I think that on the update to avast!4.6 we need to revise
yildi's FAQ on how to handle the secure connection with a SPAM filtering application and avast!'s email protection. I'll draft the revised FAQ here. This FAQ sure is based on
yildi's FAQ. I'll just add some new information to his and reorganize it. Thank you for providing useful information,
yildi!
How to handle the SSL or TLS connection with a SPAM filter and avast!This FAQ will be useful for those who want to use the email client, the SPAM filter, avast!, and Stunnel in this order for the secure connection.
For Windows NT, 2000, XP, and 2003 usersA. Installing and preparing StunnelDownload OpenSSL for Windows from
http://www.slproweb.com/products/Win32OpenSSL.html and install it.
Download Stunnel for Windows from
http://www.stunnel.org/download/binaries.html. You need to download Stunnel that can work with the version of OpenSSL you've just installed.
Stunnel you've downloaded is not an installer but the Stunnel application itself, and you can place it in any specific folder (e.g. in C:\stunnel).
In the folder where you have copied Stunnel, you will create its configuration file. Launch Notepad and type the following (adapt it if necessary) in the blank document:
; have Stunnel work as a client (not as a server)
client=yes
; POP3 service, listens on localhost:11110
[gmail-pop3s]
accept=127.0.0.1:11110
connect=pop.gmail.com:995
; or your secure POP server's name and port
; SMTP service, listens on localhost:11025
[gmail-smtps]
protocol=smtp
accept=localhost:11025
connect=smtp.gmail.com:587
; or your secure SMTP server's name and port
If you use the TLS connection, you need to define the protocol that is used in the connection. If you use the SSL connection, you shouldn't. For example, Gmail uses the SSL connection on the POP server. Therefore you shouldn't add "protocol=pop3" in the configuration file like in the code above. On the other hand, Gmail uses the TLS connection on the SMTP server. Therefore you need to add "protocol=smtp" like in the code above.
Warning to IMAP account holders: Whatever kind of secure IMAP account you have, you don't have to define the protocol. Although you can use the IMAP connection with Stunnel, "imap4" or "imap" as a value of "protocol" isn't defined in Stunnel. I guess it doesn't need to be defined.
Save this file under the name of
stunnel.conf in the same folder as you've copied Stunnel in.
Open Command Prompt. (To do that, from the Start menu go to "Run", and type
cmd on Windows NT, 2000, XP, and 2003, or
command on Windows 9x or Me.) In Command Prompt switch to the folder where Stunnel has been placed. (To do that, type
cd c:\stunnel and hit Enter if you've placed Stunnel in C:\stunnel.) In Command Prompt type
stunnelfilename.exe -install and hit Enter. ("Stunnelfilename.exe" will be something like stunnel-4.07.exe, which is the file name of Stunnel you have on your hard drive. It depends on the version of Stunnel you've downloaded. 4.07 is the most recent stable version currently.) By doing that, you can launch Stunnel as a Windows service. Hence, Stunnel will start up whenever you start Windows, and you will be able to stop or manage it using the standard Windows console for services.
Now you will observe a new icon (something like a network folder) in the task bar and if you double-click on the icon, you will be able to open the log window (nothing very interesting will be visible for now). If you have made an error in the configuration file, stunnel will refuse to be launched. In this case check the syntax (comparing yours with the code above) and the port numbers of your remote mail servers.
B. Setting the mail clientI will assume that you have two kinds of POP accounts, one normal account (toto@myserver.com) and one secure account (toto2@gmail.com).
I will also assume that your SPAM filter uses the port 120 (like Spamihilator). If not, adapt the following instructions.
Warning to Gmail users: For a Gmail username in the mail client settings, you should set something like
toto2@gmail.com,
not like "toto2". (It can also work, though.) Although I'll use "toto2" for a Gmail username in the following instructions because I don't want those who use other services to get confused, Gmail Help says "@gmail.com" should be included in a Gmail username.
Configure the normal POP account like this:
- server: localhost
- port: 120 (This port number is for Spamihilator. Adapt it for the port listened by your SPAM filter.)
- username: pop.myserver.com&toto (This is the format used by Spamihilator. If your SPAM filter expects another scheme, please adapt it.)
Configure the secure POP account like this:
- server: localhost
- port: 120 (This port number is for Spamihilator. Adapt it for the port listened by your SPAM filter.)
- username: localhost&toto2&11110 (This is the format used by Spamihilator. If your SPAM filter expects another scheme, please adapt it. The last element is the port number that will be listened by Stunnel.)
Configure the secure SMTP access like this:
- server: localhost
- port: 11025 (the port listened by Stunnel)
- username: toto2
The setting for the normal SMTP access is... normal.
C. Setting avast!Please make sure you use avast!4.6 or later. (To do that, right-click on the avast! tray icon, the ball-shaped icon with "a" on it, and select "About avast!..." then you can see what version you use.) If you don't use avast!4.6 or later, you need to update avast! to 4.6 or later. (To update the program, right-click on the avast! tray icon, and go to "Updating" > "Program Update". When the download and install are done, you need to restart your computer.)
Right-click on the avast! tray icon. Select "On-Access Protection Control". Choose "Internet Mail" from "Installed providers", the pane on the left side of the "avast! On-Access Scanner" window. Click on the "Customize" button on the right side of the window. Click on the "Redirect" tab. First uncheck "Ignore local communication" in the tab. Then put in "Redirected ports" both port numbers where Stunnel listens and where your remote non-secure mail server listens.
e.g. Let's assume you have one normal POP account whose POP server listens on the port 110 and whose SMTP server listens on the port 25, and one secure POP account whose POP and SMTP servers and the ports where they listen are defined in the stunnel.conf file. In "Redirected ports" you need to put
110 and
11110 for POP, and
25 and
11025 for SMTP.
These port numbers are where you want avast! to scan emails.
If this configuration doesn't work for you... I'll write about that later here in this post.
For Windows 95, 98, and Me usersPlease refer to
this post.