KNOWLEDGE BASE
Log In    |    Knowledge Base    |    4D Home
Tech Tip: Using Stunnel and OpenSSL to encrypt SMTP commands
PRODUCT: 4D Internet Commands | VERSION: 11.3 | PLATFORM: Mac & Win
Published On: January 14, 2009

Although the SMTP set of commands in the current version of 4D Internet Commands does not support SSL encryption, it is possible to use a program called Stunnel to encrypt the smtp packets for you.

Basically the process involves running a program called Stunnel on a machine listening on a standard port; Stunnel then encrypts and sends the encrypted packets to the desired host.

Before starting you will need to have the following items installed:

- Stunnel (tested with version 4.2.6)
      For more information on Stunnel check: https://www.stunnel.org/

- A functioning SSL Library (tested with OpenSSL Light 0.9.8i)
      For more information on OpenSSL check: https://www.openssl.org/

**The developer is expected to understand how to install and configure these apps**



  1. Edit stunnel.conf

    * On Windows, the stunnel.conf file is normally found at: C:\Program Files\stunnel\stunnel.conf
    * On Mac, you need to specify the stunnel.conf location on the command line when launching stunnel

    The contents of the configuration file should include CLIENT=YES to enable client mode as well as service listings for each service you want handled by stunnel.

    Example:
    CLIENT=YES

    [pop3s]
    accept = 110
    connect = pop.gmail.com:995

    [imaps]
    accept = 143
    connect = imap.gmail.com:993

    [ssmtp]
    accept = 25
    connect = smtp.gmail.com:465

    Note: in the above example we listen on the standard ports of the localhost and then encrypt and forward the packets to gmail's servers using the ports specified.


  2. Make sure Stunnel is running (and using the new configuration)


  3. Write code that uses localhost instead of the host specified in stunnel.conf

    Example:

    C_INTEGER($vError)
    C_LONGINT($vSmtp_id)
    C_STRING(30;$vAuthUserName;$vAuthPassword)

    $vAuthUserName:="myusername@gmail.com"
    $vAuthPassword:="mypassword"

    $vError:=SMTP_New ($vSmtp_id)
    $vError:=SMTP_Host ($vSmtp_id;"localhost")
    $vError:=SMTP_From ($vSmtp_id;$vAuthUserName)
    $vError:=SMTP_Subject ($vSmtp_id;"Are you there?")
    $vError:=SMTP_To ($vSmtp_id;"someone@somewhere.com")
    $vError:=SMTP_Body ($vSmtp_id;"Can we have a meeting?")
    $vError:=SMTP_Auth ($vSmtp_id;$vAuthUserName;$vAuthPassword)
    $vError:=SMTP_Send ($vSmtp_id)
    $vError:=SMTP_Clear ($vSmtp_id)




If everything is setup correctly, Stunnel will be listening on the standard ports of the local machine, and will encrypt then forward the packets to the host defined in stunnel.conf