Menu
▾
▴
fetchmail-users
|
From: Jon B. <bri...@nm...> - 2022-03-05 17:57:11
|
I'd like to use fetchmail with iCloud via IMAP. The Apple support page https://support.apple.com/en-us/HT202304 gives relevant information. I found nothing specific to this on the web or our forum. Does anyone have a working configuration file to share? Jon |
|
From: Eric D. <ran...@gm...> - 2022-03-05 19:07:11
|
This is what I have. I am using IDLE and multiple fechmails processes to gather emails from a bunch of places (also see https://github.com/rand0mdud3/multifetchmail) set no bouncemail > > poll imap.mail.me.com protocol imap idletimeout 540 > username icloud-username there is local-username here, has password > xxx-xxx-xxx-xxx and wants nokeep, fetchall, ssl, idle and forceidle > iCloud does support IDLE but doesn't advertise it AFAIK, so it you want idle, you'll have to use the forceidle thingy (and it's only supported by recent versions of fetchmail) You will also have to generate an app specific password on appleid.apple.com . On Sat, Mar 5, 2022 at 9:58 AM Jon Brinkmann <bri...@nm...> wrote: > I'd like to use fetchmail with iCloud via IMAP. The Apple support page > https://support.apple.com/en-us/HT202304 gives relevant information. > I found nothing specific to this on the web or our forum. > > Does anyone have a working configuration file to share? > > Jon > > > _______________________________________________ > Fetchmail-users mailing list > Fet...@li... > https://lists.sourceforge.net/lists/listinfo/fetchmail-users > |
|
From: Jon B. <bri...@nm...> - 2022-03-11 21:59:17
|
Thanks! I got it working, with one additional step. The depth=2 SSL certificate for icloud.com is self-signed, so fetchmail refuses the SSL connection. I found the solution at: https://geekmush.wordpress.com/2007/06/29/how-to-make-fetchmail-happy-with-the-servers-ssl-cert/ I couldn't use "forceidle" with the latest stable version of fetchmail, 6.4.28. It's only in the 6.5 beta versions. On Sat, Mar 05, 2022 at 11:06:53AM -0800, Eric Durand wrote: > > This is what I have. I am using IDLE and multiple fechmails processes to gather > emails from a bunch of places (also see https://github.com/rand0mdud3/ > multifetchmail) > > > set no bouncemail > > poll imap.mail.me.com protocol imap idletimeout 540 > username icloud-username there is local-username here, has password > xxx-xxx-xxx-xxx and wants nokeep, fetchall, ssl, idle and forceidle > > > iCloud does support IDLE but doesn't advertise it AFAIK, so it you want idle, > you'll have to use the forceidle thingy (and it's only supported by recent > versions of fetchmail) > You will also have to generate an app specific password on appleid.apple.com. > > > On Sat, Mar 5, 2022 at 9:58 AM Jon Brinkmann <bri...@nm...> wrote: > > I'd like to use fetchmail with iCloud via IMAP. The Apple support page > https://support.apple.com/en-us/HT202304 gives relevant information. > I found nothing specific to this on the web or our forum. > > Does anyone have a working configuration file to share? > > Jon > > > _______________________________________________ > Fetchmail-users mailing list > Fet...@li... > https://lists.sourceforge.net/lists/listinfo/fetchmail-users > |
|
From: Matthias A. <mat...@gm...> - 2022-03-12 00:06:44
|
Am 11.03.22 um 22:59 schrieb Jon Brinkmann: > Thanks! > > I got it working, with one additional step. The depth=2 SSL certificate for > icloud.com is self-signed, so fetchmail refuses the SSL connection. I found > the solution at: > > https://geekmush.wordpress.com/2007/06/29/how-to-make-fetchmail-happy-with-the-servers-ssl-cert/ Congratulations, you have just installed some attacker's CA certificates. That is not a solution, but unsafe garbage. Please everyone remove the certificates you have installed that way. Instead, install your distribution's default Mozilla certificate package. Depending on your distribution, it might be called ca-certificates or ca_root_nss or similar. Explanation: The root CA certificate (Equifax's in that example on the website) MUST be obtained via a SECURE separate channel and NOT from the connection. There are SSL tools (for instance, SSLsplit) that will generate such CA certificates on the fly to crack the encrypted connection and you could not tell from the name that this is happening. This is typical for anti-virus/web security gateways/firewalls and of course also in malicious attacks. |
|
From: Jon B. <bri...@nm...> - 2022-03-12 07:51:12
|
Without the certificates extracted from the output of the command: openssl s_client -connect imap.mail.me.com:993 -showcerts or with the Mozilla root certificates, available from https://curl.se/docs/caextract.html fetchmail says: fetchmail: Server certificate verification error: self signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. fetchmail: OpenSSL reported: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed fetchmail: imap.mail.me.com: SSL connection failed. fetchmail: socket error while fetching from <name>@imap.mail.me.com fetchmail: Query status=2 (SOCKET) The certificate chain is: depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services verify error:num=19:self signed certificate in certificate chain verify return:1 depth=2 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services verify return:1 depth=1 CN = Apple Public Server RSA CA 12 - G1, O = Apple Inc., ST = California, C = US verify return:1 depth=0 CN = imap.mail.me.com, OU = management:idms.group.859635, O = Apple Inc., ST = California, C = US verify return:1 Also see: https://support.plesk.com/hc/en-us/articles/213961665-How-to-verify-that-SSL-for-IMAP-POP3-SMTP-works-and-a-proper-SSL-certificate-is-in-use for example: https://www.sslshopper.com/ssl-checker.html#hostname=imap.mail.me.com:993 On Sat, Mar 12, 2022 at 01:06:32AM +0100, Matthias Andree wrote: > > Am 11.03.22 um 22:59 schrieb Jon Brinkmann: > > Thanks! > > > > I got it working, with one additional step. The depth=2 SSL certificate for > > icloud.com is self-signed, so fetchmail refuses the SSL connection. I found > > the solution at: > > > > https://geekmush.wordpress.com/2007/06/29/how-to-make-fetchmail-happy-with-the-servers-ssl-cert/ > > Congratulations, you have just installed some attacker's CA > certificates. That is not a solution, but unsafe garbage. > > Please everyone remove the certificates you have installed that way. > > Instead, install your distribution's default Mozilla certificate > package. Depending on your distribution, it might be called > ca-certificates or ca_root_nss or similar. > > Explanation: > > The root CA certificate (Equifax's in that example on the website) MUST > be obtained via a SECURE separate channel and NOT from the connection. > There are SSL tools (for instance, SSLsplit) that will generate such CA > certificates on the fly to crack the encrypted connection and you could > not tell from the name that this is happening. This is typical for > anti-virus/web security gateways/firewalls and of course also in > malicious attacks. > > _______________________________________________ > Fetchmail-users mailing list > Fet...@li... > https://lists.sourceforge.net/lists/listinfo/fetchmail-users |
|
From: Matthias A. <mat...@gm...> - 2022-03-12 20:41:15
|
Am 12.03.22 um 08:47 schrieb Jon Brinkmann: > Without the certificates extracted from the output of the command: > > openssl s_client -connect imap.mail.me.com:993 -showcerts > > or with the Mozilla root certificates, available from > > https://curl.se/[...] > > fetchmail says: > > fetchmail: Server certificate verification error: self signed certificate in certificate chain > fetchmail: Missing trust anchor certificate: /C=GB/ST=Greater Manchester/L=Salford/O=Comodo CA Limited/CN=AAA Certificate Services > fetchmail: This could mean that the root CA's signing certificate is not in the trusted CA certificate location, or that c_rehash needs to be run on the certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manual page. See README.SSL for details. Jon, stop random trying - it wastes everybody's time - and go systematically. Disregard random stuff you find on the Internet. It is not usually written for your distribution or distribution's version or file layout and may not be complete - see above. Forget -showcerts. It is a debugging tool for knowledgeable developers, not for end users. Read and understand the error message and the referenced information. Look for and install Mozilla's root certificates PER YOUR DISTRIBUTION'S PACKAGE. Find out how it's called if it is not ca-certificates nor ca-certificates-mozilla nor ca_root_nss. Also see: > https://... No. I don't care for even more distraction, because there is no need. imap.mail.me.com validates properly for me, out of the box, on Fedora Linux 35, on Ubuntu 20.04.4, on Alpine Linux 3.15, and on FreeBSD 13.0. I have tried all four just now. > $ fetchmail -vcNd0 -f/dev/null imap.mail.me.com -pimap --ssl --user joe > Enter password for jo...@im...: > fetchmail: --check mode enabled, not fetching mail > fetchmail: 6.4.28 querying imap.mail.me.com (protocol IMAP) at Sat, 12 > Mar 2022 20:34:10 +0000 (UTC): poll started > Trying to connect to 17.42.251.32/993...connected. > fetchmail: Server certificate: > fetchmail: Issuer Organization: Apple Inc. > fetchmail: Issuer CommonName: Apple Public Server RSA CA 12 - G1 > fetchmail: Subject CommonName: imap.mail.me.com > fetchmail: Subject Alternative Name: p41-imap.mail.me.com > [...] > fetchmail: Subject Alternative Name: p28-imap.mail.me.com > fetchmail: Subject Alternative Name: imap.mail.me.com > fetchmail: Subject Alternative Name: p80-imap.mail.me.com > fetchmail: Subject Alternative Name: p33-imap.mail.me.com > fetchmail: Subject Alternative Name: p59-imap.mail.me.com > fetchmail: Subject Alternative Name: p72-imap.mail.me.com > fetchmail: Subject Alternative Name: mail.mac.com > fetchmail: imap.mail.me.com key fingerprint: > D8:37:66:9C:66:58:51:20:BB:0F:28:B1:68:F3:0A:F9 > fetchmail: SSL/TLS: using protocol TLSv1.3, cipher > TLS_AES_256_GCM_SHA384, 256/256 secret/processed bits > fetchmail: IMAP< * OK [CAPABILITY XAPPLEPUSHSERVICE IMAP4 IMAP4rev1 > SASL-IR AUTH=ATOKEN AUTH=PLAIN] (2210B49-fcb7e75610a7) > st43p00im-tygg09060401.me.com > fetchmail: will idle after poll > [...] |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X