fetchmail-users

[Fetchmail-users] help with gmx and starttls

[Stefan L. <S....@gm...>]

Hi,

I'm just setting up my new server since my old one broke down. I'm stuck at 
getting fetchmail to work. I'm getting the following messages in the logfile:

fetchmail[5376]: reading message xx...@gm...@pop.gmx.net:1 of 69 (3255 octets) 
(log message incomplete)
fetchmail[5376]: SMTP error: 530 5.7.0 Must issue a STARTTLS command first

I think I have the same fetchmail configuration as on my last server:

## /etc/fetchmailrc$                                                                                                                                           
set postmaster "stefan"$                                                                                                                                               
set bouncemail$                                                                                                                                                        
set no spambounce$                                                                                                                                                     
set properties ""$                                                                                                                                                     
set syslog$                                                                                                                                                            
set daemon 60
poll pop.gmx.net with protocol pop3
  user 'xx...@gm...' there with password 'xxx' is 'xxx' here options keep ssl
 
I also tried 'sslproto' with tls1, ssl1, ssl23, but it's the same.
Can someone help me to get it running?

Stefan

Re: [Fetchmail-users] help with gmx and starttls

[Matthias A. <mat...@gm...>]

Am 20.09.2014 um 16:34 schrieb Stefan Liebl:
> Hi,
> 
> I'm just setting up my new server since my old one broke down. I'm stuck at 
> getting fetchmail to work. I'm getting the following messages in the logfile:
> 
> fetchmail[5376]: reading message xx...@gm...@pop.gmx.net:1 of 69 (3255 octets) 
> (log message incomplete)
> fetchmail[5376]: SMTP error: 530 5.7.0 Must issue a STARTTLS command first

The problem is not the inbound path, but the outbound path ("SMTP").

Your MTA does not accept mail from localhost through an unencrypted
connection.  You might consider permitting non-TLS through the loopback
interface, if someone can sniff that, he can do anything else on your
computer as well.

Fetchmail does not currently support TLS-wrapped or STARTTLS on the SMTP
side.

Re: [Fetchmail-users] help with gmx and starttls

[Stefan L. <S....@gm...>]

Am Samstag, 20. September 2014, 19:33:19 schrieb Matthias Andree:
> Am 20.09.2014 um 16:34 schrieb Stefan Liebl:
> > I'm just setting up my new server since my old one broke down. I'm stuck
> > at  getting fetchmail to work. I'm getting the following messages in the
> > logfile:
> > 
> > fetchmail[5376]: reading message xx...@gm...@pop.gmx.net:1 of 69 (3255
> > octets) (log message incomplete)
> > fetchmail[5376]: SMTP error: 530 5.7.0 Must issue a STARTTLS command first
> 
> The problem is not the inbound path, but the outbound path ("SMTP").
> 
> Your MTA does not accept mail from localhost through an unencrypted
> connection.  You might consider permitting non-TLS through the loopback
> interface, if someone can sniff that, he can do anything else on your
> computer as well.
> 
> Fetchmail does not currently support TLS-wrapped or STARTTLS on the SMTP
> side.

Thanks, so I could find the bug. In /etc/postfix/main.cf I had a typo in the 
parameter
smtp_tls_sercrity_level = may
it has to be
smtpd_tls_security_level = may

So now it work as desiried. Would have been nice, if postfix had given an error 
message.

Stefan

Re: [Fetchmail-users] help with gmx and starttls

[Carlos E. R. <car...@op...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2014-09-21 14:25, Stefan Liebl wrote:
> So now it work as desiried. Would have been nice, if postfix had 
> given an error message.

Not with the default log verbosity level. You need data about
connection establishment, I think.

Try:

debug_peer_list = 127.0.0.1

and perhaps:

debug_peer_level = 2

or more.

- -- 
Cheers / Saludos,

		Carlos E. R.
		(from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlQex+AACgkQtTMYHG2NR9WuWQCfUsmSTKpdTCk/bKVtX0D6wW8+
cPwAn2C9DlXcTKWBbDfiKA55JKsVQlX2
=6zK3
-----END PGP SIGNATURE-----

Re: [Fetchmail-users] help with gmx and starttls

[Matthias A. <mat...@gm...>]

Am 21.09.2014 um 14:25 schrieb Stefan Liebl:

> Thanks, so I could find the bug. In /etc/postfix/main.cf I had a typo in the 
> parameter
> smtp_tls_sercrity_level = may
> it has to be
> smtpd_tls_security_level = may
> 
> So now it work as desiried. Would have been nice, if postfix had given an error 
> message.

It can't do that easily because there are some parameters that define
others, so it's not easy for Postfix to tell a typo from a new parameter
that might be defined inside another, and for parameters where smtp and
smtpd are different it can't tell them from one another at all.

The canonical way is to run "postconf -n" and check if Postfix has
picked up your parameter.

Re: [Fetchmail-users] help with gmx and starttls

[Jerry <je...@se...>]

On Sun, 21 Sep 2014 14:25:06 +0200, Stefan Liebl stated:

> So now it work as desiried. Would have been nice, if postfix had given an
> error message.

What version of Postfix?

-- 
Jerry

Re: [Fetchmail-users] help with gmx and starttls

[Stefan L. <S....@gm...>]

Am 2014-09-25 11:20, schrieb Jerry:
> On Sun, 21 Sep 2014 14:25:06 +0200, Stefan Liebl stated:
> 
>> So now it work as desiried. Would have been nice, if postfix had given 
>> an
>> error message.
> 
> What version of Postfix?

$ postconf mail_version
mail_version = 2.11.0

Re: [Fetchmail-users] help with gmx and starttls

[Jerry <je...@se...>]

On Thu, 25 Sep 2014 12:29:45 +0200, Stefan Liebl stated:

> Am 2014-09-25 11:20, schrieb Jerry:
> > On Sun, 21 Sep 2014 14:25:06 +0200, Stefan Liebl stated:
> > 
> >> So now it work as desiried. Would have been nice, if postfix had given 
> >> an
> >> error message.
> > 
> > What version of Postfix?
> 
> $ postconf mail_version
> mail_version = 2.11.0

Something is wrong on your system. If you actually had that parameter in your
"main.cf", ie, the one Postfix is using, and then ran "postconf -n", this
error message would have popped up:

postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtp_tls_sercrity_level=may

-- 
Jerry

Re: [Fetchmail-users] help with gmx and starttls

[Matthias A. <mat...@gm...>]

Am 25.09.2014 um 17:04 schrieb Jerry:

> Something is wrong on your system. If you actually had that parameter in your
> "main.cf", ie, the one Postfix is using, and then ran "postconf -n", this
> error message would have popped up:
> 
> postconf: warning: /usr/local/etc/postfix/main.cf: unused parameter: smtp_tls_sercrity_level=may

Don't jump to conclusions about something being "wrong" on his computer.
 We have not even assessed whether Stefan ran "postconf -n" at all.  The
proposal to run it a valid one, though and I support it.