pem
>> ; Don't forget to c_rehash CRLpath
>> ;CRLpath = crls
>> ; Alternatively CRLfile can be used
>> ;CRLfile = crls.pem
>>
>> ; Disable support for insecure SSLv2 protocol
>> options = NO_SSLv2
>> ; Workaround for Eudora bug
>> ;options = DONT_INSERT_EMPTY_FRAGMENTS
>>
>> ; The following options provide additional security at some performance
>> penalty
>> ; Default ECDH/DH parameters are strong/conservative, so it is quite safe
> to
>> ; comment out these lines in order to get a performance boost
>> options = SINGLE_ECDH_USE
>> options = SINGLE_DH_USE
>>
>> ;
>>
> ****************************************************************************
>> *
>> ; * Service Definitions (at least one service has to be defined)
>> *
>> ;
>>
> ****************************************************************************
>> *
>>
>> ; Example SSL server mode services
>>
>> ;[pop3s]
>> ;accept  = 995
>> ;connect = 110
>>
>> ;[imaps]
>> ;accept  = 993
>> ;connect = 143
>>
>> ;[ssmtp]
>> ;accept  = 465
>> ;connect = 25
>>
>> ; Example SSL client mode services
>>
>>
>> [gmail-pop3]
>> client = yes
>> accept = 127.0.0.1:9995
>> connect = pop.gmail.com:995
>>
>> [gmail-smtp]
>> client = yes
>> accept = 127.0.0.1:4465
>> connect = smtp.gmail.com:465
>>
>> ;[gmail-imap]
>> ;client = yes
>> ;accept = 127.0.0.1:143
>> ;connect = imap.gmail.com:993
>>
>>
>> ; Certificate/key is needed in server mode and optional in client mode
>> cert = stunnel.pem
>> ;key = stunnel.pem
>>
>>
>>
>>
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>>
>
>




More information about the stunnel-users mailing list