Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4258
Views
14
Helpful
8
Replies

TMS SMTP connections using SSL

Go to solution
Bob Fitzgerald
Level 4
Level 4

‎07-01-2011 09:35 AM - edited ‎03-17-2019 10:22 PM

Hey there everyone!

A customer wants to use Gmail as their SMTP server for TMS.  Gmail requires SSL.  It doesn't appear that TMS supports SSL for the SMTP connection.  Is there an officially santioned way around this?

Thanks!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Kjetil Ree
Cisco Employee
Cisco Employee

‎07-06-2011 03:27 AM

Hi Bob,

No, there is no officially santioned way to use SSL for the SMTP connection.

Regards,

Kjetil

View solution in original post

0 Helpful

Go to solution
Matthew Limbrick
Cisco Employee
Cisco Employee
In response to Martin Koch

‎01-03-2014 09:42 PM

Hello Martin,

Thank you for the tip with Stunnel! I took it a little further and wrote a tutorial on how to set this up with Gmail as seen below. I also have this in pdf, but wasnt sure if it could be added.

=============

TMSPE 1.1 emails via Gmail SMTP using Stunnel 4.56

As per CSCtx45683, TMS cannot send email from Provisioning Directory (TMSPE) with TLS/SSL encryption. As a work-around, you can install “Stunnel” on TMS as an SSL encryption wrapper between TMS and the remote SMTP server to provide the necessary TLS/ SSL encryption to send email that is not currently present.

In this tutorial, I am using the following software:

TMS 14.3.2 VM

- Windows Server 2008 R2 Enterprise SP1 64bit

TMSPE 1.1

- Java 7 update 40

Standard free Gmail account (i.e. user@gmail.com)

Stunnel 4.56

You can download Stunnel 4.56 at the link below:

https://www.stunnel.org/index.html

When installing, you will be prompted for your location, organization name and other info to create a certificate. Once the installation has been completed, go to:

Start > All Programs > stunnel > Edit Stunnel.conf   

Scroll down under “Example SSL server mode services” and ensure there are no “;” comment characters for [ssmtp]. This allows stunnel to listen for smtp traffic being sent to it via port 465 and 25.

Scroll down under “Example SSL Client mode services” and remove all the  “;” comment characters for [gmail-smtp]. This will allow stunnel to open 2-way connections to with the Gmail SMTP servers to send email on behalf of TMS..

Remove all the remark characters “;”, then save and close the file

;[gmail-smtp]

;client = yes

;accept = 127.0.0.1:25

;connect = smtp.gmail.com:465

Next, install and start the stunnel service. This may already have been done during the installation. Go to:

Start > All Programs > stunnel > install the stunnel service

Then

Start > All Programs > stunnel > start the stunnel service

You may get a message that this has already been done. Next, open the TMS application and go to:

TMS > Administrative Tools > Configuration > Provisioning Extension Settings

Sender Address: email address you want people to respond with you at, (i.e. user@gmail.com)

SMTP Hostname: IP specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e. 127.0.0.1)

SMTP Port: Port specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e.127.0.0.1)

SMTP Username: Gmail email address used to authenticate to send mail through (i.e. user@gmail.com)

SMTP Password: Password for Gmail email address

Once you set these setting and click Save, you will need to restart the TMS Provisioning Extension Service. RDP into the TMS server, then go to Start > Run and type: services.msc

In the Services window, scroll down and find the TMS Provisioning Extension Service. Right-click the service and choose Stop. Once the service has stopped, right-click the service again and choose Start.

Next, right-click the Windows toolbar and select Start Task Manager. On the Processes tab of Windows Task Manager, locate java.exe. You will see the Memory start to climb. Once it reaches close to 380,000k (± 20k), it should level out. At this time, the Provisioning Extension Services should have fully loaded.

You can now go TMS > Systems > Provisioning > Users, select a user and click Send Account Information. TMS should now be able to send an email to the user via Stunnel to the Gmail SMTP server, then to the end alias.

References:

https://tools.cisco.com/bugsearch/bug/CSCtx45683    

https://supportforums.cisco.com/thread/2092061    

http://www.charmedquark.com/vb_forum/showthread.php?t=7943

View solution in original post

8 Replies 8

Go to solution
Kjetil Ree
Cisco Employee
Cisco Employee

‎07-06-2011 03:27 AM

Hi Bob,

No, there is no officially santioned way to use SSL for the SMTP connection.

Regards,

Kjetil

0 Helpful

Go to solution
Bob Fitzgerald
Level 4
Level 4
In response to Kjetil Ree

‎07-06-2011 08:09 AM

Hi Kjetil,

Thanks for the quick response!

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni

‎07-07-2011 02:06 AM

You should be able to use a ssl wrapper like: http://stunnel.org/

TMS connects without ssl to this wrapper and the wrapper connects via ssl to googles smtp server.

or just use an other mailserver supporting non ssl connections :-)

Please remember to rate helpful responses and identify

Go to solution
Matthew Limbrick
Cisco Employee
Cisco Employee
In response to Martin Koch

‎01-03-2014 09:42 PM

Hello Martin,

Thank you for the tip with Stunnel! I took it a little further and wrote a tutorial on how to set this up with Gmail as seen below. I also have this in pdf, but wasnt sure if it could be added.

=============

TMSPE 1.1 emails via Gmail SMTP using Stunnel 4.56

As per CSCtx45683, TMS cannot send email from Provisioning Directory (TMSPE) with TLS/SSL encryption. As a work-around, you can install “Stunnel” on TMS as an SSL encryption wrapper between TMS and the remote SMTP server to provide the necessary TLS/ SSL encryption to send email that is not currently present.

In this tutorial, I am using the following software:

TMS 14.3.2 VM

- Windows Server 2008 R2 Enterprise SP1 64bit

TMSPE 1.1

- Java 7 update 40

Standard free Gmail account (i.e. user@gmail.com)

Stunnel 4.56

You can download Stunnel 4.56 at the link below:

https://www.stunnel.org/index.html

When installing, you will be prompted for your location, organization name and other info to create a certificate. Once the installation has been completed, go to:

Start > All Programs > stunnel > Edit Stunnel.conf   

Scroll down under “Example SSL server mode services” and ensure there are no “;” comment characters for [ssmtp]. This allows stunnel to listen for smtp traffic being sent to it via port 465 and 25.

Scroll down under “Example SSL Client mode services” and remove all the  “;” comment characters for [gmail-smtp]. This will allow stunnel to open 2-way connections to with the Gmail SMTP servers to send email on behalf of TMS..

Remove all the remark characters “;”, then save and close the file

;[gmail-smtp]

;client = yes

;accept = 127.0.0.1:25

;connect = smtp.gmail.com:465

Next, install and start the stunnel service. This may already have been done during the installation. Go to:

Start > All Programs > stunnel > install the stunnel service

Then

Start > All Programs > stunnel > start the stunnel service

You may get a message that this has already been done. Next, open the TMS application and go to:

TMS > Administrative Tools > Configuration > Provisioning Extension Settings

Sender Address: email address you want people to respond with you at, (i.e. user@gmail.com)

SMTP Hostname: IP specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e. 127.0.0.1)

SMTP Port: Port specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e.127.0.0.1)

SMTP Username: Gmail email address used to authenticate to send mail through (i.e. user@gmail.com)

SMTP Password: Password for Gmail email address

Once you set these setting and click Save, you will need to restart the TMS Provisioning Extension Service. RDP into the TMS server, then go to Start > Run and type: services.msc

In the Services window, scroll down and find the TMS Provisioning Extension Service. Right-click the service and choose Stop. Once the service has stopped, right-click the service again and choose Start.

Next, right-click the Windows toolbar and select Start Task Manager. On the Processes tab of Windows Task Manager, locate java.exe. You will see the Memory start to climb. Once it reaches close to 380,000k (± 20k), it should level out. At this time, the Provisioning Extension Services should have fully loaded.

You can now go TMS > Systems > Provisioning > Users, select a user and click Send Account Information. TMS should now be able to send an email to the user via Stunnel to the Gmail SMTP server, then to the end alias.

References:

https://tools.cisco.com/bugsearch/bug/CSCtx45683    

https://supportforums.cisco.com/thread/2092061    

http://www.charmedquark.com/vb_forum/showthread.php?t=7943

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Matthew Limbrick

‎01-04-2014 05:16 PM

Hi Matthew!

First of all if you like a tip, please rate it with the stars under a message!

Thank you for your contribution, I endorsed it. You can re-post it in the document section,

which also supports PDF documents:

https://supportforums.cisco.com/community/netpro/collaboration-voice-video/telepresence?view=documents

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

Go to solution
Matthew Limbrick
Cisco Employee
Cisco Employee
In response to Martin Koch

‎01-05-2014 03:03 PM

Hello Martin,

As I am new to the forum, I will be sure to keep that in mind in the future. I also added a packet capture to the pdf to show how TMS fails without using Stunnel. The pdf on how to setup Stunnel on TMS is at the link below:

https://supportforums.cisco.com/docs/DOC-39148

0 Helpful

Go to solution
shawnangelo
Level 1
Level 1
In response to Martin Koch

‎08-28-2014 12:28 PM

The bug ID states that TMS can use IIS SMTP to relay these over TLS/SSL. I have configured and I am having some issues. Has anyone here tried this method and had any success?

0 Helpful

Go to solution
Mustafa Hashmi
Cisco Employee
Cisco Employee
In response to shawnangelo

‎07-01-2015 12:08 PM

I used the method described here and it worked:
http://o365info.com/smtp-relay-in-office-365-environment/

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents