Difference between revisions of "Fetchmail"

From Indie IT Wiki
 
Line 24: Line 24:
 
  defaults sslproto <nowiki>''</nowiki>
 
  defaults sslproto <nowiki>''</nowiki>
  
Also, it's probably because the mail server you are grabbing messages from uses an SSL certificate stamped with a particular domain name - the true domain name - and this is not the one you're asking Fetchmail to read from, so it's giving you a slightly misleading but necessary warning.
+
Also, it's probably because the mail server you are grabbing messages from uses an SSL certificate stamped with a particular domain name (the true domain name or CommonName) and this is not the one you're asking Fetchmail to read from, so it's giving you a slightly misleading but necessary warning.
  
 
'''To fix this properly, add the real domain name of the SSL certificate to your fetchmail command line ...'''
 
'''To fix this properly, add the real domain name of the SSL certificate to your fetchmail command line ...'''

Latest revision as of 10:06, 21 November 2023

Fetchmail is a full-featured, robust, well-documented remote-mail retrieval and forwarding utility intended to be used over on-demand TCP/IP links (such as SLIP or PPP connections). It supports every remote-mail protocol now in use on the Internet: POP2, POP3, RPOP, APOP, KPOP, all flavors of IMAP, ETRN, and ODMR. It can even support IPv6 and IPSEC.

Test

fetchmail --version --verbose
fetchmail --check --verbose
fetchmail --check

Use POP3S SSL

Change the port and use the keyword 'ssl'...

poll mail.domain.co.uk protocol pop3 port 995 localdomains domain.co.uk
     username "info@domain.co.uk" password "mypassword" is info here fetchall ssl

HOWTO: Stop Warning Message About SSL

To remove this warning message on every poll...

fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)

Add this line to your .fetchmailrc

defaults sslproto ''

Also, it's probably because the mail server you are grabbing messages from uses an SSL certificate stamped with a particular domain name (the true domain name or CommonName) and this is not the one you're asking Fetchmail to read from, so it's giving you a slightly misleading but necessary warning.

To fix this properly, add the real domain name of the SSL certificate to your fetchmail command line ...

fetchmail --sslcertck --sslcommonname myrealssldomainname.com

Add Your Certificate To Fetchmail

UPDATED

Add the whole chain of certificates to a file using instructions here and then add extra options to the fetchmail config file...

poll mail.domain.co.uk protocol pop3 auth password localdomains domain.co.uk username "john@domain.co.uk" password "mYpAsSwOrD" is jdoe here options ssl sslcertck sslcertpath "/etc/ssl/certs"

OTHER

How to make fetchmail happy with the server’s SSL cert.

Have you tried running fetchmail against a POP3S server and gotten these messages over and over?

fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the first certificate
  1. Make sure a recent openssl is installed and your fetchmail is linked against it, etc, etc
  2. Run “openssl s_client -connect pop.gmail.com:995 -showcerts” (hit enter after the output to exit)
  3. Cut and paste the stuff between the “—–BEGIN CERTIFICATE—–” and “—–END CERTIFICATE—–” lines (inclusive) into a file pop.gmail.com.pem
  4. Review the rest of the output for the “issuer=” line (in this case, “Equifax Secure Certificate Authority”)
  5. Go here and grab the “Base-64 encoded X.509” version of the cert for “Equifax Secure Certificate Authority”
  6. Rename that file with a “.pem” extension
  7. Make a certs directory somewhere (i.e. /usr/local/etc/fetchmail/certs) and put both files in it
  8. Run “c_rehash /usr/local/etc/fetchmail/certs”
  9. Add this to your .fetchmailrc under the “poll” section for this server: “sslcertck sslcertpath /usr/local/etc/fetchmail/certs”
  10. Run “fetchmail -v” and see if the warnings are gone!
  11. You will need to do this for each server that you poll with SSL (both the server and its issuer’s PEM).

https://geekmush.wordpress.com/2007/06/29/how-to-make-fetchmail-happy-with-the-servers-ssl-cert/

HOWTO: Increase Message Size Limit

This sets the message size limit to 25MB, the same as GMail. You have to edit 2 pieces of software. You also have to make sure that the Postfix limit is slightly larger than the Fetchmail limit :)

Fetchmail

fetchmail --quit
sleep 3
fetchmail --limit 25000000

Postfix

sudo postconf -e "message_size_limit = 26000000"
sudo service postfix restart

Date and Time Not Being Logged On Every Check

Add the preconnect command to the configuration file:-

preconnect "date >> /home/postman/fetchmail.log"

Fetchmail with GMail Good Example

ldd /usr/bin/fetchmail
openssl s_client -CApath /etc/ssl/certs/ -connect pop.gmail.com:995
# set username
set postmaster "user5"
# set polling time (5 minutes)
set daemon 600
poll pop.gmail.com with proto POP3
  user 'spammesilly@gmail.com' there with password 'secretpassword' is user5 here options ssl

https://www.axllent.org/docs/gmail-pop3-with-fetchmail/