How to scan emails downloaded using SSL (secured) connection?
If you want to enable email scanning in eScan / MailScan while using SSL connection, we can configure the same by making following changes. Do note that a 3rd party utility is required to install at the client system. You can download the same using link given below
http://www.stunnel.org/downloads.html?extra=/
- Download stunnel and install it.
- Open up the stunnel.conf file (either through the Start Menu —> Stunnel —> Edit stunnel.conf, or navigate to the file in the installation folder.
- For each mail server you use, create an entry as follows.
Replace mail.myisp.com with your mail server.
client=yes
accept=127.0.0.1:110
connect=mail.myisp.com:995
4. Also make sure you set the appropriate port (995 is typically fine). Make sure the accept port is different for each one.
- Start Menu —> Stunnel —> Service install
- Start Menu —> Stunnel —> Service start
- Now configure your email client to use the following information:
Server: localhost or 127.0.0.1
Port: 110 (or whatever port that account was set to use up above)
SSL should be off (the SSL connection is now terminated at stunnel, which uses the local loopback interface to send mail to your mail client on port 110. So mail is sent over the web in SSL, but locally in plain text (where an AV can sniff it).
- Configure eScan to scan POP3 traffic on port 110.
You can test it out by enabling POP3 on your Gmail account and then configuring the same in local mail client.
9. The above settings can also be used with MailScan**. i.e. if the local mail server is downloading emails from any hosted site using SSL, you can configure MailScan to scan these emails.
**Note:- This has been tested with MailScan for Vpop3.