Menu
▾
▴
fetchmail-users
|
From: Pongthep K. <ptk...@gm...> - 2007-05-13 16:30:26
|
Hi all Error messages with fetchmail 6.3.8 Firstly I shall say I am a noobie and sorry if my question is too simple Previously I use fetchmail 6.2.5 on FreeBSD 5.4 (yes obsolete but still get work done). I had no problem with it. In order to be updated, yesterday I downloaded fetchmail 6.3.8. I installed it as I normally do. % ./configure --with-ssl % make # make install I still use my existing .fetchmailrc, which worked fine with fetchmail 6.2.5. % cat .fetchmailrc poll mail.ego.co.th proto pop3: user "pkr...@eg..." there has password "xxxxxxx" is "pongthep" here fetchall poll pop.gmail.com proto pop3 port 995: user "ptk...@gm..." there has password "yyyyyyy" is "pongthep" here fetchall ssl After test, I can still retrieve mails for both accounts, but I found some error messages I never seen before and don't know how to fix it. Anyone has a clue, please point me out and thank you in advance. (please also CC to me, I'm not in the list.) Normally I use mutt as MUA. But for your diagnostic, I put direct command on console as shown below. Questions 1) My first account has nothing to do with TLS. Why is there such an error message? How to fix it? 2) Several errors with my second account (gmail). How to fix it? 3) I also have 6bone tunnel for IPv6. Shall I do anything special with fetchmail? Thank you Pongthep Kulkrisada % fetchmail -vv fetchmail: 6.3.8 querying mail.ego.co.th (protocol POP3) at Sun May 13 11:08:42 2007: poll started Trying to connect to 202.5.93.197/110...connected. fetchmail: POP3< +OK Hello there. fetchmail: POP3> CAPA fetchmail: POP3< +OK Here's what I can do: fetchmail: POP3< STLS fetchmail: POP3< TOP fetchmail: POP3< USER fetchmail: POP3< LOGIN-DELAY 10 fetchmail: POP3< PIPELINING fetchmail: POP3< UIDL fetchmail: POP3< IMPLEMENTATION Courier Mail Server fetchmail: POP3< . fetchmail: POP3> STLS fetchmail: POP3< +OK Begin SSL/TLS negotiation now. fetchmail: mail.ego.co.th: opportunistic upgrade to TLS failed, trying to continue. fetchmail: POP3> USER pkr...@eg... fetchmail: Repoll immediately on pkr...@eg...@mail.ego.co.th Trying to connect to 202.5.93.197/110...connected. fetchmail: POP3< +OK Hello there. fetchmail: POP3> CAPA fetchmail: POP3< +OK Here's what I can do: fetchmail: POP3< STLS fetchmail: POP3< TOP fetchmail: POP3< USER fetchmail: POP3< LOGIN-DELAY 10 fetchmail: POP3< PIPELINING fetchmail: POP3< UIDL fetchmail: POP3< IMPLEMENTATION Courier Mail Server fetchmail: POP3< . fetchmail: POP3> USER pkr...@eg... fetchmail: POP3< +OK Password required. fetchmail: POP3> PASS * fetchmail: POP3< +OK logged in. fetchmail: selecting or re-polling default folder fetchmail: POP3> STAT fetchmail: POP3< +OK 0 0 fetchmail: No mail for pkr...@eg... at mail.ego.co.th fetchmail: POP3> QUIT fetchmail: POP3< +OK Bye-bye. fetchmail: 6.3.8 querying mail.ego.co.th (protocol POP3) at Sun May 13 11:08:44 2007: poll completed fetchmail: not swapping UID lists, no UIDs seen this query fetchmail: Query status=1 (NOMAIL) fetchmail: 6.3.8 querying pop.gmail.com (protocol POP3) at Sun May 13 11:08:44 2007: poll started Trying to connect to 72.14.253.109/995...connected. fetchmail: Issuer Organization: Equifax fetchmail: Unknown Issuer CommonName fetchmail: Server CommonName: pop.gmail.com fetchmail: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4 fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: Server certificate verification error: certificate not trusted fetchmail: Server certificate verification error: unable to verify the first certificate fetchmail: POP3< +OK Gpop ready for requests from 203.153.169.68 m27pf2075195pof fetchmail: POP3> CAPA fetchmail: POP3< +OK Capability list follows fetchmail: POP3< USER fetchmail: POP3< RESP-CODES fetchmail: POP3< EXPIRE 0 fetchmail: POP3< LOGIN-DELAY 300 fetchmail: POP3< X-GOOGLE-VERHOEVEN fetchmail: POP3< UIDL fetchmail: POP3< . fetchmail: POP3> USER ptk...@gm... fetchmail: POP3< +OK send PASS fetchmail: POP3> PASS * fetchmail: POP3< +OK Welcome. fetchmail: selecting or re-polling default folder fetchmail: POP3> STAT fetchmail: POP3< +OK 0 0 fetchmail: No mail for ptk...@gm... at pop.gmail.com fetchmail: POP3> QUIT fetchmail: POP3< +OK Farewell. fetchmail: 6.3.8 querying pop.gmail.com (protocol POP3) at Sun May 13 11:08:51 2007: poll completed fetchmail: not swapping UID lists, no UIDs seen this query fetchmail: Query status=1 (NOMAIL) fetchmail: Writing fetchids file. fetchmail: normal termination, status 1 fetchmail: Writing fetchids file. |
|
From: Matthias A. <mat...@gm...> - 2007-05-13 17:12:09
|
Pongthep Kulkrisada schrieb:
> Hi all
>
> Error messages with fetchmail 6.3.8
> Firstly I shall say I am a noobie and sorry if my question is too simple
> Previously I use fetchmail 6.2.5 on FreeBSD 5.4 (yes obsolete but still get work done). I had no problem with it. In order to be updated, yesterday I downloaded fetchmail 6.3.8. I installed it as I normally do.
Pongthep, the easiest way for FreeBSD installations of fetchmail is to use
the FreeBSD port - but your installation went apparently right anyways,
except for the SSL certificates.
> After test, I can still retrieve mails for both accounts, but I found some error messages I never seen before and don't know how to fix it. Anyone has a clue, please point me out and thank you in advance. (please also CC to me, I'm not in the list.)
The problem is with the server's certificate that your OpenSSL library does
not recognize - installing the root certificate should fix your problem.
> Normally I use mutt as MUA. But for your diagnostic, I put direct command on console as shown below.
>
> Questions
> 1) My first account has nothing to do with TLS.
> Why is there such an error message? How to fix it?
You can avoid the attempts if you add
sslproto ''
to your configuration (that's two single quotes)
> 2) Several errors with my second account (gmail).
> How to fix it?
See below.
> 3) I also have 6bone tunnel for IPv6.
> Shall I do anything special with fetchmail?
There should be no need; FreeBSD 5.4 can do IPv6 as far as I know.
> % fetchmail -vv
Thank you.
> fetchmail: 6.3.8 querying mail.ego.co.th (protocol POP3) at Sun May 13 11:08:42 2007: poll started
> Trying to connect to 202.5.93.197/110...connected.
> fetchmail: POP3< +OK Hello there.
> fetchmail: POP3> CAPA
> fetchmail: POP3< +OK Here's what I can do:
> fetchmail: POP3< STLS
> fetchmail: POP3< TOP
> fetchmail: POP3< USER
> fetchmail: POP3< LOGIN-DELAY 10
> fetchmail: POP3< PIPELINING
> fetchmail: POP3< UIDL
> fetchmail: POP3< IMPLEMENTATION Courier Mail Server
> fetchmail: POP3< .
> fetchmail: POP3> STLS
> fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
> fetchmail: mail.ego.co.th: opportunistic upgrade to TLS failed, trying to continue.
> fetchmail: POP3> USER pkr...@eg...
> fetchmail: Repoll immediately on pkr...@eg...@mail.ego.co.th
> Trying to connect to 202.5.93.197/110...connected.
The server offered TLS, so fetchmail tried. However, the server is not
configured properly ("opportunistic upgrade to TLS failed") and
additionally dropped the connection.
Fetchmail noticed and retried without TLS. This is typical Courier
behavior. I'll talk to Sam Varshavchik if he sees a chance to fix this.
Suggestion above (sslproto '').
> fetchmail: 6.3.8 querying mail.ego.co.th (protocol POP3) at Sun May 13 11:08:44 2007: poll completed
> fetchmail: not swapping UID lists, no UIDs seen this query
> fetchmail: Query status=1 (NOMAIL)
> fetchmail: 6.3.8 querying pop.gmail.com (protocol POP3) at Sun May 13 11:08:44 2007: poll started
> Trying to connect to 72.14.253.109/995...connected.
> fetchmail: Issuer Organization: Equifax
> fetchmail: Unknown Issuer CommonName
> fetchmail: Server CommonName: pop.gmail.com
> fetchmail: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4
> fetchmail: Server certificate verification error: unable to get local issuer certificate
> fetchmail: Server certificate verification error: certificate not trusted
> fetchmail: Server certificate verification error: unable to verify the first certificate
Looks as though the root certificate from Equifax is not installed on your
computer, so the OpenSSL library cannot verify that there is no man in the
middle attack going on. Fetchmail continues however (because you did not
specify --sslcertck).
Do you have the ca-roots port installed? Try doing that, it makes the
problem go away on my computer (I have FreeBSD 6.2 and installed fetchmail
6.3.8 from the port).
HTH
Matthias
|
|
From: Pongthep K. <ptk...@gm...> - 2007-05-14 18:35:43
|
> Pongthep, the easiest way for FreeBSD installations of fetchmail is to use
> the FreeBSD port - but your installation went apparently right anyways,
> except for the SSL certificates.
I dont know about SSL certificates.
Once I just cd /usr/ports/mail/fetchmail and make install. It brought me the old version. I don't know how to use cvsup. Once I read handbook, it came with tonnes of documentation, I just don't understand only confuse I got. So I downloaded a tarball and compiled from source. I am a noobie.
> The problem is with the server's certificate that your OpenSSL library does
> not recognize - installing the root certificate should fix your problem.
What is root certificate? please give me a bit of more details.
> > Questions
> > 1) My first account has nothing to do with TLS.
> > Why is there such an error message? How to fix it?
>
> You can avoid the attempts if you add
> sslproto ''
>
> to your configuration (that's two single quotes)
Yes it fixed the problem. Thanks
> > 2) Several errors with my second account (gmail).
> > How to fix it?
>
> See below.
>
> > 3) I also have 6bone tunnel for IPv6.
> > Shall I do anything special with fetchmail?
>
> There should be no need; FreeBSD 5.4 can do IPv6 as far as I know.
Alright. Thanks,
> The server offered TLS, so fetchmail tried. However, the server is not
> configured properly ("opportunistic upgrade to TLS failed") and
> additionally dropped the connection.
>
> Fetchmail noticed and retried without TLS. This is typical Courier
> behavior. I'll talk to Sam Varshavchik if he sees a chance to fix this.
>
> Suggestion above (sslproto '').
As said it fixed the problem.
> Looks as though the root certificate from Equifax is not installed on your
> computer, so the OpenSSL library cannot verify that there is no man in the
> middle attack going on. Fetchmail continues however (because you did not
> specify --sslcertck).
Can you please give me a brief example of --sslcertck? I did not find it in the provided handbook or man pages.
> Do you have the ca-roots port installed? Try doing that, it makes the
> problem go away on my computer (I have FreeBSD 6.2 and installed fetchmail
> 6.3.8 from the port).
Shall I just cd /usr/ports/security/ca-roots and make install?
How to obtain the new version?
Thank you very much
Pongthep Kulkrisada
|
|
From: Rob M. <rob...@gm...> - 2007-05-14 20:34:08
|
On 5/14/07, Pongthep Kulkrisada <ptk...@gm...> wrote:
> > Pongthep, the easiest way for FreeBSD installations of fetchmail is to use
> > the FreeBSD port - but your installation went apparently right anyways,
> > except for the SSL certificates.
> I dont know about SSL certificates.
> Once I just cd /usr/ports/mail/fetchmail and make install. It brought me the old version. I don't know how to use cvsup. Once I read handbook, it came with tonnes of documentation, I just don't understand only confuse I got. So I downloaded a tarball and compiled from source. I am a noobie.
Ok, simply, as root:
1) pkg_add -r cvsup-without-gui
2) cp /usr/share/examples/cvsup/ports-supfile /root
3) vi /root/ports-supfile
(or use your favourite text editor, if you're not comfortable with any do:
sed "s/CHANGE_THIS/cvsup3/" /root/ports-supfile > /root/my-ports-supfile
mv /root/my-ports-supfile /root/ports-supfile
4) cvsup /root/ports-supfile
Repeat command (4) when you're expecting to install or update software
- at most daily.
I'd recommend portsnap instead personally, but cvsup is easier to get
going with initially (pre FreeBSD 6). Don't overlook help from the
various freebsd mailing lists (including freebsd-questions) - people
there are generally helpful.
The FreeBSD manual goes into more detail:
http://www.freebsd.org/doc/handbook/ports-using.html
It is available in more than English, but I not many and I don't know
what languages you read.
> What is root certificate? please give me a bit of more details.
I'd suggest a look at the Wikipedia article for "ssl certificate" as
without knowing how much you know there's a risk of making it too
simple (and boring you) or assuming too much (and confusing you) :-)
http://en.wikipedia.org/wiki/Ssl_certificate#Security
(very) briefly a certificate is a way of being certain that a host is
what it claims to be (eg mail.google.com). There are different types,
with a root certificate being able of validating other certificates.
> Can you please give me a brief example of --sslcertck? I did not find it in the provided handbook or man pages.
It *is* detailed in at least the online manual:
http://www.fetchmail.info/fetchmail-man.html
> Shall I just cd /usr/ports/security/ca-roots and make install?
Yes, but update your ports first.
> How to obtain the new version?
See the details on use of cvsup above.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
|
|
From: Matthias A. <mat...@gm...> - 2007-05-14 20:46:51
|
Rob MacGregor schrieb: > It *is* detailed in at least the online manual: > > http://www.fetchmail.info/fetchmail-man.html ...which I have just updated to version 6.3.8. |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X