Using a UAL SSL port other than the default 5767

Sometimes due to firewall restrictions it is not possible to connect to Scalix on port 5767, even though other ports are available.

Please note: Circumvention of firewalls in this way may not be legal, or may violate corporate policy. Please talk to your system administrator ahead of time. Also, this is not recommended for normal use, only if there is no alternative, as it will place additional load on your Windows system.

Configuring the server

• Normally your stunnel.conf will be similar to the following:

CAFile = cacert-bundle.crt
cert = stunnel.pem
client = no
options = NO_SSLv2
[imaps]
accept = 993
connect = imap
[uals]
accept = 5767
connect = 5729

• Pick a suitable port on your server. I in this example I am going to use 22.

• Verify the port is indeed unsused:

lsof -i:22

• Change your stunnel.conf as follows:

CAFile = cacert-bundle.crt
cert = stunnel.pem
client = no
options = NO_SSLv2
[imaps]
accept = 993
connect = imap
[uals]
accept = 5767
connect = 5729
[uals-alt]
accept = 22
connect = 5729

• stop and restart stunnel and connect to the server from a different PC, verifying it is listening on the right port.

Configuring the client

• Download fpipe from Foundstone Inc

• Extract it to the client PC in a easily accessible directory (e.g. c:\apps\fpipe)

• Create a batch file to in the same directory to do the redirection. Call it scalix-redirect.bat. Port 5767 is always the same, and port 22 must match the port used in the server configuration. You won't be able to use the hostname of the Scalix server.

@echo off
fpipe -l 5767 -r 22 <server-ip>

• Run the batch file in a console window and leave it running

• Edit c:\windows\system32\drivers\etc\hosts and add the Scalix server to the localhost entry

127.0.0.1    localhost    scalix.domain.com

• Run Outlook to see if the new configuration works correctly.