CodeWeavers - Software Liberators
CrossOver™ PortJump™ ExecMode™

Microsoft Outlook 2007 Tips

Creating a SSL stunnel connection

Perhaps one of the more noticeable problems is the inability of Outlook to connect to POP/IMAP/SMTP servers via SSL. However, as is always the case with Linux - there is a work around in the form of Stunnel, which is a SSL wrapper.

Below is instructions on how to install and set up Stunnel together with Outlook 2007 in order to be able to send and receive email using SSL connections.

1. Install stunnel
This can be done using your distribution's package manager. For example, if you are using Ubuntu the command would be
sudo apt-get install stunnel4
Alternatively, you can download the source code (from here) and compile it yourself.

2. Change directory to the folder where stunnel was installed
cd /etc/stunnel

3. Generate the SSL certificate
openssl req -new -x509 -days 3650 -nodes -out mail.pem -keyout mail.pem
This will call OpenSSL to create a new X.509 certificate that is valid for 10 years (3650 days) and store the certificate and the key in file mail.pem. You will be prompted to enter some information that we be incorporated into the certificate.

4. Change the permissions on the certificate file
sudo chmod 640 /etc/stunnel/mail.pem

5. Edit the configuration file
There is a number of lines that need to be uncommented and edited in order to configure stunnel to work correctly. Firstly, we need to uncomment the line which specifies the location of the certificate
cert = /etc/stunnel/mail.pem
Next, we need to turn on the debugging options. These can be turned off later once we have stunnel working correctly.
debug = 7
output = /var/log/stunnel4/stunnel.log
Activate client mode
client = yes
Now comes the more difficult part: setting up the tunneling.

5. (b) Setting up the tunnelling
Scrolling down to the bottom of the configuration file you will find so-called 'service blocks', which define the start and end-points of the tunnels. For example, there are three template service blocks already in place. The first one is for POP mail,
;[pop3s]
;accept = 995
;connect = 110
This will take traffic from port 995 and tunnel it to 110. So you can set up a program/daemon to communicate through port 995 and stunnel will tunnel the communications through port 110. Now, you will need to set up one service block for each email service that you wish to connect to. So if you only use one email account you will need two service blocks: one for receiving (POP/IMAP) and one for sending (SMTP). In order to set up a service block, you need two pieces for information: the server address and port of your email provider. This information can usually be obtained from your email provider's website. You also need to chose a port to forward from, this port should not be in use by any other protocol. The format of a service block should be of the form,
[blockname]
accept=127.0.0.1:in_port
connect=server:out_port
So for example, if you want to connect to Googlemail via IMAP then the service block would take the form,
[Gmail-IMAP]
accept=127.0.0.1:3000
connect=imap.gmail.com:993
You would also need to configure the SMTP protocol, taking care to specify a different port,
[Gmail-SMTP]
accept=127.0.0.1:3001
connect=smtp:gmail.com:465
The IP address 127.0.0.1 is the loopback IP address, and is equivalent to using localhost.

6. Start stunnel4
sudo stunnel4

7. Configure Outlook
Outlook can be configured using the standard set-up wizard. Tools > Account Settings > New. Fill in the details as usual, except that instead of using your email provider's incoming and outgoing sever settings, you should use your localhost, i.e. 127.0.0.1, together with the appropriate ports as specified in your stunnel.conf file. So, continuing with out Gmail example above, both your incomming and outgoing severs would be 127.0.0.1 and your incomming port would be 3000, with your outgoing port being 3001.

Please note: Do not select any encryption on either protocol. With stunnel set up correctly, Outlook will trasmit data to 127.0.0.1 (your computer), stunnel will then encrypt the data, using your certificate and then transmit it to the appropriate server.

Outlook should now be able to send and receive emails using the account that you have just set up. If there are no problems, you can deactivate debugging in the stunnel.conf file, but commenting out the appropriate lines.

8. Configure stunnel to start when Outlook starts
Stunnel can be a little temperamental if it is started at boot time, or before an internet connection is established. I have not yet found a satisfactory method of automatically starting Stunnel, any suggestions would be most welcome.

Tips for Microsoft Outlook 2007
by Daniel on 2011-02-23 17:01:57
Important Information Tips are provided by the CrossOver Community and Advocates. They are not intended to be used for official CodeWeavers Support. For that, please visit our official support pages.
CodeWeavers or its third-party tools process personal data (e.g. browsing data or IP addresses) and use cookies or other identifiers, which are necessary for its functioning and required to achieve the purposes illustrated in our Privacy Policy. You accept the use of cookies or other identifiers by clicking the Acknowledge button.
Acknowledge
Please Wait...
eyJjb3VudHJ5IjoiVVMiLCJsYW5nIjoiZW4iLCJjYXJ0IjowLCJ0enMiOi02LCJjZG4iOiJodHRwczpcL1wvbWVkaWEuY29kZXdlYXZlcnMuY29tXC9wdWJcL2Nyb3Nzb3Zlclwvd2Vic2l0ZSIsImNkbnRzIjoxNzMxNDM1MjAzLCJjc3JmX3Rva2VuIjoic2RVdnVNS3FweHlrQnM4aCIsImdkcHIiOjB9