Fetchmail
Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC.
Test
fetchmail --version --verbose fetchmail --check --verbose fetchmail --check
Use POP3S SSL
Change the port and use the keyword 'ssl'...
poll mail.domain.co.uk protocol pop3 port 995 localdomains domain.co.uk
username "info@domain.co.uk" password "mypassword" is info here fetchall ssl
HOWTO: Stop Warning Message About SSL
To remove this warning message on every poll...
fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)
Add this line to your .fetchmailrc
defaults sslproto ''
Also, it's probably because the mail server you are grabbing messages from uses an SSL certificate stamped with a particular domain name (the true domain name or CommonName) and this is not the one you're asking Fetchmail to read from, so it's giving you a slightly misleading but necessary warning.
To fix this properly, add the real domain name of the SSL certificate to your fetchmail command line ...
fetchmail --sslcertck --sslcommonname myrealssldomainname.com
Add Your Certificate To Fetchmail
UPDATED
Add the whole chain of certificates to a file using instructions here and then add extra options to the fetchmail config file...
poll mail.domain.co.uk protocol pop3 auth password localdomains domain.co.uk username "john@domain.co.uk" password "mYpAsSwOrD" is jdoe here options ssl sslcertck sslcertpath "/etc/ssl/certs"
OTHER
How to make fetchmail happy with the server’s SSL cert.
Have you tried running fetchmail against a POP3S server and gotten these messages over and over?
fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: Server certificate verification error: certificate not trusted fetchmail: Server certificate verification error: unable to verify the first certificate
- Make sure a recent openssl is installed and your fetchmail is linked against it, etc, etc
- Run “openssl s_client -connect pop.gmail.com:995 -showcerts” (hit enter after the output to exit)
- Cut and paste the stuff between the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” lines (inclusive) into a file pop.gmail.com.pem
- Review the rest of the output for the “issuer=” line (in this case, “Equifax Secure Certificate Authority”)
- Go here and grab the “Base-64 encoded X.509” version of the cert for “Equifax Secure Certificate Authority”
- Rename that file with a “.pem” extension
- Make a certs directory somewhere (i.e. /usr/local/etc/fetchmail/certs) and put both files in it
- Run “c_rehash /usr/local/etc/fetchmail/certs”
- Add this to your .fetchmailrc under the “poll” section for this server: “sslcertck sslcertpath /usr/local/etc/fetchmail/certs”
- Run “fetchmail -v” and see if the warnings are gone!
- You will need to do this for each server that you poll with SSL (both the server and its issuer’s PEM).
https://geekmush.wordpress.com/2007/06/29/how-to-make-fetchmail-happy-with-the-servers-ssl-cert/
HOWTO: Increase Message Size Limit
This sets the message size limit to 25MB, the same as GMail. You have to edit 2 pieces of software. You also have to make sure that the Postfix limit is slightly larger than the Fetchmail limit :)
Fetchmail
fetchmail --quit sleep 3 fetchmail --limit 25000000
Postfix
sudo postconf -e "message_size_limit = 26000000" sudo service postfix restart
Date and Time Not Being Logged On Every Check
Add the preconnect command to the configuration file:-
preconnect "date >> /home/postman/fetchmail.log"
Fetchmail with GMail Good Example
ldd /usr/bin/fetchmail
openssl s_client -CApath /etc/ssl/certs/ -connect pop.gmail.com:995
# set username set postmaster "user5" # set polling time (5 minutes) set daemon 600 poll pop.gmail.com with proto POP3 user 'spammesilly@gmail.com' there with password 'secretpassword' is user5 here options ssl
