Your Config File for the client will look something like this:
debug = 7
verify = 2
CAfile = C:\SSL\CACERT.PEM
cert = C:\SSL\CLIENTCERT.PEM
client = YES
[Eudora]
accept = 143
delay = YES
connect = MAIL.UNIVERSITY.EDU:993
The Delay is to delay DNS Resolution until a connection attempt. We added this because we use Stunnel in the startup group or as a service. If there is not network connectivity, Stunnel would die. This way, it can start, but not resolve until needed.
These settings are assuming you want to authenticate client usage and server destination. If you don't want to do this, you can change the verify level to 1 and delete the CAfile and cert line.
Here is the config file for the server:
debug = 7
verify = 3
CApath = C:\SSL\CLIENT\
cert = C:\SSL\STUNNEL.PEM
client = NO
[Eudora]
accept = 993
delay = YES
connect = LOCAHOST:143
These settings are assuming you want to authenticate client usage and server destination. If you don't want to do this, you can change the verify levels to 1 and delete the CApath line. It is also assuming the mail server is the local server. If this is not the case, replace LOCALHOST with the correct name.
The debug levels should be set between 5 and 7 for both the client and server.
| "Patrick_S. Daniels" <[EMAIL PROTECTED]>
08/30/2002 02:49 PM
|
To: Brad W Blankenship/Edu/ConsServ/HAC/MAXIMUS <[EMAIL PROTECTED]> cc: Subject: Re: stunnel 4.00 released |
Brad,
Thanks for your offer to answer questions... I just read through Mike's
manual, but I'm obviously not versed in enough of this to create the
proper config file...
With Stunnel, we had set things up to tunnel port 143 to the email server
(ie/ mail.university.edu:993 ), so that we could configure our email
client to "localhost". This was:
stunnel -c -d 143 -r mail.university.edu:993
We could alter the outgoing client port to another port if needed.
So, for Eudora pre-SSL version, we'd have stunnel start up as a batch,
then start up Eudora with localhost for IMAP server.
Worked fine.
NOW...with the new config file, I'm not exactly sure which portions
correlate.
Any chance of posting some examples?
Likewise, will this new Stunnel permit any authenticating of SMTP ports
that are using STARTTLS1?
Thanks again for offering help. Sorry for the basic level of question...
Patrick Daniels
IT support, ASC
Duke University
On Fri, 30 Aug 2002, Brad W Blankenship/Edu/ConsServ/HAC/MAXIMUS wrote:
>
>
>
>
> Mike has done a tremendous job with making this version of STUNNEL as user
> friendly as possible for us, and making this project available to everyone.
> We have spent a significant amount of time making the changes and testing
> will all potential configurations. If anyone has specific questions, I
> will try to answer as much as possible.
>
> Brad Blankenship
> MAXIMUS
> 4320 Auburn Blvd, Suite 2000
> Sacramento, CA 95841
> 916.485.8102 ext.157
> Fax 916.485.0111
> |------------------------+------------------------+------------------------|
> | | Brian Hatch | |
> | | <[EMAIL PROTECTED]> | To: |
> | | | openssl-users@openssl|
> | | 08/30/2002 01:47 PM | .org |
> | | Please respond to | cc: |
> | | stunnel-users | [EMAIL PROTECTED]|
> | | | t, |
> | | | stunnel-announce@mirt|
> | | | .net |
> | | | Subject: |
> | | | Re: stunnel 4.00 |
> | | | released |
> |------------------------+------------------------+------------------------|
>
>
>
>
>
>
>
>
> > Version 4.00, 2002.08.30, urgency: LOW:
>
> The new version is now available on stunnel.org as well for
> those folks who are closer to the US than Europe.
>
> The stunnel.org pages have not been updated for the new
> 4.00 features and configuration yet. Contributions are
> encouraged. I'm going as fast as I can.
>
> Many thanks to Mike for his work making this new version that
> promises to make SSL tunnel configuration a lot easier for the
> Windows folks and those afraid of command lines with lots and
> lots of arguments.
>
>
>
>
> --
> Brian Hatch I just got lost in
> Systems and thought. It was
> Security Engineer unfamiliar territory.
> www.buildinglinuxvpns.net
>
> Every message PGP signed
>
>
>
