fetchmail-users

[fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

Fetchmail is collecting mail from several boxes on my new ISP's server.  I 
have suppressed the messages about how many messages were collected, but I 
still get a set of 

fetchmail: Server certificate verification error: self signed certificate

every few minutes.

Googling suggests that the best way to get rid of it is to obtain a copy of my 
ISP's certificate, so that fetchmail can check against it, but I'm not having 
much success with that.  The Tech. Support people don't seem to understand 
what's happening and why I need it.

Is there any other way of stopping these messages?  I don't want to devnull 
everything from fetchmail - that's obviously a dangerous move.

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/17/07, Anne Wilson <can...@go...> wrote:
> Fetchmail is collecting mail from several boxes on my new ISP's server.  I
> have suppressed the messages about how many messages were collected, but I
> still get a set of
>
> fetchmail: Server certificate verification error: self signed certificate
>
> every few minutes.

What version of fetchmail?  Are you running it from cron, or as a daemon?

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Friday 17 Aug 2007, Rob MacGregor wrote:
> On 8/17/07, Anne Wilson <can...@go...> wrote:
> > Fetchmail is collecting mail from several boxes on my new ISP's server. 
> > I have suppressed the messages about how many messages were collected,
> > but I still get a set of
> >
> > fetchmail: Server certificate verification error: self signed certificate
> >
> > every few minutes.
>
> What version of fetchmail?  Are you running it from cron, or as a daemon?

6.3.6.  It's run from cron.

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/18/07, Anne Wilson <can...@go...> wrote:
> On Friday 17 Aug 2007, Rob MacGregor wrote:
> > On 8/17/07, Anne Wilson <can...@go...> wrote:
> > > Fetchmail is collecting mail from several boxes on my new ISP's server.
> > > I have suppressed the messages about how many messages were collected,
> > > but I still get a set of
> > >
> > > fetchmail: Server certificate verification error: self signed certificate
> > >
> > > every few minutes.
> >
> > What version of fetchmail?  Are you running it from cron, or as a daemon?
>
> 6.3.6.  It's run from cron.

1) Upgrade to 6.3.8
2) Use daemon mode
3) Download the certificate by running the following TWO lines:

openssl s_client -connect remote.server.net:993 </dev/null | sed -ne
'/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
>/usr/local/openssl/remote.pem

c_rehash

Replace "remote.pem" and "remote.server.net" with relevant names.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Saturday 18 Aug 2007, Rob MacGregor wrote:
> On 8/18/07, Anne Wilson <can...@go...> wrote:
> > On Friday 17 Aug 2007, Rob MacGregor wrote:
> > > On 8/17/07, Anne Wilson <can...@go...> wrote:
> > > > Fetchmail is collecting mail from several boxes on my new ISP's
> > > > server. I have suppressed the messages about how many messages were
> > > > collected, but I still get a set of
> > > >
> > > > fetchmail: Server certificate verification error: self signed
> > > > certificate
> > > >
> > > > every few minutes.
> > >
> > > What version of fetchmail?  Are you running it from cron, or as a
> > > daemon?
> >
> > 6.3.6.  It's run from cron.
>
> 1) Upgrade to 6.3.8
> 2) Use daemon mode
> 3) Download the certificate by running the following TWO lines:
>
> openssl s_client -connect remote.server.net:993 </dev/null | sed -ne
> '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
>
> >/usr/local/openssl/remote.pem
>
> c_rehash
>
> Replace "remote.pem" and "remote.server.net" with relevant names.

Hi, Rob.  I've upgraded now, but I've not been able to run as a daemon.  I 
seem to have a path problem.

fetchmail --daemon 300
fetchmail: cannot open /home/anne/~/fetchmail.log: No such file or directory
fetchmail: fetchmail: Cannot detach into background. Aborting.

This when commanding as user.  I did wonder if root needed to start it, but I 
guess if that's so I'll have to feed it the user path somehow.

Can you help, please?

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/19/07, Anne Wilson <can...@go...> wrote:
> Hi, Rob.  I've upgraded now, but I've not been able to run as a daemon.  I
> seem to have a path problem.
>
> fetchmail --daemon 300
> fetchmail: cannot open /home/anne/~/fetchmail.log: No such file or directory
> fetchmail: fetchmail: Cannot detach into background. Aborting.
>
> This when commanding as user.  I did wonder if root needed to start it, but I
> guess if that's so I'll have to feed it the user path somehow.
>
> Can you help, please?

Looks like a typo somewhere in your config file.  What does your
.fetchmailrc file contain?

I'm guessing a line like:

 logfile ~/fetchmail.log

Try "logfile /home/anne/fetchmail.log" instead.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Sunday 19 Aug 2007, Rob MacGregor wrote:
> On 8/19/07, Anne Wilson <can...@go...> wrote:
> > Hi, Rob.  I've upgraded now, but I've not been able to run as a daemon. 
> > I seem to have a path problem.
> >
> > fetchmail --daemon 300
> > fetchmail: cannot open /home/anne/~/fetchmail.log: No such file or
> > directory fetchmail: fetchmail: Cannot detach into background. Aborting.
> >
> > This when commanding as user.  I did wonder if root needed to start it,
> > but I guess if that's so I'll have to feed it the user path somehow.
> >
> > Can you help, please?
>
> Looks like a typo somewhere in your config file.  What does your
> .fetchmailrc file contain?
>
> I'm guessing a line like:
>
>  logfile ~/fetchmail.log
>
> Try "logfile /home/anne/fetchmail.log" instead.

That corrected it, and the daemon is now running.  However, I'm still having 
no luck in getting the certificate.  This is the command I'm using:

[root@david ~]# openssl s_client -connect zencphosting09.zen.co.uk:993 
</dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END 
CERTIFICATE-/p'>/etc/pki/tls/rootcerts/zencphosting09.zen.co.uk.pem

It just sits there, nothing happening.

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/20/07, Anne Wilson <can...@go...> wrote:
>
> That corrected it, and the daemon is now running.  However, I'm still having
> no luck in getting the certificate.  This is the command I'm using:
>
> [root@david ~]# openssl s_client -connect zencphosting09.zen.co.uk:993
> </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END
> CERTIFICATE-/p'>/etc/pki/tls/rootcerts/zencphosting09.zen.co.uk.pem
>
> It just sits there, nothing happening.

Try just running:

openssl s_client -connect zencphosting09.zen.co.uk:993

And then copy-n-paste the lines between "-BEGIN CERTIFICATE-" and
"-END CERTIFICATE-" (including those lines) to the pem file.  Then run
"c_rehash".

If that doesn't work then please post your .fetchmailrc

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Anne Wilson <can...@go...> wrote:
> > That corrected it, and the daemon is now running.  However, I'm still
> > having no luck in getting the certificate.  This is the command I'm
> > using:
> >
> > [root@david ~]# openssl s_client -connect zencphosting09.zen.co.uk:993
> > </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END
> > CERTIFICATE-/p'>/etc/pki/tls/rootcerts/zencphosting09.zen.co.uk.pem
> >
> > It just sits there, nothing happening.
>
> Try just running:
>
> openssl s_client -connect zencphosting09.zen.co.uk:993
>
> And then copy-n-paste the lines between "-BEGIN CERTIFICATE-" and
> "-END CERTIFICATE-" (including those lines) to the pem file.  Then run
> "c_rehash".
>
> If that doesn't work then please post your .fetchmailrc

Abbreviated .fetchmailrc - other mailboxes removed for simplicity.

set logfile = /home/anne/fetchmail.log

poll zencphosting09.zen.co.uk with proto pop3
	user "su...@ly..."
	pass "xxxxxx"
	is anne fetchall

zencphosting09 is the server for my domain account.  Maybe the certificate 
doesn't exist on that server?  The general server for mail not on the domain 
addresses is mailhost.zen.co.uk.  I used that at first, but then got a 
message that the certificate didn't match my domain, for every mailbox, every 
connection.  I did ask zen if I should put a certificate onto my domain 
space, but they said that it was not necessary.

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/20/07, Anne Wilson <can...@go...> wrote:
>
> Abbreviated .fetchmailrc - other mailboxes removed for simplicity.
>
> set logfile = /home/anne/fetchmail.log
>
> poll zencphosting09.zen.co.uk with proto pop3
>         user "su...@ly..."
>         pass "xxxxxx"
>         is anne fetchall
>
> zencphosting09 is the server for my domain account.  Maybe the certificate
> doesn't exist on that server?  The general server for mail not on the domain
> addresses is mailhost.zen.co.uk.  I used that at first, but then got a
> message that the certificate didn't match my domain, for every mailbox, every
> connection.  I did ask zen if I should put a certificate onto my domain
> space, but they said that it was not necessary.

Ok, next step, please post the output of "fetchmail -v -v -v -c"

Also, what was the result of the openssl command?

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Anne Wilson <can...@go...> wrote:
> > Abbreviated .fetchmailrc - other mailboxes removed for simplicity.
> >
> > set logfile = /home/anne/fetchmail.log
> >
> > poll zencphosting09.zen.co.uk with proto pop3
> >         user "su...@ly..."
> >         pass "xxxxxx"
> >         is anne fetchall
> >
> > zencphosting09 is the server for my domain account.  Maybe the
> > certificate doesn't exist on that server?  The general server for mail
> > not on the domain addresses is mailhost.zen.co.uk.  I used that at first,
> > but then got a message that the certificate didn't match my domain, for
> > every mailbox, every connection.  I did ask zen if I should put a
> > certificate onto my domain space, but they said that it was not
> > necessary.
>
> Ok, next step, please post the output of "fetchmail -v -v -v -c"
>
Nothing.  A pause, then return to prompt:
fetchmail -v -v -v -c
fetchmail: can't check mail while another fetchmail to same host is running.
[anne@david ~]$ fetchmail --quit
fetchmail: background fetchmail at 6056 killed.
[anne@david ~]$ fetchmail -v -v -v -c
[anne@david ~]$

> Also, what was the result of the openssl command?

None.  It hung until I gave it Ctrl-C

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Matthias A. <mat...@gm...>]

Anne Wilson schrieb:
> On Monday 20 Aug 2007, Rob MacGregor wrote:
>> On 8/20/07, Anne Wilson <can...@go...> wrote:
>>> Abbreviated .fetchmailrc - other mailboxes removed for simplicity.
>>>
>>> set logfile = /home/anne/fetchmail.log
>>>
>>> poll zencphosting09.zen.co.uk with proto pop3
>>>         user "su...@ly..."
>>>         pass "xxxxxx"
>>>         is anne fetchall
>>>
>>> zencphosting09 is the server for my domain account.  Maybe the
>>> certificate doesn't exist on that server?  The general server for mail
>>> not on the domain addresses is mailhost.zen.co.uk.  I used that at first,
>>> but then got a message that the certificate didn't match my domain, for
>>> every mailbox, every connection.  I did ask zen if I should put a
>>> certificate onto my domain space, but they said that it was not
>>> necessary.
>> Ok, next step, please post the output of "fetchmail -v -v -v -c"
>>
> Nothing.  A pause, then return to prompt:
> fetchmail -v -v -v -c
> fetchmail: can't check mail while another fetchmail to same host is running.
> [anne@david ~]$ fetchmail --quit
> fetchmail: background fetchmail at 6056 killed.
> [anne@david ~]$ fetchmail -v -v -v -c
> [anne@david ~]$

Try: fetchmail -v -v -v -c --nodetach --nosyslog

Re: [fetchmail-users] How to avoid these annoying reports

[Matthias A. <mat...@gm...>]

Rob MacGregor schrieb:
> On 8/18/07, Anne Wilson <can...@go...> wrote:
>> On Friday 17 Aug 2007, Rob MacGregor wrote:
>>> On 8/17/07, Anne Wilson <can...@go...> wrote:
>>>> Fetchmail is collecting mail from several boxes on my new ISP's server.
>>>> I have suppressed the messages about how many messages were collected,
>>>> but I still get a set of
>>>>
>>>> fetchmail: Server certificate verification error: self signed certificate
>>>>
>>>> every few minutes.
>>> What version of fetchmail?  Are you running it from cron, or as a daemon?
>> 6.3.6.  It's run from cron.
> 
> 1) Upgrade to 6.3.8
> 2) Use daemon mode
> 3) Download the certificate by running the following TWO lines:
> 
> openssl s_client -connect remote.server.net:993 </dev/null | sed -ne
> '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
>> /usr/local/openssl/remote.pem
> 
> c_rehash
> 
> Replace "remote.pem" and "remote.server.net" with relevant names.
> 

Recent fetchmail versions should, if configured with sslfingerprint,
suppress the warning that Anne quoted. The fingerprint can be obtained from
fetchmail's verbose output.

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/20/07, Anne Wilson <can...@go...> wrote:
> fetchmail -v -v -v -c
> fetchmail: can't check mail while another fetchmail to same host is running.
> [anne@david ~]$ fetchmail --quit
> fetchmail: background fetchmail at 6056 killed.
> [anne@david ~]$ fetchmail -v -v -v -c

Right, next time don't trim so much of your config file.  By doing so
you make it *VERY* difficult for those of us trying to help you.

Run the command Matthais gave.

> [anne@david ~]$
>
> > Also, what was the result of the openssl command?
>
> None.  It hung until I gave it Ctrl-C

Which suggests they're not running an IMAPS service, try 995 instead (POP3S).

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports - Correction

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Anne Wilson <can...@go...> wrote:
> > fetchmail -v -v -v -c
> > fetchmail: can't check mail while another fetchmail to same host is
> > running. [anne@david ~]$ fetchmail --quit
> > fetchmail: background fetchmail at 6056 killed.
> > [anne@david ~]$ fetchmail -v -v -v -c
>
> Right, next time don't trim so much of your config file.  By doing so
> you make it *VERY* difficult for those of us trying to help you.
>
The only other lines were stanzas identical to the one I gave you, apart from 
mailbox name and password.  Except, that is, the first one, which reads

poll mailhost.zen.co.uk with proto pop3
	user "zen136663"
	pass "xxxxxx"
	is anne fetchall

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/20/07, Matthias Andree <mat...@gm...> wrote:
>
> Recent fetchmail versions should, if configured with sslfingerprint,
> suppress the warning that Anne quoted. The fingerprint can be obtained from
> fetchmail's verbose output.

True, but I've been badly bitten by that before - ISP uses self-signed
certificate, certificate is changed, mail no longer collected.  I get
enough email that it became apparent within hours, but it still took
me longer than I'd have liked to identify the problem.

IMO sslfingerprint should only be used where it isn't possible to
otherwise validate a certificate.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Matthias Andree <mat...@gm...> wrote:
> > Recent fetchmail versions should, if configured with sslfingerprint,
> > suppress the warning that Anne quoted. The fingerprint can be obtained
> > from fetchmail's verbose output.
>
> True, but I've been badly bitten by that before - ISP uses self-signed
> certificate, certificate is changed, mail no longer collected.  I get
> enough email that it became apparent within hours, but it still took
> me longer than I'd have liked to identify the problem.
>
> IMO sslfingerprint should only be used where it isn't possible to
> otherwise validate a certificate.

Mail is being collected - no problem there - just those warnings.

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Anne Wilson <can...@go...> wrote:
> > fetchmail -v -v -v -c
> > fetchmail: can't check mail while another fetchmail to same host is
> > running. [anne@david ~]$ fetchmail --quit
> > fetchmail: background fetchmail at 6056 killed.
> > [anne@david ~]$ fetchmail -v -v -v -c
>
> Right, next time don't trim so much of your config file.  By doing so
> you make it *VERY* difficult for those of us trying to help you.
>
The only other lines were stanzas identical to the one I gave you, apart from 
mailbox name and password.

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/20/07, Anne Wilson <can...@go...> wrote:
> The only other lines were stanzas identical to the one I gave you, apart from
> mailbox name and password.

Well, something was sending the output of fetchmail somewhere other
than standard out.  As I said, run the full command Matthias gave:

   fetchmail -v -v -v -c --nodetach --nosyslog

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Anne Wilson <can...@go...> wrote:
> > The only other lines were stanzas identical to the one I gave you, apart
> > from mailbox name and password.
>
> Well, something was sending the output of fetchmail somewhere other
> than standard out.  As I said, run the full command Matthias gave:
>
>    fetchmail -v -v -v -c --nodetach --nosyslog

Sorry - I sent the output to Matthias by accident.  I've re-sent it to the 
list.

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, you wrote:
> Anne Wilson schrieb:
> > On Monday 20 Aug 2007, Rob MacGregor wrote:
> >> On 8/20/07, Anne Wilson <can...@go...> wrote:
> >>> Abbreviated .fetchmailrc - other mailboxes removed for simplicity.
> >>>
> >>> set logfile = /home/anne/fetchmail.log
> >>>
> >>> poll zencphosting09.zen.co.uk with proto pop3
> >>>         user "su...@ly..."
> >>>         pass "xxxxxx"
> >>>         is anne fetchall
> >>>
> >>> zencphosting09 is the server for my domain account.  Maybe the
> >>> certificate doesn't exist on that server?  The general server for mail
> >>> not on the domain addresses is mailhost.zen.co.uk.  I used that at
> >>> first, but then got a message that the certificate didn't match my
> >>> domain, for every mailbox, every connection.  I did ask zen if I should
> >>> put a certificate onto my domain space, but they said that it was not
> >>> necessary.
> >>
> >> Ok, next step, please post the output of "fetchmail -v -v -v -c"
> >
> > Nothing.  A pause, then return to prompt:
> > fetchmail -v -v -v -c
> > fetchmail: can't check mail while another fetchmail to same host is
> > running. [anne@david ~]$ fetchmail --quit
> > fetchmail: background fetchmail at 6056 killed.
> > [anne@david ~]$ fetchmail -v -v -v -c
> > [anne@david ~]$
>
> Try: fetchmail -v -v -v -c --nodetach --nosyslog

That's better.  Here are the beginning, up to the end of the first mailbox, 
and the last mailbox.  All the others are like the last one.

[anne@david ~]$ fetchmail -v -v -v -c --nodetach --nosyslog
fetchmail: 6.3.8 querying mailhost.zen.co.uk (protocol POP3) at Mon 20 Aug 
2007 12:51:17 BST: poll started
fetchmail: Trying to connect to 212.23.3.98/110...connected.
fetchmail: POP3< +OK heisenberg, Zen Internet POP3 Server Ready
fetchmail: POP3> CAPA
fetchmail: POP3< -ERR You must login first.
fetchmail: You must login first.
fetchmail: Repoll immediately on zen...@ma...
fetchmail: Trying to connect to 212.23.3.98/110...connected.
fetchmail: POP3< +OK heisenberg, Zen Internet POP3 Server Ready
fetchmail: POP3> USER zen136663
fetchmail: POP3< +OK Please enter your pass, with the PASS command.
fetchmail: POP3> PASS *
fetchmail: POP3< +OK Logged in.
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for zen136663 at mailhost.zen.co.uk
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Goodbye. See you again sometime :)

fetchmail: 6.3.8 querying mailhost.zen.co.uk (protocol POP3) at Mon 20 Aug 
2007 12:51:18 BST: poll completed
fetchmail: 6.3.8 querying zencphosting09.zen.co.uk (protocol POP3) at Mon 20 
Aug 2007 12:51:18 BST: poll started
fetchmail: Trying to connect to 82.71.204.15/110...connected.
fetchmail: POP3< +OK Hello there.
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Here's what I can do:
fetchmail: POP3< STLS
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 10
fetchmail: POP3< PIPELINING
fetchmail: POP3< UIDL
fetchmail: POP3< IMPLEMENTATION Courier Mail Server
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
fetchmail: Issuer Organisation: Unknown
fetchmail: Issuer CommonName: zencphosting09.zen.co.uk
fetchmail: Server CommonName: zencphosting09.zen.co.uk
fetchmail: zencphosting09.zen.co.uk key fingerprint: 
01:A0:29:54:2F:03:DB:AE:79:8D:B8:B9:BB:9A:1F:9A
fetchmail: Server certificate verification error: self signed certificate
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Here's what I can do:
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 10
fetchmail: POP3< PIPELINING
fetchmail: POP3< UIDL
fetchmail: POP3< IMPLEMENTATION Courier Mail Server
fetchmail: POP3< .
fetchmail: 6.3.8 querying zencphosting09.zen.co.uk (protocol POP3) at Mon 20 
Aug 2007 12:51:24 BST: poll completed
fetchmail: 6.3.8 querying zencphosting09.zen.co.uk (protocol POP3) at Mon 20 
Aug 2007 12:51:24 BST: poll started
fetchmail: Trying to connect to 82.71.204.15/110...connected.
fetchmail: POP3< +OK Hello there.
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Here's what I can do:
fetchmail: POP3< STLS
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 10
fetchmail: POP3< PIPELINING
fetchmail: POP3< UIDL
fetchmail: POP3< IMPLEMENTATION Courier Mail Server
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
fetchmail: Issuer Organisation: Unknown
fetchmail: Issuer CommonName: zencphosting09.zen.co.uk
fetchmail: Server CommonName: zencphosting09.zen.co.uk
fetchmail: zencphosting09.zen.co.uk key fingerprint: 
01:A0:29:54:2F:03:DB:AE:79:8D:B8:B9:BB:9A:1F:9A
fetchmail: Server certificate verification error: self signed certificate
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Here's what I can do:
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 10
fetchmail: POP3< PIPELINING
fetchmail: POP3< UIDL
fetchmail: POP3< IMPLEMENTATION Courier Mail Server
fetchmail: POP3< .
fetchmail: zencphosting09.zen.co.uk: upgrade to TLS succeeded.
fetchmail: POP3> USER su...@ly...
fetchmail: POP3< +OK Password required.
fetchmail: POP3> PASS *
fetchmail: POP3< +OK logged in.
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 0 0
fetchmail: No mail for su...@ly... at zencphosting09.zen.co.uk
fetchmail: POP3> QUIT
fetchmail: POP3< +OK Bye-bye.
fetchmail: 6.3.8 querying zencphosting09.zen.co.uk (protocol POP3) at Mon 20 
Aug 2007 12:51:25 BST: poll completed
fetchmail: normal termination, status 1

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/20/07, Anne Wilson <can...@go...> wrote:
>
> That's better.  Here are the beginning, up to the end of the first mailbox,
> and the last mailbox.  All the others are like the last one.
>
<---SNIP--->
> fetchmail: 6.3.8 querying mailhost.zen.co.uk (protocol POP3) at Mon 20 Aug
> 2007 12:51:18 BST: poll completed
> fetchmail: 6.3.8 querying zencphosting09.zen.co.uk (protocol POP3) at Mon 20
> Aug 2007 12:51:18 BST: poll started
> fetchmail: Trying to connect to 82.71.204.15/110...connected.
> fetchmail: POP3< +OK Hello there.
> fetchmail: POP3> CAPA
> fetchmail: POP3< +OK Here's what I can do:
> fetchmail: POP3< STLS
> fetchmail: POP3< TOP
> fetchmail: POP3< USER
> fetchmail: POP3< LOGIN-DELAY 10
> fetchmail: POP3< PIPELINING
> fetchmail: POP3< UIDL
> fetchmail: POP3< IMPLEMENTATION Courier Mail Server
> fetchmail: POP3< .
> fetchmail: POP3> STLS
> fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
> fetchmail: Issuer Organisation: Unknown
> fetchmail: Issuer CommonName: zencphosting09.zen.co.uk
> fetchmail: Server CommonName: zencphosting09.zen.co.uk
> fetchmail: zencphosting09.zen.co.uk key fingerprint:
> 01:A0:29:54:2F:03:DB:AE:79:8D:B8:B9:BB:9A:1F:9A
> fetchmail: Server certificate verification error: self signed certificate

Right, try another go at the openssl command, but use port 995 (POP3S)
instead of 993 (IMAPS).  If that fails then, as Matthias said, you
could use:

sslfingerprint 01:A0:29:54:2F:03:DB:AE:79:8D:B8:B9:BB:9A:1F:9A

before the "user" line.

Be warned however that if/when the fingerprint changes fetchmail will
(quite reasonably) refuse to communicate with that server.
Alternatively, assuming you're running in daemon mode, just ignore the
warning you'll (only) get at startup :)

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Anne Wilson <can...@go...> wrote:
> > That's better.  Here are the beginning, up to the end of the first
> > mailbox, and the last mailbox.  All the others are like the last one.
>
> <---SNIP--->
>
> > fetchmail: 6.3.8 querying mailhost.zen.co.uk (protocol POP3) at Mon 20
> > Aug 2007 12:51:18 BST: poll completed
> > fetchmail: 6.3.8 querying zencphosting09.zen.co.uk (protocol POP3) at Mon
> > 20 Aug 2007 12:51:18 BST: poll started
> > fetchmail: Trying to connect to 82.71.204.15/110...connected.
> > fetchmail: POP3< +OK Hello there.
> > fetchmail: POP3> CAPA
> > fetchmail: POP3< +OK Here's what I can do:
> > fetchmail: POP3< STLS
> > fetchmail: POP3< TOP
> > fetchmail: POP3< USER
> > fetchmail: POP3< LOGIN-DELAY 10
> > fetchmail: POP3< PIPELINING
> > fetchmail: POP3< UIDL
> > fetchmail: POP3< IMPLEMENTATION Courier Mail Server
> > fetchmail: POP3< .
> > fetchmail: POP3> STLS
> > fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
> > fetchmail: Issuer Organisation: Unknown
> > fetchmail: Issuer CommonName: zencphosting09.zen.co.uk
> > fetchmail: Server CommonName: zencphosting09.zen.co.uk
> > fetchmail: zencphosting09.zen.co.uk key fingerprint:
> > 01:A0:29:54:2F:03:DB:AE:79:8D:B8:B9:BB:9A:1F:9A
> > fetchmail: Server certificate verification error: self signed certificate
>
> Right, try another go at the openssl command, but use port 995 (POP3S)
> instead of 993 (IMAPS).  

That didn't help - it still sat there, doing nothing.

> If that fails then, as Matthias said, you 
> could use:
>
> sslfingerprint 01:A0:29:54:2F:03:DB:AE:79:8D:B8:B9:BB:9A:1F:9A
>
> before the "user" line.
>
I'll try that now.  I should know in a few minutes whether it has worked.

> Be warned however that if/when the fingerprint changes fetchmail will
> (quite reasonably) refuse to communicate with that server.

If I don't get mail at the usual intervals, I'll check the logs.  Thanks for 
the warning.

> Alternatively, assuming you're running in daemon mode, just ignore the
> warning you'll (only) get at startup :)

Unfortunately, it comes from every mailbox that it checks, so I have at the 
moment 57 messages that say

fetchmail: Server certificate verification error: self signed certificate
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Server certificate verification error: self signed certificate
fetchmail: Server certificate verification error: self signed certificate

That makes them hard to ignore :-)

Well - putting the fingerprint hasn't stopped the warnings, so I guess I'll 
take them out again.  Ah well!

Anne

Re: [fetchmail-users] How to avoid these annoying reports

[Rob M. <rob...@gm...>]

On 8/20/07, Anne Wilson <can...@go...> wrote:
>
> That didn't help - it still sat there, doing nothing.

Well, either they don't provide POP3S/IMAPS services, or you've got a
firewall in the way filtering access.

> I'll try that now.  I should know in a few minutes whether it has worked.

I'd suggest you restart fetchmail after that change.
<---SNIP--->
> Well - putting the fingerprint hasn't stopped the warnings, so I guess I'll
> take them out again.  Ah well!

It should - I ran that way long enough.

With it back in, can you provide the output of:

fetchmail --configdump

Mask the passwords - this provides a view of fetchmail's config file,
as understood by fetchmail.

-- 
                 Please keep list traffic on the list.

Rob MacGregor
      Whoever fights monsters should see to it that in the process he
        doesn't become a monster.                  Friedrich Nietzsche

Re: [fetchmail-users] How to avoid these annoying reports

[Anne W. <can...@go...>]

On Monday 20 Aug 2007, Rob MacGregor wrote:
> On 8/20/07, Anne Wilson <can...@go...> wrote:
> > That didn't help - it still sat there, doing nothing.
>
> Well, either they don't provide POP3S/IMAPS services, or you've got a
> firewall in the way filtering access.
>
Come to think of it, that could well be the problem.  A port needs opening, 
perhaps.  I'll look into that.

> > I'll try that now.  I should know in a few minutes whether it has worked.
>
> I'd suggest you restart fetchmail after that change.
> <---SNIP--->
>
> > Well - putting the fingerprint hasn't stopped the warnings, so I guess
> > I'll take them out again.  Ah well!
>
> It should - I ran that way long enough.
>
> With it back in, can you provide the output of:
>
> fetchmail --configdump
>
> Mask the passwords - this provides a view of fetchmail's config file,
> as understood by fetchmail.

Right - maybe I misunderstood your instructions.  At present the stanzas in 
fetchmailrc look like this:

poll zencphosting09.zen.co.uk with proto pop3
	sslfingerprint 01:A0:29:54:2F:03:DB:AE:79:8D:B8:B9:BB:9A:1F:9A
	user "su...@ly..."
	pass "xxxxxx"
	is anne fetchall

And attempting to restart fetchmail, or to run with --configdump, brings

fetchmail:/home/anne/.fetchmailrc:24: syntax error at 01


What am I doing wrong now?

Anne