Difference between revisions of "Fetchmail"

From Indie IT Wiki
Line 23: Line 23:
  
 
  defaults sslproto <nowiki>''</nowiki>
 
  defaults sslproto <nowiki>''</nowiki>
 +
 +
Also, it's probably because the mail server you are grabbing messages from uses an SSL certificate stamped with a particular domain name - the true domain name - and this is not the one you're asking Fetchmail to read from, so it's giving you a slightly misleading but necessary warning.
 +
 +
'''To fix this properly, add the real domain name of the SSL certificate to your fetchmail command line ...'''
 +
 +
fetchmail --sslcertck --sslcommonname myrealssldomainname.com
  
 
== Add Your Certificate To Fetchmail ==
 
== Add Your Certificate To Fetchmail ==

Revision as of 10:06, 21 November 2023

Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC.

Test

fetchmail --version --verbose
fetchmail --check --verbose
fetchmail --check

Use POP3S SSL

Change the port and use the keyword 'ssl'...

poll mail.domain.co.uk protocol pop3 port 995 localdomains domain.co.uk
     username "info@domain.co.uk" password "mypassword" is info here fetchall ssl

HOWTO: Stop Warning Message About SSL

To remove this warning message on every poll...

fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)

Add this line to your .fetchmailrc

defaults sslproto ''

Also, it's probably because the mail server you are grabbing messages from uses an SSL certificate stamped with a particular domain name - the true domain name - and this is not the one you're asking Fetchmail to read from, so it's giving you a slightly misleading but necessary warning.

To fix this properly, add the real domain name of the SSL certificate to your fetchmail command line ...

fetchmail --sslcertck --sslcommonname myrealssldomainname.com

Add Your Certificate To Fetchmail

UPDATED

Add the whole chain of certificates to a file using instructions here and then add extra options to the fetchmail config file...

poll mail.domain.co.uk protocol pop3 auth password localdomains domain.co.uk username "john@domain.co.uk" password "mYpAsSwOrD" is jdoe here options ssl sslcertck sslcertpath "/etc/ssl/certs"

OTHER

How to make fetchmail happy with the server’s SSL cert.

Have you tried running fetchmail against a POP3S server and gotten these messages over and over?

fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the first certificate
  1. Make sure a recent openssl is installed and your fetchmail is linked against it, etc, etc
  2. Run “openssl s_client -connect pop.gmail.com:995 -showcerts” (hit enter after the output to exit)
  3. Cut and paste the stuff between the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” lines (inclusive) into a file pop.gmail.com.pem
  4. Review the rest of the output for the “issuer=” line (in this case, “Equifax Secure Certificate Authority”)
  5. Go here and grab the “Base-64 encoded X.509” version of the cert for “Equifax Secure Certificate Authority”
  6. Rename that file with a “.pem” extension
  7. Make a certs directory somewhere (i.e. /usr/local/etc/fetchmail/certs) and put both files in it
  8. Run “c_rehash /usr/local/etc/fetchmail/certs”
  9. Add this to your .fetchmailrc under the “poll” section for this server: “sslcertck sslcertpath /usr/local/etc/fetchmail/certs”
  10. Run “fetchmail -v” and see if the warnings are gone!
  11. You will need to do this for each server that you poll with SSL (both the server and its issuer’s PEM).

https://geekmush.wordpress.com/2007/06/29/how-to-make-fetchmail-happy-with-the-servers-ssl-cert/

HOWTO: Increase Message Size Limit

This sets the message size limit to 25MB, the same as GMail. You have to edit 2 pieces of software. You also have to make sure that the Postfix limit is slightly larger than the Fetchmail limit :)

Fetchmail

fetchmail --quit
sleep 3
fetchmail --limit 25000000

Postfix

sudo postconf -e "message_size_limit = 26000000"
sudo service postfix restart

Date and Time Not Being Logged On Every Check

Add the preconnect command to the configuration file:-

preconnect "date >> /home/postman/fetchmail.log"

Fetchmail with GMail Good Example

ldd /usr/bin/fetchmail
openssl s_client -CApath /etc/ssl/certs/ -connect pop.gmail.com:995
# set username
set postmaster "user5"
# set polling time (5 minutes)
set daemon 600
poll pop.gmail.com with proto POP3
  user 'spammesilly@gmail.com' there with password 'secretpassword' is user5 here options ssl

https://www.axllent.org/docs/gmail-pop3-with-fetchmail/