fetchmail-users — User questions and discussion

Re: [Fetchmail-users] fetchmail expunge error

[Gerard E. S. <ger...@ou...>]

On Sun, 25 Apr 2021 12:24:06 -0500, Leslie Rhorer stated:
>     In any case, I can now login using the IMAP protocol, but
> fetchmail 
>can only download a single message at a time, producing a mail expunge 
>mismatch error (0 actual != 1 expected) and exiting after each
>message. Eventually, it does manage to get all the messages, but
>typically only after a very long time, whenever several messages come
>in over a short time frame.  While not quite critical, this is
>definitely not good.
>
>Is anyone else having this issue with AT&T?  How can I fix it?

Both YAHOO and AOL exhibit the same problem. Most MUAs simply ignore the
problem. Fetchmail has taken a more stringent approach.

-- 
Gerard

Re: [Fetchmail-users] fetchmail expunge error

[Leslie R. <les...@si...>]

On 4/25/2021 1:32 PM, Gene Heskett wrote:
> And ts not anything I have ever had a problem with. 


     Well, me either, until a few days ago.

> My ISP, the local cable tv folks, who also supply my telephone but no tv
     I suspect this is limited to AT&T and their new server, or at least 
mosty.
> as I have an off-air antenna, is actually running its mail server on a
> linux box, using dovecot.
     I am also running dovecot as my IMAP server, both it and fetchmail 
on a Linux box.

Re: [Fetchmail-users] fetchmail expunge error

[Gene H. <ghe...@sh...>]

On Sunday 25 April 2021 13:24:06 Leslie Rhorer wrote:

> Hello everyone,
>
>      I have been using fetchmail for many years with no issues, across
> several ISPs.  A few days ago, however one of my users accounts quit
> working.  The issue, actually, was her client.  I had to delete and
> re-add her account in the client.  In the process, her password was
> changed, and then fetchmail could no longer download her mail.  A day
> later, my own account also quit working.  I called the ISP (AT&T) and
> they informed me users could no longer access mail from a client using
> their password. Instead, the user has to create a secure keyword.  I
> was also informed the old server (inbound.att.net) is no longer
> active. Instead, users must download from imap.mail.att.net.  The tech
> claimed POP3 downloads would still work, but I was not able to get
> fetchmail to login to the server with the POP3 protocol.  I would be
> interested to know if anyone is still able to login to the new server
> using the POP3 protocol.
>
>      In any case, I can now login using the IMAP protocol, but
> fetchmail can only download a single message at a time, producing a
> mail expunge mismatch error (0 actual != 1 expected) and exiting after
> each message. Eventually, it does manage to get all the messages, but
> typically only after a very long time, whenever several messages come
> in over a short time frame.  While not quite critical, this is
> definitely not good.
>
And ts not anything I have ever had a problem with.
From my .fetchmailrc:
=====================
defaults mda "/usr/bin/procmail -d me "
set postmaster "me"
set no bouncemail
set no spambounce
set daemon 120

poll	imap.shentel.net with proto imap
	user #######@shentel.net with password ########## is ######
	sslcertpath /etc/ssl/certs
	fetchall
	ssl
	pass8bits
	nokeep
=====================
My ISP, the local cable tv folks, who also supply my telephone but no tv 
as I have an off-air antenna, is actually running its mail server on a 
linux box, using dovecot.

And it Just Works.  Leaving nothing in my inbox at their server every 2 
minutes. 

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

[Fetchmail-users] fetchmail expunge error

[Leslie R. <les...@si...>]

Hello everyone,

     I have been using fetchmail for many years with no issues, across 
several ISPs.  A few days ago, however one of my users accounts quit 
working.  The issue, actually, was her client.  I had to delete and 
re-add her account in the client.  In the process, her password was 
changed, and then fetchmail could no longer download her mail.  A day 
later, my own account also quit working.  I called the ISP (AT&T) and 
they informed me users could no longer access mail from a client using 
their password. Instead, the user has to create a secure keyword.  I was 
also informed the old server (inbound.att.net) is no longer active. 
Instead, users must download from imap.mail.att.net.  The tech claimed 
POP3 downloads would still work, but I was not able to get fetchmail to 
login to the server with the POP3 protocol.  I would be interested to 
know if anyone is still able to login to the new server using the POP3 
protocol.

     In any case, I can now login using the IMAP protocol, but fetchmail 
can only download a single message at a time, producing a mail expunge 
mismatch error (0 actual != 1 expected) and exiting after each message.  
Eventually, it does manage to get all the messages, but typically only 
after a very long time, whenever several messages come in over a short 
time frame.  While not quite critical, this is definitely not good.

     Is anyone else having this issue with AT&T?  How can I fix it?


fetchmailrc:

set no syslog
set logfile "/var/log/fetchmail.log"
set postmaster "postmaster"
set nobouncemail
set no spambounce
set properties ""
set daemon 60

poll imap.mail.att.net via imap.mail.att.net
     with proto IMAP service 993

user 'xx...@at...' there with password 'xxxxxxxxxx' is 'xxxxxxxx' 
here options fetchall forcecr stripcr ssl
  mda "/usr/bin/procmail -f %F -d %T"


user 'yyy...@at...' there with password 'yyyyyyyyyy' is 'yyyyyyyy' 
here options fetchall forcecr stripcr stripcr ssl
  mda "/usr/bin/procmail -f %F -d %T"

[Fetchmail-users] ANNOUNCE: The 6.5.0.beta3 snapshot of fetchmail is available

[Matthias A. <mat...@gm...>]

Greetings,

The 6.5.0.beta3 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.5/>

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.5/fetchmail-6.5.0.beta3.tar.xz/download>

This is a deep link to the GnuPG signature:
<https://sourceforge.net/projects/fetchmail/files/branch_6.5/fetchmail-6.5.0.beta3.tar.xz.asc/download>

This is mostly merging of the recent 6.4 releases, with these additional changes:

* 13d7eab8 2021-04-24 | INSTALL: Spell-check [Matthias Andree]
* deb5e66f 2021-03-29 | Add basic test framework to source from other tests. [Matthias Andree]
* 9c9d47c9 2021-03-29 | fetchmail.man: Add QUICKSTART section. [Matthias Andree]
* 3aafc8bd 2021-03-23 | Reduce 15 different translatable "Query status" messages into 2. [Lauri Nurmi]
* c4ba1d68 2021-03-13 | po/de.po: Update. [Matthias Andree]
* 13c9a52c 2021-03-13 | INSTALL: mention Python 3 optional, and suggest make check [Matthias Andree]
* 6161c8c2 2021-03-13 | OpenSSL: Prepare for removal of TLS_MAX_VERSION declaration. [Matthias Andree]
* 1b374b5f 2021-03-13 | tests: import Ubuntu's POP3 mock server operation test [Bryce Harrington]
* da6eb347 2021-03-13 | sanity check well-known POP3/IMAP ports vs. SSL [Matthias Andree]
* 58cd8002 2021-01-30 | tls-aux.h: Remove unneeded 1.0.2 compatibility code. [Matthias Andree]

Here are the release notes:

--------------------------------------------------------------------------------
fetchmail-6.5.0 (not yet released):

## REMOVED FEATURES
* fetchmail no longer supports using an MDA as SMTP fallback. This is required 
  to make deliveries consistent.
  The --enable-fallback configure option is gone.
* fetchmail no longer supports SSLv3. --sslproto ssl3 and ssl3+ options have
  been removed and behave as though "--sslproto auto" had been given.

## INCOMPATIBLE CHANGES
* fetchmail by default only negotiates TLS v1.2 or higher. (RFC-7525)
* fetchmail can auto-negotiate TLS v1.1 through the --sslproto tls1.1+ option.
* fetchmail can auto-negotiate TLS v1.0 through the --sslproto tls1+ option.
* fetchmailconf now requires Python 3.7.0 or newer.
* fetchmail, with --logfile, now logs time stamps into the file, in localtime
  and in the format "Jun 20 23:45:01 fetchmail: ". It will be localized through
  the environment variables LC_TIME (or LC_ALL) and TZ.
  Contributed by Holger Hoffstätte.
* fetchmail sets the OPENSSL security level to 2 by default.
  Override is possible from an environment variable,
  see EXPERIMENTAL CHANGES below.

## CHANGED REQUIREMENTS
* fetchmail 6.5.0 is written in C99 and requires a SUSv3 (Single Unix
  Specification v3, a superset of POSIX.1-2001 aka. IEEE Std 1003.1-2001 with
  XSI extension) compliant system.

  In particular, older fetchmail versions had workarounds or replacement code
  for several functions standardized in the Single Unix Specification v3, these 
  have been removed. Hence:
  - The trio/ library has been removed from the distribution.
  - The libesmtp/getaddrinfo.? library has been removed from the distribution.
  - The KAME/getnameinfo.c file has been removed from the distribution.

* fetchmail 6.5.0 requires a TLSv1.3-capable version of OpenSSL,
  at a minimum OpenSSL v1.1.1.

## BUG FIXES
* fetchmail can now report mailbox sizes of 2^31 octets and beyond.
  This required C99 support (for the long long type).
  Fixes Debian Bug#873668, reported by Andreas Schmidt.
* fetchmail now defines its OpenSSL API level (1.1.1, or 10101) so
  as to compile with OpenSSL 3.0.0. (fetchmail was requesting to hide
  deprecated APIs.)

## CHANGES
* When fetchmail attempts to log out from an IMAP4 server and the server messes
  up its responses (it is supposed to send an untagged * BYE and a tagged
  A4711 OK) and sends a tagged A4711 BYE response, tolerate that, rather than
  reporting a protocol error. We don't intend to chat any more so the protocol
  violation is harmless, and we know the server cannot send more untagged
  status responses.
  Analysis and fix courtesy of Maciej S. Szmigiero, GitLab merge request !20.
* The configure script now spends more effort for getting --with-ssl right, by 
  running pkg-config in the right environment, and using the AC_LIB_LINKFLAGS 
  macro to obtain run-time library path setting flags.

## EXPERIMENTAL CHANGES - these are not documented anywhere else, only here:
* fetchmail supports a FETCHMAIL_SSL_SECLEVEL environment variable that
  can be used to override the OpenSSL security level. Fetchmail by default
  raises the security level to 2 if lower. This variable can be used to lower it.
  Use with extreme caution. Note that levels 3 or higher will frequently cause
  incompabilities with servers because server-side data sizes are often too low.
  Valid range: 0 to 5 for OpenSSL 1.1.1 and 3.0.0-alpha4.
* fetchmail supports a FETCHMAIL_SSL_CIPHERS environment variable that
  sets the cipher string (through two different OpenSSL functions) for SSL and
  TLS versions up to TLSv1.2.
  If setting the ciphers fails, fetchmail will not connect.
  If not given, defaults to Postfix's "medium" list, 
  "aNULL:-aNULL:HIGH:MEDIUM:+RC4:@STRENGTH".
* fetchmail supports a FETCHMAIL_TLS13_CIPHERSUITES environment variable
  that sets the ciphersuites (a colon-separated list, without + ! -) for
  TLSv1.3. If not given, defaults to OpenSSL's built-in list. If setting the 
  ciphersuites fails, fetchmail refuses to connect.
* NOTE the features above are simplistic. For instance, even though you 
  configure --sslproto tls1.3, a failure to set tls1.2 ciphers could cause
  a connection abort.

# KNOWN BUGS AND WORKAROUNDS
  (This section usually floats upwards through the NEWS file so it stays with 
  the current release information)
* Fetchmail does not handle messages without Message-ID header well
* Fetchmail currently uses 31-bit signed integers in several places
  where unsigned and/or wider types should have been used.
* BSMTP is mostly untested and errors can cause corrupt output.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance,
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error
  messages. This will not be fixed, because the maintainer has no Kerberos 5
  server to test against. Use GSSAPI.
--------------------------------------------------------------------------------

[Fetchmail-users] ANNOUNCE: The 6.4.19 release of fetchmail is available (translation update and LMTP/fetchmailconf fixes)

[Matthias A. <mat...@gm...>]

Greetings,

The 6.4.19 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

It contains an LMTP bug fix, updates fetchmailconf and the Serbian 
translation.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.19.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.19.tar.lz/download>

Detached GnuPG signatures for the respective tarballs are at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.19.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.19.tar.lz.asc/download>

SHA256 hash values for the tarballs:
SHA256(fetchmail-6.4.19.tar.lz)= fe4c33b9c57e1e4f341e01564259478fc8dcb28013a2f7240d726aa72f858286
SHA256(fetchmail-6.4.19.tar.xz)= cd8d11a3d103e50caa2ec64bcda6307eb3d0783a4d4dfd88e668b81aaf9d6b5f

Here are the release notes:

---------------------------------------------------------------------------------
fetchmail-6.4.19 (released 2021-04-24, 30026 LoC):

# CHANGE:
* fetchmailconf: properly catch and report option parsing errors

# BUG FIX:
* LMTP: do not try to validate the last component of a UNIX-domain LMTP socket
  as though it were a TCP port.  Reported by Christoph Heitkamp, Gitlab issue #33.

# TRANSLATION UPDATE:
  This fine person has contributed an updated translation:
* sr:    Мирослав Николић (Miroslav Nikolić) [Serbian]
---------------------------------------------------------------------------------

Happy fetches,
Matthias

Re: [Fetchmail-users] fetchmail 7.0.0.alpha7 oauth authentication failure to outlook.office365.com

[Matthias A. <mat...@gm...>]

Am 12.04.21 um 16:19 schrieb David Thompson via Fetchmail-users:
> I'm trying to get the latest fetchmail alpha to pop mail from Microsoft. I'm using the python O365 module to get an access token, and then using fetchmail's passwordfile option to pop the messages. I can access the email account fine using the O365 python module, but if I extract the access token from the FileSystemTokenBackend file for use with fetchmail, I get an authentication error. I've also verified that the extracted access token is good using Microsoft's tool (https://jwt.ms/). Here are my specifics (per the FAQ G3):
>
> Os: CentOS 7 (CentOS Linux release 7.9.2009 (Core))
> Compiler: gcc-4.8.5-44.el7.x86_64
> Command: fetchmail -v -f fetchmailrc
>
> My fetchmailrc is:
> poll outlook.office365.com proto pop3 auth oauthbearer
>         user 'fet...@wi...' passwordfile '/opt/rt-oauth/fet...@wi...cess' sslmode wrapped
>
> fetchmail -V ... and fetchmail -vvv... outputs are attached.
>
> Any thoughts or suggestions are greatly appreciated.

David, how long is the "password" token?

ls -l /opt/rt-oauth/fet...@wi...cess

I have recently released fetchmail 7.0.0-alpha8 with an increased maximum password length of 10,000 bytes net, but the announcement hasn't made it through to the list yet, for reasons unknown (no bounce received yet), hence I am Cc:ing you (out of the ordinary).

[Fetchmail-users] fetchmail 7.0.0.alpha7 oauth authentication failure to outlook.office365.com

[David T. <dav...@wi...>]

I'm trying to get the latest fetchmail alpha to pop mail from Microsoft. I'm using the python O365 module to get an access token, and then using fetchmail's passwordfile option to pop the messages. I can access the email account fine using the O365 python module, but if I extract the access token from the FileSystemTokenBackend file for use with fetchmail, I get an authentication error. I've also verified that the extracted access token is good using Microsoft's tool (https://jwt.ms/). Here are my specifics (per the FAQ G3):

Os: CentOS 7 (CentOS Linux release 7.9.2009 (Core))
Compiler: gcc-4.8.5-44.el7.x86_64
Command: fetchmail -v -f fetchmailrc

My fetchmailrc is:
poll outlook.office365.com proto pop3 auth oauthbearer
        user 'fet...@wi...' passwordfile '/opt/rt-oauth/fet...@wi...cess' sslmode wrapped

fetchmail -V ... and fetchmail -vvv... outputs are attached.

Any thoughts or suggestions are greatly appreciated.

David

Re: [Fetchmail-users] Fetchmail on new Devuan Beowulf fails where old version works.

[Matthias A. <mat...@gm...>]

Am 29.03.21 um 09:15 schrieb dv...@in...:
> Yes, 12 yrs in last job, 12 yrs retired, so it's 24 tears tops that
> I've
> used fetchmail, on reflection. Just finished a 2 year rural off-grid
> owner-build last Monday - that makes everything beforehand seem
> further
> in the past, I kid you not.
>
> Many thanks for the fix. I would not have guessed that turning SSL on
> would make the problem go away, but can see it now, I'll make notes.

Erik,

glad that worked. I've added it to the FAQ, section K6.

<https://www.fetchmail.info/fetchmail-FAQ.html#K6>

Feel free to suggest a better wording or arrangement or title for the
section.

Cheers,
Matthias

Re: [Fetchmail-users] Fetchmail on new Devuan Beowulf fails where old version works.

[<dv...@in...>]

 On 28.03.21 20:22, Matthias Andree wrote:
> There are two ways out here for you:
> 
> 1. The good one is adding "ssl". That makes fetchmail connect to
port
> 995 and talk TLS right away (SSL-wrapped or TLS-wrapped mode) and is
> what I'd recommend.

That worked fine, so no need for the bad one. :-) 

> 2. The bad one, and I shall clearly discourage that, is adding
> nosslcertck (this defeats man-in-the-middle eavesdropping
protection).
> 
> > In about 30 years of fetchmail use, I've completely forgotten what
it
> > is tohave an email fetch issue. This is quite novel.
> 
> Thanks for the honors for ESR, but fetchmail is only 25 years old
and 
> even with popclient it's not sure we get to 30. ;-) 

Yes, 12 yrs in last job, 12 yrs retired, so it's 24 tears tops that
I've
used fetchmail, on reflection. Just finished a 2 year rural off-grid
owner-build last Monday - that makes everything beforehand seem
further
in the past, I kid you not. 

Many thanks for the fix. I would not have guessed that turning SSL on
would make the problem go away, but can see it now, I'll make notes.

Erik

Re: [Fetchmail-users] Fetchmail on new Devuan Beowulf fails where old version works.

[Matthias A. <mat...@gm...>]

Erik,

you wrote:
> My ancient debian host's fetchmail works fine with the ISP's
> mailserver,  but fetchmail 6.4.0.beta4 on beowulf is ignoring the mail
> server's capability  response, instead asking for STLS, which fails.

Ouch. I should check that and possibly document better.

I think it still desires TLS because...

>  poll mail.internode.on.net with proto POP3 
>         user 'dvalin' there is 'erik' here options fetchall
> sslcertck 
>  but deleting "sslcertck" made no difference. 

...the default value for sslcertck changed between fetchmail 6.3 and
6.4, to do the right thing.

There are two ways out here for you:

1. The good one is adding "ssl". That makes fetchmail connect to port
995 and talk TLS right away (SSL-wrapped or TLS-wrapped mode) and is
what I'd recommend.

2. The bad one, and I shall clearly discourage that, is adding
nosslcertck (this defeats man-in-the-middle eavesdropping protection).

> In about 30 years of fetchmail use, I've completely forgotten what it
> is tohave an email fetch issue. This is quite novel.

Thanks for the honors for ESR, but fetchmail is only 25 years old and
even with popclient it's not sure we get to 30. ;-)

Regards,
Matthias

[Fetchmail-users] Fetchmail on new Devuan Beowulf fails where old version works.

[<dv...@in...>]

My ancient debian host's fetchmail works fine with the ISP's
mailserver,  but fetchmail 6.4.0.beta4 on beowulf is ignoring the mail
server's capability  response, instead asking for STLS, which fails.

 erik@greipner:~$ fetchmail -cv
Enter password for dv...@ma...: 
erik@greipner:~$ more /tmp/fetchmail_log 
fetchmail: --check mode enabled, not fetching mail
fetchmail: 6.4.0.beta4 querying mailinternode.on.net (protocol POP3)
at Sat 27 Mar 2021 08:48:13 PM 
AEDT: poll started
fetchmail: Trying to connect to 203.16.214.182/110...connected.
fetchmail: POP3< +OK internode.on.net custmail47.internode.on.net
Ready
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Capability list follows
fetchmail: POP3< TOP
fetchmail: POP3< UIDL
fetchmail: POP3< SURGEMAIL
fetchmail: POP3< USER
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< -ERR STLS not supported
fetchmail: STLS not supported
fetchmail: mail.internode.on.net: upgrade to TLS failed.
fetchmail: Unknown login or authentication error on
dv...@ma...
fetchmail: socket error while fetching from
dv...@ma...
fetchmail: 6.4.0.beta4 querying mail.internode.on.net (protocol POP3)
at Sat 27 Mar 2021 08:48:13 PM 
AEDT: poll completed
fetchmail: normal termination, status 2 
 Where "STLS" is interjected by the newfangled fetchmail above,
causing rejection, the ancient fetchmail amenably chooses "USER", and
everything is fine. 
 I thought the new problem might be due to the end of the last line in
the .fetchmailrc now produced by fetchmailconf: 
  # Configuration created Sat Mar 27 22:14:20 2021 by fetchmailconf
1.58
 set logfile "/tmp/fetchmail_log"
 set postmaster "erik"
 set bouncemail
 set no spambounce   
 set softbounce      
 set properties ""
 set daemon 600
 poll mail.internode.on.net with proto POP3 
        user 'dvalin' there is 'erik' here options fetchall
sslcertck 
 but deleting "sslcertck" made no difference. 

 Does anyone know what more can be done to make the new fetchmail
asgood as the old one? 
In about 30 years of fetchmail use, I've completely forgotten what it
is tohave an email fetch issue. This is quite novel.

Erik

[Fetchmail-users] ANNOUNCE: The 6.4.18 release of fetchmail is available (translation update and minor fixes)

[Matthias A. <mat...@gm...>]

Greetings,

The 6.4.18 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

It contains a few bug fixes and an updated Finnish translation.

NOTE that the tarball contains an outdated NEWS file that does not 
mention the release date or lines-of-code. I will not re-roll the 
tarballs. The fixed NEWS file shall be committed to Git shortly.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.18.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.18.tar.lz/download>

Detached GnuPG signatures for the respective tarballs are at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.18.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.18.tar.lz.asc/download>

SHA256 hash values for the tarballs:
SHA256(fetchmail-6.4.18.tar.lz)= abf0d6c63f1863af92d2129b1bd4c7e80ab4a511aaf8354eeefceaa072bd9a54
SHA256(fetchmail-6.4.18.tar.xz)= 302dc9bcdc6927dedf375d2baaead2347557faa70d98b1da83f2409fa6fb259f

Here are the release notes:

---------------------------------------------------------------------------------
fetchmail-6.4.18 (released 2021-03-27, 30011 LoC):

# REGRESSION FIX:
* fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump,
  but fetchmailconf support was incomplete in Git 7349f124 and it could not
  parse sslcertfile, thus the user settings editor came up empty with console
  errors printed.  Fix configuration parser in fetchmailconf.

# ROBUSTNESS FIXES:
* fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
  for -d option. This is to fail more gracefully on incomplete installs.
* TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
  with OpenSSL v3 - these are for development purposes, not production.
* TLS futureproofing: use SSL_use_PrivateKey_file instead of 
  SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
  and the user's key file might be something else than RSA.

# TRANSLATION UPDATE:
  This fine person has contributed an updated translation:
* fi:    Lauri Nurmi [Finnish]

---------------------------------------------------------------------------------

Happy fetches,
Matthias

Re: [Fetchmail-users] fetchmailconf regression fixes, for testing

[Gene H. <ghe...@sh...>]

On Saturday 13 March 2021 11:53:54 Matthias Andree wrote:

> Dear fetchmailconf users,
>
> it appears that fetchmail 6.4.16 and 6.4.17 caused regressions when
> editing the user settings in fetchmailconf, and the user configuration
> dialog in fetchmailconf comes up empty (that's the one that appears
> when you double click first a server name then double click a user
> name
>
> Everyone who uses fetchmailconf occasionally:
>
> Please download fetchmailconf.py from the link below and test it
> thoroughly and report back.
> https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_64/fetchmailconf.p
>y?inline=false
>
> If this works for everyone, I can release 6.4.18.
>
Don't wait on me Mathias, I've not used fetchmail.conf in a decade +.
I read the man page and use geany on .fetchmailrc. Other than no 
timestamp on the incoming mails fetchmail.log, because the patch you 
gave me was lost in an update, 6.4.17 is working quite well for me. IMO, 
that patch should have gone into mainline.

> Thank you in advance.

And I'll thank you for maintaining it all this time.

> Regards,
> Matthias

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

[Fetchmail-users] ANNOUNCE: The 6.4.18-rc1 release candidate #1 of fetchmail is available (SSL change and fetchmailconf regression fix)

[Matthias A. <mat...@gm...>]

Greetings,

The 6.4.18-rc1 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

Please test this release if you authenticate with an SSL/TLS key file
and certificate, and please test the user configuration screens inside
fetchmailconf if you are a fetchmailconf user, and report any findings,
or report if things continue to work for you.

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.18-rc1.tar.xz/download>

A detached GnuPG signature is at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.16-rc1.tar.xz.asc/download>

Here are the release notes:

--------------------------------------------------------------------------------
fetchmail-6.4.18 (not yet released):

# REGRESSION FIX:
* fetchmailconf: fetchmail 6.4.16 added --sslcertfile to the configuration dump,
  but fetchmailconf support was incomplete in Git 7349f124 and it could not
  parse sslcertfile, thus the user settings editor came up empty with console
  errors printed.  Fix configuration parser in fetchmailconf.

# ROBUSTNESS FIXES:
* fetchmailconf: do not require fetchmail for -V. do not require Tk (Tkinter)
  for -d option. This is to fail more gracefully on incomplete installs.
* TLS code: remove OPENSSL_NO_DEPRECATED macros to avoid portability issues
  with OpenSSL v3 - these are for development purposes, not production.
* TLS futureproofing: use SSL_use_PrivateKey_file instead of 
  SSL_use_RSAPrivateKey_file, the latter will be deprecated with OpenSSL v3,
  and the user's key file might be something else than RSA.
--------------------------------------------------------------------------------

Happy fetches,
Matthias

[Fetchmail-users] fetchmailconf regression fixes, for testing

[Matthias A. <mat...@gm...>]

Dear fetchmailconf users,

it appears that fetchmail 6.4.16 and 6.4.17 caused regressions when
editing the user settings in fetchmailconf, and the user configuration
dialog in fetchmailconf comes up empty (that's the one that appears when
you double click first a server name then double click a user name

Everyone who uses fetchmailconf occasionally:

Please download fetchmailconf.py from the link below and test it
thoroughly and report back.
https://gitlab.com/fetchmail/fetchmail/-/raw/legacy_64/fetchmailconf.py?inline=false

If this works for everyone, I can release 6.4.18.

Thank you in advance.

Regards,
Matthias

[Fetchmail-users] ANNOUNCE: The 6.4.17 release of fetchmail is available (translation update and minor fixes)

[Matthias A. <mat...@gm...>]

Greetings,

The 6.4.17 release of fetchmail is now available at the usual locations,
including <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>.

It contains a few bug fixes and is more willing to give information on the
trust store paths it is using (with -V or --version).

The source archive is available at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.17.tar.xz/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.17.tar.lz/download>

Detached GnuPG signatures for the respective tarballs are at:
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.17.tar.xz.asc/download>
<https://sourceforge.net/projects/fetchmail/files/branch_6.4/fetchmail-6.4.17.tar.lz.asc/download>

SHA256 hash values for the tarballs:
SHA256(fetchmail-6.4.17.tar.lz)= 1f4aa30f4d62a3e786af01c7dd128611027ef92af85a351368f9dcc97fa50b02
SHA256(fetchmail-6.4.17.tar.xz)= a41bcdf11b41aa0682b259aee4717c617c15dadd43fa008b2ed38b770f4d50c6

Here are the release notes:

---------------------------------------------------------------------------------
fetchmail-6.4.17 (released 2021-03-07, 29998 LoC):

# BUG FIXES
* IMAP client: it used to leak memory for username and password when trying
  the LOGIN (password-based) authentication and encountered a timeout situation.
* dist-tools/getstats.py: also counts lines in *.py files, shown above.

# CHANGES
* fetchmail.man: now mentions that you may need to add --ssl when specifying
  a TLS-wrapped port.
* fetchmailconf: --version (-V) now prints the Python version in use.

# TRANSLATION UPDATES
  This fine person has contributed updated translations for fetchmail:
* ja:    Takeshi Hamasaki [Japanese]

---------------------------------------------------------------------------------

Happy fetches,
Matthias

Re: [Fetchmail-users] gmail socket error

[Matthias A. <mat...@gm...>]

Am 14.02.21 um 02:25 schrieb Matthias Andree:
> Am 13.02.21 um 21:28 schrieb Joe Acquisto-j4:
>> Trying to regain ability to download gmail to my local cllient.
>>
>> Getting the following:
>>
>> --------------------
>> fetchmail: 6.4.2-rc3 querying imap.gmail.com (protocol IMAP) at Sat Feb 13 15:17:11 2021: poll started
>> Sat Feb 13 15:17:11 EST 2021
>> fetchmail: Trying to connect to 172.253.63.108/993...connected.
>> fetchmail: socket error while fetching from my...@gm...@imap.gmail.com
>> fetchmail: 6.4.2-rc3 querying imap.gmail.com (protocol IMAP) at Sat Feb 13 15:17:21 2021: poll completed
>> fetchmail: Merged UID list from imap.gmail.com:
>>  <empty>
>> fetchmail: Query status=2 (SOCKET)
>> fetchmail: sleeping at Sat Feb 13 15:17:21 2021 for 120 seconds
>> ------------------
>>
>> Part of .fetchmalrc is below:
>> ------------------
>> # Configguration created Sat Feb  2 12:57:33 2008 by fetchmailconf 1.52 $Revision: 4740 $
>> set logfile "/var/log/fetchmail.log"
>> set postmaster "ad...@so..."
>> set no bouncemail
>> set no spambounce
>> set properties ""
>> set daemon 120
>> . . . .
>>
>> poll imap.gmail.com with proto IMAP port 993
>>
>>  user 'my...@gm...' there with password 'sumwerd' is 'x-...@lo...' here folder 'Inbox','Junk' fetchlimit 1 sslproto 'auto' sslcertck
>>    preconnect "/bin/date >> /var/log/fetchmail.log"
> You've confused fetchmail. You are *not* specifying the option "ssl" so
> the port would be 143 for proto IMAP - but then you are overriding the
> port to 993.
>
> That by itself won't work, fetchmail will try to query CAPABILITY then
> send STARTTLS via plaintext. Port 993 however is SSL-wrapped and talks
> SSL right away.
>
> So either you need to erase the "port 993", or you need to specify "ssl"
> in addition (in which case you could still omit the port 993 because it
> is the default value for proto imap combined with ssl).

Update: It appears Google, for imap.gmail.com, do not support STARTTLS,
so you need to add the ssl keyword, or --ssl on the command line, which
then renders the "port 993" unneeded as written above.

I also figured that (including recent versions) the timeout handling in
that situation skips to the next server and am not sure if that's the
right approach. A server might be multihomed and retrying another
address might then work, which fetchmail does not do, however on a
network blackhole, proceeding to the next server is the right approach
when fetchmail polls multiple servers.

Re: [Fetchmail-users] gmail socket error

[Matthias A. <mat...@gm...>]

Am 13.02.21 um 21:28 schrieb Joe Acquisto-j4:
> Trying to regain ability to download gmail to my local cllient.
>
> Getting the following:
>
> --------------------
> fetchmail: 6.4.2-rc3 querying imap.gmail.com (protocol IMAP) at Sat Feb 13 15:17:11 2021: poll started
> Sat Feb 13 15:17:11 EST 2021
> fetchmail: Trying to connect to 172.253.63.108/993...connected.
> fetchmail: socket error while fetching from my...@gm...@imap.gmail.com
> fetchmail: 6.4.2-rc3 querying imap.gmail.com (protocol IMAP) at Sat Feb 13 15:17:21 2021: poll completed
> fetchmail: Merged UID list from imap.gmail.com:
>  <empty>
> fetchmail: Query status=2 (SOCKET)
> fetchmail: sleeping at Sat Feb 13 15:17:21 2021 for 120 seconds
> ------------------
>
> Part of .fetchmalrc is below:
> ------------------
> # Configguration created Sat Feb  2 12:57:33 2008 by fetchmailconf 1.52 $Revision: 4740 $
> set logfile "/var/log/fetchmail.log"
> set postmaster "ad...@so..."
> set no bouncemail
> set no spambounce
> set properties ""
> set daemon 120
> . . . .
>
> poll imap.gmail.com with proto IMAP port 993
>
>  user 'my...@gm...' there with password 'sumwerd' is 'x-...@lo...' here folder 'Inbox','Junk' fetchlimit 1 sslproto 'auto' sslcertck
>    preconnect "/bin/date >> /var/log/fetchmail.log"

You've confused fetchmail. You are *not* specifying the option "ssl" so
the port would be 143 for proto IMAP - but then you are overriding the
port to 993.

That by itself won't work, fetchmail will try to query CAPABILITY then
send STARTTLS via plaintext. Port 993 however is SSL-wrapped and talks
SSL right away.

So either you need to erase the "port 993", or you need to specify "ssl"
in addition (in which case you could still omit the port 993 because it
is the default value for proto imap combined with ssl).

[Fetchmail-users] gmail socket error

[Joe Acquisto-j. <jo...@j4...>]

Trying to regain ability to download gmail to my local cllient. 

Getting the following:

--------------------
fetchmail: 6.4.2-rc3 querying imap.gmail.com (protocol IMAP) at Sat Feb 13 15:17:11 2021: poll started
Sat Feb 13 15:17:11 EST 2021
fetchmail: Trying to connect to 172.253.63.108/993...connected.
fetchmail: socket error while fetching from my...@gm...@imap.gmail.com
fetchmail: 6.4.2-rc3 querying imap.gmail.com (protocol IMAP) at Sat Feb 13 15:17:21 2021: poll completed
fetchmail: Merged UID list from imap.gmail.com:
 <empty>
fetchmail: Query status=2 (SOCKET)
fetchmail: sleeping at Sat Feb 13 15:17:21 2021 for 120 seconds
------------------

Part of .fetchmalrc is below:
------------------
# Configguration created Sat Feb  2 12:57:33 2008 by fetchmailconf 1.52 $Revision: 4740 $
set logfile "/var/log/fetchmail.log"
set postmaster "ad...@so..."
set no bouncemail
set no spambounce
set properties ""
set daemon 120
. . . .

poll imap.gmail.com with proto IMAP port 993

 user 'my...@gm...' there with password 'sumwerd' is 'x-...@lo...' here folder 'Inbox','Junk' fetchlimit 1 sslproto 'auto' sslcertck
   preconnect "/bin/date >> /var/log/fetchmail.log"
---------------------

I'm not able to search list archives on sourceforge, nor can I browse the archives.  

Re: [Fetchmail-users] SSL error

[Joe Acquisto-j. <jo...@j4...>]

> Am 12.02.21 um 17:56 schrieb Joe Acquisto-j4:
>>
>> Oh, sorry . . .
>>
>> Simply adding sslproto 'auto' which had gone missing, did the trick.
> 
> I am scratching my head over this one. sslproto auto should be the
> implicit default, and not much has changed since 6.4.2...
> 
>> Once that worked, added sslcertck as well.  Still working.
> That, too, is a default since 6.4.x versions of fetchmail...
> 
> Might there have been intermittent server-side experiments that were
> ended sooner because they turned out to exclude too many clients?
> 
> Which OpenSSL version does your fetchmail computer use?
> 

Sorry again.  I for got to mention that I for some reason had sslfingerprint 
in use.  I eliminated that and added sslproto. 

Probably of no consequence give my confession above but
openssl is "OpenSSL 1.1.0i-fips  14 Aug 2018.

joe a.

Re: [Fetchmail-users] SSL error

[Matthias A. <mat...@gm...>]

Am 12.02.21 um 17:56 schrieb Joe Acquisto-j4:
>
> Oh, sorry . . .
>
> Simply adding sslproto 'auto' which had gone missing, did the trick.

I am scratching my head over this one. sslproto auto should be the
implicit default, and not much has changed since 6.4.2...

> Once that worked, added sslcertck as well.  Still working.
That, too, is a default since 6.4.x versions of fetchmail...

Might there have been intermittent server-side experiments that were
ended sooner because they turned out to exclude too many clients?

Which OpenSSL version does your fetchmail computer use?

Re: [Fetchmail-users] SSL error

[Joe Acquisto-j. <jo...@j4...>]

> Am 12.02.21 um 02:37 schrieb Joe Acquisto-j4:
>>> Getting this:
>>>
>>> ------------------------------------------------
>>> Thu Feb 11 19:15:08 EST 2021
>>> fetchmail: OpenSSL reported: error:1408F10B:SSL
>>> routines:ssl3_get_record:wrong version number
>>> fetchmail: mail.myisphost.com: SSL connection failed.
>>> fetchmail: socket error while fetching from
>>> in...@j4...@mail.myisphost.com
>>> fetchmail: Query status=2 (SOCKET)
>>> ----------------------------------------------
>>>
>>> This is fetchmail release 6.4.2-rc3+SSL-SSLv2-SSLv3+NLS.
>>>
>>> I was getting the error earlier today.  I think I somehow munged the
>>> .fetchmailrc file at some point and created an issue.
>>> At this point, though, I am dazed and confused.  (we will not speak of my
>>> arrogance in not making a backup of
>>> the file before hammering away at it.  No definitely we will not mention
>>> that. . . .)
>>>
>>> I will be periodically checking mail in a round about way,as my "normal" way
>>> is, umm, broken. . . .
>>>
>>> joe a.
>>>
>>
>> Ah, the marvelous results that can occur after taking a break and some 
> refreshment.
>>
>> Adjusting .fetchmailrc did the trick.  My mood is much improved.
> For the public, that would have been some --sslproto option you were
> hacking?
> 
> 

Oh, sorry . . . 

Simply adding sslproto 'auto' which had gone missing, did the trick.
Once that worked, added sslcertck as well.  Still working.

Thanks for making it so simple even I could figure it out.  Eventually.

joe a.

Re: [Fetchmail-users] SSL error

[Matthias A. <mat...@gm...>]

Am 12.02.21 um 02:37 schrieb Joe Acquisto-j4:
>> Getting this:
>>
>> ------------------------------------------------
>> Thu Feb 11 19:15:08 EST 2021
>> fetchmail: OpenSSL reported: error:1408F10B:SSL
>> routines:ssl3_get_record:wrong version number
>> fetchmail: mail.myisphost.com: SSL connection failed.
>> fetchmail: socket error while fetching from
>> in...@j4...@mail.myisphost.com
>> fetchmail: Query status=2 (SOCKET)
>> ----------------------------------------------
>>
>> This is fetchmail release 6.4.2-rc3+SSL-SSLv2-SSLv3+NLS.
>>
>> I was getting the error earlier today.  I think I somehow munged the
>> .fetchmailrc file at some point and created an issue.
>> At this point, though, I am dazed and confused.  (we will not speak of my
>> arrogance in not making a backup of
>> the file before hammering away at it.  No definitely we will not mention
>> that. . . .)
>>
>> I will be periodically checking mail in a round about way,as my "normal" way
>> is, umm, broken. . . .
>>
>> joe a.
>>
>
> Ah, the marvelous results that can occur after taking a break and some refreshment.
>
> Adjusting .fetchmailrc did the trick.  My mood is much improved.
For the public, that would have been some --sslproto option you were
hacking?

Re: [Fetchmail-users] SSL error

[Joe Acquisto-j. <jo...@j4...>]

> Getting this:
> 
> ------------------------------------------------
> Thu Feb 11 19:15:08 EST 2021
> fetchmail: OpenSSL reported: error:1408F10B:SSL 
> routines:ssl3_get_record:wrong version number
> fetchmail: mail.myisphost.com: SSL connection failed.
> fetchmail: socket error while fetching from 
> in...@j4...@mail.myisphost.com
> fetchmail: Query status=2 (SOCKET)
> ----------------------------------------------
> 
> This is fetchmail release 6.4.2-rc3+SSL-SSLv2-SSLv3+NLS.
> 
> I was getting the error earlier today.  I think I somehow munged the 
> .fetchmailrc file at some point and created an issue. 
> At this point, though, I am dazed and confused.  (we will not speak of my 
> arrogance in not making a backup of
> the file before hammering away at it.  No definitely we will not mention 
> that. . . .)
> 
> I will be periodically checking mail in a round about way,as my "normal" way 
> is, umm, broken. . . .
> 
> joe a.
> 


Ah, the marvelous results that can occur after taking a break and some refreshment.

Adjusting .fetchmailrc did the trick.  My mood is much improved.

joe a.