Using Gmail with xTConnect

Article contains technical information for users wanting to configure Gmail to work with xTuple Connect.

Stunnel with xTconnect using a Gmail account.

Gmail accounts require SSL or TLS to use IMAP.

Xtconnect needs stunnel running to make this work properly with your Gmail Account.

Setup xtconnect as normal using the xTConnect setup Guide

Download stunnel here

The current version is 4-5-4 installer.

 Install stunnel and during install set up the following key information:

  • Country Name ( 2Letters):US
  • State Or Province ( fullname): Virginia
  • Locality Name: Norfolk
  • Organization Name: You Company name Here ( xTuple)
  • Organizational Unit: Leave Blank
  • Common Name (FQDN of server): Myserver.mydomain.com
  • Stunnel setup is now complete.

Next we need to modify our stunnel config:

  1. Open stunnel with the newly created desktop icon( or Start/Programs/Stunnel),
  2. select configuration(top menu), edit stunnel.conf:

What you are seeing below is the actual stunnel configuration file.

Changes are in bold

; Sample stunnel configuration file for Win32 by Michal Trojnara 2002-2012

; Some options used here may be inadequate for your particular configuration

; This sample file does *not* represent stunnel.conf defaults

; Please consult the manual for detailed description of available options


; **************************************************************************

; * Global options *

; **************************************************************************


; Debugging stuff (may useful for troubleshooting)

;debug = 7

output = stunnel.log


; Disable FIPS mode to allow non-approved protocols and algorithms

;fips = no


; **************************************************************************

; * Service defaults may also be specified in individual service sections *

; **************************************************************************


; Certificate/key is needed in server mode and optional in client mode

cert = stunnel.pem

;key = stunnel.pem


; Authentication stuff needs to be configured to prevent MITM attacks

; It is not enabled by default!

;verify = 2

; Don't forget to c_rehash CApath

;CApath = certs

; It's often easier to use CAfile

;CAfile = certs.pem

; Don't forget to c_rehash CRLpath

;CRLpath = crls

; Alternatively CRLfile can be used

;CRLfile = crls.pem


; Disable support for insecure SSLv2 protocol

NO_SSLv2options =

; Workaround for Eudora bug

;options = DONT_INSERT_EMPTY_FRAGMENTS


; These options provide additional security at some performance degradation

options = SINGLE_ECDH_USE

options = SINGLE_DH_USE


; **************************************************************************

; * Service definitions (at least one service has to be defined) *

; **************************************************************************


; Example SSL server mode services


;[pop3s]

;accept = 995

;connect = 110


;[imaps]

;accept = 993

;connect = 143


;[ssmtp]

;accept = 465

;connect = 25


; Example SSL client mode services


;[gmail-pop3]

;client = yes

;accept = 127.0.0.1:110

;connect = pop.gmail.com:995


;[gmail-imap]

;client = yes

;accept = 127.0.0.1:143

;connect = imap.gmail.com:993


[gmail-smtp]

client = yes

accept = 127.0.0.1:2500

connect = smtp.gmail.com:465


; Example SSL front-end to a web server


;[https]

;accept = 443

;connect = 80

; "TIMEOUTclose = 0" is a workaround for a design flaw in Microsoft SSL

; Microsoft implementations do not use SSL close-notify alert and thus

; they are vulnerable to truncation attacks

;TIMEOUTclose = 0


; vim:ft=dosini

Modify your xtconnect to use stunnel:

Set the Host to your IP or your internal IP(127.0.0.1)

Port: 2500 ( to match the stunnel config).

Add your gmail account and password under username and password.

Start Batch manager, and test. Your email should now be working with gmail.

All you have to have in you stunnel config is the following:

[gmail-smtp]
client = yes
accept = 127.0.0.1:2500
connect = smtp.gmail.com:465

cert = stunnel.pem

options = NO_SSLv2

options = SINGLE_ECDH_USE
options = SINGLE_DH_USE

Once you have it all working you email should be reflected in the stunnel log. If not you need to check your config.