Most email programs, when
accessing their ISP, will send usernames/passwords/data in an un-encrypted
form. However, some ISP's require you to have this information encrypted.
There are various methods of encrypting this data but this guide is
only interested in setting up SSL encryption, using a free program
called Stunnel.
|
|
1. Installing
Stunnel
2. Configure
Stunnel: Generic Setup
2.1 Configure Stunnel: Gmail Setup
3. Setup
Stunnel to Run
4. Configure
your email program (POP3): Generic Setup: Non-Transparent Proxy
4.1 Configure your email program (POP3): Gmail
Setup: Non-Transparent Proxy
4.2 Configure your email program (POP3): Gmail
Setup: Transparent Proxy
4.3 Configure your email program (IMAP4): Generic
Setup: Transparent Proxy
5. Configure
SpamPal
|
|
Download the following files (the main site
is located here
just in case the files below cannot be found)
http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7c/libeay32.dll
http://www.stunnel.org/download/stunnel/win32/openssl-0.9.7c/libssl32.dll
http://www.stunnel.org/download/stunnel/win32/stunnel-4.07.exe
http://www.stunnel.org/download/stunnel/win32/stunnel.pem
|
| Create a folder called C:\stunnel
and place the files you've just downloaded, ie. the Stunnel
executable (*.exe), libssl32.dll,
libeay32.dll and
stunnel.pem files in it |
|
You can also copy libeay32.dll
and libssl32.dll
into \windows\system
directory [\WINNT\system
if using Windows XP] |
|
::Top:: |
Using a text editor like
notepad, make a file containing what's in the box below. Copy the
information to your clipboard by right clicking on the highlighted
text and selecting Copy. Paste the information into notepad.
Note: Be
sure that wordwrap is turned OFF.
Save the file as "stunnel.conf"
(including the quotes if you're using notepad) and place it in the
C:\stunnel folder. Note:
The quotes prevent notepad from adding .txt to the end of the
filename.
In the example configuration below, if you don't need IMAP then just
remove the three lines under [imaps] and to keep things as simple
as possible, we've just added the number 9
to the end of the standard port number. |
client
= yes
debug = debug
[pop3s]
accept = 127.0.0.1:1109
connect = pop3s.myisp.com:995
[imaps]
accept = 127.0.0.1:1439
delay = yes
connect = imaps.myisp.com:993
[smtps]
accept = 127.0.0.1:259
connect = smtps.myisp.com:465
|
|
|
The only necessary changes that you will have
to make are in the connect
= field.
Change the pop3s.myisp.com (or
imaps.myisp.com) example name,
to whatever your incoming mail server
is.
If you do not know what it is off hand, it should be stored in your
email program. For example, in Outlook, if you navagate to:
Tools -> Email
Accounts
Choose View or change existing email
accounts under E-mail
Click Next
Then you can copy whatever is currently listed in the Incoming
Mail Server: field.
Now change the example pop3s.myisp.com
(or imaps.myisp.com) server names
and type in your incoming mail server
address (or paste what you have copied in outlook).
Now re-save your stunnel.conf
file
|
The following connection structure
'flowchart' shows how Stunnel functions when SpamPal is running in
non-transparent proxy mode:
POP3: email_program:110 <>
SpamPal:1109 <> Stunnel:995<
---> Your ISP's mail_server:995
IMAP: email_program:143 <>
SpamPal:1439 <> Stunnel:993<
---> Your ISP's mail_server:993
SMTP: email_program:25 <>
SpamPal:259 <> Stunnel:465<
---> Your ISP's mail_server:465 |
::Top:: |
The following is an example
of how to access Google's Gmail POP3 service, which can only be accessed
with SSL.
Using a text editor like notepad, make a file containing what's in
the box below. Copy the information to your clipboard by right clicking
on the highlighted text and selecting Copy. Paste the information
into notepad.
Note: Be
sure that wordwrap is turned OFF.
Save the file as "stunnel.conf"
(including the quotes if you're using notepad) and place it in the
C:\stunnel folder. Note:
The quotes prevent notepad from adding .txt to the end of the
filename.
|
|
|
::Top:: |
Right click on the
stunnel exe file and select Create Shortcut. This will put a shortcut
in the stunnel folder.
If you want to run Stunnel only when you need it, copy this shortcut
to your desktop. If you would like Stunnel to run whenever your computer
is turned on so it will be available whenever you need it, follow
the instructions below.
Note: Running this program all of the time keeps certain ports open
and could be a security risk. Your system will be more secure if you
run it only when you need it.
Note: If you have a problem with the conf file
when you run Stunnel, the txt file extension might be hidden and
the file is really named stunnel.conf.txt. Open Explorer and select
Folder Options from the Tools menu. On the View tab, uncheck Hide
extensions for all file types. Then, locate the conf file and if
it does have the txt extension, rename it to stunnel.conf.
Windows 95/98/ME
Right click on the taskbar and select Properties.
Click on the Start Menu Programs tab. Click on the Advanced button.
Click on the plus (+) to the left of Programs. Locate the StartUp
folder and copy the Stunnel shortcut into it. Reboot. You should
see the Stunnel icon in the systray after your system restarts.
Windows NT/2000/XP
Right click on the Stunnel shortcut and select
Properties from the drop down menu. Enter a space and -install following
the target path. The target should look something like this...
C:\stunnel\stunnel-4.00.exe -install
Click on the shortcut. You will get notified
that Stunnel has been installed as a service. Click on the Start
button and select Run. Type services.msc without the quotes in the
Open box and hit OK. Locate the Stunnel service, right click on
it and select Start. You should see the Stunnel icon in the systray
|
::Top:: |
You now need to
configure your email program, to use Stunnel, in this example, we'll
just configure the POP3
protocol.
Incoming Mail (POP3) : 127.0.0.1
Account name : my_isp_login_name@127.0.0.1:1109
Password : your_password |
|
|
Following this change,
your email program, talks to SpamPal on it's normal pop3 port 110.
SpamPal then receives a request to talk to 127.0.0.1
on port 1109 (which is Stunnel).
As Stunnel is looking at port 1109,
it sees SpamPal's request, secures it and then forwards it onto your
ISP's secure pop sever (on the standard port 995) |
::Top:: |
|
In order to access Gmail, you now need to
configure your email program, to use Stunnel.
This setup section is to be used when you are
using SpamPal Transparent Proxy mode.
|
| These are the normal Servers
settings for gmail before you change anything: |
|
|
| These should be the Servers
settings for gmail, after you've changed the configuration: |
|
|
|
Change the Incoming
Mail Server (POP3): field to 127.0.0.1
Add @127.0.0.1:1109
to whatever you previously had in the User
Name: field
For example, my new User Name field looks like this: me@gmail.com@127.0.0.1:1109
Make sure that Logon using Secure
Password Authentication is UNCHECKED
Click on More Settings
|
| These should be the Advanced
settings for gmail, after you've changed the configuration: |
|
|
| These should be the Advanced
settings for gmail, after you've changed the configuration: |
|
|
Make sure that Incoming server
SMTP) is set to 25
Make sure that This server
requires a secure connection (SSL) is UNCHECKED
Make sure that Outgoing server (POP3) is set to 110
Make sure that This server
requires a secure connection (SSL) is UNCHECKED |
::Top:: |
|
In order to access Gmail, you now need to
configure your email program, to use Stunnel.
This setup section is to be used when you are
using SpamPal Transparent Proxy mode.
|
| These are the normal Servers
settings for gmail before you change anything: |
|
|
You now need to
configure your email program, to use Stunnel, in this example, we'll
just configure the POP3
protocol.
Incoming Mail (POP3) : 127.0.0.1
Account name : my_isp_login_name@127.0.0.1:1109
Password : your_password |
| These should be the Servers
settings for gmail, after you've changed the configuration: |
|
|
| These are the normal Advanced
settings for gmail before you change anything: |
|
|
| These should be the Advanced
settings for gmail, after you've changed the configuration: |
|
|
::Top:: |
You now need to configure your
email program, to use Stunnel, in this example, we'll just configure
the IMAP4
protocol (using Outlook 2002)
Go to Tools
-> Email Accounts
Choose View or change
existing email accounts under E-mail
Click Next
Highlight your IMAP
email account
Click Change
Change the Incoming
Mail Server (IMAP): field to 127.0.0.1
Add @127.0.0.1:1439
to whatever you previously had in the User
Name: field
For example, my new User Name field looks like this: thomasdr@127.0.0.1:1439
Make sure that Logon using Secure
Password Authentication is UNCHECKED
Click on More Settings
You can browse through the settings and add in a name for the account
or your connection type [lan/dialup] in the fields that are listed,
but we are interested in the Advanced
tab.
Make sure that Incoming server (IMAP) is set to
143
Make sure that This server
requires a secure connection (SSL) is UNCHECKED
Make sure that Outgoing server (SMTP) is set to 25
Make sure that This server requires
a secure connection (SSL) is UNCHECKED
The reason why you are leaving the SSL boxes unchecked
[even if your service provider tells you to do so] is that Stunnel
will take care of the SSL part. If you leave these boxes checked,
you will probably end up with an error message or not be able to
connect.
8. Click OK
Click Next
Click Finish
|
::Top:: |
| Spampal should be correctly configured
from the start, but open the Spampal Options menu and just check to
make sure that Port 143 is used
for IMAP4 in the Connections
tab under Spampal for Windows. |
::Top:: |
