         | Did this page help you? Yes No Tell us about it... |
Setting Up a Secure Tunnel
If you want to use TLS Wrapper to connect to the Amazon SES SMTP endpoint, but your MTA does not support TLS Wrapper, you can set up a "secure tunnel" to provide TLS Wrapper support. One way to do this is by using the open source stunnel program.
![[Important]](http://docs.amazonwebservices.com/docs-common/images/important.png) | Important |
|---|---|
Some MTAs have native support for TLS Wrapper, while others do not. Check the documentation for your mail server to determine whether it supports TLS Wrapper. If it supports TLS Wrapper, then you do not need to set up a secure tunnel. |
To set up a secure tunnel using stunnel
Download and install the stunnel software. For information, go to http://www.stunnel.org.
Open the /etc/stunnel/stunnel.conf file. If the file does not exist, create it.
Add the following lines to configure the secure tunnel. For the accept line, specify a port number that is outside the range of reserved ports and is not currently being used. For this example, we will use port 2525 for this purpose.
[smtp-tls-wrapper] accept = 2525 client = yes connect = email-smtp.us-east-1.amazonaws.com:465Save stunnel.conf.
At a command prompt, issue the following command to activate the tunnel:
sudo stunnel /etc/stunnel/stunnel.confIssue the following command to verify that the tunnel has been created. We are using port 2525 for this example; if you have specified a different port number, modify the command accordingly.
telnet localhost 2525
