Secure SMTP and IMAP sessions with stunnel

Regarding to mailpiler project I have to create solutions for the following:

1) Secure the communication between the primary email server and the mailpiler machine.
2) Secure the communication channel between the mailpiler machine and the IMAP server, in case of importing emails from an IMAP account.

My first choice was stunnel, since these features haven’t been implemented, at my first mailpiler setup. So, after installing stunnel and openssl (yum install stunnel openssl on CentOS) I created two config files. One for create a secure channel wrapper for the incoming connection on port 465 (SMTPs), a second to create an ssl wrapper to connect to the IMAP server.

In order to serve secured SMTP you will need at least a self-signed certificate:

openssl req -new -x509 -days 3650 -nodes -out /etc/stunnel/stunnel.pem -keyout /etc/stunnel/stunnel.pem

If it is done, create separate files for client (wrapping IMAP) and for the server (serving ssl layer provider for mailpiler smtp).

For server create a config files, called /etc/stunnel/stunnel-server.conf:

nano /etc/stunnel/stunnel-server.conf

## Insert the following lines into the file

[smtpss]

cert = /etc/stunnel/stunnel.pem

accept = 465

connect = 25

 

For client (wrap around the IMAP data-flow with ssl), I used another file:, /etc/stunnel/stunnel-client.conf:

nano /etc/stunnel/stunnel-client.conf
## Insert the following lines into the file

client=yes

[imaps]

accept=143

connect=yourmailserver:993

 

Start the daemons:

stunnel /etc/stunnel/stunnel-server.conf

stunnel /etc/stunnel/stunnel-client.conf

 

If they are successfully started, you can configure your server to send the emails on port 465 to mailpiler.
On the other side, you can just use localhost to the IMAP server, when importing mails from IMAP with pilerimport. It will connect to localhost on port 143, which will be wrapped into ssl layer and forwarded to yourmailserver.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

This site uses Akismet to reduce spam. Learn how your comment data is processed.