You are hereUsing stunnel to telnet into GMail IMAP

Using stunnel to telnet into GMail IMAP

By edwin - Posted on 12 February 2009

Here is a case study of how stunnel can be used to test an SSL based protocol. We will create an stunnel configuration that reroutes the IMAP port (TCP 143) to the Secure IMAP port (TCP 993) on GMail's IMAP server (imap.gmail.com). We will than test the setup by using telnet.

I will be using Ubuntu 8.10 (Intrepid Ibex).

First, let's install stunnel.

sudo apt-get install stunnel

Edit /etc/default/stunnel4, change ENABLED=0 to ENABLED=1

Edit /etc/stunnel/stunnel.conf as shown in the example below:

; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration
; Please make sure you understand them (especially the effect of chroot jail)

; Certificate/key is needed in server mode and optional in client mode
;cert = /etc/stunnel/mail.pem
;key = /etc/stunnel/mail.pem

; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = SSLv3

; Some security enhancements for UNIX systems - comment them out on Win32
chroot = /var/lib/stunnel4/
setuid = stunnel4
setgid = stunnel4
; PID is created inside chroot jail
pid = /stunnel4.pid

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
;compression = rle

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
; CApath is located inside chroot jail
;CApath = /certs
; It's often easier to use CAfile
;CAfile = /etc/stunnel/certs.pem
; Don't forget to c_rehash CRLpath
; CRLpath is located inside chroot jail
;CRLpath = /crls
; Alternatively you can use CRLfile
;CRLfile = /etc/stunnel/crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = /var/log/stunnel4/stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

;[pop3s]
;accept = 995
;connect = 110

[imaps]
accept = 143
connect = imap.gmail.com:993

;[ssmtp]
;accept = 465
;connect = 25

;[https]
;accept = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini

Start up Stunnel

sudo /etc/init.d/stunnel4 start

Verify that the IMAP is listening on the local server.

netstat -an | grep -iw LISTEN
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN

The following requires that your GMail account have IMAP enabled. This is not enabled by default. Replace username@gmail.com with your real email address. Replace password with your real password.

telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK Gimap ready for requests from 71.65.199.7 c5if2789008nfi.67
)
01 LOGIN username@gmail.com password
01 OK username@gmail.com authenticated (Success)
02 LOGOUT
* BYE LOGOUT Requested
02 OK 73 good day (Success)
Connection closed by foreign host.

That's it. If you're feeling adventourous you can use Hydra to brute force an account you own.

./hydra -l yourfriend@gmail.com -P password.txt -V localhost imap

Bookmark/Search this post with
Tags
Nice one!!!
Submitted by Anonymous (not verified) on Wed, 04/01/2009 - 17:56.

What a great post! Dude you rocks. This post helps me so much. Man... I'm a complete newbie on this kind of stuffs.

Kamilow
Submitted by Kamilow (not verified) on Thu, 07/29/2010 - 03:14.

Hello, site author. Thank you sharing this very beautiful.

Konya chat

Very helpful
Submitted by Visor (not verified) on Mon, 11/29/2010 - 04:10.

Thank you very mush!

Nice
Submitted by chrelad (not verified) on Thu, 05/05/2011 - 00:26.

Very nice post. Thank you very much!

Now I can use "mew" to read Gmail through IMAP!!
Submitted by Shinsuke (not verified) on Tue, 05/10/2011 - 03:07.

Thanks a lot. This article has been very useful.

make Stunnel make my Canon copier send email to Gmail
Submitted by Anonymous (not verified) on Thu, 12/01/2011 - 00:58.

i spent quite literally 2 weeks trying to get stunnel to work so my canon copier would talk to gmail.

the problem was that i could enable SSL on the canon copier but i could not change the port. so it wouldnt talk to gmail.

here is my stunnel.conf for any one who is having as much trouble as i did getting stunnel and gmail to work. the gmail account has pop/imap enabled in the mail settings in gmail. 192.168.150.2 is my internal windows server running stunnel. i could not get 127.0.0.1 to work. i just put my stunnel servers ip in the copier as the mail server 192.168.150.2. also i think i had to turn off smtp auth on the copier for it to work. your mileage may vary...

just copy paste this into your stunnel.conf for gmail.

cert = stunnel.pem
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
client = yes

[pop3s]
accept = 110
connect = pop.gmail.com:995

[imaps]
accept = 143
connect = imap.gmail.com:993

[ssmtp]
accept = 25
connect = smtp.gmail.com:465

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote> <img> <span>
  • Lines and paragraphs break automatically.
  • Pairs of<blockquote> tags will be styled as a block that indicates a quotation.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. The supported tag styles are: <foo>, [foo].
  • Images can be added to this post.

More information about formatting options

Technology News

more

Syndicate

Syndicate content