[stunnel-users] Re: tunnel for IMAP/SMTP

Sun, 06 Feb 2022 06:22:00 -0800 

 The tutorial you're using is too old. You did not specify the OS ans stunnel 
version you're using, but what you want to achieve can bedone. The flow we need 
is this:

You need to specify 2 stunnel sections in your config; one to connect your new 
clients with TLS 1.2 or higher and other to connect to your mail server with 
TLS 1.1. Something like this:
client tls>=1.2)--> stunnel-server_mode --> Stunnel-client_mode --> mail-server 
(tls1.1)                                        

For example, assuming the following:a) Your stunnel proxy runs on the same 
machine as your IMAPS/SMTP server with IP address x.y.z.wb) your IMAPS service 
is listening on port 143 for IMAPS tls1.1 and the service listens in IP 
127.0.0.1 (loopback)
c) you want to test TLS 1.2 or later by connecting to port 993 for IMAPSd) We 
use auxiliary port 1143 on loopback interface (any free port will do).

then, the config should include something like:

sslVersion = alloptions = NO_SSLv2
options = NO_SSLv3

[imaps-external]accept=x.y.z.w:993connect=127.0.0.1:1143
client=nooptions = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1

[imaps-backend]accept=127.0.0.1:1143connect=127.0.0.1:143client=yes

Hope this is helpful. 

Regards,Jose



    On Monday, January 31, 2022, 09:16:55 AM GMT-5, Caterpillar 
<[email protected]> wrote:  
 
 Good day.
I need to be able to use Thunderbird to connect to a mail server 
(IMAP/SMTP) that has an obsolete TLS version (1.1) and I don't want to 
low the TLS minimum version on my computers.
For this need I would like to use stunnel between Thunderbid clients and 
the mail server. I tried to use tutorial [1] plus "sslVersion = all" 
option, but I think the guide is quite incomplete.
Do you have any other guide/tutoral that is more complete?
Thank you


[1]: https://petermolnar.com/secure-smtp-and-imap-sessions-with-stunnel/
_______________________________________________
stunnel-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
  
_______________________________________________
stunnel-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to