Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Using stunnel to make GMail SSL connections for Eudora
2,673 views
Skip to first unread message
Chris Sanburn
Nov 23, 2015, 11:26:32 AM11/23/15
to
I wanted to give things a month or so before reporting back on my experiement using stunnel to avoid having to trust certs everytime GMail changes them. So far things are running great! I haven't had a single problem since I installed stunnel. For anyone interested, here's how I recall doing the setup:
The site I used for instructions is here:
http://www.messageops.com/office-365-tech-tips/connecting-non-ssl-pop3-and-smtp-clients-to-microsoft-online/
(I just ignored the Microsoft Online specific parts since I use GMail)
Downloaded stunnel, per their suggestion, from:
http://www.stunnel.org/download/binaries.html
On that page I chose the link for the installer, in the "Latest Version" section:
http://www.stunnel.org/downloads/stunnel-5.26-installer.exe
Once downloaded and installed (it asks a few questions, I just used default values and clicked next) I setup stunnel to run as a service:
Start->All Programs->stunnel->Service Install.
But on Windows 10 you'd click the lower left windows icon, All Apps->stunnel AllUsers->stunnel Service Install
Then I reviewed the stunnel configuration via:
windows icon, All Apps->stunnel AllUsers->edit stunnel.conf
The default values already there looked fine for my purpose, which only requires using a single personality for my gmail account. Here are copies of the relevant pop3 and smtp sections currently in my stunnel.conf:
[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verify = 2
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes
[gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:465
verify = 2
CAfile = ca-certs.pem
checkHost = smtp.gmail.com
OCSPaia = yes
NOTE: At work I connect to an Exchange server and had to add the following line to my stunnel.conf:
protocol = smtp
But my home GMail seems just fine without it.
Finally I went to Eudora and configured it to look to 127.0.0.1 for smtp and pop3 instead:
Checking Mail->Mail Server: 127.0.0.1
Sending Mail->SMTP Server: 127.0.0.1
(Use submission port (587) is UNchecked)
The site I used for instructions is here:
http://www.messageops.com/office-365-tech-tips/connecting-non-ssl-pop3-and-smtp-clients-to-microsoft-online/
(I just ignored the Microsoft Online specific parts since I use GMail)
Downloaded stunnel, per their suggestion, from:
http://www.stunnel.org/download/binaries.html
On that page I chose the link for the installer, in the "Latest Version" section:
http://www.stunnel.org/downloads/stunnel-5.26-installer.exe
Once downloaded and installed (it asks a few questions, I just used default values and clicked next) I setup stunnel to run as a service:
Start->All Programs->stunnel->Service Install.
But on Windows 10 you'd click the lower left windows icon, All Apps->stunnel AllUsers->stunnel Service Install
Then I reviewed the stunnel configuration via:
windows icon, All Apps->stunnel AllUsers->edit stunnel.conf
The default values already there looked fine for my purpose, which only requires using a single personality for my gmail account. Here are copies of the relevant pop3 and smtp sections currently in my stunnel.conf:
[gmail-pop3]
client = yes
accept = 127.0.0.1:110
connect = pop.gmail.com:995
verify = 2
CAfile = ca-certs.pem
checkHost = pop.gmail.com
OCSPaia = yes
[gmail-smtp]
client = yes
accept = 127.0.0.1:25
connect = smtp.gmail.com:465
verify = 2
CAfile = ca-certs.pem
checkHost = smtp.gmail.com
OCSPaia = yes
NOTE: At work I connect to an Exchange server and had to add the following line to my stunnel.conf:
protocol = smtp
But my home GMail seems just fine without it.
Finally I went to Eudora and configured it to look to 127.0.0.1 for smtp and pop3 instead:
Checking Mail->Mail Server: 127.0.0.1
Sending Mail->SMTP Server: 127.0.0.1
(Use submission port (587) is UNchecked)
John A Davis
Dec 5, 2015, 9:36:26 PM12/5/15
to
Thanks for the info. I got it installed and it works for my Dominant Eudora account. Other personalities don't work. They work comming in from somewhere else but they say "server refused connection" when I try to send them. I told Eudora to "forget passwords" and maybe I'm using the wrong passwords. Do I need settings in my config file for the other accounts I have using the mail servers for my websites and then being forwarded through Gmail. The default confs you posted that came with the intall work for gmail and my dominant accounts.
Chris Sanburn
Dec 7, 2015, 9:40:00 AM12/7/15
to
I'm only using Eudora with my gmail account and haven't tried adding other personalities. But I've gotten word from someone who said he uses multiple *gmail* accounts using stunnel configured for gmail. However, I'm pretty sure if you want to check different providers, say gmail and yahoo, you'll need to add additional stunnel configuation entries, like:
[yahoo-pop3]
client = yes
accept = 127.0.0.1:10110
connect = pop.yahoo.com:995
OCSPaia = yes
[yahoo-smtp]
client = yes
accept = 127.0.0.1:10025
connect = smtp.yahoo.com:465
OCSPaia = yes
(I'm assuming yahoo uses 995 for pop and 465 for smtp, you may want to confirm and change if that isn't the case)
Then you would need to enable Eudora to allow alternate ports and configure your Yahoo personality to use the alternate ports (10110 and 10025) and leave gmail personality alone.
For instructions on being able to enable alternate ports I found this:
https://my.bluehost.com/cgi/help/297
Which gives these instructions:
Eudora has chosen to hide the Port change option in version 6.0 and up, making it more difficult to make this change. To enable changing ports:
Navigate to your Eudora install directory.
Look in the Eudora directory for the directory "extrastuff".
In this directory is a file named "esoteric.epi". Drag (copy or move) this file into the main Eudora directory. There will now be options extra listed, including a Ports page.
To change the outgoing (SMTP) mail port:
Launch Eudora.
Drop down the Tools menu, and choose Options.
Click on Ports.
Change the port from default 25 to 10025
Click OK
Restart Eudora
And you'd also make a similar change to the pop port.
Hope that helps. Maybe someone more familiar with using multiple personalities in Eudora could explain it better.
[yahoo-pop3]
client = yes
accept = 127.0.0.1:10110
connect = pop.yahoo.com:995
verify = 2
CAfile = ca-certs.pem
checkHost = pop.yahoo.com
CAfile = ca-certs.pem
OCSPaia = yes
[yahoo-smtp]
client = yes
accept = 127.0.0.1:10025
connect = smtp.yahoo.com:465
verify = 2
CAfile = ca-certs.pem
checkHost = smtp.yahoo.com
CAfile = ca-certs.pem
OCSPaia = yes
(I'm assuming yahoo uses 995 for pop and 465 for smtp, you may want to confirm and change if that isn't the case)
Then you would need to enable Eudora to allow alternate ports and configure your Yahoo personality to use the alternate ports (10110 and 10025) and leave gmail personality alone.
For instructions on being able to enable alternate ports I found this:
https://my.bluehost.com/cgi/help/297
Which gives these instructions:
Eudora has chosen to hide the Port change option in version 6.0 and up, making it more difficult to make this change. To enable changing ports:
Navigate to your Eudora install directory.
Look in the Eudora directory for the directory "extrastuff".
In this directory is a file named "esoteric.epi". Drag (copy or move) this file into the main Eudora directory. There will now be options extra listed, including a Ports page.
To change the outgoing (SMTP) mail port:
Launch Eudora.
Drop down the Tools menu, and choose Options.
Click on Ports.
Change the port from default 25 to 10025
Click OK
Restart Eudora
And you'd also make a similar change to the pop port.
Hope that helps. Maybe someone more familiar with using multiple personalities in Eudora could explain it better.
Micky
Dec 7, 2015, 5:47:34 PM12/7/15
to
I hesitate to post, because I just checked and just noticed that I
don't seem to be following my own advice, but if I'm getting away with
doing it wrong, it must be because I'm lucky.
At any rate, we should talk things out here before John makes changes.
Chris, I think you fell into the trap of believing what's written. ;-)
If you change ports in the Port section of Options, that will change
the ports for every personality.
And the odds that you want the same replacement ports for all mail
servers are slim.
What people need to do is to identify the ports needed by each mail
server they deal with, match them with each personality they've
created, and then in the section of Eudora.ini for each personality**,
insert the proper port lines, such as
**Which section begins with something like
[Persona-Gmail]
POPPort nnn
SMTPPort nnn
Now this seems to be working for me, and I use both Verizon and Gmail
to send mail (except that I've never actually sent mail with gmail, so
no wonder this part works.)
And I retrieve mail with Verizon, Erols, and gmail, and maybe they
can all use port 995. If so, that's why that works, but relying on
coincidence is not the best way to go. Or course it's not total
coincidence by any means. There must be some reasons certain numbers
are ports and certain ports are used, and these reasons must apply to
more than one mail server.
I'm probably doing it this way either because I didn't know any better
when I did it, and it worked; OR I changed the ports in the Ports
section of Options when I had only one pair of mail servers, and then
it worked when I got others, so I never had to fix what I'd done.
A little more in-line.
more than one personality. In fact it appears to me that the
archeological evidence is that Eudora was written for one personality,
and then the option for others was added later, and that's why it's
different for them. IIRC, I started with Eudora 2 or 3, which my ISP
gave me, and I still have the manual, the CD, and the retail box for
version 3 something, but if there were differences in appearance, I
don't remember. (Maybe I should reinstall it sometime.)
Micky
Dec 7, 2015, 6:03:43 PM12/7/15
to
On Mon, 07 Dec 2015 16:23:41 -0500, Dennis Lee Bieber
<wlf...@ix.netcom.com> wrote:
>On Mon, 7 Dec 2015 06:39:59 -0800 (PST), Chris Sanburn <csan...@gmail.com>
>declaimed the following:
<wlf...@ix.netcom.com> wrote:
>On Mon, 7 Dec 2015 06:39:59 -0800 (PST), Chris Sanburn <csan...@gmail.com>
>
>>
>>Then you would need to enable Eudora to allow alternate ports and configure your Yahoo personality to use the alternate ports (10110 and 10025) and leave gmail personality alone.
>>
>>For instructions on being able to enable alternate ports I found this:
>>https://my.bluehost.com/cgi/help/297
>>Which gives these instructions:
>>
>>Eudora has chosen to hide the Port change option in version 6.0 and up, making it more difficult to make this change. To enable changing ports:
>
> Partly because the resultant Tools/Options/Ports page is really only
>>
>>Then you would need to enable Eudora to allow alternate ports and configure your Yahoo personality to use the alternate ports (10110 and 10025) and leave gmail personality alone.
>>
>>For instructions on being able to enable alternate ports I found this:
>>https://my.bluehost.com/cgi/help/297
>>Which gives these instructions:
>>
>>Eudora has chosen to hide the Port change option in version 6.0 and up, making it more difficult to make this change. To enable changing ports:
>
>applicable to the "dominant" personality.
I'd rewrite this a little, but I'm not sure how. ... dum de dum....
hmm.... It, Tools/Options/Ports affects all personalities unless
something is done in a personality to override the effect on that
personality.
You're right, it should be thought of as applicable only to the
dominant personality, but then one must put that attitude into action
>All personalities have a checkbox
>for a submission port, along with the drop-down list that includes
>alternate port option.
I forgot to talk about this. When SSL is needed, using Required,
Alternate Port from the drop down list, seems to be enough with most
servers. but when it's not...you give the answer, Dennis:
> And possibly hand-editing the data under each
>personality in the eudora.ini file...
It further occurs to me that when setting up the dominant personality,
I presume one should open the Peronality window, right click on
Dominant, and use the drop down SSL list there, and that that is NOT
the same as doing it in the Tools / Options list. You might get
away with, like I did, using Tools / Options for everything, but it
will confuse you in months to come.
Chris Sanburn
Dec 7, 2015, 8:29:26 PM12/7/15
to
Nice explanation! Never using more than one personality I'd never bothered to look into how to do it properly. I'd just assumed the Tools/Options/Ports was where you configured the ports that got used when you chose the ssl option to use alternate ports.
I created a new Yahoo email account a couple weeks back but haven't started using it. Maybe I'll use this newly learned information to create a second personality now.
I created a new Yahoo email account a couple weeks back but haven't started using it. Maybe I'll use this newly learned information to create a second personality now.
Micky
Dec 10, 2015, 7:19:52 PM12/10/15
to
On Thu, 10 Dec 2015 18:06:28 -0600, g...@rr.com wrote:
>I noticed today that Yahoo claims they can get your Gmail email?? I
>wonder if this might be a way to get around the Certificate issue?
I don't know.
>
>I have never used Eudora with Yahoo. But wonder if it has the issues
>with Certificates??
>
>Would letting Yahoo get your Gmail, then only check Yahoo to get both?
>Just wonder how clear it would be which email is from which service?
The to: field ?
>wonder if this might be a way to get around the Certificate issue?
I don't know.
>
>I have never used Eudora with Yahoo. But wonder if it has the issues
>with Certificates??
>
>Would letting Yahoo get your Gmail, then only check Yahoo to get both?
>Just wonder how clear it would be which email is from which service?
The to: field ?
pedro
Dec 11, 2015, 8:41:16 PM12/11/15
to
On Thu, 10 Dec 2015 18:06:28 -0600, g...@rr.com wrote:
>I have never used Eudora with Yahoo. But wonder if it has the issues
>with Certificates??
I do (three Eudora instances), and yes it does. But at least the
>I have never used Eudora with Yahoo. But wonder if it has the issues
>with Certificates??
issues aren't as frequent as the with gmail account.
Chris Sanburn
Dec 13, 2015, 11:55:42 AM12/13/15
to
On Monday, December 7, 2015 at 5:47:34 PM UTC-5, Micky wrote:
> **Which section begins with something like
> [Persona-Gmail]
>
> POPPort nnn
> SMTPPort nnn
I just successfully added my new Yahoo mail account to stunnel and have Eudora configured to use both gmail and yahoo.
> **Which section begins with something like
> [Persona-Gmail]
>
> POPPort nnn
> SMTPPort nnn
As you suggested, I edited Eudora.ini and added the following below [Persona-Yahoo]:
POPPort=10110
SMTPPort=10025
And used these settings for the yahoo portion of my stunnel config file:
connect = pop.mail.yahoo.com:995
verify = 2
CAfile = ca-certs.pem
checkHost = pop.mail.yahoo.com
CAfile = ca-certs.pem
connect = smtp.mail.yahoo.com:465
verify = 2
CAfile = ca-certs.pem
checkHost = smtp.mail.yahoo.com
CAfile = ca-certs.pem
OCSPaia = yes
No need to mess with Tools/Options/Ports
marshal...@gmail.com
Dec 30, 2015, 6:08:00 PM12/30/15
to
stunnel seems to be working fine with gmail on my Windows 10 computer, but on my Windows 7 computer I'm consistently getting a 10061 "connection refused" error, when I attempt to either send or receive mail from gmail.
The netstat report says it is listening on 127.0.0.1:25 and 127.0.0.1:100.
Any suggestions on what might be wrong would be most appreciated.
The netstat report says it is listening on 127.0.0.1:25 and 127.0.0.1:100.
Any suggestions on what might be wrong would be most appreciated.
Micky
Dec 31, 2015, 12:57:01 AM12/31/15
to
On Wed, 30 Dec 2015 15:07:58 -0800 (PST), marshal...@gmail.com
wrote:
>stunnel seems to be working fine with gmail on my Windows 10 computer, but on my Windows 7 computer I'm consistently getting a 10061 "connection refused" error, when I attempt to either send or receive mail from gmail.
Has it ever worked with stunnel?
I would think these should be the same values used in your win10
computer. Yes? And the same values as in stunnel.pern or whatever
the file is called. Yes?
Are you using the same email program in both oses? I don't know if
netstat refers to the email program settings or the stunnel settings
or the Eudora settings.
Did you turn off SSL in Eudora?
wrote:
>stunnel seems to be working fine with gmail on my Windows 10 computer, but on my Windows 7 computer I'm consistently getting a 10061 "connection refused" error, when I attempt to either send or receive mail from gmail.
I would think these should be the same values used in your win10
computer. Yes? And the same values as in stunnel.pern or whatever
the file is called. Yes?
Are you using the same email program in both oses? I don't know if
netstat refers to the email program settings or the stunnel settings
or the Eudora settings.
Did you turn off SSL in Eudora?
marshal...@gmail.com
Jan 4, 2016, 11:52:57 PM1/4/16
to
Hi, Micky,
Thanks for taking the time for your thoughtful reply and your suggestions. As far as I can tell, the settings on the two computers are the same.
I believe that the netstat report refers to the functioning of the stunnel program, which seems to be working okay...
But, I am now going to replace the Windows 7 computer with a new Windows 10 laptop, and I am optimistic that the problems will then be solved...
Thanks again,
Marshall
Thanks for taking the time for your thoughtful reply and your suggestions. As far as I can tell, the settings on the two computers are the same.
I believe that the netstat report refers to the functioning of the stunnel program, which seems to be working okay...
But, I am now going to replace the Windows 7 computer with a new Windows 10 laptop, and I am optimistic that the problems will then be solved...
Thanks again,
Marshall
Micky
Jan 5, 2016, 1:05:11 AM1/5/16
to
On Mon, 4 Jan 2016 20:52:55 -0800 (PST), marshal...@gmail.com
wrote:
My last line was the best: Did you turn off SSL in Eudora, in both
computers?
wrote:
computers?
susanla...@googlemail.com
Feb 10, 2016, 4:23:42 PM2/10/16
to
Just to confirm much, if not all of the above:
I have 2 gmail and one other personality in Eudora.
With stunnel installed and the service running I set the config file for stunnel exactly a Chris' first post in this thread.
In Eudora I changed the properties (not the ini file) for the dominant to the settings below and left the other two personalities alone.
I was able to send and receive gmail on the two gmail personalities.
After a couple of days, gmail changed the certs yet again. The dominant personality continued working; it was only the second (non-stunnel) gmail personality that was throwing up the certs error.
I changed the second gmail personality exactly as below and it worked. I did not accept as trusted the new cert.
The third personality (the non-gmail one) continues to work OK.
stunnel is great - I hope everyone can get it to work with Chris' very good instructions.
Peter
In Eudora change the personality via the Properties window to this:
Generic properties tab:
SMTP Server: 127.0.0.1
"Authentication allowed" is checked
"Use submission port (587)" is UNchecked
"Secure sockets when sending" is "If available, STARTTLS"
Incoming mail tab: Server set to 127.0.0.1
"Secure sockets when receiving" is "Never"
I have 2 gmail and one other personality in Eudora.
With stunnel installed and the service running I set the config file for stunnel exactly a Chris' first post in this thread.
In Eudora I changed the properties (not the ini file) for the dominant to the settings below and left the other two personalities alone.
I was able to send and receive gmail on the two gmail personalities.
After a couple of days, gmail changed the certs yet again. The dominant personality continued working; it was only the second (non-stunnel) gmail personality that was throwing up the certs error.
I changed the second gmail personality exactly as below and it worked. I did not accept as trusted the new cert.
The third personality (the non-gmail one) continues to work OK.
stunnel is great - I hope everyone can get it to work with Chris' very good instructions.
Peter
In Eudora change the personality via the Properties window to this:
Generic properties tab:
SMTP Server: 127.0.0.1
"Authentication allowed" is checked
"Use submission port (587)" is UNchecked
"Secure sockets when sending" is "If available, STARTTLS"
Incoming mail tab: Server set to 127.0.0.1
"Secure sockets when receiving" is "Never"
Chris Sanburn
Feb 12, 2016, 4:54:31 PM2/12/16
to
On Wednesday, February 10, 2016 at 4:23:42 PM UTC-5, susanla...@googlemail.com wrote:
> stunnel is great - I hope everyone can get it to work with Chris' very good instructions.
Thanks, I agree completely, stunnel is a great solution for avoiding ssl headaches in Eudora. I'm using it at work to handle Eudora connecting to my gmail, yahoo, centurylink and work exchange server. Working great for over 2 months on all accounts!
> stunnel is great - I hope everyone can get it to work with Chris' very good instructions.
bill.ma...@gmail.com
Dec 13, 2017, 1:58:55 PM12/13/17
to
First I would like to thank Chris for the great article.
I followed it but could not connect to Gmail after making the changes, I was receiving Error 10061, Connection refused.
It took me a couple of days to figure out what the issues were so I thought I would report them in case others run into this.
There are more Eudora settings that effect connection other than the original three in the guide:
Secure sockets when Sending / Receiving must be set to: never
If you have activated "Alternate Ports" then the SMPT Port must be still set to 25 (Default).
After making those three changes it's up and running great.
Thanks again. It is nice to get rid of those pesty SSL Cert errors!
I followed it but could not connect to Gmail after making the changes, I was receiving Error 10061, Connection refused.
It took me a couple of days to figure out what the issues were so I thought I would report them in case others run into this.
There are more Eudora settings that effect connection other than the original three in the guide:
Checking Mail->Mail Server: 127.0.0.1
Sending Mail->SMTP Server: 127.0.0.1
(I used localhost for ease of typing instead of 127.0.0.1)
Sending Mail->SMTP Server: 127.0.0.1
(Use submission port (587) is UNchecked)
These additional settings need to be set as follows:
Secure sockets when Sending / Receiving must be set to: never
If you have activated "Alternate Ports" then the SMPT Port must be still set to 25 (Default).
After making those three changes it's up and running great.
Thanks again. It is nice to get rid of those pesty SSL Cert errors!
0 new messages