Menu
▾
▴
[Fetchmail-users] Constantly changing ssl fingerprints
|
From: Jerry <je...@se...> - 2015-01-25 14:55:55
|
I do not know if there is an easy way around this problem, so I thought I would simply ask for assistance. I have several users here that use Google's "gmail". Google has been changing their SSL certificate on a nearly monthly basis. This causes havoc with our mail system. Fetchmail is configured to fetch mail from 11 different "gmail" accounts. Each account has a different "user name" and "password". The config line in the global fetchmailrc file read like this: user 'us...@gm...' there with password 'SECRET' options forcecr dropdelivered smtpname ssl sslcertpath /usr/local/etc/postfix/certs sslfingerprint '26:85:9C:DD:04:26:70:C2:20:0A:A0:A2:24:E4:CF:30' Every time Google changes certs, I have to get their new fingerprint and change it on all of the gmail accounts. Fetchmail does not send a notice to the user that SSL has failed. Therefore, it is sometimes a day or two before anyone actually knows it has happened. That is rare though. Most of the time they realize it after not receiving any mail for 24 hours. My question are: 1) Is it possible to configure fetchmail to send an error notice to the user immediately if an ssl error has occurred? 2) How else could I configure fetchmail to simply not check the fingerprint? I did notice that "fetchmailconf" will print out the new fingerprint when used to access gmail. Is there a way to have fetchmail send that to the user. I currently use openssl to download the certs and extract the fingerprint. By the way, I use fetchmail > Postfix > Dovecot. I have never been able to get fetchmail > Dovecot without using Postfix as the intermediary. I am open to any suggestions? -- Jerry |
