Author Topic: Stunnel Question  (Read 6128 times)

0 Members and 1 Guest are viewing this topic.

TwoShoes

  • Guest
Stunnel Question
« on: March 17, 2009, 12:15:29 AM »
Has anyone successfully used stunnel with Vista's Windows Mail to scan Gmail incoming and outgoing emails?  I have been using it successfully with XP and Outlook Express and I set it up the same way in Vista's Windows Mail and can't make a connection to the POP server.

sded

  • Guest
Re: Stunnel Question
« Reply #1 on: March 17, 2009, 12:31:15 AM »
Works fine for me-I set it up and tried it, but use Thunderbird instead.  What does your Stunnel.conf look like for Gmail in and out?  In Windows mail, servers are localhost, ports are whatever you have set in Stunnel.conf, everything is pop3 unencrypted.

TwoShoes

  • Guest
Re: Stunnel Question
« Reply #2 on: March 17, 2009, 01:23:13 AM »
Thanks for the reply. Here is some info about my setup:

In Windows mail I have the servers set at 127.0.0.1 which is how I had them in XP.  Ports are set to 11110 for POP and 11025 for SMTP.  In Avast I have added those ports to the Redirect tab and have unchecked ignore local communication. Here is my stunnel.conf:

cert=stunnel.pem
client=yes
# POP3 service, listens on localhost:11110
[gmail-pop3s]
accept=127.0.0.1:11110
connect=pop.gmail.com:995

# SMTP service, listens on localhost:11025
[gmail-smtps]
accept=127.0.0.1:11025
connect=smtp.gmail.com:465

Ports 995 and 465 are the required ports for Gmail.  Hope this is what you requested.


sded

  • Guest
Re: Stunnel Question
« Reply #3 on: March 17, 2009, 01:44:44 AM »
What use are you making of the "cert" command?  Most systems don't use it, so might make sense to remove it unless you have some special need.  Next thing to do if that is not the problem is to go through the Windows Mail Account tabs, especially the "servers" and "advanced" tabs to see if something is checked by mistake.  There is nothing special about Windows Mail; it is just an "upgrade" to Outlook Express.  :)
« Last Edit: March 17, 2009, 02:47:06 AM by sded »

TwoShoes

  • Guest
Re: Stunnel Question
« Reply #4 on: March 17, 2009, 02:42:55 AM »
Under XP, until I inserted the cert= command I was getting some type of error which I don't recall what it was exactly.  Something about some type of validity.  I can easily remove it and give it another try.  I only have it there because it cleared up an error in XP.  I will also check between my XP and Vista machines to see if I find anything different in the "servers" and "advanced" tabs.  Thanks.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Stunnel Question
« Reply #5 on: March 17, 2009, 04:42:58 AM »
Forgive me butting in but to reinforce the point made by sded earlier it is important to note the difference between direct access to the GMail servers from a mail client and the use of STunnel - this is easily overlooked as the change is made. 

With direct access to the GMail servers you must tell the mail client that the connections are secure.  When you change the connections to localhost to connect via STunnel it is essential that you tell the mail client the connections to Stunnel are non-secured.

TwoShoes

  • Guest
Re: Stunnel Question
« Reply #6 on: March 17, 2009, 01:58:21 PM »
Removed the "cert" in stunnel.conf.  Compared all tabs in XP and Vista email accounts and both are set up exactly the same.  All things that should be unchecked are.  In the Avast redirects, both are also set up exactly the same.  This is the error message that I am getting:

 Account: 'GMail', Server: '127.0.0.1', Protocol: POP3, Server Response: '-ERR Cannot connect to POP server 127.0.0.1 (127.0.0.1:11110), connect error 10061', Port: 11110, Secure(SSL): No, Server Error: 0x800CCC90, Error Number: 0x800CCC90

Can you show me what you enter in your email servers tab info and what your stunnel.conf looks like? 

To me it appears that it is not getting sent through Stunnel to get converted to the proper ports.
« Last Edit: March 17, 2009, 02:04:47 PM by TwoShoes »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Stunnel Question
« Reply #7 on: March 17, 2009, 02:05:43 PM »
Mine is:

cert = stunnel.pem

# GMail
client=yes

# POP3 service, listens on localhost:11110
[gmail-pop3s]
accept=127.0.0.1:11110
connect=pop.gmail.com:995

# SMTP service, listens on localhost:11025
[gmail-smtps]
protocol=smtp
accept=127.0.0.1:11025
connect=smtp.gmail.com:587

But into the email client, the pop3 and smtp servers are NOT 127.0.0.1, but the real ones.
The best things in life are free.

TwoShoes

  • Guest
Re: Stunnel Question
« Reply #8 on: March 17, 2009, 02:10:09 PM »
Is this on XP with Outlook Express or Vista with Windows Mail?

sded

  • Guest
Re: Stunnel Question
« Reply #9 on: March 17, 2009, 02:17:23 PM »
On the Avast! POP tab, is the "scan inbound mail" box checked?  Is Stunnel actually running?  Does the Stunnel log give an error message?  Your Stunnel.conf looks fine.  Mine for gmail inbound looks like:

client=yes
; gmail POP3 service, listens on localhost:11111
[gmail-pop3s]
accept=localhost:11111
connect=pop.gmail.com:995

Attached are the tabs for servers and advanced in windows mail
« Last Edit: March 17, 2009, 02:18:54 PM by sded »

TwoShoes

  • Guest
Re: Stunnel Question
« Reply #10 on: March 17, 2009, 02:44:45 PM »
On my servers tab, I changed mine from 127.0.0.1 to localhost for both servers.  Still will not connect.  In Task Manager on XP, I see stunnel in both the applications and processes tabs.  However in Vista I only see it in the applications tab.  Where do I look for the stunnel log file?  Can't find it in the Stunnel Folder.

sded

  • Guest
Re: Stunnel Question
« Reply #11 on: March 17, 2009, 02:51:57 PM »
Right click on the Stunnel icon and you should see about, log, and exit.  Stunnel should show up on the processes tab.  Do you have it set up to run as a service?  If so, try running it from the startup folder instead.   For me it shows up only on the processes tab, not the application tab.
Update:  Are you using a firewall that could be blocking Stunnel?
« Last Edit: March 17, 2009, 02:53:28 PM by sded »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: Stunnel Question
« Reply #12 on: March 17, 2009, 02:53:35 PM »
Also, in the redirection tab of mail settings, you must uncheck the 'Ignore local communication' and add the other ports to be scanned 11110, 11025.
The best things in life are free.

TwoShoes

  • Guest
Re: Stunnel Question
« Reply #13 on: March 17, 2009, 03:38:49 PM »
Thank you both for the help, I got it to work.  The problem is stunnel needed to be manually started.  In XP it automatically starts up when I boot.  How can I make it do the same in Vista?  I am new to Vista so as much detail as possible will be appreciated.  Thanks again for the assistance.

sded

  • Guest
Re: Stunnel Question
« Reply #14 on: March 17, 2009, 03:41:19 PM »
Glad you got it working.  :) Just make a shortcut for stunnel.exe and put the shortcut in the startup folder.