Listening POP to 2 ports simultaneously ?

[wanidoob]

create 28/02/2005 (19h00)
edit 01/03/2005 (9h00) : reformat my request
edit 02/03/2005 (11h15) : change topic title, to be more pertinent

Hy,

My Mailer is Thunderbird 1.0

My "gmail" account :

Code: [Select]

user_pref("mail.server.serverX.hostname",       "127.0.0.1");
user_pref("mail.server.serverX.port",           995);
user_pref("mail.server.serverX.userName",
"nick@gmail.com#pop.gmail.com");

user_pref("mail.smtpserver.smtpX.hostname", "127.0.0.1");
user_pref("mail.smtpserver.smtpX.port", 587);
user_pref("mail.smtpserver.smtpX.username", "nick@gmail.com#smtp.gmail.com");
My others accounts :

Code: [Select]

user_pref("mail.server.serverX.hostname",       "127.0.0.1");
user_pref("mail.server.serverX.port",           110);
user_pref("mail.server.serverX.userName",
"nick#pop.server.com");

user_pref("mail.smtpserver.smtpX.hostname", "127.0.0.1");
user_pref("mail.smtpserver.smtpX.port", 25);
user_pref("mail.smtpserver.smtpX.username", "nick#smtp.gmail.com");
If I write this in avast4.ini :

Code: [Select]

SmtpListen=127.0.0.1:587
PopListen=127.0.0.1:995It works fine with my "gmail" account but not with others

And if I changed it to :

Code: [Select]

SmtpListen=127.0.0.1:25
PopListen=127.0.0.1:110It works with all my accounts except gmail


Avast works (alone and directly) with Thunderbird if I manually edit avast4.ini for pop 995 & 110 connexions but not both simultaneously...

So I don't need Stunnel, but my gmail account must be pop & smtp through the 995 & 587 port and others mail accounts through 110 & 25 ones.

So I just want Avast to listen simultaneously to two different ports
fort a same protocol.

Does work something like this :

Code: [Select]

SmtpListen=127.0.0.1:25,127.0.0.1:587
PopListen=127.0.0.1:110,127.0.0.1:995Or this :

Code: [Select]

SmtpListen=127.0.0.1:25,587
PopListen=127.0.0.1:110,995
This two examples doesn't seems to work, but I don't know how to use those Avast4.ini lines :

Code: [Select]

DefaultSmtpServer=
DefaultPopServer=
UseDefaultSmtp=
PopRedirectPort=
SmtpRedirectPort=

[Eddy]

Look for a user named Technical. See the links in his signature. He has that explaind in his thread about avast4.ini

[Lisandro]

Look for a user named Technical. See the links in his signature. He has that explaind in his thread about avast4.ini

Here: http://forum.avast.com/index.php?board=2;action=display;threadid=1647
Anyway, I don't think it will help that much...

[wanidoob]

Thanks to have considered my question. I have edited my post to clarify it.

I didn't found this "avast4.ini" topic before, next time I will correctly use my glasses...

But no one message say to me how Avast to listen 2 differents ports (or 2 differents "server:port"), simultaneously...

If it doesn't exist nowaday, it will be a good inovation to do, I think. But if we can, please, tell me how ;o(


I'll continue in this topic (http://forum.avast.com/index.php?topic=1647.msg98491#msg98491)

[vojtech]

The mail scanner will not work with SSL no matter how you change the ports.

[wanidoob]

OK, that's what I was understanding at this time...

But SSL works with ThunderBird alone, with login "nick@gmail" and server "pop.gmail.com" / port "995". But I prefer Avast to scan those emails too...

And I don't find any complete conf files examples to work with Thunderbird + Avast +/- OpenSSL/Stunnel.

I know how to configure Thunderbird, but have I to change the 995 SSL and 587 TSL ports (in my gmail account configuration), can I keep the 110 and 25 ports (for others accounts) ?

I don't know how to configure Avast ? PopListen to 110, to 995, or to another one port (to work simultaneously with my normal and SSL accounts) ?

I don't know how to configure Stunnel (without anti-spam program) ? my tests doesn't work, the files "stunnel.pem" seems to lack, and I haven't any complete example for "stunnel.ini"...

Do I have some things to do for OpenSSL itself ?


very newbie in networking, especially secure networking...

[Lisandro]

The mail scanner will not work with SSL no matter how you change the ports.

Right now I can use Stunnel and GMail with Spamihilator and avast.
But not smtp... I'm trying yet... 

[Lisandro]

And I don't find any complete conf files examples to work with Thunderbird + Avast +/- OpenSSL/Stunnel.

For the account: username@gmail.com

The file stunnel.conf into the Stunnel folder must be:

# We're running as a client to SSLify the GMail POP connection
client=yes

# POP3 service, listens on localhost:11110
[gmail-pop3s]
accept=127.0.0.1:11110
connect=pop.gmail.com:995
#or the SSL port of your Secure POP server if you use another service.

# SMTP service, listens on localhost:11125
[gmail-smtps]
accept=127.0.0.1:11125
connect=smtp.gmail.com:465
protocol=smtp
#or the SSL port of your Secure SMTP server if you use another service.


In avast4.ini file:

[MailScanner]
PopListen=127.0.0.1:110
SmtpListen=127.0.0.1:25
ImapListen=127.0.0.1:143
NntpListen=127.0.0.1:119
AutoSetProtection=0
PassThrough=1
Trust=127.0.0.1
AutoRedirect=1
StartSmtp=1
StartPop=1
StartImap=1
StartNntp=1
PopRedirectPort=110,11110
SmtpRedirectPort=25,11125
ImapRedirectPort=143
NntpRedirectPort=119
IgnoreLocalhost=0

Account configuration into your email program:

POP3 server: 127.0.0.1
Account name: 127.0.0.1&username&11110
Port: 120 (if you use Spamihilator), if not, I suppose 110 will work

Of course, you must have Stunnel installed and running as a service and OpenSSL.

Do I have some things to do for OpenSSL itself ?

No. Only install it.

Still testing smtp configuration

[wanidoob]

I've tried with your confs, and I thank you to have posted them !

Note for you : my gmail informations indicates the smtp port 587 for thunderbird (and Entourage 2004, Appel Mail. But 465 for all versions of Outlook, EntourageX... both 587 and 465 might be tested !)

So, with "IgnoreLocalhost=0" no one pop connection does work, but non SSL pop connections are working with "IgnoreLocalhost=1".

But my gmail connection isn't working at all : thunderbird is "connected to 127.0.0.1...", but no pass request niether error message !

My confs (without anti-spam) :
(I use colors to mark where the datas come from - please notify me if I was mistaken or if I missed something)

Thunderbird gmail account :

login= "nick@gmail.com#127.0.0.1"
server= "127.0.0.1"
port="110"

Avast ini file, all [MailScanner] section :

[MailScanner]
Log=20
ShowTrayIcon=1
PopListen=127.0.0.1:110
SmtpListen=127.0.0.1:25
ImapListen=127.0.0.1:143
NntpListen=127.0.0.1:119
AutoSetProtection=0
PassThrough=1
Trust=127.0.0.1
AutoRedirect=1
StartSmtp=1
StartPop=1
StartImap=1
StartNntp=1
PopRedirectPort=110,11110
SmtpRedirectPort=25,11025
ImapRedirectPort=143
NntpRedirectPort=119
IgnoreLocalhost=1
IgnoreAddress=

Stunnel conf file :

# We're running as a client to SSLify the GMail POP connection
client=yes

# POP3 service, listens on localhost:11110
[gmail-pop3s]
accept=127.0.0.1:11110
connect=pop.gmail.com:995
#or the SSL port of your Secure POP server if you use another service.

# SMTP service, listens on localhost:11125
[gmail-smtps]
accept=127.0.0.1:11125
connect=smtp.gmail.com:587
protocol=smtp
#or the SSL port of your Secure SMTP server if you use another service.

That's right that I don't understand exactly the pop connection route, is that exact :
thunderbird send "nick@gmail.com#127.0.0.1" to 127.0.0.1:110
=> avast listen 127.0.0.1:110
=> avast send (PopRedirectPort) "nick@gmail.com" to 127.0.0.1:110 (*) and 127.0.0.1:11110 (**)
=> stunnel accept 127.0.0.1:11110 and connect to pop.gmail.com:995
=> pop.gmail.com authentify the login, and return mails
=> stunnel get and pass mails through avast
=> avast scan it and add X-tags
=> thunderbird get them

(*) but avast is listen to 127.0.0.1:110 : does it check it again ?
(**) does all datas be send twice, once to 127.0.0.1:110 and once to 127.0.0.1:11110 ? so each login/pass is send to pop.gmail.com and to another one pop server... not secure for gmail SSL-data niether for all pass : all connections could be intercept on the unsecure pop connections ?

[lukor]

The port on which mail scanner listens on you localhost is absolutely irrelevant. Make it 43223 if you like, it won't change the functionality of the product, nor would it add missing features (like the understanding to SSL protocol).

Those are ports avast listen's on. What do you think those number mean? They are just arbitrary numbers - of course they must match the configuration in you mail client, but appart from this the have no meaning.

What is your OS? Is it win9x?

[Lisandro]

Nor would it add missing features (like the understanding to SSL protocol).

Lukas, can't the email be downloaded and 'locally' scanned?

I mean something like this:
ISP > Stunnel or Spam application > avast > email program

Or avast can only scan the email 'after' it was handled by the email program?

[lukor]

Yes, that is possible. I though that this is exactly how you have it configured....

[wanidoob]

I know I'm not an engineer network 
I'm a poor lansome newbie 
english newbie + network newbie

so please be patient

What is your OS? Is it win9x?

My O.S. is WinXP

I choose the 110 port to be listen on, because of my others mails (non SSL). I'm french and I don't understand what means "unrelevant" : "not important" (so I can choose what I want - that's I'm thinking) or "not good" (and so, which could be good) ?


I know that avast doesn't support SSL, but I thought stunnel was doing it : stunnel connects directly to pop.gmail.com (in SSL mode + OpenSSL 0.9.7e). So stunnel get emails and passed them (no-SSL mode) to thunderbird through avast

My problem is :

- if stunnel launch as service at win startup, it seems not to work because of no network detection (it says "DNS resolving error" on "pop.gmail.com" and "smtp.gmail.com"), and no session is detected when I try to pop my email with thunderbird

- if I lauch stunnel as service after win startup, it appears as service, but I can't change the "stopped"status (in msconfig, services tab)

+ and If I want avast to scan 'locally', I have to uncheck
IgnoreLocalhost (=0). But in this case, no one mail account (gmail/SSL niether others/no-SSL) reach the pop.server !

[lukor]

Wanidoob,

what I meant is that you don't have to fiddle with the port number avast listens on. Just choose one port and let it there. Having the listening port in avast set to 110 makes things easier if you want your mail client to download mail directly through avast, since 110 is usually the default number and so you need not to change it. There is no need to force avast listen on two ports for whatever reason - as you are suggesting in your original post.

The configuration suggested by Technical seems pretty reasonable to me. It should work with SSL tunnel. I don't know how SSL tunnel works in detail, so I cannot help you with it's configuration right now.

In general you can firstly setup the SSL tunnel and your mail client to work together - and forget about avast for a moment. You will end up with something like Technical offered. That is, you'll have a service running on your localhost, eg. on port 11110, which connects to the gmail pop server via SSL. That is, instead of pop.gmail.com, port 995, you would be connecting to localhost, port 11110, and the connection to gmail will be realized by the SSL tunnel. In order to work, you would have to setup the localhost server in your mail client. Technical's config is further complicated by the presence of SpamFilter, but let's omit this for a moment.

In you mail client you now have localhost as a server and 11110 as a port. If this would work (with SSL tunnel setup correctly) all is fine. Now it's time to add avast scanning to the whole stream. Best place for avast is between your mail client and SSL Tunnel. Avast automatically monitors all connections to port 110, eg. pop.myisp.com:110, but in your case there is no connection to port 110, instead 11110 is being used. So firstly you'll have to add PopRedirectPort=110,11110. Now avast will redirect (monitor) both 110 and 11110 ports. Your connections are directed to localhost:11110, but under standard setup localhost is ignored and not monitored. So secondly you need to add IgnoreLocalhost=0.

Finally, if you have problems starting the SSL Tunnel service, please use Control Panel / Administrative Tools / Services, there you can change the status from stopped to started.

Lukas.

[wanidoob]

thanks a lot lukor...

it works !!

I will say more, but not at this time