Hello!
Yildi’s FAQ is very good reference for me and those who want to use Stunnel to connect secure POP/IMAP/SMTP servers. Without it, I couldn’t have set up my computer to do that. Thank you very much, yildi! Yildi’s config, however, didn’t work on me very well, and I needed to change a few things in the config. I think the changes I’d made might help some people to troubleshoot.
Added: I manually set up the email protection when I wrote this. This configuration can only work for those who manually set it up. If you use avast!4.6 or newer on Windows XP (probably on Win NT, 2000, or 2003 as well), you can’t manually set it up any more. I guess if you use on Win 95, 98, or Me, you still can or need to manually set it up.
(1) In the stunnel.conf
(A) It seems like in the stunnel.conf, to comment a line out, you can use “#” or “;” only at its beginning. Therefore you should remove or move to the next line newly created yildi’s comments “#or the SSL port of your Secure POP/SMTP server if you use another service.”
(B) Added: If you use the TLS connection, you need to add “protocol = smtp” for the SMTP/TLS connection, and “protocol = pop3” for the POP/TLS connection.
I added “protocol = smtp” like:
Added: e.g. As Gmail’s secure POP connection is the SMTP/TLS connection, you need to define the protocol for the connection as SMTP like this:
[gmail-smtps]
protocol = smtp
accept = localhost:11025
connect = smtp.gmail.com:587
Currently Google Help says the secure SMTP port is 587. I don’t think you should add “protocol = pop3” for the secure POP connection. When I tried doing that, I could log in but couldn’t retrieve new e-mails from my POP server.
Added: If you use the SSL connection, you shouldn’t define the protocol.
e.g. As Gmail uses the POP/SSL connection, you shouldn’t add the definition “protocol = pop3” for the Gmail POP connection.
[gmail-pop3s]
accept = 127.0.0.1:11110
connect = pop.gmail.com:995
(2) In the avast.ini
I think that in Pop/Smtp/ImapRedirectPort you should put only the ports where you want avast! to scan emails. For example, if you want emails to go through your email client, Spamihilator, avast!, and Stunnel or directly your remote mail server in this order, you should set in Pop/Smtp/ImapRedirectPort only the ports you use between Spamihilator and avast!. The RedirectPorts are those where avast! scans emails, not those where the servers avast! connects listen. Therefore basically you should set in Pop/Smtp/ImapRedirectPort only the ports where avast! listens, which are the same as you’ve set in Pop/Smtp/ImapListen.
[s]If those above don’t help you fix your problem in the email connection, you should try out the following, too.
(3) In the avast.ini again
You shouldn’t set any value for IgnoreLocalhost. Remove the item or leave its value blank.[/s]
(4) In your email client’s settings
If you don’t set any value for IgnoreLocalhost in the avast.ini, you need to set in your email client’s settings Spamihilator’s, avast!'s, and Stunnel’s locations and ports where they listen, for the secure connection, and Spamihilator’s, avast!‘s, and your POP/SMTP/IMAP servers’ locations and ports where they listen, for the normal connection. For example, if you access your email client, Spamihilator, avast!, Stunnel, and your remote mail server in this order to connect the secure server, you should set in your email client the following:
mail server
127.0.0.1
(Sure you can set “localhost” for this as yildi does, too. This is Spamihilator’s location.)
mail server’s port
the port where Spamihilator listens
username
127.0.0.1&username#127.0.0.1:the port where Stunnel listens&the port where avast! listens
(The first “127.0.0.1” is avast!'s location. The second 127.0.0.1 is Stunnel’s location. “Mail server&username&port” is the format Spamihilator requires. “Username#mail server:port” is the format avast! requires.)
As I don’t use Spamihilator, the settings in my email client are less complicated than what I’ve shown in (4), but all above are the changes I made. I hope the setting example in (4) will work fine for those who use Spamihilator. Wish you luck!
Added: If this configuration doesn’t work, you should set the value of “IgnoreLocalhost” as 0 in the avast.ini file. Because you’ve manually defined what ports avast! should listens and scans, avast! can scan without the setting “IgnoreLocalhost = 1” what it has to.
PS: I posted this just before I updated avast! to 4.6. The information in this post can be applied to avast!4.5, not to avast!4.6. To see my rough explanation about the configuration for avast!4.6, go to http://forum.avast.com/index.php?topic=8775.msg96725#msg96725.
I’m sorry for this mess.