KB05061301 SMTP Auth - working with Stunnel
See also Using GMail as your SMTP smarthost via TLS
A Mailtraq User has provided this example of fronting Mailtraq with Stunnel to provide TLS.
The example uses 'gmail', but the method would be appropriate for other mail providers.
1. Turn on POP3 collection in your gmail account.
This also enables SMTP sending.
Details at http://gmail.google.com/support/bin/answer.py?answer=13273
2. Download and install Stunnel and openssl.
This uses stunnel 4.05 and openssl 0.9.7e, both of which were downloaded from http://www.stunnel.org/download/binaries.html
Create a folder and put stunnel.exe and the openssl binaries in it.
3. Configure stunnel for your mail provider.
Create a stunnel.conf in the directory created for stunnel with an entry for both pop3 and smtp services.
For gmail the entries are:
# GLOBAL OPTIONS
client = yes
output = stunnel-log.txt
debug = 0
taskbar = yes
# SERVICE-LEVEL OPTIONS
[SMTP Gmail ]
accept = 127.0.0.1:1099
connect = smtp.gmail.com:465
[POP3 Gmail ]
accept = 127.0.0.1:108
connect = pop.gmail.com:995
The accept strings contain the ip address and port that you want stunnel to listen for connections on.
4. Arrange for stunnel to start as a service.
It is installed as a service by runnning
from a command prompt in the stunnel installation directory.
If you are using the Windows XP SP2 firewall you need to make the stunnel executable a firewall exception to allow it to open the ports using the control panel security center.
Use the Services window in Control Panel to start it after installation for the first time.
5. Set up the Mailtraq entries in the Mailtraq console.
For POP3 collection this is straightforward. For gmail use the POP3 port (localhost:108) you
created above, your full gmail address (email@example.com) and password.
It's sensible for gmail to take the leave mail on server option.
For SMTP delivery it's a little more complicated. You need to set up a destination in
the mail routing table using the smtp port (localhost:1099) created above.
Mailtraq, however, picks up the authentication details from an entry for
localhost without the port name.
Create this in Outbox Properties/Remote Mail Server Security.
Setup an account for the plain hostname (localhost) with Server Requires Authentication and the full gmail address and password as for POP3.
6. If you need to set up additional services create more SMTP and POP3
channels in stunnel with unique name and ports. Create additional mailtraq
POP3 collections using the smtp port and account details. For SMTP you need
to create a different name for the host running stunnel. Add extra names to
you host file pointing to 127.0.0.1 or similarly modify your DNS. Use this
name for the delivery destination (with the port number), and for the
authentication details (without the port number).
Information provided by: Peter Sumner, May 2005