fetchmail-users — User questions and discussion

Re: [Fetchmail-users] Unable to fetch mail from "outlook"

[Jerry <je...@se...>]

On Tue, 7 Apr 2015 20:21:56 +0100, michael crane stated:

> I think fetchmail only cares is the fingerprint the same.
> When google keeps changing the fingerprint whatever
> I do
> "openssl s_client -connect imap.gmail.com:993 -showcerts | openssl
> x509 -fingerprint -noout -    md5"
> and put that in .fetchmailrc
> If somebody wants to impersonate gmail to me they can have my mails.
> cheers

The problem is not with gmail. However, I ran your command and it is
producing the exact same fingerprint that I am using.

openssl s_client -connect pop3.live.com:995 -showcerts | openssl x509 -fingerprint -noout -md5 
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
MD5 Fingerprint=86:60:F6:38:1C:84:A6:AC:94:92:51:2F:67:9A:7D:76

So, that is not the problem.

-- 
Jerry

Re: [Fetchmail-users] Unable to fetch mail from "outlook"

[michael c. <mic...@gm...>]

I think fetchmail only cares is the fingerprint the same.
When google keeps changing the fingerprint whatever
I do
"openssl s_client -connect imap.gmail.com:993 -showcerts | openssl
x509 -fingerprint -noout -    md5"
and put that in .fetchmailrc
If somebody wants to impersonate gmail to me they can have my mails.
cheers

Re: [Fetchmail-users] Unable to fetch mail from "outlook"

[Jerry <je...@se...>]

On Tue, 07 Apr 2015 03:02:59 +0200, Matthias Andree stated:

> Am 06.04.2015 um 11:24 schrieb Jerry:

"Message truncated"
 
> Now, you've been around mail and lists for long enough to know that you
> might want to read the FAQ before posting, and that you will not get
> support unless you provide verbose logs...
> <http://www.fetchmail.info/fetchmail-FAQ.html#G3>

I did.
 
> Specifically for FreeBSD, install ca_root_nss and add -verify 5 -CAfile
> /usr/local/share/certs/ca-root-nss.crt  to the s_client command line.
> You should not need these for fetchmail though as long as you go without
> --sslcertck but with --sslfingerprint '...'.

I guess I should have stated in my original post, that the ".fetchmailrc"
file, etcetera is exactly what I have been using for two years now without a
single problem until few days ago when I updated "openssl" on my system. You
don't have to be genius to figure out that the cause of the problem was the
updated "openssl"; however, what is triggering it is what I am trying to
decipher.

Does any of this help:

env LC_ALL=C fetchmail --nodetach -vvv --nosyslog
Old UID list from pop3.live.com: <empty>
Scratch list of UIDs: <empty>
fetchmail: 6.3.26 querying pop3.live.com (protocol POP3) at Tue Apr  7 05:57:50 2015: poll started
Trying to connect to 134.170.170.231/995...connected.
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from ME...@ou...@pop3.live.com
fetchmail: 6.3.26 querying pop3.live.com (protocol POP3) at Tue Apr  7 05:57:50 2015: poll completed
Merged UID list from pop3.live.com: <empty>
fetchmail: Query status=2 (SOCKET)
fetchmail: normal termination, status 2

Or this:

LC_ALL=C fetchmail -V 
This is fetchmail release 6.3.26+GSS+RPA+NTLM+SDPS+SSL+OPIE+NLS.

Copyright (C) 2002, 2003 Eric S. Raymond
Copyright (C) 2004 Matthias Andree, Eric S. Raymond,
                   Robert M. Funk, Graham Wilson
Copyright (C) 2005 - 2012 Sunil Shetye
Copyright (C) 2005 - 2013 Matthias Andree
Fetchmail comes with ABSOLUTELY NO WARRANTY. This is free software, and you
are welcome to redistribute it under certain conditions. For details,
please see the file COPYING in the source or documentation directory.
This product includes software developed by the OpenSSL Project
for use in the OpenSSL Toolkit. (http://www.openssl.org/)

Fallback MDA: (none)
FreeBSD scorpio.seibercom.net 10.1-RELEASE-p6 FreeBSD 10.1-RELEASE-p6 #0: Tue Feb 24 19:00:21 UTC 2015     ro...@am...:/usr/obj/usr/src/sys/GENERIC  amd64
Taking options from command line and /home/gerard/.fetchmailrc
Idfile is /home/gerard/.fetchids
Fetchmail will masquerade and will not generate Received
Fetchmail will forward misaddressed multidrop messages to ad...@My....
Options for retrieving from ME...@ou...@pop3.live.com:
  True name of server is pop3.live.com.
  Protocol is POP3 (using service 995).
  All available authentication methods will be tried.
  SSL encrypted sessions enabled.
  SSL key fingerprint (checked against the server key): 86:60:F6:38:1C:84:A6:AC:94:92:51:2F:67:9A:7D:76
  Server nonresponse timeout is 30 seconds.
  Default mailbox selected.
  Only new messages will be retrieved (--all off).
  Fetched messages will not be kept on the server (--keep off).
  Old messages will be flushed before message retrieval (--flush on).
  Oversized messages will not be flushed before message retrieval (--limitflush off).
  Rewrite of server-local addresses is enabled (--norewrite off).
  Carriage-return stripping is disabled (stripcr off).
  Carriage-return forcing is enabled (forcecr on).
  Interpretation of Content-Transfer-Encoding is enabled (pass8bits off).
  MIME decoding is disabled (mimedecode off).
  Idle after poll is disabled (idle off).
  Nonempty Status lines will be kept (dropstatus off)
  Delivered-To lines will be discarded (dropdelivered on)
  Fetch message size limit is 100 (--fetchsizelimit 100).
  Do binary search of UIDs during 3 out of 4 polls (--fastuidl 4).
  Messages will be SMTP-forwarded to: localhost (default)
  Address to be put in RCPT TO lines shipped to SMTP will be ME...@se...
  Single-drop mode: 1 local name recognized.
  No UIDs saved from this host.
  Messages with bad headers will be passed on.

Or this:

openssl s_client -tls1 -crlf -showcerts -verify 5 -CAfile /usr/local/share/certs/ca-root-nss.crt -connect pop3.live.com:995  
verify depth is 5
CONNECTED(00000003)
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - G2
verify return:1
depth=0 C = US, ST = Washington, L = Redmond, O = Microsoft Corporation, CN = *.hotmail.com
verify return:1
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=*.hotmail.com
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISESHl0vjrML7zKmGlv42YL75vMA0GCSqGSIb3DQEBBQUA
MF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYD
VQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIw
HhcNMTMwNDI0MjAzNTA5WhcNMTYwNDI0MjAzNTA5WjBsMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV
TWljcm9zb2Z0IENvcnBvcmF0aW9uMRYwFAYDVQQDDA0qLmhvdG1haWwuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumSiBWrzHZf6WFP5a/j4+K7D
1izLoYKj5Omll0pdxKvKcBRDf+iaIkCbSOPNpx2uWGZdwNwkabYCQavaBf2ebwmS
S8i1CJpHflO+k0qYd5WUi7sSsZ3+6RaCMdLoDIPGyYMQuy7TFtVO7LSt5+qscyyi
ET8c3lE2aj/XW13UZvRrV65ZJvMjUtwaDnIcAxGeasYoebLsKdqHQ2uTr4PmNwCc
viGVFSOzkGAoC0PfyqKB2xUWy3Kc5zRI2xvUW8Jb2b/9Ze3g55pIUzKsjpglkQTm
edVPSYYPGNz6Kl/ZshBXdBAk398q1JkSmUaTMa2hJgBbcC+73ax40AJDGJlz+QID
AQABo4IB6zCCAecwDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EMAQIC
MDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9z
aXRvcnkvMEAGA1UdEQQ5MDeCDSouaG90bWFpbC5jb22CCioubGl2ZS5jb22CDSou
b3V0bG9vay5jb22CC2hvdG1haWwuY29tMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwu
Z2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxnMi5jcmwwgZYGCCsG
AQUFBwEBBIGJMIGGMEcGCCsGAQUFBzAChjtodHRwOi8vc2VjdXJlLmdsb2JhbHNp
Z24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbGcyLmNydDA7BggrBgEFBQcw
AYYvaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFs
ZzIwHQYDVR0OBBYEFHbgHqTLsXDt7uMRyE62rnDEfLn9MB8GA1UdIwQYMBaAFF1G
so3ES3Qcu+31c7Y6tziPdZ5+MA0GCSqGSIb3DQEBBQUAA4IBAQByy1+3N6ZRVooI
xqw8Ng+UFz0g7UHkbPEnvTu1uxJ2AojFuP/P1PAk+/6uMRvpPlWg/5uqmOIWxKxJ
Lo6xSbkDf4LN+KYwes3XSuPyziZ4QbPnehHhZ0377iiA8fpRJADg9NWKCRHh5aAd
e9QvJUW/GgYkBN+F4yYc2jIjR3Rehv4JYOKS3iXO9OoHsDS2CcCFaS2imgQVfYLg
slBwT/A08PCOhW5huiluSmih7x5Qf7sFDv8jineu6ehKzi8pKnOq4k8G4QiWn38Y
CeiBkkwFOwj7T3M/ITiiSS9DHDGeokj16eBi83Zx3YYiJ9YZvnQ+4GvqJ5eJJ6pR
KKvemr+m
-----END CERTIFICATE-----
 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIEizCCA3OgAwIBAgILBAAAAAABL07hQvkwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
MDBaFw0yMjA0MTMxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDdNR3yIFQmGtDvpW+Bdllw3Of01AMkHyQOnSKf1Ccyeit87ovjYWI4F6+0S3qf
ZyEcLZVUunm6tsTyDSF0F2d04rFkCJlgePtnwkv3J41vNnbPMYzl8QbX3FcOW6zu
zi2rqqlwLwKGyLHQCAeV6irs0Z7kNlw7pja1Q4ur944+ABv/hVlrYgGNguhKujiz
4MP0bRmn6gXdhGfCZsckAnNate6kGdn8AM62pI3ffr1fsjqdhDFPyGMM5NgNUqN+
ARvUZ6UYKOsBp4I82Y4d5UcNuotZFKMfH0vq4idGhs6dOcRmQafiFSNrVkfB7cVT
5NSAH2v6gEaYsgmmD5W+ZoiTAgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUXUayjcRLdBy77fVztjq3OI91
nn4wRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3
Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0
dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBBQUHAQEEMTAv
MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEw
KQYDVR0lBCIwIAYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDMB8GA1Ud
IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQBz
euwBLBcikZrKsWcYorrIBYmSJN4fuKtEn/dAVWXy4PQux96wP5kVH5VwgumbSmQk
IBbwdhfSG/6s+ga0d8+Y2CrsVxXYXk7di5bhUzMZkdWEbiXvD8utv9tLa1bMtdRA
PiZetln0xZDJCcSE37wmfYLp6/Rb/MgV3gkYRYazi03HazUnm2D2pFoqWEmx2DVD
xjK7XjvESiHBoDtewSOpztvVuv5dbf0AfvrxlDdhuQA5ZpapnLQeEe9V2LTYsMSl
rjIKL/gt9KKn/zbTXmOLThL3tSiAde6UL3CgVnc5qjmXF/wA889m56JxkqsFm3Mu
eufnIVkJjTChrFzKGXr4
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=*.hotmail.com
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 2663 bytes and written 525 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: CC000000BC566476FCB1E77772B326A005BF4D8B998C5D7C505EAAE9C27C53E6
    Session-ID-ctx: 
    Master-Key: 44A57A1235FF50BE1F87B530C30F1D09B131D926E913252264FD90BC72B4E3B389BE914D78F7C2BCCF9243CE2433FEA5
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1428400859
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---
+OK dub0-pop485 POP3 server ready
quit
+OK POP3 server signing off
read:errno=0

Does any of this help?

-- 
Jerry

Re: [Fetchmail-users] Unable to fetch mail from "outlook"

[Matthias A. <mat...@gm...>]

Am 06.04.2015 um 11:24 schrieb Jerry:
> Fetchmail was working just fine until a few days ago. I have an account at
> "outlook,com", formerly "hotmail.com". Fetchmail now cannot fetch mail from
> that site.

Yeah.  What does make it a fetchmail problem?

> I am running FreeBSD-10. I update "openssl" to version "OpenSSL
> 1.0.1l-freebsd 15 Jan 2015". After that, fetchmail fails. This is the log entry:
> 
> fetchmail: 6.3.26 querying pop3.live.com (protocol POP3) at Mon Apr  6 05:05:59 2015: poll started
> Trying to connect to 65.55.162.199/995...connected.
> fetchmail: SSL connection failed.
> fetchmail: socket error while fetching from me...@ou...@pop3.live.com
> fetchmail: 6.3.26 querying pop3.live.com (protocol POP3) at Mon Apr  6 05:06:00 2015: poll completed
> Merged UID list from pop3.live.com: <empty>
> fetchmail: Query status=2 (SOCKET)
> fetchmail: normal termination, status 2
> 
> Using "openssl" works fine:

No it does not. You are not feeding it similar options to fetchmail's,
and openssl's s_client will not bail out if verification fails.

> ~ $ openssl s_client -crlf -showcerts -connect pop3.live.com:995
...
>     Verify return code: 20 (unable to get local issuer certificate)

Oops.  That's not "fine" in my book.  You don't have trust anchors (but
you neither gave -CApath nor -CAfile to point s_client to them).

> poll pop3.live.com with proto POP3 service 995 timeout 30 and options bad-header accept
> user 'ger...@ou...' there with password 'PASSWORD' is 'ME' here options flush forcecr dropdelivered smtpname 'ME...@My...' ssl sslfingerprint '86:60:F6:38:1C:84:A6:AC:94:92:51:2F:67:9A:7D:76'
> 
> Does anyone have any idea what the problem is?

I'm afraid not.  That configuration works for me with the same OpenSSL
version on FreeBSD 10.1-RELEASE-pwhatever on amd64 up to the point where
it chats to the server, which then tells me that that made-up password
isn't good for logging in, this is what I'm getting:

>>| $ LC_ALL=C fetchmail -f /tmp/testrc  
>>| fetchmail: Authorization failure on ger...@ou...@pop3.glbdns2.microsoft.com
>>| fetchmail: Query status=3 (AUTHFAIL)

Now, you've been around mail and lists for long enough to know that you
might want to read the FAQ before posting, and that you will not get
support unless you provide verbose logs...
<http://www.fetchmail.info/fetchmail-FAQ.html#G3>

Specifically for FreeBSD, install ca_root_nss and add -verify 5 -CAfile
/usr/local/share/certs/ca-root-nss.crt  to the s_client command line.
You should not need these for fetchmail though as long as you go without
--sslcertck but with --sslfingerprint '...'.

[Fetchmail-users] Unable to fetch mail from "outlook"

[Jerry <je...@se...>]

Fetchmail was working just fine until a few days ago. I have an account at
"outlook,com", formerly "hotmail.com". Fetchmail now cannot fetch mail from
that site.

I am running FreeBSD-10. I update "openssl" to version "OpenSSL
1.0.1l-freebsd 15 Jan 2015". After that, fetchmail fails. This is the log entry:

fetchmail: 6.3.26 querying pop3.live.com (protocol POP3) at Mon Apr  6 05:05:59 2015: poll started
Trying to connect to 65.55.162.199/995...connected.
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from me...@ou...@pop3.live.com
fetchmail: 6.3.26 querying pop3.live.com (protocol POP3) at Mon Apr  6 05:06:00 2015: poll completed
Merged UID list from pop3.live.com: <empty>
fetchmail: Query status=2 (SOCKET)
fetchmail: normal termination, status 2

Using "openssl" works fine:

~ $ openssl s_client -crlf -showcerts -connect pop3.live.com:995
CONNECTED(00000003)
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Organization Validation CA - G2
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=*.hotmail.com
   i:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISESHl0vjrML7zKmGlv42YL75vMA0GCSqGSIb3DQEBBQUA
MF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTMwMQYD
VQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gRzIw
HhcNMTMwNDI0MjAzNTA5WhcNMTYwNDI0MjAzNTA5WjBsMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV
TWljcm9zb2Z0IENvcnBvcmF0aW9uMRYwFAYDVQQDDA0qLmhvdG1haWwuY29tMIIB
IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumSiBWrzHZf6WFP5a/j4+K7D
1izLoYKj5Omll0pdxKvKcBRDf+iaIkCbSOPNpx2uWGZdwNwkabYCQavaBf2ebwmS
S8i1CJpHflO+k0qYd5WUi7sSsZ3+6RaCMdLoDIPGyYMQuy7TFtVO7LSt5+qscyyi
ET8c3lE2aj/XW13UZvRrV65ZJvMjUtwaDnIcAxGeasYoebLsKdqHQ2uTr4PmNwCc
viGVFSOzkGAoC0PfyqKB2xUWy3Kc5zRI2xvUW8Jb2b/9Ze3g55pIUzKsjpglkQTm
edVPSYYPGNz6Kl/ZshBXdBAk398q1JkSmUaTMa2hJgBbcC+73ax40AJDGJlz+QID
AQABo4IB6zCCAecwDgYDVR0PAQH/BAQDAgWgMEkGA1UdIARCMEAwPgYGZ4EMAQIC
MDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2JhbHNpZ24uY29tL3JlcG9z
aXRvcnkvMEAGA1UdEQQ5MDeCDSouaG90bWFpbC5jb22CCioubGl2ZS5jb22CDSou
b3V0bG9vay5jb22CC2hvdG1haWwuY29tMAkGA1UdEwQCMAAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMEUGA1UdHwQ+MDwwOqA4oDaGNGh0dHA6Ly9jcmwu
Z2xvYmFsc2lnbi5jb20vZ3MvZ3Nvcmdhbml6YXRpb252YWxnMi5jcmwwgZYGCCsG
AQUFBwEBBIGJMIGGMEcGCCsGAQUFBzAChjtodHRwOi8vc2VjdXJlLmdsb2JhbHNp
Z24uY29tL2NhY2VydC9nc29yZ2FuaXphdGlvbnZhbGcyLmNydDA7BggrBgEFBQcw
AYYvaHR0cDovL29jc3AyLmdsb2JhbHNpZ24uY29tL2dzb3JnYW5pemF0aW9udmFs
ZzIwHQYDVR0OBBYEFHbgHqTLsXDt7uMRyE62rnDEfLn9MB8GA1UdIwQYMBaAFF1G
so3ES3Qcu+31c7Y6tziPdZ5+MA0GCSqGSIb3DQEBBQUAA4IBAQByy1+3N6ZRVooI
xqw8Ng+UFz0g7UHkbPEnvTu1uxJ2AojFuP/P1PAk+/6uMRvpPlWg/5uqmOIWxKxJ
Lo6xSbkDf4LN+KYwes3XSuPyziZ4QbPnehHhZ0377iiA8fpRJADg9NWKCRHh5aAd
e9QvJUW/GgYkBN+F4yYc2jIjR3Rehv4JYOKS3iXO9OoHsDS2CcCFaS2imgQVfYLg
slBwT/A08PCOhW5huiluSmih7x5Qf7sFDv8jineu6ehKzi8pKnOq4k8G4QiWn38Y
CeiBkkwFOwj7T3M/ITiiSS9DHDGeokj16eBi83Zx3YYiJ9YZvnQ+4GvqJ5eJJ6pR
KKvemr+m
-----END CERTIFICATE-----
 1 s:/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
   i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
-----BEGIN CERTIFICATE-----
MIIEizCCA3OgAwIBAgILBAAAAAABL07hQvkwDQYJKoZIhvcNAQEFBQAwVzELMAkG
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv
b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw0xMTA0MTMxMDAw
MDBaFw0yMjA0MTMxMDAwMDBaMF0xCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i
YWxTaWduIG52LXNhMTMwMQYDVQQDEypHbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBW
YWxpZGF0aW9uIENBIC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDdNR3yIFQmGtDvpW+Bdllw3Of01AMkHyQOnSKf1Ccyeit87ovjYWI4F6+0S3qf
ZyEcLZVUunm6tsTyDSF0F2d04rFkCJlgePtnwkv3J41vNnbPMYzl8QbX3FcOW6zu
zi2rqqlwLwKGyLHQCAeV6irs0Z7kNlw7pja1Q4ur944+ABv/hVlrYgGNguhKujiz
4MP0bRmn6gXdhGfCZsckAnNate6kGdn8AM62pI3ffr1fsjqdhDFPyGMM5NgNUqN+
ARvUZ6UYKOsBp4I82Y4d5UcNuotZFKMfH0vq4idGhs6dOcRmQafiFSNrVkfB7cVT
5NSAH2v6gEaYsgmmD5W+ZoiTAgMBAAGjggFQMIIBTDAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQUXUayjcRLdBy77fVztjq3OI91
nn4wRwYDVR0gBEAwPjA8BgRVHSAAMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3
Lmdsb2JhbHNpZ24uY29tL3JlcG9zaXRvcnkvMDMGA1UdHwQsMCowKKAmoCSGImh0
dHA6Ly9jcmwuZ2xvYmFsc2lnbi5uZXQvcm9vdC5jcmwwPQYIKwYBBQUHAQEEMTAv
MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5nbG9iYWxzaWduLmNvbS9yb290cjEw
KQYDVR0lBCIwIAYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDMB8GA1Ud
IwQYMBaAFGB7ZhpFDZfKiVAvfQTNNKj//P1LMA0GCSqGSIb3DQEBBQUAA4IBAQBz
euwBLBcikZrKsWcYorrIBYmSJN4fuKtEn/dAVWXy4PQux96wP5kVH5VwgumbSmQk
IBbwdhfSG/6s+ga0d8+Y2CrsVxXYXk7di5bhUzMZkdWEbiXvD8utv9tLa1bMtdRA
PiZetln0xZDJCcSE37wmfYLp6/Rb/MgV3gkYRYazi03HazUnm2D2pFoqWEmx2DVD
xjK7XjvESiHBoDtewSOpztvVuv5dbf0AfvrxlDdhuQA5ZpapnLQeEe9V2LTYsMSl
rjIKL/gt9KKn/zbTXmOLThL3tSiAde6UL3CgVnc5qjmXF/wA889m56JxkqsFm3Mu
eufnIVkJjTChrFzKGXr4
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=*.hotmail.com
issuer=/C=BE/O=GlobalSign nv-sa/CN=GlobalSign Organization Validation CA - G2
---
No client certificate CA names sent
---
SSL handshake has read 2656 bytes and written 617 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: A3200000F28DBE70E6BA0680730A1D6A26DF052A91482F711846423C7877FA33
    Session-ID-ctx: 
    Master-Key: 9EEAEA3D6219C2E22F99367A760D95D4D795E63441518AA1298FDDCE49456B2C935E2941B66EE4545601AA1BC85D7664
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1428311841
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
+OK dub0-pop742 POP3 server ready
user ME...@ou...
+OK password required
pass PASSWOED
+OK mailbox has 0 messages
quit
+OK mailbox unchanged, POP3 server signing off
read:errno=0

This is the line from the ".fetchmailrc. file:

poll pop3.live.com with proto POP3 service 995 timeout 30 and options bad-header accept
user 'ger...@ou...' there with password 'PASSWORD' is 'ME' here options flush forcecr dropdelivered smtpname 'ME...@My...' ssl sslfingerprint '86:60:F6:38:1C:84:A6:AC:94:92:51:2F:67:9A:7D:76'

Does anyone have any idea what the problem is?

-- 
Jerry

Re: [Fetchmail-users] Figuring out the fetchid of a particular message

[Matthias A. <mat...@gm...>]

Am 31.03.2015 um 15:02 schrieb Joe M:
> Hello,
> 
> There is one particular message that is not getting downloaded to my
> computer from my hotmail account. I am trying to figure out why. I
> cleaned up the last 100 fetchids, but, that does not seem to help
> either.
> 
> I have "bad-header accept" setting but that does not help either.
> 
> Is there any way that I can figure out what the fetchid of a
> particular message is. I do not want to delete all the fetchid's as
> there are a few thousand emails in my hotmail inbox that I want to
> keep them there.

Let's start with <http://www.fetchmail.info/fetchmail-FAQ.html#G3>.

Then, once you have that log generated,
you can harvest the necessary information from the log:

- the UIDL command that fetchmail sends to the server is answered
  with a list of message number and the ID.

Removing that ID from .fetchids would make fetchmail try to receive the
message on the next run.

Note that fetchmail will skip the very first message under certain
circumstances, and will log it as "retained" and not "kept" - it does
that if the message appears to store the UIDVALIDITY value for a UWIMAP
server.  Such messages often have a fat warning Subject like "DO NOT
DELETE THIS MESSAGE - FOLDER-INTERNAL DATA".

Hope that helps.

[Fetchmail-users] Figuring out the fetchid of a particular message

[Joe M <joe...@gm...>]

Hello,

There is one particular message that is not getting downloaded to my
computer from my hotmail account. I am trying to figure out why. I
cleaned up the last 100 fetchids, but, that does not seem to help
either.

I have "bad-header accept" setting but that does not help either.

Is there any way that I can figure out what the fetchid of a
particular message is. I do not want to delete all the fetchid's as
there are a few thousand emails in my hotmail inbox that I want to
keep them there.

Thanks
Joe

Re: [Fetchmail-users] cygwin 1.7.35 reads file permissions differently, affects fetchmail

[Matthias A. <mat...@gm...>]

Am 23.03.2015 um 09:57 schrieb Martin Koeppe:
> 
> Hi all,
> 
> I just updated from cygwin 1.7.32 to 1.7.35,
> and now file permissions are calculated differently,
> which breaks fetchmail for me:
> 
> Here are the Windows permissions:
> (no permissions for Domain Users / Domänen-Benutzer)
> 
> $ cacls fetchmailrc.txt
> D:\fetchmail\fetchmailrc.txt NT-AUTORIT.T\SYSTEM:(ID)F
>                              NT-AUTORIT.T\LOKALER DIENST:(ID)C
>                              DOMAENE\LocalAdmin:(ID)F
>                              VORDEFINIERT\Administratoren:(ID)F
> 
> cygwin-1.7.32 $ ls -l
> -rwx------+ 1 LocalService Domänen-Benutzer    1932 15. Aug 2014
> fetchmailrc.txt
> 
> cygwin-1.7.35 $ ls -l
> -rwxrwx---+ 1 LocalService Domänen-Benutzer    1932 15. Aug 2014
> fetchmailrc.txt

Please post the getfacl for both, too, your /etc/passwd with password
column blanked, your /etc/group, your /etc/nsswitch.conf, and your
CYGWIN environment variable.

> Now, there are group permissions set. For me it breaks fetchmail,
> because fetchmail only runs when the config file is owned by the user
> running fetchmail (LocalService in my case, a system user I never can
> login with) and with max 0700 permissions. While this check is ok/good
> for Unix, because you still can view/edit the file as user root, you now
> can't anymore as Administrator on Windows.

> So cygwin's old calculation helped me to get it working that both
> fetchmail is happy as the file is only accessible by the user running
> fetchmail and I am happy to be able to change the file as Administrator.
> This seems now broken, or is there still a possibility to do that?

See if anything
https://cygwin.com/cygwin-ug-net/ntsec.html#ntsec-mapping offers you
ways to tweak permissions or ACLs such that it works for you on Cygwin,
and if you need to remove or regenerate /etc/passwd and/or /etc/group.

Also see if you can tweak the settings with getfacl/setfacl or chmod in
a way that fetchmail works.  Else I need detailed instructions as to
what and where to change, I haven't been using Cygwin in production for
more than four years.  I won't disable the check, but I'm happy to
document Cygwin specifics in a README.Cygwin file.

If there are regressions in the mapping between Windows and Unix
permissions, this needs to be addressed in the cygwin1.dll, not in
fetchmail.

> @fetchmail's maintainers:
> Is it possible/desired/ok to disable this check on Cygwin?

There is de facto no fetchmail maintainer for Cygwin.

Jason Tishler has been delaying critical and security bug fix updates
for years and nobody cared when I brought this up with the Cygwin
project lead.  The last five bugfix releases have again not been
packaged for Cygwin.  See
http://sourceforge.net/p/fetchmail/git/ci/legacy_63/tree/NEWS to figure
what you're missing in terms of critical and security fixes.

As the upstream maintainer, I will most likely not add new support
nonconforming systems. I would have to see very good reasons to decide
otherwise.

[Fetchmail-users] cygwin 1.7.35 reads file permissions differently, affects fetchmail

[Martin K. <mk...@gm...>]

Hi all,

I just updated from cygwin 1.7.32 to 1.7.35,
and now file permissions are calculated differently,
which breaks fetchmail for me:

Here are the Windows permissions:
(no permissions for Domain Users / Domänen-Benutzer)

$ cacls fetchmailrc.txt
D:\fetchmail\fetchmailrc.txt NT-AUTORIT.T\SYSTEM:(ID)F
                              NT-AUTORIT.T\LOKALER DIENST:(ID)C
                              DOMAENE\LocalAdmin:(ID)F
                              VORDEFINIERT\Administratoren:(ID)F

cygwin-1.7.32 $ ls -l
-rwx------+ 1 LocalService Domänen-Benutzer    1932 15. Aug 2014 
fetchmailrc.txt

cygwin-1.7.35 $ ls -l
-rwxrwx---+ 1 LocalService Domänen-Benutzer    1932 15. Aug 2014 
fetchmailrc.txt


Now, there are group permissions set. For me it breaks fetchmail, 
because fetchmail only runs when the config file is owned by the user 
running fetchmail (LocalService in my case, a system user I never can 
login with) and with max 0700 permissions. While this check is ok/good 
for Unix, because you still can view/edit the file as user root, you 
now can't anymore as Administrator on Windows.


So cygwin's old calculation helped me to get it working that both 
fetchmail is happy as the file is only accessible by the user running 
fetchmail and I am happy to be able to change the file as 
Administrator. This seems now broken, or is there still a possibility 
to do that?


@fetchmail's maintainers:
Is it possible/desired/ok to disable this check on Cygwin?


Thanks
Martin

Re: [Fetchmail-users] fetchmail .26 0, wheezy 1

[Matthias A. <mat...@gm...>]

Am 12.02.2015 um 23:11 schrieb Gene Heskett:
> On Wednesday, February 11, 2015 03:56:51 PM Rob MacGregor wrote:
>> On Wed Feb 11 2015 at 3:25:11 PM Gene Heskett <ghe...@wd...> wrote:
>>> Greetings all;
>>>
>>> Trying to get the tarball built as wheezy's fetchmail is .21, sorta
>>> of old.
>>>
>>> All the openssl stuff I can find is installed, but in about an hours
>>> worth of trying to configure it for ssl support, my point it at the
>>> numerous where stuff is installed, am not able to get anything
>>> better than this at the end of the ./configure execution:
>>> configure: error: SSL support enabled, but OpenSSL not found
>>>
>>> Can someone tell what the heck it is actually looking for?
>>
>> I'd expect it's looking for the library, which is probably named
>> "libssl-dev".
> 
> As it turned out, I was the dummy, I thought it wanted a path to it, in 
> the end it was more than smart enough to find and use it if I just 
> did --with-ssl=yes.  So its in and running fine.

Where --with-ssl and --with-ssl=yes are technically the same in many,
but not all, GNU autoconf based ./configure scripts.  :-)

Good speed.

Re: [Fetchmail-users] fetchmail .26 0, wheezy 1

[Gene H. <ghe...@wd...>]

On Wednesday, February 11, 2015 04:21:17 PM Matthias Andree wrote:
> Am 11.02.2015 um 16:24 schrieb Gene Heskett:
> > Greetings all;
> > 
> > Trying to get the tarball built as wheezy's fetchmail is .21, sorta
> > of old.
> > 
> > All the openssl stuff I can find is installed, but in about an hours
> > worth of trying to configure it for ssl support, my point it at the
> > numerous where stuff is installed, am not able to get anything
> > better than this at the end of the ./configure execution:
> > configure: error: SSL support enabled, but OpenSSL not found
> > 
> > Can someone tell what the heck it is actually looking for?
> > 
> > Thanks all.
> 
> Hi Gene,
> 
> I, just like Rob, suspect the problem is one or more missing -dev
> packages.  On Debian-based systems, you can often take a short cut and
> just run "apt-get build-dep fetchmail" as root to have the system fetch
> and install all requisite packages that you need for the a native build
> of the source package fetchmail (meaning the package installs on
> computers of the same type as the one you're typing the command on).
> This works if the newer package you are trying to build has the same
> requisites as the one that shipped with the distribution.  For a
> wheezy-with-6.3.21 to 6.3.26 upgrade, I expect it works, but I haven't
> got a sufficient "bare" system to test this.
> 
> if Rob's message (i. e. install the -dev packages) doesn't get you
> where you want to be, then please check the config.log file that
> results from the ./configure.
> 
> The config.log is quite verbose, and contains lots of debugging
> information not related to the actual problem, but often also sells a
> clue on the command lines tried, with which test programs, and the
> error messages.  Best to search in it for the error message you've
> seen on the screen from ./configure run,  and that you quoted above.
> 
> 
> 
> Hope that helps.

Yes, it did solve another problem.  i was not aware of the build-deps 
option to apt-get.  Thank you Matthias.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS

Re: [Fetchmail-users] fetchmail .26 0, wheezy 1

[Gene H. <ghe...@wd...>]

On Wednesday, February 11, 2015 03:56:51 PM Rob MacGregor wrote:
> On Wed Feb 11 2015 at 3:25:11 PM Gene Heskett <ghe...@wd...> wrote:
> > Greetings all;
> > 
> > Trying to get the tarball built as wheezy's fetchmail is .21, sorta
> > of old.
> > 
> > All the openssl stuff I can find is installed, but in about an hours
> > worth of trying to configure it for ssl support, my point it at the
> > numerous where stuff is installed, am not able to get anything
> > better than this at the end of the ./configure execution:
> > configure: error: SSL support enabled, but OpenSSL not found
> > 
> > Can someone tell what the heck it is actually looking for?
> 
> I'd expect it's looking for the library, which is probably named
> "libssl-dev".

As it turned out, I was the dummy, I thought it wanted a path to it, in 
the end it was more than smart enough to find and use it if I just 
did --with-ssl=yes.  So its in and running fine.

Thank you Rob.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS

Re: [Fetchmail-users] fetchmail .26 0, wheezy 1

[Matthias A. <mat...@gm...>]

Am 11.02.2015 um 16:24 schrieb Gene Heskett:
> Greetings all;
> 
> Trying to get the tarball built as wheezy's fetchmail is .21, sorta of 
> old.
> 
> All the openssl stuff I can find is installed, but in about an hours worth 
> of trying to configure it for ssl support, my point it at the numerous 
> where stuff is installed, am not able to get anything better than this at 
> the end of the ./configure execution:
> configure: error: SSL support enabled, but OpenSSL not found
> 
> Can someone tell what the heck it is actually looking for?
> 
> Thanks all.

Hi Gene,

I, just like Rob, suspect the problem is one or more missing -dev
packages.  On Debian-based systems, you can often take a short cut and
just run "apt-get build-dep fetchmail" as root to have the system fetch
and install all requisite packages that you need for the a native build
of the source package fetchmail (meaning the package installs on
computers of the same type as the one you're typing the command on).
This works if the newer package you are trying to build has the same
requisites as the one that shipped with the distribution.  For a
wheezy-with-6.3.21 to 6.3.26 upgrade, I expect it works, but I haven't
got a sufficient "bare" system to test this.

if Rob's message (i. e. install the -dev packages) doesn't get you where
you want to be, then please check the config.log file that results from
the ./configure.

The config.log is quite verbose, and contains lots of debugging
information not related to the actual problem, but often also sells a
clue on the command lines tried, with which test programs, and the error
messages.  Best to search in it for the error message you've seen on the
screen from ./configure run,  and that you quoted above.



Hope that helps.

Best regards,
Matthias

Re: [Fetchmail-users] fetchmail -ERR message 1 not found

[Matthias A. <mat...@gm...>]

Am 11.02.2015 um 11:43 schrieb Claudio Mendes:
> if i use EFS instead of fetchmail it works

Claudio,

thank you for providing reformatted logs.

My stance remains unchanged. The POP3 server you are fetching from is
broken.  It offers, through STAT and UIDL, message #1, but refuses to
list its size.  That is implausible.  If the message #1 is deleted, the
server is not permitted to list it through UIDL.

Complain to the POP3 server's operator.

Everybody, please use "example.com" for making up domains if you do not
wish to expose the actual name to the public. It is reserved for
documentation purposes and can safely be used.  Random inventions of
yours (such as domain.com) must not be used.  It's too prone for abuse.

> proxy-srv:~ # fetchmail -v -v
> fetchmail: WARNING: Running as root is discouraged.
> fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 15:17:41 2015: poll started
> fetchmail: POP3< +OK POP3 server ready <134...@ma...>
> fetchmail: POP3> CAPA
> fetchmail: POP3< -ERR bad command
> fetchmail: bad command

OK, fetchmail skips that.

> fetchmail: Repoll immediately on dom...@ma...
> fetchmail: POP3< +OK POP3 server ready <589...@ma...>
> fetchmail: POP3> USER domainemail
> fetchmail: POP3< +OK
> fetchmail: POP3> PASS *
> fetchmail: POP3< +OK connected
> fetchmail: selecting or re-polling default folder
> fetchmail: POP3> STAT
> fetchmail: POP3< +OK 4 117964
> fetchmail: POP3> LAST
> fetchmail: POP3< -ERR bad command

OK, that is from an older POP3 revision (RFC 1725) and was removed.
fetchmail proceeds to UIDL...

> fetchmail: bad command
> fetchmail: POP3> UIDL
> fetchmail: POP3< +OK listing follows
> fetchmail: POP3< 1 15021015161094
> fetchmail: 1 is unseen

...the server offers message #1. It is not permitted to list deleted
messages (but we didn't delete it).

[...]

> 4 messages for domainemail at mail.domain.com (117964 octets).
> fetchmail: POP3> LIST 1
> fetchmail: POP3< -ERR message 1 not found

The server refuse to list the size of the message it offered previously.

This doesn't make sense.

If you want to experiment, download and build the newest fetchmail 6.x.y
release and add --fetchsizelimit 0 to the command line.  This causes
fetchmail to request a LIST for all messages up front, instead of one by
one, and then see what you get and perhaps show the traces.

HTH.

Best regards,
Matthias

Re: [Fetchmail-users] fetchmail .26 0, wheezy 1

[Rob M. <rob...@gm...>]

On Wed Feb 11 2015 at 3:25:11 PM Gene Heskett <ghe...@wd...> wrote:

> Greetings all;
>
> Trying to get the tarball built as wheezy's fetchmail is .21, sorta of
> old.
>
> All the openssl stuff I can find is installed, but in about an hours worth
> of trying to configure it for ssl support, my point it at the numerous
> where stuff is installed, am not able to get anything better than this at
> the end of the ./configure execution:
> configure: error: SSL support enabled, but OpenSSL not found
>
> Can someone tell what the heck it is actually looking for?
>

I'd expect it's looking for the library, which is probably named
"libssl-dev".

-- 
 Rob

Re: [Fetchmail-users] fetchmail -ERR message 1 not found

[Martin K. <mk...@gm...>]

Hi Claudio,

On Wed, 11 Feb 2015, Claudio Mendes wrote:

> if i use EFS instead of fetchmail it works
>
> # Configuration created Fri Jan  9 17:33:10 2015 by fetchmailconf 1.52 $Revision: 4636 $
> set postmaster "ad...@do..."
> #set bouncemail
> #set no spambounce
> #set properties ""
> #set daemon 900
> poll mail.domain.com with proto POP3 localdomains domain.com
> #001 poll 195.219.0.173 with proto POP3 localdomains domain.com
> #002 poll 195.219.0.195 with proto POP3 localdomains domain.com
> #003 poll 195.218.28.28 with proto POP3 localdomains domain.com
> 	envelope X-Originally-To
> #      	user 'domainemail' with password 'pass1234' to * here options smtphost  192.168.16.160
>       	user 'domainemail' with password 'pass1234' to * here options smtphost  192.168.15.150
>
>
>
> proxy-srv:~ # fetchmail -v -v
> fetchmail: WARNING: Running as root is discouraged.
> fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 15:17:41 2015: poll started
> fetchmail: POP3< +OK POP3 server ready <134...@ma...>
> fetchmail: POP3> CAPA
> fetchmail: POP3< -ERR bad command
> fetchmail: bad command
> fetchmail: Repoll immediately on dom...@ma...
> fetchmail: POP3< +OK POP3 server ready <589...@ma...>
> fetchmail: POP3> USER domainemail
> fetchmail: POP3< +OK
> fetchmail: POP3> PASS *
> fetchmail: POP3< +OK connected
> fetchmail: selecting or re-polling default folder
> fetchmail: POP3> STAT
> fetchmail: POP3< +OK 4 117964
> fetchmail: POP3> LAST
> fetchmail: POP3< -ERR bad command
> fetchmail: bad command
> fetchmail: POP3> UIDL
> fetchmail: POP3< +OK listing follows
> fetchmail: POP3< 1 15021015161094
> fetchmail: 1 is unseen
> fetchmail: POP3< 2 15021015171770
> fetchmail: 2 is unseen
> fetchmail: POP3< 3 15021015154640
> fetchmail: 3 is unseen
> fetchmail: POP3< 4 15021015155722
> fetchmail: 4 is unseen
> fetchmail: POP3< .
> 4 messages for domainemail at mail.domain.com (117964 octets).
> fetchmail: POP3> LIST 1
> fetchmail: POP3< -ERR message 1 not found
> fetchmail: message 1 not found
> fetchmail: POP3> QUIT
> fetchmail: POP3< +OK
> fetchmail: client/server protocol error while fetching from dom...@ma...
> fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 15:17:41 2015: poll completed
> fetchmail: discarding new UID list
> fetchmail: Query status=4 (PROTOCOL)
> fetchmail: Deleting fetchids file.
> fetchmail: normal termination, status 4
> fetchmail: Deleting fetchids file.
>

you could give the option "fetchall" a try. (If it is OK for your use 
case.) For me it then worked when I had a pure RFC compliant server, 
with only the mandatory features available. fetchmail doesn't do 
unseen/seen processing in this case, but simply fetches everything.


Martin

[Fetchmail-users] fetchmail .26 0, wheezy 1

[Gene H. <ghe...@wd...>]

Greetings all;

Trying to get the tarball built as wheezy's fetchmail is .21, sorta of 
old.

All the openssl stuff I can find is installed, but in about an hours worth 
of trying to configure it for ssl support, my point it at the numerous 
where stuff is installed, am not able to get anything better than this at 
the end of the ./configure execution:
configure: error: SSL support enabled, but OpenSSL not found

Can someone tell what the heck it is actually looking for?

Thanks all.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS

Re: [Fetchmail-users] fetchmail -ERR message 1 not found

[Claudio M. <va...@ho...>]

if i use EFS instead of fetchmail it works


Received: from SRV-EX01.domain.local (192.168.15.150) by
SRV-EX01.domain.local (192.168.15.150) with Microsoft SMTP Server (TLS) id
15.0.1044.25 via Mailbox Transport; Mon, 9 Feb 2015 11:59:10 +0100
Received: fromSRV-EX01.domain.local (192.168.15.150) by
SRV-EX01.domain.local (192.168.15.150) with Microsoft SMTP Server (TLS) id
15.0.1044.25; Mon, 9 Feb 2015 11:59:10 +0100
Received: from vmsrv (192.168.15.180) by SRV-EX01.domain.local
(192.168.15.150) with Microsoft SMTP Server id 15.0.1044.25 via Frontend
Transport; Mon, 9 Feb 2015 11:59:10 +0100
Received: from 195.218.8.138 by 195.218.28.28
          INC_SMTP_SERVER 2.58;
          Mon, 09 Feb 2015 11:58:50 +0100
Received: from domain.com (shopping.domain.com [195.218.85.8])
            by mailgate.domain.com (Postfix) with SMTP id 7627F9C0055;
            Mon,  9 Feb 2015 11:58:50 +0100 (CET)
Date: Mon, 9 Feb 2015 11:58:50 +0100
Subject: System Notification
Message-ID: <20150209115850.0334@hel...@do...>
X-Mailer: incsmtp version 2.12
X-Originally-From: <hel...@do...>
X-Originally-To: <jhi...@do...>
X-Forwarder: Redirected by EFS, http://www.chimeracomputing.com/
To: <tt...@do...>
From: <hel...@do...>
Return-Path: hel...@do...
MIME-Version: 1.0
Content-Type: text/plain
X-MS-Exchange-Organization-Network-Message-Id: ad317a54-bc90-461c-82de-08d2126e914d
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: SRV-EX01.domain.local
X-MS-Exchange-Organization-AuthAs: Anonymous



# Configuration created Fri Jan  9 17:33:10 2015 by fetchmailconf 1.52 $Revision: 4636 $
set postmaster "ad...@do..."
#set bouncemail
#set no spambounce
#set properties ""
#set daemon 900
poll mail.domain.com with proto POP3 localdomains domain.com
#001 poll 195.219.0.173 with proto POP3 localdomains domain.com
#002 poll 195.219.0.195 with proto POP3 localdomains domain.com
#003 poll 195.218.28.28 with proto POP3 localdomains domain.com
	envelope X-Originally-To
#      	user 'domainemail' with password 'pass1234' to * here options smtphost  192.168.16.160
      	user 'domainemail' with password 'pass1234' to * here options smtphost  192.168.15.150



proxy-srv:~ # fetchmail -v -v
fetchmail: WARNING: Running as root is discouraged.
fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 15:17:41 2015: poll started
fetchmail: POP3< +OK POP3 server ready <134...@ma...>
fetchmail: POP3> CAPA
fetchmail: POP3< -ERR bad command
fetchmail: bad command
fetchmail: Repoll immediately on dom...@ma...
fetchmail: POP3< +OK POP3 server ready <589...@ma...>
fetchmail: POP3> USER domainemail
fetchmail: POP3< +OK
fetchmail: POP3> PASS *
fetchmail: POP3< +OK connected
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 4 117964
fetchmail: POP3> LAST
fetchmail: POP3< -ERR bad command
fetchmail: bad command
fetchmail: POP3> UIDL
fetchmail: POP3< +OK listing follows
fetchmail: POP3< 1 15021015161094
fetchmail: 1 is unseen
fetchmail: POP3< 2 15021015171770
fetchmail: 2 is unseen
fetchmail: POP3< 3 15021015154640
fetchmail: 3 is unseen
fetchmail: POP3< 4 15021015155722
fetchmail: 4 is unseen
fetchmail: POP3< .
4 messages for domainemail at mail.domain.com (117964 octets).
fetchmail: POP3> LIST 1
fetchmail: POP3< -ERR message 1 not found
fetchmail: message 1 not found
fetchmail: POP3> QUIT
fetchmail: POP3< +OK
fetchmail: client/server protocol error while fetching from dom...@ma...
fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 15:17:41 2015: poll completed
fetchmail: discarding new UID list
fetchmail: Query status=4 (PROTOCOL)
fetchmail: Deleting fetchids file.
fetchmail: normal termination, status 4
fetchmail: Deleting fetchids file.

 		 	   		  

Re: [Fetchmail-users] fetchmail -ERR message 1 not found

[Matthias A. <mat...@gm...>]

Am 10.02.2015 um 15:00 schrieb Claudio Mendes:
> hi,
> somehow can't get fetchmail to work properly
> # Configuration created Tue Feb 10 10:18:32 2015 by fetchmailconf 1.52 $Revision: 4636 $set postmaster "ad...@do..."#set nobouncemail#set no spambounce#set properties ""#set daemon 900poll mail.domain.com with proto POP3 localdomains domain.com    envelope X-Originally-To       user 'user' with password 'pass' to * here options smtphost  192.168.15.150
> 
> fetchmail: WARNING: Running as root is discouraged.fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 10:38:09 2015: poll startedfetchmail: POP3< +OK POP3 server ready <848...@ma...>fetchmail: POP3> CAPAfetchmail: POP3< -ERR bad commandfetchmail: bad commandfetchmail: Repoll immediately on us...@ma...fetchmail: POP3< +OK POP3 server ready <210...@ma...>fetchmail: POP3> USER userfetchmail: POP3< +OKfetchmail: POP3> PASS *fetchmail: POP3< +OK connectedfetchmail: POP3> STATfetchmail: POP3< +OK 1 3255fetchmail: POP3> LASTfetchmail: POP3< -ERR bad commandfetchmail: bad commandfetchmail: POP3> UIDLfetchmail: POP3< +OK listing followsfetchmail: POP3< 1 15021010380695fetchmail: POP3< .1 message for user at mail.domain.com (3255 octets).fetchmail: POP3> LIST 1fetchmail: POP3< -ERR message 1 not foundfetchmail: message 1 not foundfetchmail: POP3> QUITfetchmail: POP3< +OKfetchmail: client/server protocol error whil
e fetching from us...@ma...fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 10:38:09 2015: poll completedfetchmail: Query status=4 (PROTOCOL)fetchmail: normal termination, status 4Done. 		 	   		  

Claudio,

the server offers a message with number 1 in the UIDL reply, but refuses
to list its size when fetchmail asks for it (although it seems to know
the mailbox size).  While I concur with Jerry's and Rob's assessments, a
fetchmail update - while still advised - isn't going to help here
because the trouble is on the server's end.

Nothing can cope with a server that promises a message and then fails to
deliver it.

Please reproduce the log with line breaks intact and without
reformatting, and forward it to the POP3 server's administrator with a
polite request to check into and resolve the issue.

The technical reference for how the server should behave is RFC 1939,
found for example here: <http://tools.ietf.org/html/rfc1939>

Hope that helps.

Best,
Matthias

Re: [Fetchmail-users] fetchmail -ERR message 1 not found

[Jerry <je...@se...>]

On Tue, 10 Feb 2015 15:00:51 +0100, Claudio Mendes stated:

> hi,
> somehow can't get fetchmail to work properly
> # Configuration created Tue Feb 10 10:18:32 2015 by fetchmailconf 1.52
> $Revision: 4636 $set postmaster "ad...@do..."#set nobouncemail#set no
> spambounce#set properties ""#set daemon 900poll mail.domain.com with proto
> POP3 localdomains domain.com    envelope X-Originally-To       user 'user'
> with password 'pass' to * here options smtphost  192.168.15.150
> 
> fetchmail: WARNING: Running as root is discouraged.fetchmail: 6.3.2
> querying mail.domain.com (protocol POP3) at Tue Feb 10 10:38:09 2015: poll
> startedfetchmail: POP3< +OK POP3 server ready
> <848...@ma...>fetchmail: POP3> CAPAfetchmail: POP3<
> -ERR bad commandfetchmail: bad commandfetchmail: Repoll immediately on
> us...@ma...fetchmail: POP3< +OK POP3 server ready
> <210...@ma...>fetchmail: POP3> USER userfetchmail:
> POP3< +OKfetchmail: POP3> PASS *fetchmail: POP3< +OK connectedfetchmail:
> POP3> STATfetchmail: POP3< +OK 1 3255fetchmail: POP3> LASTfetchmail: POP3<
> POP3> -ERR bad commandfetchmail: bad commandfetchmail: POP3> UIDLfetchmail:
> POP3> POP3< +OK listing followsfetchmail: POP3< 1 15021010380695fetchmail:
> POP3> POP3< .1 message for user at mail.domain.com (3255 octets).fetchmail:
> POP3> POP3> LIST 1fetchmail: POP3< -ERR message 1 not foundfetchmail:
> POP3> POP3> message 1 not foundfetchmail: POP3> QUITfetchmail: POP3<
> POP3> POP3> +OKfetchmail: client/server protocol error while fetching from
> POP3> POP3> us...@ma...fetchmail: 6.3.2 querying mail.domain.com
> POP3> POP3> (protocol POP3) at Tue Feb 10 10:38:09 2015: poll
> POP3> POP3> completedfetchmail: Query status=4 (PROTOCOL)fetchmail: normal
> POP3> POP3> termination, status 4Done.
> POP3> POP3> ------------------------------------------------------------------------------
> POP3> POP3> Dive into the World of Parallel Programming. The Go Parallel
> POP3> POP3> Website, sponsored by Intel and developed in partnership with
> POP3> POP3> Slashdot Media, is your hub for all things parallel software
> POP3> POP3> development, from weekly thought leadership blogs to news,
> POP3> POP3> videos, case studies, tutorials and more. Take a look and join
> POP3> POP3> the conversation now. http://goparallel.sourceforge.net/
> POP3> POP3> _______________________________________________ Fetchmail-users
> POP3> POP3> mailing list

You are going to have to supply your configuration file if you want anyone to
debug this for you. I think that is what you have at the top of this post,
but it is so mangled on my screen that I am not even going to begin to
spend the time to figure it out. Mungle the "PASSWORDS" but leave the rest
intact.

Also, DO NOT use HTML. Send it as plain ASCII text. Hotmail has a setting
for that if you are using their web interface. Otherwise, set your MUA to use
plain text.

-- 
Jerry

Re: [Fetchmail-users] fetchmail -ERR message 1 not found

[Rob M. <rob...@gm...>]

On Tue Feb 10 2015 at 14:02:15 Claudio Mendes <va...@ho...> wrote:

> hi,
> somehow can't get fetchmail to work properly
> # Configuration created Tue Feb 10 10:18:32 2015 by fetchmailconf 1.52
> $Revision: 4636 $set postmaster "ad...@do..."#set nobouncemail#set no
> spambounce#set properties ""#set daemon 900poll mail.domain.com with
> proto POP3 localdomains domain.com    envelope X-Originally-To       user
> 'user' with password 'pass' to * here options smtphost  192.168.15.150
>
> fetchmail: WARNING: Running as root is discouraged.fetchmail: 6.3.2
> querying mail.domain.com (protocol POP3) at Tue Feb 10 10:38:09 2015:
> poll startedfetchmail: POP3< +OK POP3 server ready <
> 848...@ma...>fetchmail: POP3> CAPAfetchmail: POP3<
> -ERR bad commandfetchmail: bad commandfetchmail: Repoll immediately on
> us...@ma...fetchmail: POP3< +OK POP3 server ready <
> 210...@ma...>fetchmail: POP3> USER
> userfetchmail: POP3< +OKfetchmail: POP3> PASS *fetchmail: POP3< +OK
> connectedfetchmail: POP3> STATfetchmail: POP3< +OK 1 3255fetchmail: POP3>
> LASTfetchmail: POP3< -ERR bad commandfetchmail: bad commandfetchmail: POP3>
> UIDLfetchmail: POP3< +OK listing followsfetchmail: POP3< 1
> 15021010380695fetchmail: POP3< .1 message for user at mail.domain.com
> (3255 octets).fetchmail: POP3> LIST 1fetchmail: POP3< -ERR message 1 not
> foundfetchmail: message 1 not foundfetchmail: POP3> QUITfetchmail: POP3<
> +OKfetchmail: client/server protocol error while fetching from
> us...@ma...fetchmail: 6.3.2 querying mail.domain.com (protocol
> POP3) at Tue Feb 10 10:38:09 2015: poll completedfetchmail: Query status=4
> (PROTOCOL)fetchmail: normal termination, status 4Done.
>

A few things:

1) Your version of Fetchmail is terribly out of date - please update to the
current version (6.3.26 ISTR)
2) The formatting of your email makes it impractical to parse the messages.
If you can't correct the formatting in your mail client please use the
likes of pastebin.
3) It looks, from what I can parse, that the POP server is not well behaved
- it would be good to know technical details about that server to enable
folks to work out whether it really is the problem.

-- 
 Rob MacGregor

[Fetchmail-users] fetchmail -ERR message 1 not found

[Claudio M. <va...@ho...>]

hi,
somehow can't get fetchmail to work properly
# Configuration created Tue Feb 10 10:18:32 2015 by fetchmailconf 1.52 $Revision: 4636 $set postmaster "ad...@do..."#set nobouncemail#set no spambounce#set properties ""#set daemon 900poll mail.domain.com with proto POP3 localdomains domain.com    envelope X-Originally-To       user 'user' with password 'pass' to * here options smtphost  192.168.15.150

fetchmail: WARNING: Running as root is discouraged.fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 10:38:09 2015: poll startedfetchmail: POP3< +OK POP3 server ready <848...@ma...>fetchmail: POP3> CAPAfetchmail: POP3< -ERR bad commandfetchmail: bad commandfetchmail: Repoll immediately on us...@ma...fetchmail: POP3< +OK POP3 server ready <210...@ma...>fetchmail: POP3> USER userfetchmail: POP3< +OKfetchmail: POP3> PASS *fetchmail: POP3< +OK connectedfetchmail: POP3> STATfetchmail: POP3< +OK 1 3255fetchmail: POP3> LASTfetchmail: POP3< -ERR bad commandfetchmail: bad commandfetchmail: POP3> UIDLfetchmail: POP3< +OK listing followsfetchmail: POP3< 1 15021010380695fetchmail: POP3< .1 message for user at mail.domain.com (3255 octets).fetchmail: POP3> LIST 1fetchmail: POP3< -ERR message 1 not foundfetchmail: message 1 not foundfetchmail: POP3> QUITfetchmail: POP3< +OKfetchmail: client/server protocol error while fetching from us...@ma...fetchmail: 6.3.2 querying mail.domain.com (protocol POP3) at Tue Feb 10 10:38:09 2015: poll completedfetchmail: Query status=4 (PROTOCOL)fetchmail: normal termination, status 4Done. 		 	   		  

Re: [Fetchmail-users] Constantly changing ssl fingerprints

[grarpamp <gra...@gm...>]

On Mon, Jan 26, 2015 at 4:12 AM, Matthias Andree <mat...@gm...> wrote:
> vendors that played with it quickly found out it's a non-starter because
> ...
> Either you dumb OSCP checking down  [...]
> ...
> many sites aren't up to the task.

User should set their pref for the offline situation though.
I'd treat OSCP, and the various observatory projects/plugins,
as just another indication that something's wrong. ie: What if
server cert is pinned, and user know for a fact that their path and
dns to it is good etc, but for some reason the issuing CA has
CRL/OSCP'd it. User would end up still using it unaware if they
didn't see that.

Another recollection is OSCP seems done by TLS library,
so Tor users have to wrap that too. And it lets another third
party, the CA's, know what domains you're surfing.

I'd think OSCP/observatories would add some benefit to the
certchk and fingerprint. But true they don't seem production/widespread
ready just yet. Maybe a couple more years to sort out the
winners.

> Certificate pinning, and allowing to list multiple fingerprints, are
> options I am willing to allow for experimenting.

Thought I saw multiple cert in 7.x already, or maybe it was multiple
as in sha1/sha256/..., I need to go look as both had come up
earlier. I guess both multiple cert (load balancing and cert rollout)
and multiple hashes (or just better ones than broken md5 and
somewhat iffy sha1) have their place.

> Regarding listing intermediate CAs I am trying to find ways to avoid
> them being listed as trust roots, and for some sites, stuffing an
> intermediate CA into the trust store fails if the actual root is
> missing.

I think this happens because the library expects to be able
to verify all the way back to level 0 (root). Don't think I've seen
a library that would configurably stop short upon hitting some
nth level good intermediate. (I could have mixed this up, long day.)

> encouraged people to believe they weren't under MITM attacks while they
> were downloading the certificates.

Things like VPN's and Tor can actually help with this as
they give access to different views from which you can form
a consensus.

> True, best to just concatenate the desired root certificates to a PEM
> (cat root1.pem root2.pem >fetchmail-trusted.pem) and then use
> --sslcertfile fetchmail-trusted.pem to point fetchmail to it (note this
> must be in the defaults section of the rcfile, or on the command line,
> or it must be repeated for each and every poll statement, or skip
> statements where you give servers on the command line).

I think part of this relates to the thread about separating out
the config bits... servers, users, polling... all separate things.
Then flexibly strung together as needed. I hope to revisit that
draft for completeness.

> the lists will be "use the latest formal release if you want support
> from the fetchmail list".

It's a way to encourage keeping current, and not having
to be held back carrying unnecessary legacy. Fetchmail is
simple to update, even by hand.

>> http://svnweb.freebsd.org/ports/head/security/nss/

Listed it for the curious.

Re: [Fetchmail-users] Constantly changing ssl fingerprints

[Matthias A. <mat...@gm...>]

Am 26.01.2015 um 17:01 schrieb Carlos E. R.:

> mine is simpler:
> 
> poll imap.gmail.com [...]

> I don't have to specify the certificate paths.

Yeah, simpler and simply dangerous.  You're not using the "sslcertck"
option.  Meaning that passing certificate checks is not required.
No wonder you don't need to install certificates.  You'd need to read
your logs carefully to learn that something's wrong.

Re: [Fetchmail-users] Constantly changing ssl fingerprints

[Carlos E. R. <car...@op...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2015-01-25 19:48, Martin Koeppe wrote:
> 
> Hi Jerry,

>>>>> user 'us...@gm...' there with password 'SECRET' options forcecr
>>>>> dropdelivered smtpname ssl sslcertpath /usr/local/etc/postfix/certs
>>>>> sslfingerprint '26:85:9C:DD:04:26:70:C2:20:0A:A0:A2:24:E4:CF:30'
> 
> why socomplicated? I use this snippet:
> 
> defaults:
>  	proto pop3 timeout 300 sslproto 'TLS1' ssl
>  	sslcertfile /usr/ssl/certs/ca-bundle.trust.crt
>  	sslcertck
>  	limit 50000000 warnings 86400

mine is simpler:

poll imap.gmail.com with interval 0 proto imap timeout 50, and tracepolls
        user G_NAME, with password PASSWORD, is LOCALUSER here, expunge 20, and ssl, and fetchall


I get this typical response:

<2.6> 2015-01-20 16:04:22 Telcontar fetchmail 2433 - -  6.3.26 querying imap.gmail.com (protocol IMAP) at 2015-01-20T16:04:22 CET: poll started
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  Trying to connect to 74.125.71.109/993...connected.
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  Server certificate:
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  Issuer Organization: Google Inc
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  Issuer CommonName: Google Internet Authority G2
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  Subject CommonName: imap.gmail.com
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  Subject Alternative Name: imap.gmail.com
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  imap.gmail.com key fingerprint: CC:06:25:2E:A6:3C:F5:61:DE:BF:25:E2:26:09:7F:0E
<2.6> 2015-01-20 16:04:23 Telcontar fetchmail 2433 - -  IMAP< * OK Gimap ready for requests from ...


I don't have to specify the certificate paths.

- -- 
Cheers / Saludos,

		Carlos E. R.
		(from openSUSE 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlTGZOYACgkQtTMYHG2NR9U7zgCfcvBL1cYSZh7WeZmDUDJk9mg1
LmIAnArNzM3Hzt06fiMG7gzzSHqVdx9O
=JSen
-----END PGP SIGNATURE-----