Gene, I got stunnel installed and working, as getting it connected to clarity is another issue.
The setup of stunnel was bit tricky on linux compared to windows but doable on linux. As the windows version will provision the self-signed cert for you and give you examples of stunnel config. Below is a simple stunnel config that I'm using and is configured to listen on 127.0.0.1 on port 2525 and for the reason it's using 2525 is due to a sendmail is configured to port 25 already. (which is a different issue)
========stunnel.conf============
cert = /etc/stunnel/stunnel.pem
debug = 3
client = yes
output = /etc/stunnel/stunnel.log
sslVersion = all
[smtp]
accept = 127.0.0.1:2525
protocol = smtp
connect = securesmtp.xxxxx.xx:587
========stunnel.conf============
To verify stunnel is redirecting/connection to the secure email system, you can telnet to the 127.0.0.1 over port 2525 to receive the smtp welcome message. additionally I also use a simple email script that connect to 127.0.0.1 over port 2525 and to sent myself an email to verify.
Setup Clairty to the local stunnel service, however Clarity is hard coded to use port 25, which in my case is used for sendmail for other application. So my options are setup stunnel on another server or look into getting another ip and bind stunnel to that ip only. So that will look into that before I can fully test clarity.
Side Note: other issue I might run into is email spoofing. I've notice that some of the Clairty email notification are composing email using the username email setting as the "From Address field". My service does not allow email spoofing and will reject the email. I'll need to investigate this further but there must be a way to change the Clarity Jobs it to use the CSA default email settings value as the "From email address"
Kim