Using Stunnel to Allow Legacy Apps and Devices that do not support SSL POP3 or TLS SMTP to Connect to Office 365


I’ve been busy lately assisting with a number of Office 365 migrations. Every single one is different and while many are straightforward, In some cases, you will find applications or devices that don’t support the requirements for connecting to Office 365 using TLS or SSL or they may not even work over standard ports such as 587. Working with one SMB recently, they had a critical Line of Business application that was written internally and can no longer be maintained by anyone in-house. They had identified a path forward however we still needed to keep the app running for around 6 months post migration to Office 365. 

This is where stunnel, which is a TLS Proxy comes in handy.  Grab the latest version from the stunnel website and install it.  This little TLS/SSL proxy tool allows for us to listen for standard For our purposes we will install the Service instance so that it is always running whenever the server reboots.  Once installed we can start building our configuration file. I’ve outlined a simple one below;

#Basic Configuration for Microsoft Office 365 POP3 and SMTP 
output = stunnel-log.txt 
debug=4 
taskbar=yes
 
[POP3 Incoming] 
client = yes 
accept = 127.0.0.1:110
verifyChain = yes
CAfile = ca-certs.pem 
connect = outlook.office365.com:995 

[SMTP Outgoing] 
client = yes 
protocol = smtp 
accept = 127.0.0.1:25 
verifyChain = yes
CAfile = ca-certs.pem
connect = smtp.office365.com:587

This allows any application local on the same server as sTunnel to connect up to SMTP and POP3 on the standard ports then push this onto Office 365. We’re also pushing everything to a log file If you have issues with certificates the remove the verifyChain and CAFile lines which will prevent stunnel from attempting to verify the cert we receive from Office 365. If you are looking at doing IMAP or even need to do more with stunnel, see the example config files for more.


One response to “Using Stunnel to Allow Legacy Apps and Devices that do not support SSL POP3 or TLS SMTP to Connect to Office 365”

  1. Jim Sowder Avatar

    I’m using the suggested configuration. Stunnel connects to the server, the certificate is verified, nor errors, but no email is produced. The system is a nec voicemail, using um8100. The sysrem relays just fine using the local exchange server.

Leave a Reply

More Posts

Using PowerShell to Manage Windows Server DNS entries

Firstly, Happy new year. Anyway, I was recently tasked with creating a large number of DNS entries on our internal DNS servers. To accomplish this I decided to use PowerShell to perform an import of a CSV file that I had been given that already had my DNS entries. There was a header row with […]

Bypassing Anti-Spam on an Exchange 2007/2010 Receive Connector

I was looking at an old Exchange environment that was being used to send bulk mail outs. We noticed every now and again a bunch of e-mails would not be getting sent, trawling through Message Tracking Logs we could see that the messages were failing because of an AGENT FAIL which usually means that there […]

Fixing Maximum connections reached by Clearing Connected Sessions on an APC UPS

I was trying to log into an APC UPS with the correct login but still received an error, The maximum number of web connections has been reached or simply Maximum connections reached. Knowing I had the right login credentials, and that no one else was logged into, I was a little perplexed.  There is a […]