stunnel for Turnpike Connect to collect from outlook.office365.com

[Andy Frith]

Well I've now got my sparkling new Office365 version of my
hostname.demon.co.uk emails set up with users (I went for 2) and aliases
AND even my 2nd domain (hostname.co.uk) which got moved to NamesCo last
year. You can add other domains into the Office365 portal but NamesCo
support were very helpful in doing it and changing the hostname.co.uk
DNS, though I got the impression it was the first time this particular
person had done it! Just like the Demon Mailadmin you get the new domain
in the domain dropdown box when creating new email addresses. (No
additional fees to use the extra domain as long as you don't try to add
another user!)
One slight hiccup - adding the extra domain changed the userid of the
365 portal admin user so do what I did (fortunately as it turns out) -
when accessing the portal to add users for the first time DO NOT ADD
EMAIL to the existing admin user - leave that well alone and an another
user to put the email on and if its the first/only one make that a
Global Admin as well.

The one surprise was that having thought I controlled the process and
had the 30 days it seems once your 365 is set up you only have 2 days
before the switch of email flow from Demon to NamesCo happens hence the
rush this afternoon to sort it all.

NamesCo changed the hostname.co.uk DNS this afternoon and I'm already
getting mails for it onto the new system.

I've finally just got Turnpike Connect connecting to 365 and getting
test email to hostname.co.uk the it took a bit of googling to get the
right stunnel settings.

I decided to start with a clean install of the newest stunnel (5.35) and
this the .conf file I used:

debug = 7
output = stunnel.log

taskbar = yes

[outlook365-pop3]
client = yes
accept = 127.0.0.1:3995
connect = outlook.office365.com:995
verify = 2
CAfile = ca-certs.pem
CheckHost = outlook.office365.com

Though I'll probably remove / reduce the debug bit once it seems to be
OK.

in Connect:

Server name: 127.0.0.1
Port: 3995
Mailbox: youroutlook365username (per...@hostname.demon.co.uk) - NOT an
alias
Password: as set up at the 365 portal
Mirror
use "APOP" (seems to work ticked or unticked)
Retry every: your choice!

For stunnel in a CMD box I did stunnel -install & stunnel-start which
seems to set the service up, tho still need to test if that survives a
reboot.

I haven't tried SMTP yet, still using good old smtp.demon.co.uk in
Connect at the moment.

Having a rest now before trying to copy the last 30days of emails from
Demon before I say goodbye to them email wise. Once that's done I'll be
onto the Fibre options .....

[Iain Archer]

Andy Frith <an...@nospam.demon.co.uk> wrote on Fri, 12 Aug 2016 at
18:22:16:

>I haven't tried SMTP yet, still using good old smtp.demon.co.uk in
>Connect at the moment.

Andy

Have you got around to configuring stunnel for smtp.office365.com
yet? I installed stunnel for Eileen Conn yesterday. POP3 collection
fine, but SMTP gets:

SSL_connect: 140770FC: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol

logged, for no very obvious reason. I'd be interested in seeing your
full stunnel.conf if you have done the SMTP switch successfully.

I've been using an older stunnel version on my own machine for years,
and have simply been following templates where I'm not familiar with the
more newly included parameters. I strongly suspect though that there's
nothing wrong with my config and that there's another cause. I was able
to do an telnet SMTP post via her ExchangeEssentials account using this
script as model without problem.
<http://petermorrissey.blogspot.co.uk/2013/01/sending-smtp-emails-with-po
wershell.html>
--
Iain Archer

[John Hall]

In message <QleXhzL+...@gmail.com>, Iain Archer
<iane...@gmail.com> writes

>I installed stunnel for Eileen Conn yesterday. POP3 collection fine,
>but SMTP gets:
>
>SSL_connect: 140770FC: error:140770FC:SSL
>routines:SSL23_GET_SERVER_HELLO:unknown protocol
>
>logged, for no very obvious reason.

Doing a google search on "office 365 smtp settings ssl" turned up some
pages suggesting that Office 365 SMTP uses TTL encryption (on port 587)
rather than SSL. Stunnel can handle either, of course.
--
John Hall
"Banking was conceived in iniquity and born in sin"
attributed to Sir Josiah Stamp,
a former director of the Bank of England

[Iain Archer]

John Hall <john_...@jhall.co.uk> wrote on Thu, 18 Aug 2016 at
20:32:48:

>In message <QleXhzL+...@gmail.com>, Iain Archer
><iane...@gmail.com> writes
>>I installed stunnel for Eileen Conn yesterday. POP3 collection fine,
>>but SMTP gets:
>>
>>SSL_connect: 140770FC: error:140770FC:SSL
>>routines:SSL23_GET_SERVER_HELLO:unknown protocol
>>
>>logged, for no very obvious reason.
>
>Doing a google search on "office 365 smtp settings ssl" turned up some
>pages suggesting that Office 365 SMTP uses TTL encryption (on port 587)
>rather than SSL. Stunnel can handle either, of course.

Yes, I included port-selection among my own reading and, more
pragmatically, have tried out specifying port 465 in the Powershell
script that succeeded with port 587. With 465 it didn't. Perhaps,
incidentally, I should try the same script on Eileen's machine too.

Any sight of an stunnel.conf file successfully used to enable posting
from TP via Namesco by a demon.co.uk migratee would still be very
welcome.
I will get a debug level 7 report on my next visit.
--
Iain
"Meanwhile, one must be content to go on piping up
for reason and realism and a certain decency."

[Iain Archer]

I eventually realised that I could do the testing from my home machine,
with the added hazard of swapping around betwen my and Eileen's
identity. It's now successfully running on her machine, details below.
Some of this just backs up what Andy's already posted, but the SMTP
config is new.

Exchange Essentials apears to use the same servers as the bigger
Office365 package.

The Office365 username is a full address at your Demon domain
The Office365 user account password is new, ad lib.


TP Connect
========
SMTP Mail gateway; 127.0.0.1
Logon Using : selected
Username: Office365 username
Password: Office365 user account password

POP: Server: 127.0.0.1 Port: 3110
Mail box: Office365 username
Password: Office365 user account password

Stunnel.conf
=========
; stunnel.conf file as used for adding required secure
; communication between Turnpike Connect and
; the Namesco Exchange Essentials / Office365 servers
; handling Mx for migrated Demon mail accounts

;(comment / unneeded lines start with a semi-colon.
;I've omitted most of the pre-provided example stuff')

; change to debug = 7 for full debug data ia
debug = 5
output = stunnel.log

; Enable support for the insecure SSLv3 protocol
; (I did uncomment this during trials as it seemed to be
; needed for smtp.office365.com. But recommented after
; successful retesting without it. ia 22/8/16)
;options = -NO_SSLv3

[namesco POP3]
client = yes
accept = 127.0.0.1:3110
connect = outlook.office365.com:995

; (I've added the protocol = smtp line. Final tests, after
; I'd succeeded in sending mails, showed sending
; failed without it. ia 22/8/16)
[namesco SMTP]
protocol = smtp
client = yes
accept = 127.0.0.1:25
connect = smtp.office365.com:587

[bert]

In article <kP52TIAL...@gmail.com>, Iain Archer

One of these days someone will have the courage to cut out all the c***
and just leave the relevant 8 or so lines.
--
bert

[Andy]

In message <A9QLS2Gc...@m1.co>, bert <be...@btinternet.com> wrote
[gulp]

>One of these days someone will have the courage to cut out all the c***
>and just leave the relevant 8 or so lines.

debug = 5
output = stunnel.log

[namesco POP3]
client = yes
accept = 127.0.0.1:3110
connect = outlook.office365.com:995

[namesco SMTP]
protocol = smtp
client = yes
accept = 127.0.0.1:25
connect = smtp.office365.com:587

--
Andy Taylor [Editor, Austrian Philatelic Society].
Visit www dot austrianphilately dot com>

[Tim Lamb]

In message <Qh0XioDPiKvXFw$e...@kitzbuhel.co.uk>, Andy
<an...@kitzbuhel.co.uk> writes

>In message <A9QLS2Gc...@m1.co>, bert <be...@btinternet.com> wrote
>[gulp]
>>One of these days someone will have the courage to cut out all the
>>c*** and just leave the relevant 8 or so lines.
>
>debug = 5
>output = stunnel.log
>[namesco POP3]
>client = yes
>accept = 127.0.0.1:3110
>connect = outlook.office365.com:995
>[namesco SMTP]
>protocol = smtp
>client = yes
>accept = 127.0.0.1:25
>connect = smtp.office365.com:587

Above pinned safely:-)

However, I already have AVG. Does this need setting up or will it work
out of the box?

Black hole beckons on Sept. 10th.:-(

Currently exploring alternatives including domain change but anxious to
hang on to Turnpike.

--
Tim Lamb

[John Hall]

In message <XmUgPeAq...@marfordfarm.demon.co.uk>, Tim Lamb
<t...@marfordfarm.demon.co.uk> writes

I'm confused. AVG has no relevance to this. Maybe you were thinking of
the alternative anti-virus software Avast, which apparently obviates the
need for Stunnel?

[Tim Lamb]

In message <3bY8xvArjWvXFwZP@jhall_nospamxx.co.uk>, John Hall
<john_...@jhall.co.uk> writes

Ah! Sorry. Mentioned elsewhere and I didn't check.

Same question... if I had Avast, does it require setting up?

--
Tim Lamb

[bert]

In article <Qh0XioDPiKvXFw$e...@kitzbuhel.co.uk>, Andy
<an...@kitzbuhel.co.uk> writes

>In message <A9QLS2Gc...@m1.co>, bert <be...@btinternet.com> wrote
>[gulp]
>>One of these days someone will have the courage to cut out all the
>>c*** and just leave the relevant 8 or so lines.
>
>debug = 5
>output = stunnel.log
>[namesco POP3]
>client = yes
>accept = 127.0.0.1:3110
>connect = outlook.office365.com:995
>[namesco SMTP]
>protocol = smtp
>client = yes
>accept = 127.0.0.1:25
>connect = smtp.office365.com:587

Brilliant!!
Doesn't it look so much less scary.
--
bert

[bert]

In article <OlJWfZDe...@marfordfarm.demon.co.uk>, Tim Lamb

Those who have used it say not. (Sorry for the confusion, I think it was
my fault).
--
bert

[John Hall]

In message <z0uXwdAm...@m1.co>, bert <be...@btinternet.com> writes

To be fair to Iain, he'd stripped out all the original comments lines
and only included those of his own that explained what his configuration
was doing.