Dear folks:
I am trying to install stunnel so that I can have an SSL capability with Calypso.
I was guided to the stunnel.org site by instructions at: http://www.windowsbbs.com/courier-email-client/35188-ssl-connection-really-n.... (the instructions that I am referring to are duplicated below, under the first line of asterisks - they mention later versions of stunnel, but do not update their instructions for them adequately)
I could not understand the instructions at your site that told about modifying the conf file with the LATEST version of stunnel.exe, which I did download and install and that's as far as I got - couldn't understand the options as clearly as I had the others, so uninstalled it.)
(Tried downloading the OLD version, 4.05 exe, mentioned in the instructions and the two dll files,and making all the changes to THAT conf.txt file, etc, but THAT did not work because when I ran the shortcut to the conf.txt file that I had put in the Start folder, the computer gave me, when connected, a "cannot find 1 1/4 dll" message, and then an "illegal op" and a "cannot run due to restrictions on your computer" message (when not connected, just the latter two). I know you don't want to hear about old versions but it was logical for me to try since I could not figure out how to use the latest version.)
So what do I do now?
Thanks!
Lenora (do not give up on me, I have computers in my background, etc. etc)
**************
(Excerpts from the thread at the url listed above)
http://www.windowsbbs.com/courier-email-client/35188-ssl-connection-really-n...
A week ago I provided instructions for using stunnel to provide SSL functionality for Calypso/Courier - in case your email provider requires SSL, which Calypso and Courier do not yet support. Those instructions were correct if your email provider uses the dedicated SSL ports - 465 for smtps, 995 for pop3s, 993 for imap4s. They were incomplete if your email provider uses the standard ports - 25 for smtp, 110 for pop3, [N/A - 143 for imap4].
Normally when the SSL ports are being used the entire conversation is encrypted with SSL. stunnel will initiate the session with the standard SSL protocol. However, if the standard ports are being used the session is initiated without SSL and then switches to SSL using an smtp or pop3 specific protocol (STARTTLS or STLS). stunnel needs to be told this, or it wont work on the standard ports. For the standard ports an extra line is required in the configuration file.
To use stunnel do the following:
1) download the following files from http://www.stunnel.org/download/binaries.html
stunnel-4.05.exe (version may be higher when you go there) libssl32.dll libeay32.dll
and put them into a directory such as C:\Program Files\Stunnel\
2) create a shortcut to stunnel-4.05.exe in the same directory [in WinXP do this by right clicking on it and selecting Create Shortcut]
3) edit the shortcut by right clicking on it and selecting Properties
Modify the Target to look like this "C:\Program Files\Stunnel\stunnel-4.05.exe" stunnel-conf.txt
(Optional) Rename the shortcut to remove the "Shortcut to ".
4) create the file stunnel-conf.txt in the same directory, and put the following lines in it:
----starting with next line---- # GLOBAL OPTIONS
client = yes
output = stunnel-log.txt debug=4
taskbar = yes
# SERVICE-LEVEL OPTIONS
[POP3 (ISP name)] accept = 127.0.0.1:108 connect = myISPs.POP3server.net:995
[SMTP (ISP name)] accept = 127.0.0.1:107 connect = myISPs.SMTPserver.net:465 ----ending with previous line----
Change the server names (before colons), and perhaps ports (after colons), to be correct for your ISP. Change ISP name too. Save and exit.
4b) if your email provider uses standard ports for either smtp or pop3, make either or both of the following changes to your stunnel-conf.txt file:
[POP3 (ISP name)] accept = 127.0.0.1:108 connect = myISPs.POP3server.net:110 protocol = pop3
[SMTP (ISP name)] accept = 127.0.0.1:107 connect = myISPs.SMTPserver.net:25 protocol = smtp
Once again, change the server names (before colons) to be correct for your ISP. Change ISP name too. Save and exit.
4c) if you have two email providers requiring SSL you can add a second set of services like so:
[POP3 (2nd ISP name)] accept = 127.0.0.1:106 connect = my2ndISPs.POP3server.net:995
[SMTP (2nd ISP name)] accept = 127.0.0.1:105 connect = my2ndISPs.SMTPserver.net:465
Each email provider requires its own two ports (e.g. 108+107, 106+105), but 2 email accounts at a single provider can share the same pair of ports. However, if an email provider only uses SSL for one of smtp or pop3, you only need one of the two service sections.
Once again, change the server names (before colons) to be correct for your ISP. Change ISP name too. Save and exit.
5) put a copy of that shortcut into your Start Menu's Programs/Startup folder [normally, by dragging shortcut over Start button, over Programs, over Startup, then drop it in Startup list.]
6) edit your Calypso/Courier Account Properties to change your mail servers.
Incoming: Port 108 Server 127.0.0.1
Outgoing: Port 107 Server 127.0.0.1
[this is done differently for Calypso and Courier, due to Courier's new approach to SMTP servers]
If an email provider only uses SSL for one of smtp or pop3, you only need to change one of the two mail servers. If you set up more than one email provider for SSL, change each account's properties to the corresponding ports.
Now when you check or send email Calypso/Courier will communicate with stunnel, which will connect to your ISP's mail servers via SSL. The shortcut in Startup will rerun stunnel each time you reboot. You should just double-click on the shortcut in the program folder to run stunnel the first time.
Hope this helps.
Greg
*************
Later addition (later on same thread):
I just reinstalled all of my computer and I forgot to backup my sTunnel config! Anyway, the instructions have changed a bit as of sTunnel version 4.12... sTunnel is now distributed as an installer EXE, and the auxiliary DLLs are installed by default.
The only step that really changes is step 1. All you have to do is to download the sTunnel installer and run it. There is no need to download the other files. The rest stays pretty much the same.
**********
Question from somebody:
First of all, I want to thank you for posting this very useful 'how to' -- this is what foruming is all about I have two questions (for anyone): 1. When using Stunnel, does it completely encrypt the user name, password, and the contents of the email, or just the contents? 2. The Stunnel website (www.stunnel.org) mentions that you'd also need the OpenSSL Libraries to make it work. But I did not download them, and still managed to make the Stunnel work with Courier. Am I (still) missing something?
************
Answer:
1. stunnel establishes an ssl tunnel (hence the name) between your computer and the email server. So every byte travelling between the two is encrypted. It's like establishing a VPN between your computer and the server.
2. As gmagana posted at the start of the month, they seem to have enhanced the installation process - such that you don't need to worry about the extra files. Isn't open source great!
*********
Final comment:
Looks like I can finally use Courier with Google's Gmail (http://gmail.google.com) to send/receive encrypted email.
(End of excerpts)
On Mon, 2008-09-01 16:25:15 -0700, John Bryant wrote:
Dear folks:
I am trying to install stunnel so that I can have an SSL capability with Calypso.
[..]
So what do I do now?
Just use the current stunnel version, following the instructions from stunnel.org (as far as the secure tunnel is concerned, for the configuration of Calypso, you might follow your HOWTO).
The error messages you get with the older stunnel binary might indicate a version mismatch of executable (*.exe) and libraries (*.dll).
As the configuration file stuff seems to sound Greek for you:
Stunnel sets up a secure tunnel by acting as a client and a server for a connection, both at the same time. In the configuration file, you have to specify the address of the real server ('connect=...', where the client part of stunnel is supposed to connect to) and the address where the server part of stunnel is supposed to accept connections from the real client (Calypso in your case, the 'accept=...' line).
The configuration of the client has to be changed so that it connects to the server part of stunnel instead of the real server, so the server address in the client configuration must match the 'accept' line in the stunnel configuration. The port numbers (right of the colons) don't really matter, but they have to be unique for each secure tunnel endpoint on your box.
As mail clients usually use different protocols for sending (SMTP) and receiving (POP3), two such tunnels have to be configured in the stunnel configuration file, each in its own section (preceded with a label in square brackets).
Also, there are some global options in stunnel.conf, such as 'client=...', which determines whether the stunnel runs on the client box or the server box (i.e. whether the connections from the client are expected to be already encrypted or not).
HTH,
Ludolf
-
John Bryant -
Ludolf Holzheid