Stunnel Advice??

[sandmanmac]

Hi All.
So I've been involved in some discussions on CTN lately that have lead me back to the need to use Stunnel on occasion, which I have not done for a long time - and even then, only on a few occasions, so I am not all that proficient.

I reviewed my old setup notes, and I'm able to get it going with Gmail.

I did figure out that it also requires the creation, and use of an App password when 2FA is enabled, as does the typical scan to email setup on the Ricoh devices

I've e been playing around with editing down the stunnel.conf file to only include SMTP settings, since all I will ever need to do is send email from a machine.

Here's what the file currently looks like to scan through my Gmail:

; The default certificatecert = stunnel.pem
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
; Set client mode
client = yes


[ssmtp]
accept = 25
connect = smtp.gmail.com:465


What I've been trying to accomplish on my own is to figure out how to get the service running on different mail servers like Go Daddy, Hostpapa (which is the company that hosts mine), etc.

I hoped it would be as simple as just changing the smtp.gmail.com to say mail.xyzcompany.ca ( in my case), but that doesn't seem to be the case.
I've done quite a bit of searching but haven't had much luck finding an answer (that I can understand anyway)
So is there a sort of easy setup to enable the service to function using any mail server ?

Thanks in advance for any advice!

[rthonpm]

Your overall config looks right.

Let's take your hosting service of hostpapa as an example. From their documentation, the SMTP server is mail.domainname.com you'll likely need to get the port they're using for SMTP over TLS as they may not be using the standard TCP 469. You'll also need to make sure that the device sending mail is using the right credentials to authenticate to the mail server as those not part of the STunnel config.

You'd need to do the same for any other provider, I know at one point GoDaddy was using Port 80 for its own mail services so it may just be a factor of finding the right options.


Also make sure to restart the service after making any changes to the config file.

[sandmanmac]

Your overall config looks right.

Let's take your hosting service of hostpapa as an example. From their documentation, the SMTP server is mail.domainname.com you'll likely need to get the port they're using for SMTP over TLS as they may not be using the standard TCP 469. You'll also need to make sure that the device sending mail is using the right credentials to authenticate to the mail server as those not part of the STunnel config.

You'd need to do the same for any other provider, I know at one point GoDaddy was using Port 80 for its own mail services so it may just be a factor of finding the right options.


Also make sure to restart the service after making any changes to the config file.

Thanks for the info!
This is the strangest thing!
I thought / hoped that all I would need to do is change the mail server in the config file to use other mail servers, but damned if I could get it to work last night after quite a bit of messing around!
That was the reason for my post.
Today I come home and read your reply, try it again, and it works on multiple devices via HostPapa

So that's my WTF moment for the day!

All I can think of is that I may have neglected to UNCHECK the 'Use Secure connection' on the WIM last night.

Anyway, thanks for the advice, and I've always felt that the more times I fail with this stuff, the more I end up learning at the end of the day, so I'm getting pretty comfortable with Stunnel now

[rthonpm]

The best thing to do once you get it working is to create a master config file with all of the providers that you can get working. Just comment out the ones you don't need using a semicolon or number sign in front of the lines. You can also comment out any other notes or information you might need in the future. This way you can just copy your master file to any install and you're good to go.

Personally, I do most of my STunnel installs on Linux because of the smaller storage and memory footprint, but there are a few customers with it on Windows. If you're going to be using both, be sure to use something like Notepad++ to edit the file so that it can keep the Unix formatting for Linux instances.

Sent from my Pixel 6 Pro using Tapatalk

[sandmanmac]

Excellent tips!
I can't see an instance where I would be installing on anything other than a Windows system.
I'd be entirely out of my element in that case.

Thanks again!

[rthonpm]

No trouble at all! One of the reasons I like STunnel is that it is cross platform.

Sent from my Pixel 6 Pro using Tapatalk

[CoreyAbels]

THIS is the thread I was looking for! I'm hoping someone can give me some pointers, nay instructions, as I am NOT versed in Stunnel. I have a Kyocera MFD that a client wants to integrate with Google Secure LDAP. Secure Google LDAP requires one of two things, a Certificate to be loaded into the application that is using the Google LDAP client (think PaperCut) OR it requires Stunnel to be loaded on a network computer (I assume file/print server is the ideal choice) and the device then needs to be pointed at the Stunnel PC to access said certificate for authentication. Does someone have some kind of plain instructions on how to install/configure Stunnel and in turn point the MFD at said configured PC? Thanks guys!

[slimslob]

THIS is the thread I was looking for! I'm hoping someone can give me some pointers, nay instructions, as I am NOT versed in Stunnel. I have a Kyocera MFD that a client wants to integrate with Google Secure LDAP. Secure Google LDAP requires one of two things, a Certificate to be loaded into the application that is using the Google LDAP client (think PaperCut) OR it requires Stunnel to be loaded on a network computer (I assume file/print server is the ideal choice) and the device then needs to be pointed at the Stunnel PC to access said certificate for authentication. Does someone have some kind of plain instructions on how to install/configure Stunnel and in turn point the MFD at said configured PC? Thanks guys!

Stunnel is a locally installed SMTP relay server. It is primarily used with older MFP that do not support TLS or only can use Port 25. It is for email, not scan to folder.

[bsm2]

Customer needs to upgrade machine
We stop using this years ago

Easy sale

[rthonpm]

Stunnel is a locally installed SMTP relay server. It is primarily used with older MFP that do not support TLS or only can use Port 25. It is for email, not scan to folder.

Not quite. That's it's most common use but it can be used for multiple services that require encrypted connections.

I've used it to encrypt remote MySQL connections in a few off the wall setups.

Sent from my Pixel 6 Pro using Tapatalk