HOWTO Macintosh Eudora SSL on OS X
- Change History
- 10November2002 added deprecation notice to "Known Issues"
- 4June2002 added note about using '995' for port instead of 'pop3s' if your system doesn't recognize 'pop3s'.
- 3June2002 changed configure command for OpenSSL from "./configure no-rc4" to "./config no-rc4".
- 3June2002 added Known Issues section
- 3June2002 made links live and added link to home page
- Known Issues (updated 10November2002)
- This page is now obsolete. Eudora for OS X version 5.2 supports SSL and TLS. OS X also now comes with OpenSSL installed. For those who might wish to install stunnel to secure other services, or who need to work with older versions of Eudora or OS X, or who don't trust Qualcomm's SSL implementation, I am leaving this HOWTO on line.
- If your machine is started without an active Internet connection, stunnel will be unable to resolve the host name and so will not build a tunnel. A possible workaround is to specify your POP host by IP address instead of name (but this will, of course, break should your POP host IP address ever change).
- Prepare Yourself
- This is a relatively complicated installation, but it should proceed in a cookbook fashion as long as you have the Developer Tools installed. It does involve compiling and installing Unix tools and using powerful and potentially dangerous commands such as `sudo', so take your time, go slowly, and have a low threshold for stopping if things don't seem to be going as expected. Think of it as a learning experience.
- Back up you disks completely before you start. I'm not responsible for any loss of time, patience, or data you might experience by following these instructions!
- If you don't have Developer Tools installed, visit Apple for downloading and installation instructions.
- I am assuming that your POP host supports "Alternate Port SSL" and "XTND XMIT". If you don't know what these mean, you might need more assistance than you'll get from this HOWTO.
- You need to be running from and administrator account, and know the password. I strongly recommend against ever logging in as root.
- Prepare the Directory
- Create a folder in your home directory named "ssl" -- it must be all lower case, and the last character is an "ell" not a "one".
- Open the folder in the Finder.
- Download the Source Files
- Download the source for OpenSSL
- surf over to http://www.openssl.org/source/
- under the "Tarballs" section, download the source (not "engine") file marked [LATEST] -- as of this writing (30May2002) it's `openssl-0.9.6d.tar.gz'
- drag the downloaded file into the `ssl' folder
- drag the file onto StuffIt expander
- you should now have a folder named something similar to `openssl-0.9.6'
- if the original downloaded .tar.gz file still exists, you can drag it into the trash
- Download the source for stunnel
- surf over to http://www.stunnel.org/download/source.html
- download the file marked with a red asterisk (*) -- currently (30May2002) it's `stunnel-3.22.tar.gz'
- drag the downloaded file into the `ssl' folder
- drag the file onto StuffIt expander
- you should now have a folder named something similar to `stunnel-3.22'
- if the original downloaded .tar.gz file still exists, you can drag it into the trash
- Download the startup script
- http://www.risley.net/downloads/stunnelpop.tar.gz
- drag the downloaded file into the `ssl' folder
- drag the file onto StuffIt expander
- you should now have a folder named `stunnelpop'
- if the original downloaded .tar.gz file still exists, you can drag it into the trash
- Compile and Install OpenSSL
- open a terminal window
- type `cd ssl/openss[tab][return]'
- type the following commands:
./config no-rc4
- this will be followed by a bunch of very geeky messages that will take a few minutes -- if the last one isn't clearly an error message, you're doing fine
- the no-rc4 is required because of an incompatiblility with version 0.9.6d and OS X -- if you're using a later version, you could try leaving the no-rc4 directive off, but watch for errors at the `make test' step
make
- even more, even geekier stuff will follow -- this step can take quite a while, so sit back and be entertained by the runes and arcana
make test
- yet more geeky stuff
- if you omitted the no-rc4 directive when you did the ./configure step, you might see some error messages -- if so, go back and configure with the no-rc4 directive
- the last lines should not look like error messages
sudo make install
- you'll be asked for your password
- if there are no errors, you're doing great
- Compile and Install stunnel
- type `
cd ../stunne
[tab][return]'
- type the following commands:
./configure
- this will be followed by a bunch of very geeky messages that will take a few minutes -- if the last one isn't clearly an error message, you're doing fine
make
- even more, even geekier stuff will follow -- this step can take quite a while, so sit back and be entertained by the runes and arcana
sudo make install
- you'll be asked for your password
- if there are no errors, you're well on your way
- Configure Eudora under Classic (optional)
- The best way to insure success is to configure Eudora in Classic to run alternate-port POP3 with XTND XMIT for sending. If you can't get this working under Classic, you probably won't be able to make it work in X.
- Send a message to yourself to make sure you can both send and receive. If your POP server doesn't support XTND XMIT, you can probably can use secure SMTP: see below.
- After you're satisfied that your configuration works under Classic, open Preferences, go to the SSL panel, and set all SSL options to "None". This is important, as you cannot change SSL settings in Eudora for OS X.
- Close Classic Eudora.
- Configure Eudora under OS X
- Launch Eudora, and open Preferences.
- Select the "Checking Mail" panel.
- Record the value currently in "Mail Server" -- you'll need it later.
- Enter 127.0.0.1 for "Mail Server", protocol "POP", "Password" authentication.
- Go to the SSL panel and make sure that SSL is set to "None" or "Optional" for POP and SMTP. (If they are set to Required, you'll have to quit Eudora X, open Eudora Classic, and set them to none. Then quit Eudora Classic and return to Eudora X.)
- Go to the Ports and Protocols panel.
- If you don't have a Ports and Protocols panel, you need to enable Esoteric Settings. Quit Eudora. Open the Eudora Application folder in the Finder, then control-click on the Eudora application. Select "Show Package Contents" then open the MacOS folder. Copy "Esoteric Settings" from the "Extra Plugins" folder to the "Eudora Stuff" folder. Close the folder. Launch Eudora and you should find the Ports and Protocols preference panel.
- Make sure "Use XTND XMIT is checked."
- Close the Settings window by clicking on "OK".
- Test the Installation
- Open a Terminal window.
- Type the following line, replacing your.pop.server with the name of your POP server that you saved before:
sudo /usr/local/sbin/stunnel -c -d pop3 -r your.pop.server:pop3s
- Enter your password when prompted.
- If your system gives an invalid port error, try using `995' instead of `pop3s':
sudo /usr/local/sbin/stunnel -c -d pop3 -r your.pop.server:995
- Try retrieving your mail with Eudora X; it should work. If so, next make sure you can send and receive.
- Troubleshooting
- If things don't work but you don't see any error messages in the Terminal window, type the following command:
- When the gobbledygook appears, type a capital F.
- Look at the last few error lines and see if they make any sense to you.
- Beyond that, you're pretty much on your own. At this point, however, if you restart your machine the SSL tunnel will be disabled, so the machine should be back to running normally.
- Installing the Startup Script
- If your machine is working now, you'll notice that you lose the SSL functionality every time you reboot, and you'll have to execute the
sudo /usr/local/sbin/stunnel -c -d pop3 -r your.pop.server:pop3s
- command from the terminal every time you restart.
- To make it start automatically, open the folder "stunnelpop" that you downloaded all those hours ago when you started this adventure.
- Open up the file "stunnelpop" within the "stunnelpop" folder, using your favorite text editor.
- Replace the text your.pop.server with your actual POP server name.
- Execute the following commands in the Terminal window:
sudo cp -pr ~/ssl/stunnelpop /System/Library/StartupItems/
sudo chown -r root.wheel System/Library/StartupItems/
- Using secure SMTP
- If your POP server doesn't support XTND XMIT, you might be able to make secure SMTP connections. I'm in a cyber café 2500 miles from home right now, so I can't personally test this.
- In Eudora, turn off "Use XTND XMIT" in the Ports and Protocols panel of Preferences.
- Save the name of your SMTP server, and replace it with "127.0.0.1".
- Type the following command in the Terminal, replacing your.smtp.server with, uh, your SMTP server.
sudo /usr/local/sbin/stunnel -c -d smtp -r your.smtp.server:smtps
- Making this work at startup is left as an exercise for the reader.
risley.net home