Menu
▾
▴
fetchmail-users
|
From: Pongthep K. <ptk...@gm...> - 2007-05-15 17:48:16
|
> Ok, simply, as root: > > 1) pkg_add -r cvsup-without-gui There were some error messages. # pkg_add -r cvsup_without_gui pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz' by URL Error: FTP Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-5.4-release/Latest/cvsup-without-gui.tbz: File unavailable (e.g., file not found, no access) > 2) cp /usr/share/examples/cvsup/ports-supfile /root > 3) vi /root/ports-supfile > (or use your favourite text editor, if you're not comfortable with any do: > sed "s/CHANGE_THIS/cvsup3/" /root/ports-supfile > /root/my-ports-supfile > mv /root/my-ports-supfile /root/ports-supfile I used vim and very familiar with it, but I can't do pkg_add, see above. > 4) cvsup /root/ports-supfile > Repeat command (4) when you're expecting to install or update software > - at most daily. > > I'd recommend portsnap instead personally, but cvsup is easier to get > going with initially (pre FreeBSD 6). Don't overlook help from the > various freebsd mailing lists (including freebsd-questions) - people > there are generally helpful. > > The FreeBSD manual goes into more detail: > > http://www.freebsd.org/doc/handbook/ports-using.html > > It is available in more than English, but I not many and I don't know > what languages you read. Thank you very much, BTW I can read English but not natively. But I can't read too long, I currently have the problem with my eyes. My doctor told me to reduce reading or using computer. > > What is root certificate? please give me a bit of more details. > > I'd suggest a look at the Wikipedia article for "ssl certificate" as > without knowing how much you know there's a risk of making it too > simple (and boring you) or assuming too much (and confusing you) :-) > > http://en.wikipedia.org/wiki/Ssl_certificate#Security > > (very) briefly a certificate is a way of being certain that a host is > what it claims to be (eg mail.google.com). There are different types, > with a root certificate being able of validating other certificates. > > > Can you please give me a brief example of --sslcertck? I did not find it in the provided handbook or man pages. > > It *is* detailed in at least the online manual: > > http://www.fetchmail.info/fetchmail-man.html Once I have skimmed thru these documents while I was configuring gmail account. so many things to learn. Anyway I started to understand. Thank you, It should be kinda encryption, my password or messages are encoded and can't be read by any intermediate persons. And only the server has an algorithm to decode it. So nobody can steal my password or messages. If I'm wrong, pls correct me. > > Shall I just cd /usr/ports/security/ca-roots and make install? > > Yes, but update your ports first. > > > How to obtain the new version? > > See the details on use of cvsup above. Can I skip step 1) and carry on with steps 2), 3) and 4)? I have the binary of /usr/local/bin/cvsup But I only use text mode no GUI. That should be the case of cvsup_without_gui. I don't know. I still question. after updating port and make install under /usr/ports/security/ca-roots, what shall i do next with my .fetchmailrc? BTW I shall read fetchmail(1) anyway, but I can say that it is very hard for noobies to understand. Thanks again, Pongthep Kulkrisada |
|
From: Pongthep K. <ptk...@gm...> - 2007-05-16 15:34:16
|
> > Can I skip step 1) and carry on with steps 2), 3) and 4)? > > I have the binary of /usr/local/bin/cvsup > > Yup, that will be fine. So what I shall do are - mv /usr/ports/* /somewhere/else/ - cp /usr/share/examples/cvsup/ports-supfile /root - vim /root/ports-supfile - cvsup -g -L 2 /root/ports-supfile - cd /usr/ports/mail/fetchmail - make install - I shall do the same with its dependencies i.e. ca-roots, gettext, gmake, libiconv as ports should not know dependency. If I'm wrong, pls correct me. > You may not have to do anything, try restarting fetchmail (or stopping > it and running "fetchmail --nosyslog --nodetach -vvv -c" to do a mail > check). If everything is in the expected locations then the error > will go away. Is it secure as intent? If so I shall follow this instruction as it is very simple. thank you Pongthep Kulkrisada |
|
From: Pongthep K. <ptk...@gm...> - 2007-05-16 15:42:34
|
> > You may not have to do anything, try restarting fetchmail (or stopping > > it and running "fetchmail --nosyslog --nodetach -vvv -c" to do a mail > > check). If everything is in the expected locations then the error > > will go away. > Is it secure as intent? If so I shall follow this instruction as it is very simple. Nope, those 3 errors still exist. fetchmail: Server certificate verification error: unable to get local issuer certificate fetchmail: Server certificate verification error: certificate not trusted fetchmail: Server certificate verification error: unable to verify the first certificate thank you Pongthep Kulkrisada |
|
From: Rob M. <rob...@gm...> - 2007-05-16 16:12:32
|
On 5/16/07, Pongthep Kulkrisada <ptk...@gm...> wrote:
> > > Can I skip step 1) and carry on with steps 2), 3) and 4)?
> > > I have the binary of /usr/local/bin/cvsup
> >
> > Yup, that will be fine.
> So what I shall do are
> - mv /usr/ports/* /somewhere/else/
No, leave it alone.
> - cp /usr/share/examples/cvsup/ports-supfile /root
> - vim /root/ports-supfile
> - cvsup -g -L 2 /root/ports-supfile
Yes
> - cd /usr/ports/mail/fetchmail
> - make install
Yes
> - I shall do the same with its dependencies i.e. ca-roots, gettext, gmake, libiconv as ports should not know dependency.
Actually, the ports *WILL* know the dependencies, though ca-roots
isn't a dependency.
> Nope, those 3 errors still exist.
>
> fetchmail: Server certificate verification error: unable to get local issuer certificate
> fetchmail: Server certificate verification error: certificate not trusted
> fetchmail: Server certificate verification error: unable to verify the first certificate
Take a look at the section on "sslcertpath" in the manual. You either
need to run c_rehash (comes with OpenSSL), or tell fetchmail where to
find the certificates.
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
|
|
From: Pongthep K. <ptk...@gm...> - 2007-05-16 18:40:19
|
> So what I shall do are > - mv /usr/ports/* /somewhere/else/ > - cp /usr/share/examples/cvsup/ports-supfile /root > - vim /root/ports-supfile > - cvsup -g -L 2 /root/ports-supfile > - cd /usr/ports/mail/fetchmail > - make install > - I shall do the same with its dependencies i.e. ca-roots, gettext, gmake, libiconv as ports should not know dependency. It is a ``YES'', it is now working with no errors thanks to Matthias and Rob Pongthep Kulkrisada |
|
From: Matthias A. <mat...@gm...> - 2007-05-16 16:35:56
|
Rob MacGregor schrieb: > On 5/16/07, Pongthep Kulkrisada <ptk...@gm...> wrote: >> fetchmail: Server certificate verification error: unable to get local issuer certificate >> fetchmail: Server certificate verification error: certificate not trusted >> fetchmail: Server certificate verification error: unable to verify the first certificate > > Take a look at the section on "sslcertpath" in the manual. You either > need to run c_rehash (comes with OpenSSL), or tell fetchmail where to > find the certificates. As far as I know, ca-roots installs one large .pem file with a gazillion of certs and installs a softlink. I know from own experience that these messages do not appear for gmail.com if I install fetchmail from an up-to-date FreeBSD ports tree under the most recent 6.2-RELEASE-p4, but I don't know about 5.4. If there's anything about the default paths in 5.4's libssl different from 6.2, then that might be the problem. |
|
From: Rob M. <rob...@gm...> - 2007-05-16 20:15:08
|
On 5/16/07, Matthias Andree <mat...@gm...> wrote: > As far as I know, ca-roots installs one large .pem file with a gazillion of > certs and installs a softlink. > > I know from own experience that these messages do not appear for gmail.com > if I install fetchmail from an up-to-date FreeBSD ports tree under the most > recent 6.2-RELEASE-p4, but I don't know about 5.4. > > If there's anything about the default paths in 5.4's libssl different from > 6.2, then that might be the problem. It works with the defaults for me on 5.4, which means it should for any default install from ports on 5.x. However, there's nothing to say the somebody's install isn't non-default, hence my covering the bases :) AFAIK there aren't any significant path differences between FreeBSD 5.x and 6.x (or even from 4.x to 7.x) for anything installed from ports. In theory this process should work on any of those versions. -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche |
|
From: Rob M. <rob...@gm...> - 2007-05-15 18:00:59
|
On 5/15/07, Pongthep Kulkrisada <ptk...@gm...> wrote:
> It should be kinda encryption, my password or messages are encoded and can't be read by any intermediate persons. And only the server has an algorithm to decode it. So nobody can steal my password or messages. If I'm wrong, pls correct me.
Well sort of.
Only your connection to the remote server is encrypted by SSL/TLS.
The email will make its way to the server unencrypted and is stored in
the clear on the server, so it is only the last hop that you're
protecting.
Of course, that does protect your username and password, if you are
using PLAIN or LOGIN authentication. If you can it is better to use
one of the stronger methods, but that's down to what the remote
POP/IMAP server supports (and what you have compiled into fetchmail)
> Can I skip step 1) and carry on with steps 2), 3) and 4)?
> I have the binary of /usr/local/bin/cvsup
Yup, that will be fine.
> But I only use text mode no GUI.
Never used the GUI version so I can assure you that is ok.
> I still question.
> after updating port and make install under /usr/ports/security/ca-roots,
> what shall i do next with my .fetchmailrc?
You may not have to do anything, try restarting fetchmail (or stopping
it and running "fetchmail --nosyslog --nodetach -vvv -c" to do a mail
check). If everything is in the expected locations then the error
will go away.
> BTW I shall read fetchmail(1) anyway, but I can say that it is very hard for noobies to understand.
That is something others have said and I have already said that, when
I have the time, I will help the project re-write it. Having a one
year old child means I have little free time :)
--
Please keep list traffic on the list.
Rob MacGregor
Whoever fights monsters should see to it that in the process he
doesn't become a monster. Friedrich Nietzsche
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X