yossman.net - user accounts - stunnel configuration for secured access to services.
document first created by yossman at yossman.net/2004-01-23.
document URL: http://www.yossman.net/support/stunnel-setup.html
document last revised by yossman at yossman/2004-01-26.


introduction: creating secured communication "tunnels" to yossman.net

as the number of different internet-based applications and services increases, it becomes more time-consuming and difficult to create support documentation detailing how to configure each of those different applications for secured access to yossman.net's services.

an alternate method of securing your traffic is to use a secured tunnel. think of it as a 'shim', a program that sits between you and yossman.net, that looks after ensuring certain kinds of traffic you will send (or receive) from yossman.net are secured before being transferred. unlike regular (non-secure) connections where software is told to contact yossman.net directly, the tunnel catches and redirects (re-routes) traffic from applications like your email software though a special connection to yossman.net. this special (secure) connection is much more difficult to 'look' at (a process called network sniffing) as it passes by various points on the internet on its way between you and the yossman.net servers.

since the main goal of securing your connection is to protect your personal access information against theft and abuse, the secure tunnel method should work just as well as manually configuring every one of your applications. a major benefit of using this secure tunnel is virtually any application can be trained to use the same tunnel without the software having to know ahead of time how to make a secure connection by itself (without the tunnel). you end up saving time and effort (read: less headaches) by doing less, and more basic, re-configuration of software tools you have already been using or want to start using.



setup: get and configure "stunnel" for use with yossman.net services

stunnel, officially maintained at http://www.stunnel.org/, is a great little piece of software that accomplishes a secure tunnel with yossman.net rather easily.

depending what operating system (OS) you are using to run your computer, you can get the version of stunnel that works with your system from stunnel.org, as listed above. if you are using microsoft windows, you should be able to use the following steps to get up and running; other operating system setups will be close to this, and chances are people using any version of unix, or apple's OS X, could use most of these instructions without too many changes.

Step 1: get the stunnel program and extra support software. you can click here to download a copy of stunnel (version 4.04) directly from this site (yossman.net) that will probably work fine on your computer.

note, when running under windows, chances are you will probably need additional files, called openSSL libraries. stunnel requires openSSL to be present for stunnel to work correctly. click here to download a copy of these openSSL support libraries from yossman.net. if you are not running windows, or wish to check with the official distribution spot to get the files you are installing onto your system, you can find more information about openSSL at http://www.openssl.org/.

Step 2: decide where stunnel should be on your system. put all your stunnel and related files into a directory on your system. making a new directory, named something like "STUNNEL", is recommended (eg. C:\STUNNEL). the spot you downloaded the files to, or move them to, is the directory where the stunnel will run directly from. there is no installation, or "setup.exe" to run to get stunnel running at this time.

Step 3: install the extra support files. run the openssl.exe file you downloaded, and tell it to uncompress the files to the same directory used in step 2, "C:\STUNNEL" in our example.

stunnel may not work if it can not find these openSSL files; you can try putting a copy of all the openSSL files into your windows system directory, usually "C:\WINDOWS\SYSTEM" for windows 98, ME, and XP, or "C:\WINNT\SYSTEM" on a windows 2000 system.

Step 4: create a configuration file for stunnel. make a new plain text file, using something like notepad, in the same directory you have been putting all your stunnel files into, and call it 'stunnel.conf'. do not accidentally leave a '.txt' filename extention after the '.conf'! stunnel may fail to work if the file is not named exactly 'stunnel.conf'.

put the following text in the table below into this new 'stunnel.conf' file and save it:

#
# sample stunnel 4.04 configuration file for securing 
# links to yossman.net.
# for more assistance see http://www.yossman.net/support/ .
#
# last modified: yossman at yossman.net / 2004-01-26
#
client=yes
service=popmail ssmtp
#
[popmail]
accept = 127.0.0.1:110
connect = toronto.yossman.net:1995
#
[ssmtp]
accept = 127.0.0.1:25
connect = toronto.yossman.net:466
#
# end sample stunnel configuration file (yossman.net/2004-01-26).


you should now be ready to start testing stunnel!

since there is no need to run any installer to use stunnel, just run the stunnel.exe program file you downloaded.

if you have done all the steps correctly (enough), a new little icon will show up in your windows system tray, usually on the bottom right-hand side of your windows desktop (screen). double-clicking on this little icon will bring up a window that shows you the log for stunnel. even if you close this window, stunnel should remain running in the task tray for as long as you need it. should you want to close the secure connection down, you can right-click the stunnel icon and left-click on the 'exit' option.

configuring your software to use the new secured tunnel to yossman.net

to be continued... (2004-01-24)