This should work for any service that only supports POP3S, not just gmail. You’ll need a Linux box/VM (I generally use Ubuntu).

Background

Since the mid 90s I’ve used Ameol to retrieve email. When I started using gmail I forwarded mail on to my ISP’s POP3 service and collected it with Ameol so that I’d have a local copy of my mail. These days I use Ameol pretty infrequently, and sometimes my mailbox fills its quota. This causes gmail to start spewing out retry-timeout messages. Most recently this happened whilst I was on holiday, and I was unable to remotely connect to my PC at home to run Ameol. To clear my email out of the ISP server I configured a Google Apps account to fetch it, expecting to simply switch Ameol to that temporarily when I got home. Unfortunately Ameol is an ancient POP3 client, and doesn’t support SSL connections. I needed some way to convert between regular POP3 on port 110 and POP3S on port 995.

First attempt – perdition

The first POP3 proxy that my searching turned up was perdition. I was able to install this on Ubuntu without trouble, but sadly unable to get it suitable configured. Man pages for documentation are all very well, but it would be great if there were some more obvious examples of how to use the tool for various typical scenarios.

Success – stunnel

Whilst troubleshooting perdition I did a manual connection to gmail’s POP3S service using openssl. This worked fine, and suggested that I needed a very simple proxy application; and that’s what stunnel does.

Installation

I tried just running ‘stunnel’ in case it was already installed. Ubuntu very helpfully said:

The program ‘stunnel’ is currently not installed. You can install it by typing:
apt-get install stunnel4

Configuration

I created the following config file in /etc/stunnel/stunnel.conf:

client = yes
debug = debug
cert = /etc/ssl/certs/stunnel.pem

[pop3s]
accept = host_ip:110
connect = pop.gmail.com:995

Don’t forget to substitute your own host_ip above.

I then had to create the certificate reference above:

openssl req -new -out /etc/ssl/certs/stunnel.pem -keyout /etc/ssl/certs/stunnel.pem -nodes -x509 -days 365

Starting

Before starting I had to edit /etc/default/stunnel4 and change the following line:

ENABLED=1

It was then just a case of running:

/etc/init.d/stunnel4 start

A quick ‘netstat -an’ confirmed that stunnel was listening on port 110

Use

Once stunnel was running on my Ubuntu VM I was then able to configure my POP3 client (Ameol) to connect to host_ip using my Gmail username and password. Job done :)

Update 10 Jan 20

Alexander Traud emailed me to note:

With the latest version of stunnel, “client” and “cert” should not be in the nameless (global) section but within the section pop3s.

Finally, I changed all “host_ip” to “::” because of <https://serverfault.com/q/666712>