Closed TopicStart new topicStart Poll

> Xmail And Ssl, Configure with Stunnel
atomant
Posted: Mar 18 2003, 07:01 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



Hi!

Is there someone who has configured xmail with stunnel ? I would like to do it but I don't understand the docs how to do this. Can anyone tell me how to do this - step by step ? smile.gif


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
hschneider
Posted: Mar 19 2003, 12:10 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Prepare the SSL-Certificate:
Download and unzip openssl
Create a certificate:
bin\openssl.exe req -new -x509 -nodes -out stunnel.pem -keyout stunnel.pem -days 365 -config openssl.cnf
Adapt the number of days until the certificate expires to your needs.
When you are asked for (YOUR name), enter ip_or_name_of_xmail_server
Copy stunnel.pem to your stunnel folder

Prepare Stunnel:
Download and unzip stunnel to your stunnel folder
copy ssl/bin/*.dll from openssl to your stunnel folder
Create a file named stunnel.conf with the following content:
--<cut here>--
client = no
debug = 7
options = DONT_INSERT_EMPTY_FRAGMENTS

[POP3]
accept = 995
connect = 127.0.0.1:110
delay = no

[SMTP]
accept = 8025
connect = your_xmail_server_ip_or_name:25
delay = no
--<cut here>--
Start stunnel.exe

Prepare XMail:
Close the standard POP3 port for the rest of the world by binding it to 127.0.0.1.
Use parameter -PI for that (see Xmail manual).
Make sure that you allow 127.0.0.0 in your pop.ipmap.tab
Standard SMTP has to stay open, in order to talk to other SMTPs in the world.
But your LAN clients can use SSL-secured SMTP, if they want.
Restart XMail Service

Prepare the Client:
In Outlook check 'Use SSL...' with POP3 and optional with SMTP connections
Use port 995 for secure POP and 8025 for secure SMTP

Have fun!

Use
stunnel.exe -- install
if you want stunnel to run as a system service.

-- Please let me know if you managed it to run or if I've overseen something ... :-)


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
atomant
Posted: Mar 19 2003, 07:10 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



Just a remark...I am using Xmail under Linux !? Does this change things a lot ?
Do I need to install stunnel on the client side too or is it enough to enable ssl support in their email client ?


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
hschneider
Posted: Mar 19 2003, 07:37 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Certificate generation and setup should be the same.
Copying the .dlls will not be necessary.
If your client is Outlook only, then you don't need stunnel on client side. If you do other sorts of communication with secure SMTP or POP, you might need it.



--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
atomant
Posted: Mar 19 2003, 08:24 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



So to start stunnel it is enough just ./stunnel, wright? Is it possible to still be able to use nonssl pop3 ?


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
hschneider
Posted: Mar 19 2003, 09:17 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



... when you have created the certificates and the .conf file.
You can still use the standard services, if you do not bind them to 127.0.0.1 in XMail. The stunnel.conf then has to be

[POP3]
accept = 995
connect = your_xmail_server_ip_or_name:110
delay = no

for POP3.


Would be nice to see a Linux howto here, when things run on your machine .. :-)


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
atomant
Posted: Mar 19 2003, 11:14 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



OK, I got it working. So a Linux howto:

-get a source at www.stunnel.org and compile it and install:
CODE

$./configure
$make
$make install

When you run "make install" you will be prompted to create a certifikate which you should do.

-create a /usr/local/etc/stunnel/stunnel.conf file with the following:
CODE

cert = /usr/local/etc/stunnel/stunnel.pem
pid = /tmp/stunnel.pid
setuid = nobody
setgid = nobody

options = DONT_INSERT_EMPTY_FRAGMENTS

debug = 7
output = stunnel.log

client = no


[POP3]
accept  = 995                         #standard pop3ssl port  
connect = 127.0.0.1:110
delay = no

[SMTP]
accept  = 8025                        #port of your choise
connect = 127.0.0.1:25
delay = no


-make Xmail to listen to 127.0.0.1:110 and 127.0.0.1:25 and restart xmail service

-setup your firewall (if you have one) to allow access to those ports you have specified in stunnel.conf

-run /usr/local/sbin/stunnel

-make changes in Outlook or Netscape or whatever to use SSL

-try to conect to your mailbox

If you have a problem check the /usr/local/etc/stunnel/stunnel.log file.

Have fun. biggrin.gif


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
hschneider
Posted: Mar 19 2003, 11:16 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Thank U !
Looks much easier than on NT ... ;-)



--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
PetePagoda
Posted: Apr 15 2003, 12:10 AM
Quote Post


Newbie
*

Group: Members
Posts: 2
Member No.: 534
Joined: 15-April 03



ph34r.gif For Linux Users:

You must make stunnel start before Xmail when booting or Xmail will not work properly after rebooting with stunnel starting first.

Thanks,
Pete
PMEmail Poster
Top
PetePagoda
Posted: Apr 15 2003, 01:48 AM
Quote Post


Newbie
*

Group: Members
Posts: 2
Member No.: 534
Joined: 15-April 03



blink.gif Speaking of which, what's a good way to get a nice solid stunnel PID running before you start XMail?
PMEmail Poster
Top
atomant
Posted: Apr 15 2003, 12:24 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 1776
Member No.: 427
Joined: 18-January 03



I have Xmail starting before stunnel and I don't have any problems with Xmail. I am running RH8.


--------------------
Bye,
Sasa



-------------------------------------------------------------------

All electric machines work on smoke...when the smoke escape from machines, they don't work anymore
Windows: "Where do you want to go today?"
Linux: "Where do you want to go tomorrow?"
FreeBSD: "Are you guys coming or what?"
PMEmail PosterUsers WebsiteICQ
Top
smago
Posted: Apr 24 2003, 10:04 AM
Quote Post


Junior Member
**

Group: Members
Posts: 26
Member No.: 549
Joined: 22-April 03



Do you now if we can start 2 pop in same time ? 1 for SSL connection and 1 for normal ?
PMEmail Poster
Top
hschneider
Posted: Apr 24 2003, 10:11 AM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Bind the POP service to 127.0.0.1:110 and your_external_ip:110. The one with 127.* is used for tunneling, the other one id a normal POP.

QUOTE

        -PI ip[:port]
                Bind server to the specified ip address and (optional) port
                (can be multiple).


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
hschneider
Posted: Apr 24 2003, 07:55 PM
Quote Post


No - I'm not an answering script ...
Group Icon

Group: Admin
Posts: 6631
Member No.: 195
Joined: 19-June 02



Thanks for the contrib!


--------------------
Bye,
Harald


-- Download XMail Queue Manager 1.46 NOW: XMail Server Tools
-- Cross platform remote queue management!
-- Message analyzing on the fly!
-- Builtin diagnostics knowledge base!
-- Manages multiple mail queues!

Sponsored by
CD-Produktion und DVD-Produktion and Homestaging Saarland - Immobilien schneller verkaufen in der Region Saarland, Rheinland-Pfalz und Luxembourg
PMEmail PosterUsers Website
Top
cmyk
Posted: Nov 15 2003, 04:07 PM
Quote Post


Member
***

Group: Members
Posts: 76
Member No.: 462
Joined: 13-February 03



for mandrake 9.2 i found these differences:

create the certificate (path to openssl.cnf has to be specified as follows):
CODE
openssl req -new -x509 -nodes -out stunnel.pem -keyout stunnel.pem -days 365 -config /usr/lib/ssl/openssl.cnf
PMEmail Poster
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | Documentation and Knowledge Base | Next Newest »

Closed TopicStart new topicStart Poll