Jump to content

sTunnel for modern email protocols in old email clients


Recommended Posts

I use Outlook 2010 as email client.

To get in contact with my email providers it is neccessary to have modern TLS protocols, TLS1.0 / SSL is no more supported.

And to solve this problem I use sTunnel (latest version for 32bit is 5.49).

The advantage of sTunnel is that the Windows certificate storage can be used, which greatly simplifies the configuration in this case.

So sTunnel only needs to be installed and activated as a service, as well as using this simple configuration (example of stunnel.conf):

debug = 4
engine = capi
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1

[gmx-pop3s]
client = yes
EngineID = capi
accept = localhost:xxxx
connect = pop.gmx.net:995

[gmx-smpts]
client = yes
EngineID = capi
accept = localhost:yyyy
connect = mail.gmx.net:465

In Outlook the local ports are set as default connection (server localhost and port POP xxxx / SMPT yyyy)

Thats all.

It works also for other email clients, so this may be a good advice for a configuration.

Edited by Thomas S.
Link to comment
Share on other sites


I use sTunnel only for receiving (POP) and sending (SMPT) the emails with Outlook.

HTTPSProxy is not able to handle this protocols, and you need to address the email server TLS ports 995 / 465 (HTTPS is 443).

But for display purposes, especialy pictures embedded in emails and downloaded direct via HTTPS from many different hosting servers (in Outlook the MSWord and IE / system functions are used) HTTPSProxy is also needed.

So it depends of the way Eudora must establish a connection to your email provider (i don't know this).

 

 

Link to comment
Share on other sites

@Dave-H, keep in mind there are two things going on with a typical email client:

  1. Sending and receiving the emails themselves. This is done by connecting to your email service using protocols like SMTP (sending email), POP3 or IMAP (receiving).
  2. Displaying the received emails. Since many emails are HTML this is done much like a Web browser. For example, images are often fetched from a Web server via HTTP.

STunnel helps with #1 if your email client can't connect to your email service. Since most folks only have one email service, you just set up a non-secured connection to localhost. STunnel looks like a non-secured email service to your client, and like a secure email client to your service. (If you have more than one email service you can add connections on other ports, as long as your email client lets you specify the ports to connect to.)

But it sounds like your problem is related to #2. That's a harder problem because images and like content can come from pretty much anywhere on the Web. The best solution is probably ProxHTTPSProxyMII, which you have, but your email client needs to be configured to use it. I'm not sure how to do that with Eudora - some clients share the Internet connection settings with IE8, but other clients have their own setup. I'd bet someone around here knows how to configure Eudora though.

Link to comment
Share on other sites

On 12/10/2018 at 4:53 AM, roytam1 said:

I think it is possible to build win32 32bit 5.50.

More info here:

https://github.com/mtrojnar/stunnel/blob/master/INSTALL.W32

... and I found some kind of a Russian fork, stunnel-msspi, but of the v5.50 32-bit released binaries :

stunnel-5.50-msspi-0.135_windows-386.zip

only the CLI (stunnel-msspi-cli.exe) would run in my Vista laptop, whereas the GUI (stunnel-msspi.exe) probably requires Win7+ (the EXE makes API call to K32getModuleFileNameExA not to be located in Vista's kernel32.dll :realmad: ) ...

 

Link to comment
Share on other sites

@Thomas S. @Mathwiz

Thanks guys!
Eudora uses its own certificates to connect to e-mail servers for receiving and sending, there is no problem with this side of things.

It uses the certificate system in Windows to actually display messages though, when using the "Microsoft Viewer" option.
Before I had HTTPSProxy installed, many images in messages would not display, and I was getting constant certificate error messages.
Now it's much better, but messages from some sources take about 30 seconds to display, during which Eudora is completely frozen.
After that they display perfectly, which is very puzzling!
If I switch off the "Microsoft Viewer" option, so Eudora uses its internal viewer, they display instantly, but usually look awful!
:)

Link to comment
Share on other sites

That's interesting. I'm guessing the "Microsoft Viewer" option uses the IE8 rendering engine, which is pretty outdated; but probably not nearly as outdated as Eudora's internal HTML viewer!

Anyway, maybe the 30-second delays have less to do with security, certificates, and the like, than with the IE8 rendering engine just being slooow with modern HTML emails.

Link to comment
Share on other sites

58 minutes ago, dencorso said:

Wasn't there a way to cause IE8 to use Chromium rendering engine? If so, wouldn't it perhaps work with Eudora? :unsure::unsure::dubbio:

Yes. That would be the Google Chrome Frame.

I hosted a copy of it myself due to the general lack of availability elsewhere
http://i430vx.strangled.net/files/XP/GoogleChromeframeStandaloneEnterprise.msi

Dunno if it works with Eudora, though.

Link to comment
Share on other sites

On 12/13/2018 at 8:14 AM, VistaLover said:

More info here:

https://github.com/mtrojnar/stunnel/blob/master/INSTALL.W32

... and I found some kind of a Russian fork, stunnel-msspi, but of the v5.50 32-bit released binaries :

stunnel-5.50-msspi-0.135_windows-386.zip

only the CLI (stunnel-msspi-cli.exe) would run in my Vista laptop, whereas the GUI (stunnel-msspi.exe) probably requires Win7+ (the EXE makes API call to K32getModuleFileNameExA not to be located in Vista's kernel32.dll :realmad: ) ...

 

Actually the API exists in psapi.

K32 series is pretty much became a excuse for many devlopers to drop XP /Vista support.

Link to comment
Share on other sites

  • 1 month later...
On 12/13/2018 at 5:44 AM, VistaLover said:

.. and I found some kind of a Russian fork, stunnel-msspi, but of the v5.50 32-bit released binaries :

stunnel-5.50-msspi-0.135_windows-386.zip

only the CLI (stunnel-msspi-cli.exe) would run in my Vista laptop, whereas the GUI (stunnel-msspi.exe) probably requires Win7+

You can use the command:
EDITBIN.EXE /VERSION:5.1 /SUBSYSTEM:CONSOLE,5.01 stunnel-msspi-cli.exe
to achieve performance in WinXP. But it is still not clear what to do with stunnel.pem and how to get it. :(

PS. Stand-alone EDITBIN can be downloaded here.

Edited by -SnooPY-
Direct link added
Link to comment
Share on other sites

@i430VX @dencorso

Sorry I've taken a while following this up, but I just tried installing Google Chrome Frame.

I forced it to become the default rendering engine in IE8 with a registry hack, and was astounded how it transformed IE8 in that it would now correctly display web pages that looked a terrible mess with the default Trident engine!

Unfortunately, it didn't make any difference at all to Eudora's rendering of e-mails, the problem ones are still just as slow to display.
As I said earlier, when they eventually do display they display perfectly, with no elements missing, so that's not the problem, the problem is how long it takes them to appear!

Google Chrome Frame also stops Windows/Microsoft Update from displaying in IE8 of course, as you would expect!

@heinoganda, if you're across this thread, what I'm seeing always in the HTTPSProxy console every time there's a display delay, in this case with an e-mail from the Sky help forum, is this -

[19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [helpforum.sky.com:443]
[19:22] 002 [D] "GET https://helpforum.sky.com/html/assets/email/community-logo.png" 200 9887
[19:22] 001 [D] "GET https://helpforum.sky.com/i/smilies/16x16_smiley-happy.gif" 200 414
[19:22] 003 [D] "OPTIONS https://helpforum.sky.com/ 0" 200 -
[19:22] 003 ProxHTTPSProxyMII FrontProxy/v1.5 [WinError 10053] An established connection was aborted by the software in your host machine

I don't know if this gives any clues!
:)

Edited by Dave-H
Typo
Link to comment
Share on other sites

20 minutes ago, Dave-H said:

[19:22] 000 "EOF occurred in violation of protocol (_ssl.c:600)" while trying to establish local SSL tunnel for [helpforum.sky.com:443]

Have you ever tried to insert the entry *helpforum.sky.com* in [SSL Pass-Thru] in the config.ini of HTTPSProxy?

:)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...