On Fri, 15 Dec 2006 13:11:54 +0100 (CET)
Magnus Eriksson <magetoo@fastmail.fm> wrote:

> 
>    I read up a bit on stunnel, and it seems a little messy, requiring
> you to deal with SSL certificates for authentication.  (But I could
> be wrong.)
> 

I use stunnel to handle email tunneling.  I used to use ssh, but as
noted ssh sessions sometimes end.  (My particular case was in hotels,
where the @#$%^ NATs would time out, leaving email piling up on my
machine without warning.)

Stunnel sets up sessions on demand.  As best I recall, it does not have
a persistent session option.  Of course, on-demand setup was perfect
for my needs.

There is indeed overhead for learning how to use the certificates.
Briefly -- and Google for "openssl how-to" for details -- you need to
create your own CA certificate, then create client and server
certificates.  These can be shared among the different services, I
might add.  It's at least as annoying figuring out how to configure
stunnel to use these things....

		--Steve Bellovin, http://www.cs.columbia.edu/~smb