stunnel configuration w/ SSL and IMAP

[holy_saiyan1]

Hi,

I have looked through all of the relevant FAQs and related posts and tried the suggestions, but my problem still persists.  I know that stunnel isn't officially supported, but I don't believe asking the stunnel mail-list for help would be very helpful, as well, it's all Greek to me.  Configuring Gmail to work with Avast was bad enough!

My problem is, I need help configuring Avast and stunnel to play nicely with a mandatory-SSL SMTP server and an IMAP mail server.  I've seen some related posts, and I know more or less what to do in the Avast.ini file and the Internet Mail config, but stunnel's settings are near impossible, as I'm totally unfamiliar with the syntax rules.

Here's what I need to do:
I have Mozilla Thunderbird, and I know that I need to set the SMTP to listen on localhost:11027 (the number I chose to represent this particular account, as 11025 and 11026 are already occupied).  My question is, what should my stunnel settings be?

The SSL server I'm trying to get my mail from is called oak.cats.ohiou.edu, and is on port 465, SSL is enabled.

Can someone help me figure out what I should put into stunnel.conf?  I'm not a total idiot, but stunnel is totally foreign to me. 

Second part of the question is, how do I get Avast to scan the IMAP incoming mail, which is coming from oak.cats.ohiou.edu on port 993, with secure connection enabled?   As I said earlier, these settings are mandatory, and I don't have any leeway.  Either everything is correct from the server's point of view, or else it's "no mail for you!"

[DaveD]

Your stunnel.conf file would look like:

-----------------------------------------------
client=yes

[oak.cats.ohiou.edu-imap]
accept=localhost:11028
connect=oak.cats.ohiou.edu:993

[oak.cats.ohiou.edu-smtps]
protocol=smtp
accept=localhost:11027
connect=oak.cats.ohiou.edu:465
-----------------------------------------------

- copy that into Notepad and save as stunnel.conf
- copy new stunnel.conf over old stunnel.conf in stunnel program folder
- if stunnel is running, restart stunnel for new settings to take place

Thunderbird Settings

IMAP Server: localhost
IMAP Port: 11028
- make sure SSL (secure connection) is unchecked!

SMTP Server: localhost
SMTP Port: 11027
- make sure SSL/TLS (secure connection) is unchecked!

I am familiar with Thunderbird, but not with setting up IMAP accounts in Thunderbird.

I would highly recommend disabled the Internet Mail provider in avast! until you get  Thunderbird working correctly with stunnel first, that way there is no interference. Once it is all working correctly and you can send and receive e-mail, then start the Internet Mail provider.

Internet Mail provider Setttings

You can tell it, within the GUI, to scan IMAP on port 11028.
Same goes for SMTP on port 11027.

You just need to get into the Internet Mail provider settings through the GUI (I am not running avast! at the moment) but you do not need to edit the avast4.ini file.

Make sure you uncheck the 'Ignore local communication' option in the Internet Mail provider settings on that Redirect tab or it will not work.

Let us know how it goes following these steps. Post back with any problems you may have and we can assist you further.

[holy_saiyan1]

The IMAP part works fine, but something must be wrong with my SMTP settings.

stunnel.conf settings

Code: [Select]

[oak.cats.ohiou.edu-imap]
accept=127.0.0.1:11028
connect=oak.cats.ohiou.edu:993

[oak.cats.ohiou.edu-smtps]
protocol=smtp
accept=127.0.0.1:11027
connect=oak.cats.ohiou.edu:465

;POP3 service, listens on localhost:11111
[gmail-pop3s]
accept = 127.0.0.1:11111
connect=pop.gmail.com:995

; SMTP service, listens on localhost:11025
[gmail-smtps]
accept = 127.0.0.1:11025
connect=smtp.gmail.com:465
Thunderbird 1.5 settings:

Code: [Select]

IMAP Server name: 127.0.0.1:11028

SMTP server name:127.0.0.1:11027
It connects, works for about a couple minutes and then I get "Sending of message failed. The message could not be sent because connecting to SMTP server 127.0.0.1 failed.  The server may be unavailable or refusing connections.  Please verify that your SMTP server setting is correct and try again, or else contact your network administrator."

[Lisandro]

GMail requires a specific ports.
Take a look here: http://forum.avast.com/index.php?topic=10428.0 to see how to set up secure email with avast!.
Advanced configuration: please refer to this post http://forum.avast.com/index.php?topic=8775.msg97026#msg97026
Stunnel now comes as an installer which installs Open SSL and Stunnel so now you just have to download the installer version from here http://www.stunnel.org/download/binaries.html and, besides this, Stunnel has a new version (4.18) 

Hope this help 

[DaveD]

It connects, works for about a couple minutes and then I get "Sending of message failed. The message could not be sent because connecting to SMTP server 127.0.0.1 failed.  The server may be unavailable or refusing connections.  Please verify that your SMTP server setting is correct and try again, or else contact your network administrator."

According to your Thunderbird settings you are using the oak.cats.ohiou.edu SMTP server and not the Gmail SMTP server. The settings between both look fine to me.

Have you tried using the Gmail SMTP server for outgoing?

You can have both e-mail accounts setup to send out through the Gmail server. Sometimes when using multiple e-mail accounts within Thunderbird it is beneficial to use the Manage Identities button on the main tab of the Account Settings. You can have several accounts using the Gmail STMP server for outgoing mail. You could create an Identity to basically "spoof" the other e-mail account to appear to have come from another and such. I don't know if this area of Thunderbird would be useful for this or not.

Make sure within the Outgoing Mail settings in Thunderbird that NO secure connection is used.

Check the Stunnel log for errors. Are there any errors?

I'm not sure what else to say at the moment because the settings look perfect.

[holy_saiyan1]

This is from the stunnel log:

Code: [Select]

2006.10.06 20:06:51 LOG7[3480:3384]: oak.cats.ohiou.edu-smtps accepted FD=260 from 127.0.0.1:3739
2006.10.06 20:06:51 LOG7[3480:3384]: Creating a new thread
2006.10.06 20:06:51 LOG7[3480:3384]: New thread created
2006.10.06 20:06:51 LOG7[3480:2660]: oak.cats.ohiou.edu-smtps started
2006.10.06 20:06:51 LOG7[3480:2660]: FD 260 in non-blocking mode
2006.10.06 20:06:51 LOG5[3480:2660]: oak.cats.ohiou.edu-smtps connected from 127.0.0.1:3739
2006.10.06 20:06:51 LOG7[3480:2660]: FD 284 in non-blocking mode
2006.10.06 20:06:51 LOG7[3480:2660]: oak.cats.ohiou.edu-smtps connecting 132.235.8.44:465
2006.10.06 20:06:51 LOG7[3480:2660]: connect_wait: waiting 10 seconds
2006.10.06 20:06:51 LOG7[3480:2660]: connect_wait: connected
2006.10.06 20:06:51 LOG7[3480:2660]: Remote FD=284 initialized
2006.10.06 20:06:51 LOG5[3480:2660]: Negotiations for smtp (client side) started
2006.10.06 20:08:52 LOG7[3480:1000]: SSL socket closed on SSL_read
2006.10.06 20:08:52 LOG7[3480:1000]: Socket write shutdown
For the meantime, I am going to scan inbound, but not outbound.  Outbound, I will set up through the regular way (using the school's instructions)

[DaveD]

According to that log file it appears to have had some success connecting to that SMTP server before failing.

Which version of Stunnel are you running?

I have had 4.14 and 4.16 working perfectly for inbound and outbound, but no outbound working at all on 4.15. I have not yet tried the latest 4.18 so I cannot comment on that.

You could always keep the same stunnel.conf file, remove your current Stunnel, install 4.14 as it was always reliable, and copy your stunnel.conf file. This will help determine if it just may be a bug in the Stunnel version you are using.

Although I do setup Stunnel for outbound mail, I don't bother scanning it. I really only care to scan incoming mail anyways. The way I see it is you would most likely receive an e-mail virus from an incoming e-mail which would be scanned initially, thus making it pointless to scan outbound mail. If there were a virus on your system and you were to attach that virus to an e-mail to send out, it would be caught by the real-time scanner anyways. I wouldn't lose any sleep over it...

[holy_saiyan1]

I'm running version 4.16. 

Although I do setup Stunnel for outbound mail, I don't bother scanning it. I really only care to scan incoming mail anyways. The way I see it is you would most likely receive an e-mail virus from an incoming e-mail which would be scanned initially, thus making it pointless to scan outbound mail. If there were a virus on your system and you were to attach that virus to an e-mail to send out, it would be caught by the real-time scanner anyways. I wouldn't lose any sleep over it...

That is what I am thinking, as well.  I suppose in the long run it'd be more of a vanity thing, having everything working smoothly.  Two out of three accounts working with Avast and stunnel 100% is not bad at all, and I don't plan on clicking any suspicious e-mail attachments or going to seedy websites with Internet Explorer, so I think I'll be okay.

Thank you for your help!