Secure Mail Server Issues

[ling2]

Ling2 has given a very concise and organized way of configuring SSL.

Thank you for your compliment, but this has been done not by me but by many members in this forum. I just modified it and added some new information. We should thank the members that have gathered and organized the information we need to use the secure connection with avast!.

I am also using gmail but my mails are not been checked by avast 4.6

The FAQ I wrote is for those who use the email client, the SPAM filter, avast!, and Stunnel in this order for the secure connection. If you are a Windows NT, 2000, XP, or 2003 user and use Gmail with only the email client, avast!, and Stunnel, you can do the following things to configure them:

(1) Follow A. in FAQ to prepare Stunnel. You can use the code in A. for the stunnel.conf file without modifying it.

(2) Set up your Gmail account in your email client like this:
POP access

• server: 127.0.0.1
• port: 11110
• username: username@gmail.com

SMTP access

• server: 127.0.0.1
• port: 11025
• username: username@gmail.com

The servers are where Stunnel is, and the ports are where Stunnel listens.

(3) Right-click on the avast! tray icon. Select "On-Access Protection Control". Choose "Internet Mail" from "Installed providers", the pane on the left side of the "avast! On-Access Scanner" window. Click on the "Customize" button on the right side of the window. Click on the "Redirect" tab. First uncheck "Ignore local communication" in the tab. Then add in "Redirected ports" 11110 for POP and 11025 for SMTP. These ports are where Stunnel listens, and where avast! will scan emails you send and receive over your Gmail account.

Don't forget to turn off "Ignore local communication" in (3). In the "POP" and "SMTP" tabs make sure you've checked "Scan Inbound/Outbound mail".

If you can't have avast! scan your emails on Gmail yet, feel free to ask me a question providing some more information on yours.

[ling2]

How to handle the SSL or TLS connection with a SPAM filter and avast!
This FAQ will be useful for those who want to use the email client, the SPAM filter, avast!, and Stunnel in this order for the secure connection.

For Windows 95, 98, and Me users

I guess Windows 9x and Me users still need to manually set up avast!'s email protection to configure Stunnel with avast! and a SPAM filter. As I use avast!4.6 on Windows XP and 4.6 doesn't allow me to manually set it up any longer, I can't make sure the following configuration works fine. As this is what I did with avast!4.5, however, I think it will work fine for those who need to manually set up the email protection.

A. Installing and preparing Stunnel
Refer to "A. Installing and preparing Stunnel" for Windows NT, 2000, XP, and 2003 users.

B. Setting the mail client
I will assume that you have two kinds of POP accounts, one normal account (toto@myserver.com) and one secure account (toto2@gmail.com).
I will also assume that your SPAM filter uses the port 120 (like Spamihilator). If not, adapt the following instructions.
Warning to Gmail users: For a Gmail username in the mail client settings, you should set something like toto2@gmail.com, not like "toto2". (It can also work, though.) Although I'll use "toto2" for a Gmail username in the following instructions because I don't want those who use other services to get confused, Gmail Help says "@gmail.com" should be included in a Gmail username.

Configure the normal POP account like this:

• server: 127.0.0.1 (This is your SPAM filter's location.)
• port: 120 (This port number is for Spamihilator. Adapt it for the port listened by your SPAM filter.)
• username: 127.0.0.1&toto#pop.myserver.com:110&110 (127.0.0.1 is avast!'s location. The first "110" is your remote POP server's port (where your remote POP server listens). If your remote POP server listens on a different port, adapt it. The second "110" is where avast! listens. "Mailserver&username&port" is the format Spamihilator requires. "Username#mailserver:port" is the format avast! requires.)

Configure the normal SMTP access like this:

• server: 127.0.0.1 (This is avast!'s location.)
• port: 25 (This is where avast! listens.)
• username: toto#smtp.myserver.com:25 (25 is your remote SMTP server's port (where your remote SMTP server listens). If your remote SMTP server listens on a different port, adapt it. "Username#mailserver:port" is the format avast! requires.)

Configure the secure POP account like this:

• server: 127.0.0.1 (This is your SPAM filter's location.)
• port: 120 (This port number is for Spamihilator. Adapt it for the port listened by your SPAM filter.)
• username: 127.0.0.1&toto2#127.0.0.1:11110&110
  (The first "127.0.0.1" is avast!'s location. The second "127.0.0.1" is Stunnel's location. 11110 is where Stunnel listens. 110 is where avast! listens. "Mailserver&username&port" is the format Spamihilator requires. "Username#mailserver:port" is the format avast! requires.)

Configure the secure SMTP access like this:

• server: 127.0.0.1 (This is avast!'s location)
• port: 25  (the port listened by avast!)
• username: toto2#127.0.0.1:11025 (127.0.0.1 is Stunnel's location. The port 11025 is where Stunnel listens. "Username#mailserver:port" is the format avast! requires.)

C. Setting avast!
As you probably know, the avast4.ini file sits in the DATA folder in the folder where avast! has been installed. It is C:\Programs\Alwil Software\Avast4\DATA by default. If you can't find it, use "Search" to look for avast4.ini.

Open it in Notepad and locate the item named [MailScanner]. Under [MailScanner] you need to add the following values:

Code: [Select]

PopListen=127.0.0.1:110
SmtpListen=127.0.0.1:25
PopRedirectPort=110
SmtpRedirectPort=25
AutoRedirect=1
IgnoreLocalhost=0
Leave intact the other values except those above under [MailScanner] in the avast4.ini file. It seems that when you manually set up avast!'s email protection, you should set as the redirected ports (Pop/SmtpRedirectPort) only the port numbers where avast! listens. If you have a problem with this setting, you should delete the line "IgnoreLocalhost=0" because in your email client settings you tell avast! where avast! has to scan, which is the localhost (127.0.0.1).


For Windows NT, 2000, XP, and 2003 users

Please refer to this post.

[scaa]

Even if the mail under SSL is not checked, is it possible that standard shield will check the same when the mail or the attachments in gmail are opened in the computer?

[ling2]

Even if the mail under SSL is not checked, is it possible that standard shield will check the same when the mail or the attachments in gmail are opened in the computer?

Sure Standard Shield will. You should set the sensitivity of Standard Shield at "High".

As Gmail bounces an incoming mail with an executable file as an attachment on it, it's a bit safer than other email services that way.

[GL44]

Using Avast with stunnel but without a spam filter:

I have had success with Thunderbird  1.0.2 and stunnel.
I don't need a spam filter since the ISP does that job for me (and quite well).

It was a bit confusing in previous posts to see the references to Gmail and setting it up to use a spam filter so I thought I would post a more generic setup where no spam filter was needed and a more generic ISP was used.

Here is what works for me:

stunnel.conf looks like this (needless to say you must replace ISPname with the actual name of your ISP):
# stunnel client for ISPname
client=yes

# POP3 service, listens on localhost:11110
[ISPname-pop3s]
accept=localhost:11110
connect=mail.ISPname.com:995

#SMTP
[ISPname-smtps]
protocol=smtp
accept=localhost:11025
connect=mail.ISPname.com:587

I think the above ports (995 and 587) are quite standard values for a lot of ISPs.

In Thunderbird, you go to Server Settings and fill in the setting for your account as follows:

POP server settings:
ServerName is 127.0.0.1
Port is 11110
User name is in the following format: username@mail.ISPname.com

Please note that when Avast is being used by itself (without SSL), the  format for username is username#mail.ISPname.com which is something I forgot to change when I was implementing SSL. So don't forget to change # to @ when you do this.

smtp settings:
ServerName is 127.0.0.1
Port is 11025
Put a check mark for "User name and password:"
In the user name field ONLY put your user name. Do not put the domain. At least this is what I had to do to get outgoing messages to work for my ISP. When you were using the regular non-SSL mail with Avast, you didn't need to supply this user name but now that we are using stunnel you must supply it.

I am using Avast 4.6. If you try to make changes to the avast.ini file as has been noted in previous posts, your changes will be futile because they will lost when you reboot. Avast will rewrite the ini file on system restart. Note - this was my fault, I did not notice those instructions were for the 4.5 version. So if you have Avast 4.6 don't even think about editing the avast.ini file. The way you must do it is right-click on the avast systray icon, select On-access Protection control, select Internet Mail, select Customize, click on Redirect tab and change redirected ports so that POP is 11110 and smtp is 11025. Click OK.

That is it. Thunderbird will ask for your email password because you have changed settings but after that it is perfect. You can then click on the stunnel icon and see that the communication is happening on secure channels which is very comforting .

I think ISPs are encouraging people to use secure mail, so I have changed all my accounts accordingly.

[ling2]

I am using Avast 4.6. If you try to make changes to the avast.ini file as has been noted in previous posts, your changes will be futile because they will lost when you reboot. Avast will rewrite the ini file on system restart. Note - this was my fault, I did not notice those instructions were for the 4.5 version. So if you have Avast 4.6 don't even think about editing the avast.ini file. The way you must do it is right-click on the avast systray icon, select On-access Protection control, select Internet Mail, select Customize, click on Redirect tab and change redirected ports so that POP is 11110 and smtp is 11025. Click OK.

Both instructions for Windows NT, 2000, XP, and 2003 users and ones for Windows 95, 98, and Me users are aimed at avast! 4.6 users.

As it is said in the Redirect tab that the Redirect tab is not available for Windows 95, 98, and Me users, I guess, they still need to modify the avast.ini file manually. Windows NT, 2000, XP, and 2003 users must use the Redirect tab to add any change to the avast.ini file as I wrote in the previous post.

Then, if you're a Windows NT, 2000, XP, or 2003 user and don't use a spam filter such as Spamihilator, you should follow GL44's post just above this one.

[troubleshooting]

did anyone sucessfully scan the mails of gmail though avast 4.6V in outlook express 6.0V?

[DavidR]

Yes they have, but not without using third party software. Do a forum search fro gmail and stunnel, this has been discussed many times before.

[sded]

For detailed instructions with gmail, see http://forum.avast.com/index.php?topic=14854.msg125401#msg125401