07-01-2011 09:35 AM - edited 03-17-2019 10:22 PM
Hey there everyone!
A customer wants to use Gmail as their SMTP server for TMS. Gmail requires SSL. It doesn't appear that TMS supports SSL for the SMTP connection. Is there an officially santioned way around this?
Thanks!
Solved! Go to Solution.
07-06-2011 03:27 AM
Hi Bob,
No, there is no officially santioned way to use SSL for the SMTP connection.
Regards,
Kjetil
01-03-2014 09:42 PM
Hello Martin,
Thank you for the tip with Stunnel! I took it a little further and wrote a tutorial on how to set this up with Gmail as seen below. I also have this in pdf, but wasnt sure if it could be added.
=============
TMSPE 1.1 emails via Gmail SMTP using Stunnel 4.56
As per CSCtx45683, TMS cannot send email from Provisioning Directory (TMSPE) with TLS/SSL encryption. As a work-around, you can install “Stunnel” on TMS as an SSL encryption wrapper between TMS and the remote SMTP server to provide the necessary TLS/ SSL encryption to send email that is not currently present.
In this tutorial, I am using the following software:
TMS 14.3.2 VM
- Windows Server 2008 R2 Enterprise SP1 64bit
TMSPE 1.1
- Java 7 update 40
Standard free Gmail account (i.e. user@gmail.com)
Stunnel 4.56
You can download Stunnel 4.56 at the link below:
https://www.stunnel.org/index.html
When installing, you will be prompted for your location, organization name and other info to create a certificate. Once the installation has been completed, go to:
Start > All Programs > stunnel > Edit Stunnel.conf
Scroll down under “Example SSL server mode services” and ensure there are no “;” comment characters for [ssmtp]. This allows stunnel to listen for smtp traffic being sent to it via port 465 and 25.
Scroll down under “Example SSL Client mode services” and remove all the “;” comment characters for [gmail-smtp]. This will allow stunnel to open 2-way connections to with the Gmail SMTP servers to send email on behalf of TMS..
Remove all the remark characters “;”, then save and close the file
;[gmail-smtp]
;client = yes
;accept = 127.0.0.1:25
;connect = smtp.gmail.com:465
Next, install and start the stunnel service. This may already have been done during the installation. Go to:
Start > All Programs > stunnel > install the stunnel service
Then
Start > All Programs > stunnel > start the stunnel service
You may get a message that this has already been done. Next, open the TMS application and go to:
TMS > Administrative Tools > Configuration > Provisioning Extension Settings
Sender Address: email address you want people to respond with you at, (i.e. user@gmail.com)
SMTP Hostname: IP specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e. 127.0.0.1)
SMTP Port: Port specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e.127.0.0.1)
SMTP Username: Gmail email address used to authenticate to send mail through (i.e. user@gmail.com)
SMTP Password: Password for Gmail email address
Once you set these setting and click Save, you will need to restart the TMS Provisioning Extension Service. RDP into the TMS server, then go to Start > Run and type: services.msc
In the Services window, scroll down and find the TMS Provisioning Extension Service. Right-click the service and choose Stop. Once the service has stopped, right-click the service again and choose Start.
Next, right-click the Windows toolbar and select Start Task Manager. On the Processes tab of Windows Task Manager, locate java.exe. You will see the Memory start to climb. Once it reaches close to 380,000k (± 20k), it should level out. At this time, the Provisioning Extension Services should have fully loaded.
You can now go TMS > Systems > Provisioning > Users, select a user and click Send Account Information. TMS should now be able to send an email to the user via Stunnel to the Gmail SMTP server, then to the end alias.
References:
https://tools.cisco.com/bugsearch/bug/CSCtx45683
07-06-2011 03:27 AM
Hi Bob,
No, there is no officially santioned way to use SSL for the SMTP connection.
Regards,
Kjetil
07-06-2011 08:09 AM
Hi Kjetil,
Thanks for the quick response!
07-07-2011 02:06 AM
You should be able to use a ssl wrapper like: http://stunnel.org/
TMS connects without ssl to this wrapper and the wrapper connects via ssl to googles smtp server.
or just use an other mailserver supporting non ssl connections :-)
Please remember to rate helpful responses and identify
01-03-2014 09:42 PM
Hello Martin,
Thank you for the tip with Stunnel! I took it a little further and wrote a tutorial on how to set this up with Gmail as seen below. I also have this in pdf, but wasnt sure if it could be added.
=============
TMSPE 1.1 emails via Gmail SMTP using Stunnel 4.56
As per CSCtx45683, TMS cannot send email from Provisioning Directory (TMSPE) with TLS/SSL encryption. As a work-around, you can install “Stunnel” on TMS as an SSL encryption wrapper between TMS and the remote SMTP server to provide the necessary TLS/ SSL encryption to send email that is not currently present.
In this tutorial, I am using the following software:
TMS 14.3.2 VM
- Windows Server 2008 R2 Enterprise SP1 64bit
TMSPE 1.1
- Java 7 update 40
Standard free Gmail account (i.e. user@gmail.com)
Stunnel 4.56
You can download Stunnel 4.56 at the link below:
https://www.stunnel.org/index.html
When installing, you will be prompted for your location, organization name and other info to create a certificate. Once the installation has been completed, go to:
Start > All Programs > stunnel > Edit Stunnel.conf
Scroll down under “Example SSL server mode services” and ensure there are no “;” comment characters for [ssmtp]. This allows stunnel to listen for smtp traffic being sent to it via port 465 and 25.
Scroll down under “Example SSL Client mode services” and remove all the “;” comment characters for [gmail-smtp]. This will allow stunnel to open 2-way connections to with the Gmail SMTP servers to send email on behalf of TMS..
Remove all the remark characters “;”, then save and close the file
;[gmail-smtp]
;client = yes
;accept = 127.0.0.1:25
;connect = smtp.gmail.com:465
Next, install and start the stunnel service. This may already have been done during the installation. Go to:
Start > All Programs > stunnel > install the stunnel service
Then
Start > All Programs > stunnel > start the stunnel service
You may get a message that this has already been done. Next, open the TMS application and go to:
TMS > Administrative Tools > Configuration > Provisioning Extension Settings
Sender Address: email address you want people to respond with you at, (i.e. user@gmail.com)
SMTP Hostname: IP specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e. 127.0.0.1)
SMTP Port: Port specified in “accept” under the “Example SSL Client mode services” for [gmail-smtp] (i.e.127.0.0.1)
SMTP Username: Gmail email address used to authenticate to send mail through (i.e. user@gmail.com)
SMTP Password: Password for Gmail email address
Once you set these setting and click Save, you will need to restart the TMS Provisioning Extension Service. RDP into the TMS server, then go to Start > Run and type: services.msc
In the Services window, scroll down and find the TMS Provisioning Extension Service. Right-click the service and choose Stop. Once the service has stopped, right-click the service again and choose Start.
Next, right-click the Windows toolbar and select Start Task Manager. On the Processes tab of Windows Task Manager, locate java.exe. You will see the Memory start to climb. Once it reaches close to 380,000k (± 20k), it should level out. At this time, the Provisioning Extension Services should have fully loaded.
You can now go TMS > Systems > Provisioning > Users, select a user and click Send Account Information. TMS should now be able to send an email to the user via Stunnel to the Gmail SMTP server, then to the end alias.
References:
https://tools.cisco.com/bugsearch/bug/CSCtx45683
01-04-2014 05:16 PM
Hi Matthew!
First of all if you like a tip, please rate it with the stars under a message!
Thank you for your contribution, I endorsed it. You can re-post it in the document section,
which also supports PDF documents:
Please remember to rate helpful responses and identify helpful or correct answers.
Please remember to rate helpful responses and identify
01-05-2014 03:03 PM
Hello Martin,
As I am new to the forum, I will be sure to keep that in mind in the future. I also added a packet capture to the pdf to show how TMS fails without using Stunnel. The pdf on how to setup Stunnel on TMS is at the link below:
08-28-2014 12:28 PM
The bug ID states that TMS can use IIS SMTP to relay these over TLS/SSL. I have configured and I am having some issues. Has anyone here tried this method and had any success?
07-01-2015 12:08 PM
I used the method described here and it worked:
http://o365info.com/smtp-relay-in-office-365-environment/
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: