Adding IMAP4 SSL service support using STUNNEL

All editions of VPOP3 (from v3 onwards) support SSL connections to remote mail servers. To use these, just enable the relevant encryption options in the Mail Connectors, and change the 'port' number if appropriate.

VPOP3 Enterprise supports SSL or STARTTLS (TLS) connections from email clients to VPOP3. To use these you will need an SSL certificate. There are instructions for this on our wiki.

The one limitation currently in VPOP3 is that the IMAP4 service cannot support a plain text/STARTTLS connection on one port, and an SSL connection (IMAP4S) on an alternate port. If you have to support this because of email client limitations, then you can use STUNNEL to convert between an SSL and plain text connection.

  1. Download STunnel for Windows from (eg "stunnel-5.20-installer.exe").
  2. Install this on the VPOP3 computer. The installation will generate a self-signed certificate for you, but you can replace that later if you wish.
  3. Once you have installed it, go to the installation directory and edit the 'stunnel.conf' file in a text editor, such as Notepad.
  4. Scroll down the file, until you find the section beginning with ;[imaps] . Remove the ; from the start of that block of lines, so it says:
    accept = 993
    connect = 143
    cert = stunnel.pem

    (If you wish to use a different certificate, then specify the appropriate pem file on the last line. You will need to put the private key, certificate and any intermediate certificates into the same file)

    That section tells STunnel to accept connections on port 993, and connect to the local computer on port 143
  5. If the stunnel.conf file contains sections like '[gmail-imap]' and '[gmaill-smtp]' that are unwanted you can delete those sections (delete the line containing the label in square brackets, and following lines up, but not including, to the next blank line or the next line containing a label in square brackets).

    If in doubt, and you are only using STUNNEL for the IMAP4 SSL service support, then you can create a new 'stunnel.conf' file just containing the lines in the previous section.
  6. At the command prompt in the STunnel installation directory, run 'stunnel -install' to install the STunnel service, then start it by running 'net start stunnel' (it should start automatically when the PC is restarted).

 That's it