headers
Jerry | 17 May 2013 14:39
Face

Changing the logging style of fetchmail

When using logging with fetchmail, this is the normal output.
Obviously, I have altered the actual names to protect the innocent.

fetchmail: 1 message for user <at> domain.net at imap.gmail.com.
fetchmail: reading message user <at> domain.net <at> gmail-imap.l.google.com:1 of 1 (4365 header octets)
(1114 body octets) flushed

That same message when handed over to Postfix produces this logging:

May 17 08:20:32 mypc postfix/smtpd[53591]: connect from localhost[127.0.0.1]
May 17 08:20:32 mypc postfix/smtpd[53591]: 3bBpVm4c5Bz2CG5q: client=localhost[127.0.0.1],
sasl_method=CRAM-MD5, sasl_username=secret <at> domain.net
May 17 08:20:32 mypc postfix/cleanup[53597]: 3bBpVm4c5Bz2CG5q: message-id=<20130517131932.03450167 <at> sender.domain.com>
May 17 08:20:32 mypc postfix/qmgr[5884]: 3bBpVm4c5Bz2CG5q: from=<mailing_list <at> domain.org>,
size=5631, nrcpt=1 (queue active)
May 17 08:20:32 mypc postfix/pipe[53598]: 3bBpVm4c5Bz2CG5q: to=<user <at> domain.net>, relay=dovecot,
delay=0.17, delays=0.15/0/0/0.01, dsn=2.0.0, status=sent (delivered via dovecot service)

Now I can easily trace that message through Dovecot if needed.

May 17 08:20:32 deliver(user <at> domain.net): Info: sieve:
msgid=<20130517131932.03450167 <at> sender.domain.com>: stored mail into mailbox 'MailList'

It is evident that the output from the Postfix logging is far more
useful. Since Dovecot also includes vital information; ie. the "message
id", I can trace an individual email throughout the system. Would it be
possible in future versions of Fetchmail to make the logging more
robust? Including the "date" + "time" + "message-id" would be extremely
useful. There doesn't seem to be much sense in including "fetchmail: "
at the beginning of each new line in a dedicated log file.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Jerry | 2 May 2013 11:37
Face

Getting a certificate's fingerprint

I use the option "sslfingerprint" in my config file. Every time GMail
changes its certificate, I have to get a new fingerprint or else
fetchmail refuses to fetch the mail. That is fine. My problem is, how
to get the fingerprint. I have not found an easy method of doing it.
Since I am not an expert with SSL, that is understandable I suppose.

I ws hoping that someone could give me an example of an easy method to
optain the new fingerprint of a GMail certificate that I could use
every time they change theirs.

Thanks!

--

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________

_______________________________________________
fetchmail-users mailing list
fetchmail-users <at> lists.berlios.de
https://lists.berlios.de/mailman/listinfo/fetchmail-users
Permalink | Reply | 8 comments |
headers
Clement BRIZARD | 26 Apr 2013 20:16
Picon
Gravatar

Fwd: Re: fetchmail doesn't want to connect to my mysql database

Le 23/04/2013 21:52, Robert Dahlem a écrit :
> Hi,
>
>> DBI connect('database=postfix;host=127.0.0.1','postfix',...) failed:
>> couldn't connect to the server : Connection refused
> Your database is not running. 5432 smells like PostgreSQL. Did you start it?
>
> Regards,
> Robert
>
>

That's it, I changed the fetchmail.pl from

our $db_type = 'Pg';#
my $db_type = 'mysql';

# host name
our $db_host="127.0.0.1";
# database name
our $db_name="postfix";
# database username
our $db_username="postfix";
# database password
our $db_password="my password";

to

#our $db_type = 'Pg';
my $db_type = 'mysql';
(Continue reading)

Permalink | Reply | 0 comments |
headers
grarpamp | 24 Apr 2013 10:37
Picon

master: TODO.txt

Noted some things

- blacklist DigiNotar/Comodo/T<C3><BC>rktrust hacks/certs, possibly
with Chrome's serial# list?

I would not hardcode this but instead place fingerprints in multiple
global/per_host 'fpdeny' config options. In part because testing
infrastructure with these certs is valuable. And at least that way,
even if they're lazy and only use sslcertck, if some emergency
arises they can add a negative print there affecting global/per_host.
Additionally, point the user to where they can find and then build
their own updated cert store free from all such junk. As well as
point them to some doc about the importance of fingerprint checking.

https://mxr.mozilla.org/mozilla-central/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1
  ftp://ftp.mozilla.org/pub/security/nss/releases/
https://github.com/agl/extract-nss-root-certs.git

I'll try to remember to add this to the 'cert' ticket when I find
it again.

- CRYPTO: remove sslfingerprint? too easily abused (see NEWS)

I trust this is by now just an old entry. If not, please don't :)

#### config flexibility
Consider making 'poll [thing]'s thing just a label string. And
breaking apart the config into types:  'polls' with 'poll [label]',
'hosts' with 'host [label]', and 'accounts' with 'account [label]'.
Put whatever you want in a label ... 'blah' 'joe <at> schmoe.com',
(Continue reading)

Permalink | Reply | 2 comments |
headers
Fetchmail Development Team | 23 Apr 2013 23:50
Picon

The 6.3.26 release of fetchmail is available

The 6.3.26 release of fetchmail is now available at the usual locations,
including <http://developer.berlios.de/projects/fetchmail> and
<http://sourceforge.net/projects/fetchmail/>.

The source archive is available at:
<http://prdownload.berlios.de/fetchmail/fetchmail-6.3.26.tar.xz>
<http://sourceforge.net/projects/fetchmail/files/branch_6.3/fetchmail-6.3.26.tar.xz/download>

or in the older bzip2 format:
<http://prdownload.berlios.de/fetchmail/fetchmail-6.3.26.tar.bz2>

Here are the release notes:

fetchmail-6.3.26 (released 2013-04-23, 26180 LoC):

# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
* They have stopped accepting submissions and consider themselves an archive.

# CRITICAL BUG FIX for setups using "mimedecode":
* The mimedecode feature failed to ship the last line of the body if it was
  encoded as quoted-printable and had a MIME soft line break in the very last
  line.  Reported by Lars Hecking in June 2011.

  Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
  before release 4.4.1 through code contributed by Henrik Storner.
  Workaround for older releases: do not use mimedecode feature.

  Earlier versions of this NEWS file claimed this bug fixed in fetchmail-6.3.23,
  but it was not.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Clement BRIZARD | 23 Apr 2013 17:49
Picon
Gravatar

fetchmail doesn't want to connect to my mysql database

Hello everybody,

I configured a postfix mail server on debian, I followed that tutoriel 
https://www.isalo.org/wiki.debian-fr/Fetchmail_sur_postfixadmin

So I have a problem, when I try to lauch fetchmail as root, 
/var/www/postfixadmin/ADDITIONS/fetchmail.pl
I have that

DBI connect('database=postfix;host=127.0.0.1','postfix',...) failed: couldn't connect to the
server : Connection refused

     Is the connection active on host 127.0.0.1  and does it accepte connexion

     TCP/IP on port port 5432 ? at /var/www/postfixadmin/ADDITIONS/fetchmail.pl line 81

cannot connect the database at /var/www/postfixadmin/ADDITIONS/fetchmail.pl line 45.

WARNING: releasing 1 pending lock...

I do not understand, my database is postfix, the user is postfix, the 
password is good

in my /etc/init.d/firewall I have

# Mail Fetchmail:5432

iptables -t filter -A INPUT -p tcp --dport 5432 -j ACCEPT

iptables -t filter -A OUTPUT -p tcp --dport 5432 -j ACCEPT
(Continue reading)

Permalink | Reply | 4 comments |
headers
Globe Trotter | 13 Apr 2013 11:42
Picon
Favicon

how to fetchmail when using a proxy server to connect to the internet

 Hi,

I can only access the internet using a proxy server with a specified port. My question: what should I change
in my .fetchmailrc settings to be able to fetch mail using fetchmail?

Many thanks,
T
Permalink | Reply | 1 comment |
headers
Martin Koeppe | 1 Apr 2013 10:10
Picon
Picon

fetchmail options limit and warnings


Hi all,

I'm using fetchmail 6.3.21 on cygwin to retrieve mails for multiple users in 
single-drop mode. I use the limit option in fetchmailrc. I currently don't use 
daemon mode, but have another way to regularily start fetchmail (windows 
planned tasks).

Now I would like to send a warning message to the users if an oversized message 
is detected, even if fetchmail is not in daemon mode, because the output only 
goes to a log file which can't be read by the users. Ideally, the warning would 
go to the address that would have received the mail if it were not oversized. 
But a single recipient of the oversize warnings would also help.

So I played around with set postmaster "notify <at> mail.address" and daemon mode, 
but didn't get any notification mail at all.

I use

   fetchmail -f fetchmailrc > logfile 2>&1

with this fetchmailrc file:

-----8<-----

set postmaster martin <at> example.local
defaults:
 	proto pop3 timeout 300 sslproto ''
 	limit 50000000 warnings 1
(Continue reading)

Permalink | Reply | 2 comments |
headers
Fetchmail Development Team | 19 Mar 2013 01:09
Picon

The 6.3.25 release of fetchmail is available

The 6.3.25 release of fetchmail is now available at the usual locations,
including <http://developer.berlios.de/projects/fetchmail> and
<http://sourceforge.net/projects/fetchmail/>.

The source archive is available at:
<http://prdownload.berlios.de/fetchmail/fetchmail-6.3.25.tar.xz>
<http://sourceforge.net/projects/fetchmail/files/branch_6.3/fetchmail-6.3.25.tar.xz/download>

or in the older bzip2 format:
<http://prdownload.berlios.de/fetchmail/fetchmail-6.3.25.tar.bz2>

Here are the release notes:

fetchmail-6.3.25 (released 2013-03-18, 26149 LoC):

# NOTE THAT FETCHMAIL IS NO LONGER PUBLISHED THROUGH IBIBLIO.
* They have stopped accepting submissions and consider themselves an archive.

# BUG FIXES
* Fix a memory leak in out-of-memory error condition while handling plugins.
  Report and patch by John Beck (found with Parfait static code analyzer).
* Fix a NULL pointer dereference in out-of-memory error condition while handling
  plugins.
  Report and patch by John Beck (found with Parfait static code analyzer).

# CHANGES
* Improved reporting when SSL/TLS X.509 certificate validation has failed,
  working around a not-so-recent swapping of two OpenSSL error codes, and
  a practical impossibility to distinguish broken certification chains from
  missing trust anchors (root certificates).
(Continue reading)

Permalink | Reply | 0 comments |
headers
grarpamp | 14 Mar 2013 03:36
Picon

Multiple acceptable fingerprints needed

There needs to be a facility to list multiple acceptable
fingerprints per host, aka: account / poll.

This is needed because there are often cases where
there are multiple hosts behind a single hostname,
whether by DNS, anycast, load balancers, etc...
and those hosts do not all have the same certificate.
The certs are often valid but may be regionally managed,
in a state of local testing, being rolled out over time,
rolled out with overlap in expiry times, or any number
of other cases where this becomes necessary.

For example, right now, depending on where you are
in the world, fetchmail will choke at least half the time
on pop3.live.com for any user who has configured
a fingerprint.

I'm adding this here because it's in the same work area
http://developer.berlios.de/bugs/?func=detailbug&bug_id=16000&group_id=1824

It would be nice to see some work occur in this area.
Thanks.
Permalink | Reply | 2 comments |
headers
Jerry | 9 Mar 2013 20:33
Face

fetchmail with dovecot as mda

I was asked to see if it was possible to get fetchmail to deliver mail
directly to a dovecot server. It is presently working with a Postfix
MTA. The system is comprised of solely virtual users.

From the Postfix "master.cf" file:

dovecot   unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail:vmail argv=/usr/local/libexec/dovecot/deliver
  -f ${sender} -d ${user} <at> ${nexthop} -a ${recipient}

I have tried different ways of configuring the "mda" settings in
fetchmail; however, none of them work. This example stated that it
couldn't open the dovecot log file and that it exited with an error 75.

user 'user <at> isp' there with password 'secret' is 'user' here options
  forcecr dropdelivered smtpaddress 'isp.com' ssl sslcertpath
  '/usr/local/etc/postfix/certs/' sslfingerprint
  '74:8F:40:34:7F:B4:5E:23:99:B3:A9:92:93:67:13:8A' mda
  "/usr/local/libexec/dovecot/deliver -f %F -a %T"

I am not even sure if it is possible. I cannot find any real
documentation via Google from anyone who has actually gotten it to
work. This is being run on a FreeBSD machine.

--

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
(Continue reading)

Permalink | Reply | 3 comments |

Gmane