HOWTO: Use SSL/port 465 in smarthost stunnel

Smarthost currently doesn’t permit to use port 465 with SSL to connect to a SMTP server:

Tested in Nethserver V6.8 with Aruba SMTP server
Maybe works in Nethserver V7 too

2017.06.21 EDIT: Yes, it works in v7 too

This is the solution:

Install stunnel:

yum install stunnel

Create a stunnel file configuration:

vi /etc/stunnel/stunnel.conf

With these lines

output=/var/log/stunnel

[smtp-tls-wrapper]
accept=127.0.0.1:11125
client=yes
connect=Your.ISP.SMTP.Server:465

Where Your.ISP.SMTP.Server is the SMTP server of your ISP

Create a file

vi /etc/rc.d/init.d/stunnel

With these lines

#!/bin/bash
#
# Init Script to run stunnel in daemon mode at boot time.
#
# Author: Riccardo Riva - RPM S.r.l.
# Revision 1.0  -  2010 November, 11
#
# Revision 1.1 - 2015 September, 21
#
# 
# Changed definition of SEXE variable to find automatically the path of stunnel
#

#====================================================================
# Run level information:
#
# chkconfig: 2345 99 99
# description: Secure Tunnel
# processname: stunnel
#
# Run "/sbin/chkconfig --add stunnel" to add the Run levels.
# This will setup the symlinks and set the process to run at boot.
#====================================================================

#====================================================================
# Paths and variables and system checks.

# Source function library
. /etc/rc.d/init.d/functions

# Check that networking is up.
#
[ ${NETWORKING} ="yes" ] || exit 0

# Path to the executable.
#
SEXE=`which stunnel`

# Path to the configuration file.
#
CONF=/etc/stunnel/stunnel.conf

# Check the configuration file exists.
#
if [ ! -f $CONF ]
then
	echo "The configuration file cannot be found!"
	exit 0
fi

# Path to the lock file.
#
LOCK_FILE=/var/lock/subsys/stunnel

#====================================================================

# Run controls:

prog=$"stunnel"

RETVAL=0

# Start stunnel as daemon.
#
start() {
	if [ -f $LOCK_FILE ]
	then
		echo "stunnel is already running!"
		exit 0
	else
		echo -n $"Starting $prog: "
		$SEXE $CONF
	fi

	RETVAL=$?
	[ $RETVAL -eq 0 ] && success
	echo
	[ $RETVAL -eq 0 ] && touch $LOCK_FILE
	return $RETVAL
}


# Stop stunnel.
#
stop() {
	if [ ! -f $LOCK_FILE ]
	then
		echo "stunnel is not running!"
		exit 0

	else

		echo -n $"Shutting down $prog: "
		killproc stunnel
		RETVAL=$?
		[ $RETVAL -eq 0 ]
		rm -f $LOCK_FILE
		echo
		return $RETVAL

	fi
}

# See how we were called.
case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
	condrestart)
		if [ -f $LOCK_FILE ]
		then
			stop
			start
			RETVAL=$?
		fi
		;;
	status)
		status stunnel
		RETVAL=$?
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|condrestart|status}"
		RETVAL=1	
esac

exit $RETVAL

Then chmod it:

chown root:root /etc/rc.d/init.d/stunnel  
chmod 755 /etc/rc.d/init.d/stunnel

And make it starting at boot:

chkconfig stunnel on

Start the service:

service stunnel start

In dashboard -> Email -> tab “Messages” -> check "Send using a smarthost"
then:

  • Hostname: 127.0.0.1
  • Port: 11125
  • Username: put the username of Your ISP SMTP Server
  • Password: put the password of Your ISP SMTP Server
  • Allow unencrypted connections: checked

Then click to “Submit”

Et Voila’, all works!

If some parameters of your ISP SMTP server changed, remember to modify the /etc/stunnel/stunnel.conf file then restart stunnel with the command

service stunnel restart
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
How to encrypt a partition using LUKS?
Viewed 1136 times since Fri, Jul 13, 2018
logrotate Understanding logrotate utility
Viewed 1051 times since Sun, Jan 12, 2020
Top 25 Best Linux Performance Monitoring and Debugging Tools
Viewed 4835 times since Sun, Sep 30, 2018
stunnel bacula
Viewed 1263 times since Fri, Sep 28, 2018
How to sort IP addresses in Linux
Viewed 2709 times since Sun, May 20, 2018
LVM: Extend SWAP size by adding a new Logical Volume
Viewed 1283 times since Sat, Jun 2, 2018
RHCS6: Reduce a Global Filesystem 2 (GFS2)
Viewed 2073 times since Sun, Jun 3, 2018
OpenSSL: Check If Private Key Matches SSL Certificate & CSR
Viewed 1985 times since Mon, Feb 18, 2019
watchdog How to restart a process out of crontab on a Linux/Unix
Viewed 4508 times since Tue, Jul 31, 2018
Oracle Linux 7 – How to audit changes to a trusted file such as /etc/passwd or /etc/shadow
Viewed 2102 times since Wed, Jul 25, 2018