Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI MailEssentials
  2. GFI MailEssentials - POP2Exchange
  3. Articles

Configuring POP2Exchange to download emails from Gmail or other mail servers using TLSv1.2

Overview

The POP2Exchange module which allows MailEssentials to connect and download emails from a hosted POP3 mailbox currently only provides native support for SSL encryption protocol. This article provides a workaround for MailEssentials to connect to POP3 providers such as Gmail that stopped using SSL in favour of the more secure Transport Layer Security (TLS) protocol.

 

Prerequisites

  • GFI MailEssentials 21.2 and newer versions
  • Windows Server 2012 and above

Solution

GFI MailEssentials POP2Exchange does not provide native support for TLSv1.2, therefore, the workaround to connect and download emails from POP3 providers such as Gmail that no longer support SSL is to use third-party tools as described in the steps below:

A. Ensure that you have enabled POP3 on your Gmail Accounts

Refer to this external article on how to Read Gmail messages on other email clients using POP. If using a different POP3 provider that does not support SSL, follow refer to the provider documentation on how to enable POP3 access for email clients.

 
B. Download both Stunnel and OpenSSL
Stunnel is a proxy designed to add TLS encryption functionality to existing clients and servers without any changes in the programs' code. Stunnel uses the OpenSSL library for cryptography.
  1. Download the Microsoft Windows binary for Stunnel from here.
  2. Download OpenSSL 1.1.0h Light or newer, to obtain the required SSL DLL files required, from here.
C. Install and Configure OpenSSL
  1. Run the OpenSSL installation and follow the wizard to complete the installation.
  2. Leave the default settings in place and on reaching the point to install the OpenSSL DLLs, make sure to select the Windows system directory.
D. Install and configure Stunnel
  1. Run the Stunnel installation and follow the wizard to complete the installation. When the cmd opens and asks for company information, this can be skipped by pressing enter.
  2. Browse to the Stunnel installation directory (default C:\Program Files\Stunnel\config)
  3. Open the stunnel.conf using a text editor and edit the configuration files as follows:
Under 'Example TLS Client mode services' add or edit the following: 
----------------------
[nameOfService]
client = yes
accept = 127.0.0.1:110
connect = UrlOfMailServer:portNumber
---------------------
 
The other default entries can be removed so as not to cause a port conflict with other services.
Example of how it should look like:
stunnel example
        4. Close and save the configuration file
        5. Run the stunnel.exe executable in the Stunnel directory
 
E. Configure GFI MailEssentials POP2Exchange
Open POP2Exchange Configuration by navigating to GFI MailEssentials > POP2Exchange.
Select the Enable POP2Exchange from POP3 server checkbox. 
POP2Exchange_settings.png
Add each Gmail account you wish to download the messages from with the following settings:
  1. POP3 Server: 127.0.0.1 (or the server running Stunnel if it is not running on the localhost)
  2. Port: 110 (Should be the same as the port configured in the "accept" statement in the .conf file)
  3. Login: Example: username@gmail.com
  4. Password: enter the password of the Gmail account or other POP3 provider
  5. Select "Send mail to alternate address" and enter the destination email address in the above box.
  6. Disable SSL option (it will not work if this is not unchecked)
  7. Click "Update" and then Apply to save the settings.
  8. Click "Force Download"
F. GFI POP2Exchange will now connect to the server running Stunnel and use this SSL\TLS connection to download the email messages from the configured Gmail accounts or other mail servers that do not allow weak protocols.

 

Testing

Testing the setup, we should see Wireshark reporting TLSv1.2 as shown below:
TLS1.2 in Wireshark using stunnel
Note: External links are selected and reviewed when the article is written and published. However, GFI Software is not responsible for the content of external websites.

Related Articles

Back to top

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments