It’s been a while since I posted anything, but I thought this deserves the time to be posted.
At work, we have some Lexmark x364 and Lexmark x544 MFDs, along with Xerox 7125’s. We use these around the business to scan documents directly to email.
Recently our hosted exchange parter (Fasthosts.co.uk) announced that they are turning off CRAM-MD5 connections, in favour of SSL/TLS. Unfortunately, our Lexmarks being slightly older have no option for SSL connections to email, and the Xerox simply didn’t seem to work no matter what options I tried.
After being grumpy for a couple of days because I couldn’t work out what I was going to do, I stumbled upon a piece of software called stunnel, which acts as a TLS proxy.
You will need to install it on an ‘always on’ device, such as a file server, then you point your non TLS device to that server, it then does the negotiation and sends the traffic on to the email server.
The default config comes setup for GMail, which also doesn’t accept non secure connections, so it just needed a little tweaking for our server, this is the main section that needs changing:
From: [gmail-smtp] client = yes accept = 127.0.0.1:25 connect = smtp.gmail.com:465 verify = 2 CAfile = ca-certs.pem checkHost = smtp.gmail.com OCSPaia = yes
To this
[fasthosts-smtp] client = yes accept = my servers internal ip:25 connect = smtp.fasthosts.co.uk:465 verify = 2 CAfile = ca-certs.pem checkHost = smtp.gmail.com OCSPaia = yes
Once you have changed that, save the file and reload the config.
Then point your scanners SMTP setting to your stunnel servers IP using port 25. Add your email address and password in the settings on the scanner, as that is used for authentication to the server. Save the settings, and start scanning.
From the testing I have carried out, it appears to not have any impact of the speed of the emails being sent. They are still waiting in my inbox by the time I get back from the scanner!
If anyone is struggling setting this up, please comment below and I will see what I can do!