Monday 26 February 2007

Picking Up Gmail Via POP3 On Exchange 2003

If you use Small Business Server 2003 as your mail server and want to pick up email from a Gmail account via POP3 you may run into a little problem with the built-in POP3 Connector for Exchange 2003. Google requires SSL for POP3 access and the Exchange connector only supports basic POP3 connections.

After a little Googling I found some very handy instructions on how to get around this lack of functionality using a program called Stunnel.

Download the latest binary of Stunnel and install it. This program handles the SSL translation for you, and should include the required OpenSSL components.

Next you need to edit stunnel.conf in C:\Program Files\stunnel and in this file you need the following settings:




accept =

connect =

Save the config file and start Stunnel. You should see a little icon in your system tray.

Now configure the POP3 Connector to point to, and use your Gmail username and password, and hopefully it will now be able to download emails from your Gmail account.

Updated: 05/06/08

My complete stunnel.conf:

; Sample stunnel configuration file by Michal Trojnara 2002-2006

; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode

; The default certificate is provided only for testing and should not

; be used in a production environment

cert = stunnel.pem

;key = stunnel.pem

; Some performance tunings

socket = l:TCP_NODELAY=1

socket = r:TCP_NODELAY=1

; Workaround for Eudora bug


; Authentication stuff

;verify = 2

; Don't forget to c_rehash CApath

;CApath = certs

; It's often easier to use CAfile

;CAfile = certs.pem

; Don't forget to c_rehash CRLpath

;CRLpath = crls

; Alternatively you can use CRLfile

;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting

;debug = 7

;output = stunnel.log

; Use it for client mode

client = yes


; Service-level configuration


;accept  = 995

;connect = 110


;accept  = 993

;connect = 143


;accept  = 465

;connect = 25


;accept  = 443

;connect = 80

;TIMEOUTclose = 0

; vim:ft=dosini


accept =

connect =



  1. Thank you for this. I was tearing my hair out trying to figure out how to make the stupid POP connector work so my stupid customer can have push mail on his stupid phone.

  2. Excellent!!!! So many hours I lost trying to find a solution and finally you gave it to me. Thank you very much.

  3. Thank you for this. Already spent lot of time in vain befor this. Simply great for Exchange to be able to use Gmail in this manner. Any idea on how to create the *.pem certificate for stunnel in windows operating system?

  4. [pop3s]

    accept = – if exchange is running pop3 server

    111- or another NOT common port.

    connect = – OK


  5. Hi, I'm still having trouble setting this up. Can someone please show me a copy of their .conf file.


  6. We are using SBS 2003 and moving the pop services to Google Apps. Thanks for the info here to get things rolling on making this happen!

    I have followed this config and completed the setup. It is working to the point that I can do a telnet 111 and log in to the google pop server successfully.

    Once I attempt to do it with Exchange POP3 Connector Manager it fails. Once it negotiates a cipher it says Socket closed on read. Below is the stunnel log of the connection – any advice would be appreciated.

    RAND_status claims sufficient entropy for the PRNG

    PRNG seeded successfully

    Certificate: stunnel.pem

    Certificate loaded

    Key file: stunnel.pem

    Private key loaded

    SSL context initialized for service gmail

    stunnel 4.26 on x86-pc-mingw32-gnu with OpenSSL 0.9.8i 15 Sep 2008

    Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6

    No limit detected for the number of clients

    FD 144 in non-blocking mode

    SO_REUSEADDR option set on accept socket

    gmail bound to

    gmail accepted FD=152 from

    Creating a new thread

    New thread created

    gmail started

    FD 152 in non-blocking mode

    TCP_NODELAY option set on local socket

    gmail accepted connection from

    FD 184 in non-blocking mode

    gmail connecting

    connect_wait: waiting 10 seconds

    connect_wait: connected

    gmail connected remote server from

    Remote FD=184 initialized

    TCP_NODELAY option set on remote socket

    SSL state (connect): before/connect initialization

    SSL state (connect): SSLv3 write client hello A

    SSL state (connect): SSLv3 read server hello A

    SSL state (connect): SSLv3 read server certificate A

    SSL state (connect): SSLv3 read server done A

    SSL state (connect): SSLv3 write client key exchange A

    SSL state (connect): SSLv3 write change cipher spec A

    SSL state (connect): SSLv3 write finished A

    SSL state (connect): SSLv3 flush data

    SSL state (connect): SSLv3 read finished A

    1 items in the session cache

    1 client connects (SSL_connect())

    1 client connects that finished

    0 client renegotiations requested

    0 server connects (SSL_accept())

    0 server connects that finished

    0 server renegotiations requested

    0 session cache hits

    0 session cache misses

    0 session cache timeouts

    SSL connected: new session negotiated

    Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5

    Socket closed on read

    SSL write shutdown

    SSL alert (write): warning: close notify

    SSL socket closed on SSL_shutdown

    Socket write shutdown

    Connection closed: 49 bytes sent to SSL, 132 bytes sent to socket

    gmail finished (0 left)

  7. I wish I could help, but I don't know enough about Stunnel to know what's going wrong.

    What I posted above is the limit to my knowledge, and I'm not even using it any more.

  8. HI

    I am trying to get the stunnel to work on my server and I get the following log error

    2009.07.10 16:17:46 LOG5[6716:4544]: stunnel 4.27 on x86-pc-mingw32-gnu with OpenSSL 0.9.8k 25 Mar 2009

    2009.07.10 16:17:46 LOG5[6716:4544]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6

    2009.07.10 16:17:46 LOG5[6716:4604]: No limit detected for the number of clients

    2009.07.10 16:17:46 LOG3[6716:4604]: Error binding gmail to

    2009.07.10 16:17:46 LOG3[6716:4604]: bind: Permission denied (WSAEACCES) (10013)

    2009.07.10 16:17:46 LOG3[6716:4604]: Server is down


  9. How can you let your exchange server (2k3) pickup pop3 email?

    I cant add a pop 3 connector (or something like that) from the "System Manager" under the connectors folder…

    I know that there are 3th party programs for this kind of thing but you where talking about a "built-in POP3 Connector" ?

    Could you perhaps give me some pointers on this?



  10. I wrote this article quite a while ago, and so looking at it now I guess I must've been talking about Small Business Server which does have a built-in POP3 connector, whereas Exchange 2003 on its own does not and requires a 3rd party application.

  11. what about if working on macbook snowleopard Mac os 10.6.4 I want to access exchange 2003 server from my gmail account while working on mac book. Can we install this stunnel on macbook ?



  12. Thanks a lot – stunnel worked for my SBS Exchange 2003 inputting from gmail to an exchange mailbox. I'd tracked down that pop wasn't comming in, then telnet didn't work to gmail and a google found this tip. Look in program filesMS windows SBS
    etworkingpop3incomming mail to see it it arrives or not…cheers.

Leave a Reply

Your email address will not be published. Required fields are marked *

quack - © 2002-2017
Monthly Archives
Category Archives