Essentially correct on all counts. For SMTP, set up stunnel to: 1: listen on port 465 (-d 465), the "official" smtps port, use another if you want. 2: forward to decrypted traffic to imail (-r imailsmtp.yourdomain.com:25) 3: send data from an address excluded from your relay for addresses list (-I my.no.relay.addy) 4: Have your users check "use ssl" in O/OE, and set the SMTP port to 465.
Jerry ----- Original Message ----- From: "Paul Ingram" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, May 28, 2002 1:53 PM Subject: RE: [Declude.Virus] OT queston > Hey Jerry, > I have been some reading I think I have an understanding of what you > doing with stunnel. Maybe?? I was not aware that in Outlook or Outlook > express SSL could be used ...I immediately assume you where meaning a > web page. I guess I should not have assumed! :) > Anyways I am thinking the setup is as such. > 1. Set Outlook and OE to use SSL and on the port you would want. > I am thinking I will need to move my user to a different ports and still > let outside traffic in on port 25..not? > 2. Have stunnel configed on the Imail box on that port > 3. And then to pass traffic to the correct mail ports for Imail at which > time Imail will now be able to read the data and verify user. > > Am I close? Any tips or suggested links would be great? Could you > share an overview of you setup? > > Thanks, > Paul Ingram > CI Travel > 888.461.0022 ext.826 > mailto:[EMAIL PROTECTED] > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Jerry Murdock > Sent: Wednesday, May 22, 2002 12:44 PM > To: [EMAIL PROTECTED] > Subject: Re: [Declude.Virus] OT queston > > Works fine for our purposes running smtp/imap/pop through it. Not > knowing > your load, I should point out we're dealing with a few hundred external > users, not thousands. > > I run it on the imail box, but stunnel could be run on another box if > needed. This would off load all the ssl overhead from the imail box. > > Only issue is insuring that you don't become an open relay on the ssl > port. > I don't know if anyone is actually trying to spam over smtps, but I > didn't > want to take the chance. In my situation I created an "extra" address on > the > imail server, bound the stunnel smtp instance to that address, then made > sure the address was NOT in my relay for addresses list. > > One caveat is that the current 3.22 Windows binary at the site will not > survive a user logoff if run under srvany. The fix to the source is > simple > though, just comment out(or delete) the three lines that handle logoff > in > the Windows event handler. It compiles cleanly and without problems > using > MinGW. Let me know if you want to tackle it and I'll send you the > source > changes. You can certainly use the supplied binary version for testing. > > Jerry > > ----- Original Message ----- > From: "Dan Rapaport" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, May 22, 2002 12:13 PM > Subject: Re: [Declude.Virus] OT queston > > > > Jerry, that www.stunnel.org looks quite interesting. I wasn't aware > of > it. > > > > How was your experience implementing it? > > > > > > >What's wrong with SSL? I don't know of any way of adding SPA > capability > to > > >imail, but adding ssl to pop/imap/smtp is easy to via a number of > methods. > > > > > >I'm using stunnel. > > > > > >Jerry > > > > --- > > > --- > [This E-mail scanned for viruses by Declude Virus/McAfee] > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". You can E-mail > [EMAIL PROTECTED] for assistance. You can visit our web > site at http://www.declude.com . --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". You can E-mail [EMAIL PROTECTED] for assistance. You can visit our web site at http://www.declude.com .
