Menu
▾
▴
Re: [fetchmail-users] Error messages with fetchmail 6.3.8
|
From: Matthias A. <mat...@gm...> - 2007-05-13 17:12:09
|
Pongthep Kulkrisada schrieb:
> Hi all
>
> Error messages with fetchmail 6.3.8
> Firstly I shall say I am a noobie and sorry if my question is too simple
> Previously I use fetchmail 6.2.5 on FreeBSD 5.4 (yes obsolete but still get work done). I had no problem with it. In order to be updated, yesterday I downloaded fetchmail 6.3.8. I installed it as I normally do.
Pongthep, the easiest way for FreeBSD installations of fetchmail is to use
the FreeBSD port - but your installation went apparently right anyways,
except for the SSL certificates.
> After test, I can still retrieve mails for both accounts, but I found some error messages I never seen before and don't know how to fix it. Anyone has a clue, please point me out and thank you in advance. (please also CC to me, I'm not in the list.)
The problem is with the server's certificate that your OpenSSL library does
not recognize - installing the root certificate should fix your problem.
> Normally I use mutt as MUA. But for your diagnostic, I put direct command on console as shown below.
>
> Questions
> 1) My first account has nothing to do with TLS.
> Why is there such an error message? How to fix it?
You can avoid the attempts if you add
sslproto ''
to your configuration (that's two single quotes)
> 2) Several errors with my second account (gmail).
> How to fix it?
See below.
> 3) I also have 6bone tunnel for IPv6.
> Shall I do anything special with fetchmail?
There should be no need; FreeBSD 5.4 can do IPv6 as far as I know.
> % fetchmail -vv
Thank you.
> fetchmail: 6.3.8 querying mail.ego.co.th (protocol POP3) at Sun May 13 11:08:42 2007: poll started
> Trying to connect to 202.5.93.197/110...connected.
> fetchmail: POP3< +OK Hello there.
> fetchmail: POP3> CAPA
> fetchmail: POP3< +OK Here's what I can do:
> fetchmail: POP3< STLS
> fetchmail: POP3< TOP
> fetchmail: POP3< USER
> fetchmail: POP3< LOGIN-DELAY 10
> fetchmail: POP3< PIPELINING
> fetchmail: POP3< UIDL
> fetchmail: POP3< IMPLEMENTATION Courier Mail Server
> fetchmail: POP3< .
> fetchmail: POP3> STLS
> fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
> fetchmail: mail.ego.co.th: opportunistic upgrade to TLS failed, trying to continue.
> fetchmail: POP3> USER pkr...@eg...
> fetchmail: Repoll immediately on pkr...@eg...@mail.ego.co.th
> Trying to connect to 202.5.93.197/110...connected.
The server offered TLS, so fetchmail tried. However, the server is not
configured properly ("opportunistic upgrade to TLS failed") and
additionally dropped the connection.
Fetchmail noticed and retried without TLS. This is typical Courier
behavior. I'll talk to Sam Varshavchik if he sees a chance to fix this.
Suggestion above (sslproto '').
> fetchmail: 6.3.8 querying mail.ego.co.th (protocol POP3) at Sun May 13 11:08:44 2007: poll completed
> fetchmail: not swapping UID lists, no UIDs seen this query
> fetchmail: Query status=1 (NOMAIL)
> fetchmail: 6.3.8 querying pop.gmail.com (protocol POP3) at Sun May 13 11:08:44 2007: poll started
> Trying to connect to 72.14.253.109/995...connected.
> fetchmail: Issuer Organization: Equifax
> fetchmail: Unknown Issuer CommonName
> fetchmail: Server CommonName: pop.gmail.com
> fetchmail: pop.gmail.com key fingerprint: 59:51:61:89:CD:DD:B2:35:94:BB:44:97:A0:39:D5:B4
> fetchmail: Server certificate verification error: unable to get local issuer certificate
> fetchmail: Server certificate verification error: certificate not trusted
> fetchmail: Server certificate verification error: unable to verify the first certificate
Looks as though the root certificate from Equifax is not installed on your
computer, so the OpenSSL library cannot verify that there is no man in the
middle attack going on. Fetchmail continues however (because you did not
specify --sslcertck).
Do you have the ca-roots port installed? Try doing that, it makes the
problem go away on my computer (I have FreeBSD 6.2 and installed fetchmail
6.3.8 from the port).
HTH
Matthias
|
