« Guys And Dolls | Main | Thou Shalt Always Kill »
Picking Up Gmail Via POP3 On Exchange 2003
If you use Exchange 2003 as your mail server and want to pick up email from a Gmail account via POP3 you may run into a little problem with the built-in POP3 Connector. Google requires SSL for POP3 access and the Exchange connector only supports basic POP3 connections.
After a little Googling I found some very handy instructions on how to get around this lack of functionality using a program called Stunnel.
Download the latest binary of Stunnel and install it. This program handles the SSL translation for you, and should include the required OpenSSL components.
Next you need to edit stunnel.conf in C:\Program Files\stunnel and in this file you need the following settings:
client=yes service=gmail [gmail] accept = 127.0.0.1:110 connect = pop.gmail.com:995
Save the config file and start Stunnel. You should see a little icon in your system tray.
Now configure the POP3 Connector to point to 127.0.0.1:110, and use your Gmail username and password, and hopefully it will now be able to download emails from your Gmail account.
Updated: 05/06/08
; Sample stunnel configuration file by Michal Trojnara 2002-2006 ; Some options used here may not be adequate for your particular configuration ; Certificate/key is needed in server mode and optional in client mode ; The default certificate is provided only for testing and should not ; be used in a production environment cert = stunnel.pem ;key = stunnel.pem ; Some performance tunings socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 ; Workaround for Eudora bug ;options = DONT_INSERT_EMPTY_FRAGMENTS ; Authentication stuff ;verify = 2 ; Don't forget to c_rehash CApath ;CApath = certs ; It's often easier to use CAfile ;CAfile = certs.pem ; Don't forget to c_rehash CRLpath ;CRLpath = crls ; Alternatively you can use CRLfile ;CRLfile = crls.pem ; Some debugging stuff useful for troubleshooting ;debug = 7 ;output = stunnel.log ; Use it for client mode client = yes service=gmail ; Service-level configuration ;[pop3s] ;accept = 995 ;connect = 110 ;[imaps] ;accept = 993 ;connect = 143 ;[ssmtp] ;accept = 465 ;connect = 25 ;[https] ;accept = 443 ;connect = 80 ;TIMEOUTclose = 0 ; vim:ft=dosini [gmail] accept = 127.0.0.1:110 connect = pop.gmail.com:995
Posted in Support at 12:21
Thank you for this. I was tearing my hair out trying to figure out how to make the stupid POP connector work so my stupid customer can have push mail on his stupid phone.
Glad I could help!
Excellent!!!! So many hours I lost trying to find a solution and finally you gave it to me. Thank you very much.
Thank you for this. Already spent lot of time in vain befor this. Simply great for Exchange to be able to use Gmail in this manner. Any idea on how to create the *.pem certificate for stunnel in windows operating system?
[pop3s]
accept = 127.0.0.1:111 - if exchange is running pop3 server
111- or another NOT common port.
connect = pop.gmail.com:995 - OK
thnx.
Hi, I'm still having trouble setting this up. Can someone please show me a copy of their .conf file.
Thanks.
Very helpful tip! Thanks for sharing.
I'm frustraited as well. Can you send me a copy of the config as well. Great Info
We are using SBS 2003 and moving the pop services to Google Apps. Thanks for the info here to get things rolling on making this happen!
I have followed this config and completed the setup. It is working to the point that I can do a telnet 127.0.0.1 111 and log in to the google pop server successfully.
Once I attempt to do it with Exchange POP3 Connector Manager it fails. Once it negotiates a cipher it says Socket closed on read. Below is the stunnel log of the connection - any advice would be appreciated.
RAND_status claims sufficient entropy for the PRNG
PRNG seeded successfully
Certificate: stunnel.pem
Certificate loaded
Key file: stunnel.pem
Private key loaded
SSL context initialized for service gmail
stunnel 4.26 on x86-pc-mingw32-gnu with OpenSSL 0.9.8i 15 Sep 2008
Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
No limit detected for the number of clients
FD 144 in non-blocking mode
SO_REUSEADDR option set on accept socket
gmail bound to 127.0.0.1:111
gmail accepted FD=152 from 127.0.0.1:11956
Creating a new thread
New thread created
gmail started
FD 152 in non-blocking mode
TCP_NODELAY option set on local socket
gmail accepted connection from 127.0.0.1:11956
FD 184 in non-blocking mode
gmail connecting 72.14.247.109:995
connect_wait: waiting 10 seconds
connect_wait: connected
gmail connected remote server from 192.168.0.100:11957
Remote FD=184 initialized
TCP_NODELAY option set on remote socket
SSL state (connect): before/connect initialization
SSL state (connect): SSLv3 write client hello A
SSL state (connect): SSLv3 read server hello A
SSL state (connect): SSLv3 read server certificate A
SSL state (connect): SSLv3 read server done A
SSL state (connect): SSLv3 write client key exchange A
SSL state (connect): SSLv3 write change cipher spec A
SSL state (connect): SSLv3 write finished A
SSL state (connect): SSLv3 flush data
SSL state (connect): SSLv3 read finished A
1 items in the session cache
1 client connects (SSL_connect())
1 client connects that finished
0 client renegotiations requested
0 server connects (SSL_accept())
0 server connects that finished
0 server renegotiations requested
0 session cache hits
0 session cache misses
0 session cache timeouts
SSL connected: new session negotiated
Negotiated ciphers: RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
Socket closed on read
SSL write shutdown
SSL alert (write): warning: close notify
SSL socket closed on SSL_shutdown
Socket write shutdown
Connection closed: 49 bytes sent to SSL, 132 bytes sent to socket
gmail finished (0 left)
I wish I could help, but I don't know enough about Stunnel to know what's going wrong.
What I posted above is the limit to my knowledge, and I'm not even using it any more.
HI
I am trying to get the stunnel to work on my server and I get the following log error
2009.07.10 16:17:46 LOG5[6716:4544]: stunnel 4.27 on x86-pc-mingw32-gnu with OpenSSL 0.9.8k 25 Mar 2009
2009.07.10 16:17:46 LOG5[6716:4544]: Threading:WIN32 SSL:ENGINE Sockets:SELECT,IPv6
2009.07.10 16:17:46 LOG5[6716:4604]: No limit detected for the number of clients
2009.07.10 16:17:46 LOG3[6716:4604]: Error binding gmail to 127.0.0.1:110
2009.07.10 16:17:46 LOG3[6716:4604]: bind: Permission denied (WSAEACCES) (10013)
2009.07.10 16:17:46 LOG3[6716:4604]: Server is down
Suggestions??
How can you let your exchange server (2k3) pickup pop3 email?
I cant add a pop 3 connector (or something like that) from the "System Manager" under the connectors folder...
I know that there are 3th party programs for this kind of thing but you where talking about a "built-in POP3 Connector" ?
Could you perhaps give me some pointers on this?
Regards,
Pieter
I wrote this article quite a while ago, and so looking at it now I guess I must've been talking about Small Business Server which does have a built-in POP3 connector, whereas Exchange 2003 on its own does not and requires a 3rd party application.