Connect to encrypted e-mail servers from Snow Leopard’s Mail.app

(Originally posted on the MacRumors forums.)

For some incomprehensible reason, few e-mail providers today support older versions of SSL, let alone unencrypted access. To connect to a modern e-mail server from an older client, such as the Mail.app included in Snow Leopard, you need a proxy server between your client and your server. One such proxy server is stunnel, a UNIX program that is also compatible with Mac OS X.

Here are instructions on how to install and configure stunnel for this. Note that you need to install MacPorts before doing any of this. Also, be careful. Some UNIX experience is required. If you feel you’re not up to the task, I think some version of Thunderbird would likely support both OS 10.6 and modern encryption.

Steps 4 and 6 (but not 5) can also be performed using LaunchControl.

1. Install stunnel

$ sudo port install stunnel

2. Edit /opt/local/etc/stunnel/stunnel.conf (as super-user)

# Certificate/key is needed in server mode and optional in client mode
cert = /opt/local/etc/stunnel/stunnel.pem
key = /opt/local/etc/stunnel/stunnel.pem
foreground = yes

# Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
#compression = rle

# Workaround for Eudora bug
options = DONT_INSERT_EMPTY_FRAGMENTS

# Some debugging stuff useful for troubleshooting
#debug = 7
#output = stunnel.log

# Use it for client mode
client = yes

# Service-level configuration

[imap]
accept = 143
connect = IMAP.YOURPROVIDER.COM:993

[smtp]
accept = 25
connect = SMTP.YOURPROVIDER.COM:587
protocol = smtp
protocolUsername = YOURUSERNAME
protocolPassword = YOURPASSWORD

3. Ensure the configuration file is not world-readable

$ sudo chmod 600 /opt/local/etc/stunnel/stunnel.conf

4. Create /Users/USERNAME/Library/LaunchAgents/org.macports.stunnel.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.macports.stunnel</string>
<key>ProgramArguments</key>
<array>
<string>sudo</string>
<string>/opt/local/bin/stunnel</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>

5. Allow your user to run stunnel as super-user without password

$ echo 'YOURUSERNAME ALL=(ALL) NOPASSWD: /opt/local/bin/stunnel' | sudo tee -a /etc/sudoers

6. Load stunnel launch agent

launchctl load ~/Library/LaunchAgents/org.macports.stunnel.plist

Now, you need to add a new account in Mail.app. Supply localhost as the IMAP and SMTP server. Enter your normal credentials. If you’ve done everything correctly (and I haven’t forgotten anything in my instruction), you should be able to send and receive e-mail now.

Leave a Reply