Announcements about the fetchmail MUA

Cherry, Steven | 4 Dec 2007 16:19

fetchmail IMAP

I'm using fetchmail against an AD and it worked fine until yesterday.  I assume the server guys made some
change and now I cannot get my mail.  Also fails when I use NTLS

my rc file:
-----
set logfile    /tmp/fetchmail.log
defaults
         timeout 30
         keep
         fetchall 
poll DNP-server.us.ad.gannett.com protocol IMAP auth password
        username 'us\/scherry'
        password secret
-----

my -vv output
-----
fetchmail: 6.3.6 querying DNP-LCLCI02.us.ad.gannett.com (protocol IMAP) at Tue 04 Dec 2007 10:14:48 AM
EST: poll started
fetchmail: Trying to connect to 10.5.1.76/143...connected.
fetchmail: IMAP< * OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1
(DNP-LCLCI02.us.ad.gannett.com) ready.
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4 IMAP4rev1 IDLE LOGIN-REFERRALS MAILBOX-REFERRALS NAMESPACE
LITERAL+ UIDPLUS CHILDREN AUTH=NTLM
fetchmail: IMAP< A0001 OK CAPABILITY completed.
fetchmail: Protocol identified as IMAP4 rev 1
fetchmail: DNP-LCLCI02.us.ad.gannett.com: opportunistic upgrade to TLS failed, trying to continue
fetchmail: IMAP> A0002 NOOP
fetchmail: IMAP< A0002 OK NOOP completed.

(Continue reading)

Matthias Andree | 4 Dec 2007 17:28

Picon

Picon

Re: fetchmail IMAP

Cherry, Steven schrieb:
> I'm using fetchmail against an AD and it worked fine until yesterday.  I assume the server guys made some
change and now I cannot get my mail.  Also fails when I use NTLS
> 
> my rc file:
> -----
> set logfile    /tmp/fetchmail.log
> defaults
>          timeout 30
>          keep
>          fetchall 
> poll DNP-server.us.ad.gannett.com protocol IMAP auth password
>         username 'us\/scherry'
>         password secret
> -----
> 
> my -vv output
> -----
> fetchmail: 6.3.6 querying DNP-LCLCI02.us.ad.gannett.com (protocol IMAP) at Tue 04 Dec 2007 10:14:48
AM EST: poll started

Try 6.3.8 and see if that makes any difference.

Given you're working in an intranet, you could try to suppress the
automatic TLS negotiation by adding "sslproto ssl3" to your configuration
and see if that helps.

If it doesn't, please ask the server guys what they changed recently,
perhaps we can then figure what to do.

(Continue reading)

michael | 4 Dec 2007 21:16

fetchmail props

I just need to simply pull email from an MS Exchange POP account, write
those individually to disk for processing by an archiving system.  The
questions I have are:

1]  Would maildir be the format I want?
2] Using this config:

poll SERVERNAME protocol PROTOCOL username NAME password PASSWORD

Where would the emails download to?
3]  Anyone have any specific configuration for what I need?

Thanks!
Michael

Rob MacGregor | 4 Dec 2007 22:32

Picon

Re: fetchmail props

On Dec 4, 2007 8:16 PM,  <michael <at> willowtreeinteractive.com> wrote:
> I just need to simply pull email from an MS Exchange POP account, write

You have, of course, read the FAQ to do with Exchange:

  http://www.fetchmail.info/fetchmail-FAQ.html#S2

> those individually to disk for processing by an archiving system.  The
> questions I have are:
>
> 1]  Would maildir be the format I want?

You tell us ;)  Fetchmail neither knows nor cares about the format you
store the email in.  Your choice will depend on what local delivery
mechanism you use.

> 2] Using this config:
>
> poll SERVERNAME protocol PROTOCOL username NAME password PASSWORD
>
> Where would the emails download to?

They would be handed over (as detailed in the man page) to whatever
SMTP server you had listening on port 25 of the system you're running
fetchmail on.

> 3]  Anyone have any specific configuration for what I need?

You don't really give enough detail for specific help.

(Continue reading)

Andrea Bencini | 5 Dec 2007 10:13

Picon

certificate verification error

I installed fetchmail-6.3.8-3.
 My .fetchmailrc file is:

 poll pop.my.domain timeout 300 protocol pop3 auth password
   user 'myuser' with password 'mypassword' to andrea smtphost 
 localhost/2345

 In maillog file I receive this message:
 pptt fetchmail[6293]: Server certificate verification error: self signed 
 certificate

 What is it?
 Can you help me?
 Thanks
 Andrea

Rob MacGregor | 5 Dec 2007 10:26

Picon

Re: certificate verification error

On Dec 5, 2007 9:13 AM, Andrea Bencini <andrea.bencini <at> tin.it> wrote:
> I installed fetchmail-6.3.8-3.
>  My .fetchmailrc file is:
>
>  poll pop.my.domain timeout 300 protocol pop3 auth password
>    user 'myuser' with password 'mypassword' to andrea smtphost
>  localhost/2345
>
>  In maillog file I receive this message:
>  pptt fetchmail[6293]: Server certificate verification error: self signed
>  certificate
>
>  What is it?

If you'd looked at the list archive you'd have found many threads on
this, the latest of which is:

https://lists.berlios.de/pipermail/fetchmail-users/2007-August/001167.html

In short, you need identify the certificate's signature and then add
the relevant fingerprint to your .fetchmailrc.

fetchmail -v -v -v -c --nodetach --nosyslog

Then add the fingerprint as "sslfingerprint FINGERPRINT" before the
user line in your .fetchmailrc.

--

-- 
                 Please keep list traffic on the list.

(Continue reading)

Matthias Andree | 6 Dec 2007 01:30

Picon

Picon

Re: certificate verification error

Rob MacGregor schrieb am 2007-12-05:

> On Dec 5, 2007 9:13 AM, Andrea Bencini <andrea.bencini <at> tin.it> wrote:
> > I installed fetchmail-6.3.8-3.
> >  My .fetchmailrc file is:
> >
> >  poll pop.my.domain timeout 300 protocol pop3 auth password
> >    user 'myuser' with password 'mypassword' to andrea smtphost
> >  localhost/2345
> >
> >  In maillog file I receive this message:
> >  pptt fetchmail[6293]: Server certificate verification error: self signed
> >  certificate
> >
> >  What is it?
> 
> If you'd looked at the list archive you'd have found many threads on
> this, the latest of which is:
> 
> https://lists.berlios.de/pipermail/fetchmail-users/2007-August/001167.html
> 
> In short, you need identify the certificate's signature and then add
> the relevant fingerprint to your .fetchmailrc.
> 
> fetchmail -v -v -v -c --nodetach --nosyslog
> 
> Then add the fingerprint as "sslfingerprint FINGERPRINT" before the
> user line in your .fetchmailrc.

Careful there!

(Continue reading)

Rob MacGregor | 6 Dec 2007 07:58

Picon

Re: certificate verification error

On Dec 6, 2007 12:30 AM, Matthias Andree <matthias.andree <at> gmx.de> wrote:
>
> Careful there!
>
> The canonical way still is to install the root certificate and perhaps
> (that is, if delegations are present) - the intermediate certificates
> either system-wide or into the directory given with --sslcertpath DIR
> (don't forget to run c_rehash on the directory).

My mistake.  I'd remembered a discussion where the comment had been
that sslfingerprint and downloading the *server* certificate achieved
the same thing, overlooking the other discussion about downloading
root certificates by preference.

--

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Matthias Andree | 6 Dec 2007 17:41

Picon

Picon

Re: certificate verification error

Rob MacGregor schrieb:
> On Dec 6, 2007 12:30 AM, Matthias Andree <matthias.andree <at> gmx.de> wrote:
>> Careful there!
>>
>> The canonical way still is to install the root certificate and perhaps
>> (that is, if delegations are present) - the intermediate certificates
>> either system-wide or into the directory given with --sslcertpath DIR
>> (don't forget to run c_rehash on the directory).
> 
> My mistake.  I'd remembered a discussion where the comment had been
> that sslfingerprint and downloading the *server* certificate achieved
> the same thing, overlooking the other discussion about downloading
> root certificates by preference.

While your assertion is correct (equivalent level of security or rather
insecurity), it does not protect against man-in-the-middle attacks.

The compelling question at hand is: how do you know you're not being
subject to a man-in-the-middle attack while downloading the certificate?

The answer is: you *cannot* know - unless you verify the server
certificate's fingerprint -- which is a rather unusual practice, you'd more
readily find the *root* certificate of the ISP's or institute's
certification authority (CA) for download along with fingerprints, and
verifying *those* by calling the CA is more common.

HTH
Matthias

--

--

(Continue reading)

Rob MacGregor | 6 Dec 2007 22:35

Picon

Re: certificate verification error

On Dec 6, 2007 4:41 PM, Matthias Andree <matthias.andree <at> gmx.de> wrote:
>
> While your assertion is correct (equivalent level of security or rather
> insecurity), it does not protect against man-in-the-middle attacks.
>
> The compelling question at hand is: how do you know you're not being
> subject to a man-in-the-middle attack while downloading the certificate?
>
> The answer is: you *cannot* know - unless you verify the server
> certificate's fingerprint -- which is a rather unusual practice, you'd more
> readily find the *root* certificate of the ISP's or institute's
> certification authority (CA) for download along with fingerprints, and
> verifying *those* by calling the CA is more common.

Of course, I'd argue that self-signed certificates (which is where
this thread started) are unverifiable by their very nature ;)

Having said that, I'd agree that downloading and installing a CA's
certificate is a cleaner solution, where you can trust that CA.

--

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Group

gmane.mail.fetchmail.user.

Search Archive

Page

1 | 2

Articles in period: 17

December 2007

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

Changing the logging style of fetchmail (17 May 2013)
Getting a certificate's fingerprint (2 May 2013)
Fwd: Re: fetchmail doesn't want to connect to my mysql database (26 Apr 2013)
master: TODO.txt (24 Apr 2013)
The 6.3.26 release of fetchmail is available (23 Apr 2013)
fetchmail doesn't want to connect to my mysql database (23 Apr 2013)
how to fetchmail when using a proxy server to connect to the internet (13 Apr 2013)
fetchmail options limit and warnings (1 Apr 2013)
The 6.3.25 release of fetchmail is available (19 Mar 2013)
Multiple acceptable fingerprints needed (14 Mar 2013)
fetchmail with dovecot as mda (9 Mar 2013)
Configure .fetchmailrc for hotwayd (1 Mar 2013)
Odd one for you (1 Mar 2013)
"retained" in fetchmail log (25 Feb 2013)
minor bug fixes for socket.c (12 Feb 2013)
lock busy! (5 Feb 2013)
fetchmail doesn't fetch a specific message: nameserver failure (1 Feb 2013)
Multidrop substring (31 Jan 2013)
fetchmail - maildrop: non delivery (20 Jan 2013)
unable to vrify certificate after provider renewed it. (15 Jan 2013)
Mails are fetched hours later (10 Jan 2013)

Archives

11	May 2013
15	April 2013
21	March 2013
22	February 2013
40	January 2013
16	December 2012
12	November 2012
32	October 2012
8	September 2012
30	August 2012
13	July 2012
39	June 2012
38	May 2012
13	April 2012
26	March 2012
21	February 2012
31	January 2012
4	December 2011
33	November 2011
39	October 2011
3	September 2011
63	August 2011
29	June 2011
56	May 2011
54	April 2011
42	March 2011
69	February 2011
16	January 2011
19	December 2010
68	November 2010
35	October 2010
11	September 2010
38	August 2010
35	July 2010
16	June 2010
9	May 2010
44	April 2010
33	March 2010
38	February 2010
83	January 2010
15	December 2009
28	November 2009
26	October 2009
49	September 2009
52	August 2009
21	July 2009
31	June 2009
40	May 2009
28	April 2009
3	March 2009
38	February 2009
10	January 2009
50	December 2008
42	November 2008
20	October 2008
38	September 2008
31	August 2008
62	July 2008
22	June 2008
39	May 2008
17	April 2008
25	March 2008
32	February 2008
45	January 2008
17	December 2007
29	November 2007
67	October 2007
46	September 2007
95	August 2007
29	July 2007
34	June 2007
54	May 2007
62	April 2007
106	March 2007
30	February 2007
4	September 2006
10	August 2006
8	July 2006
4	June 2006
4	May 2006
24	April 2006
25	March 2006
48	February 2006
57	January 2006
32	December 2005
61	November 2005
43	October 2005
57	September 2005
45	August 2005
60	July 2005
40	June 2005
53	May 2005
73	April 2005
36	March 2005
42	February 2005
37	January 2005
114	December 2004
75	November 2004
28	October 2004
47	September 2004
73	August 2004
74	July 2004
82	June 2004
229	May 2004
130	April 2004
92	March 2004
87	February 2004
50	January 2004
49	December 2003
66	November 2003
151	October 2003
95	September 2003
78	August 2003
182	July 2003
95	June 2003
128	May 2003
64	April 2003
85	March 2003
88	February 2003
97	January 2003
123	December 2002
85	November 2002
144	October 2002
125	September 2002
58	August 2002
71	July 2002
188	June 2002
140	May 2002
171	April 2002
160	March 2002
115	February 2002
115	January 2002
110	December 2001
78	November 2001
132	October 2001
154	September 2001
140	August 2001
119	July 2001
128	June 2001
119	May 2001
81	April 2001
180	March 2001
181	February 2001
44	January 2001
1	December 2000

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template