Menu
▾
▴
Re: [Fetchmail-users] fetchmail 6.4.0-beta2 released - please test
|
From: Matthias A. <mat...@gm...> - 2016-12-23 17:39:34
|
Am 23.12.2016 um 00:50 schrieb Chris: > On Mon, 2016-12-12 at 04:07 +0100, Matthias Andree wrote: >> [Attempt to re-send, this time with intact signature. I hope.] >> >> Greetings, >> >> I have just released fetchmail 6.4.0-beta2, and can be >> downloaded from >> <https://sourceforge.net/projects/fetchmail/files/branch_6.4/>. >> >> > Hello Matthias, I've installed 6.4.0-beta2 on my Ubuntu 16.04.1 LTS > system this afternoon. I must say this was the easiest and fastest > install of any application I remember lately. So far, with the > exception of the issue below it's running smoothly. The issue is with > my domain which is hosted elsewhere. The poll with version 6.3.26 > worked correctly: Hi Chris, thanks for taking the time to test the beta and report back! What you are seeing is an issue with the security certificate that fetchmail 6.3.26 complained about, but due to different default did not reject. 6.4.0 will flip the "--sslcertck" switch, as written in the NEWS file, so it now drops the connection. > * Fetchmail defaults to --sslcertck behaviour. A new option > --nosslcertck to > override this has been added, but may be removed in future fetchmail > versions > in favour of another configuration option that makes the insecurity > in using > this option clearer. Your logs: > fetchmail: 6.3.26 querying toadnet.com (protocol POP3) at Thu 22 Dec > 2016 03:56:18 PM CST: poll started > [...] > fetchmail: Server certificate: > fetchmail: Issuer Organization: cPanel, Inc. > fetchmail: Issuer CommonName: cPanel, Inc. Certification Authority > fetchmail: Subject CommonName: linuxsrv02.usdcservers.net > fetchmail: Subject Alternative Name: linuxsrv02.usdcservers.net > fetchmail: Subject Alternative Name: www.linuxsrv02.usdcservers.net > fetchmail: Server CommonName mismatch: linuxsrv02.usdcservers.net != > toadnet.com > fetchmail: toadnet.com key fingerprint: > EE:5B:31:D6:26:5B:74:9A:19:BF:2F:40:4A:0F:F9:E4 > fetchmail: SSL/TLS: using protocol TLSv1.2, cipher ECDHE-RSA-AES256- > GCM-SHA384, 256/256 secret/processed bits > fetchmail: Warning: the connection is insecure, continuing anyways. > (Better use --sslcertck!) So you see it complains, because it can't establish that it's talking directly to toadnet.com - the server it connected to can prove the identities "linuxsrv02.usdcservers.net" and "www.linuxsrv02.usdcservers.net, but not "toadnet.com" (which is missing from the subAltName = Subject Alternative Name list). Normally you'd need to get a certificate that also mentions "toadnet.com" in its Subject Alternative Names, but in your particular case, since the server appears to also be reachable by the name linuxsrv02.usdcservers.net, it would be easiest to shut down fetchmail, edit the .fetchmailrc to start with what's shown below, and restart fetchmail (you may want to use --keep on the command line initially in case you need to fix mail routing after that): poll linuxsrv02.usdcservers.net aka toadnet.com ... (other options remain here) ... The "aka toadnet.com" part is needed for multidrop mailboxes only (such that fetchmail knows it needs to rewrite toadnet.com domains). > After installing the beta the poll shows: > > fetchmail: 6.4.0.beta2 querying toadnet.com (protocol POP3) at Thu 22 > Dec 2016 05:29:14 PM CST: poll started > [...] > fetchmail: Server certificate: > fetchmail: Issuer Organization: cPanel, Inc. > fetchmail: Issuer CommonName: cPanel, Inc. Certification Authority > fetchmail: Subject CommonName: linuxsrv02.usdcservers.net > fetchmail: Subject Alternative Name: linuxsrv02.usdcservers.net > fetchmail: Subject Alternative Name: www.linuxsrv02.usdcservers.net > fetchmail: Server CommonName mismatch: linuxsrv02.usdcservers.net != > toadnet.com > fetchmail: toadnet.com key fingerprint: > EE:5B:31:D6:26:5B:74:9A:19:BF:2F:40:4A:0F:F9:E4 > fetchmail: OpenSSL reported: error:14090086:SSL > routines:ssl3_get_server_certificate:certificate verify failed > fetchmail: toadnet.com: upgrade to TLS failed. > fetchmail: Unknown login or authentication error on *@toadnet.com@toadn > et.com > fetchmail: socket error while fetching from *@toadnet.com@toadnet.com |
