Menu
▾
▴
Re: [Fetchmail-users] fetchmail 6.4.0-beta2 released - please test
|
From: Chris <cpo...@em...> - 2016-12-23 21:25:21
|
On Fri, 2016-12-23 at 18:39 +0100, Matthias Andree wrote: > Am 23.12.2016 um 00:50 schrieb Chris: > > > > > Hi Chris, > > thanks for taking the time to test the beta and report back! You're welcome, don't mind at all. > > > Your logs: > > > > fetchmail: 6.3.26 querying toadnet.com (protocol POP3) at Thu 22 > > Dec > > 2016 03:56:18 PM CST: poll started > > [...] > > fetchmail: Server certificate: > > fetchmail: Issuer Organization: cPanel, Inc. > > fetchmail: Issuer CommonName: cPanel, Inc. Certification Authority > > fetchmail: Subject CommonName: linuxsrv02.usdcservers.net > > fetchmail: Subject Alternative Name: linuxsrv02.usdcservers.net > > fetchmail: Subject Alternative Name: www.linuxsrv02.usdcservers.net > > fetchmail: Server CommonName mismatch: linuxsrv02.usdcservers.net > > != > > toadnet.com > > fetchmail: toadnet.com key fingerprint: > > EE:5B:31:D6:26:5B:74:9A:19:BF:2F:40:4A:0F:F9:E4 > > fetchmail: SSL/TLS: using protocol TLSv1.2, cipher ECDHE-RSA- > > AES256- > > GCM-SHA384, 256/256 secret/processed bits > > fetchmail: Warning: the connection is insecure, continuing anyways. > > (Better use --sslcertck!) > So you see it complains, because it can't establish that it's talking > directly to toadnet.com - the server it connected to can prove the > identities "linuxsrv02.usdcservers.net" > and "www.linuxsrv02.usdcservers.net, but not "toadnet.com" (which is > missing from the subAltName = Subject Alternative Name list). > > Normally you'd need to get a certificate that also mentions > "toadnet.com" in its Subject Alternative Names, but in your > particular > case, since the server appears to also be reachable by the name > linuxsrv02.usdcservers.net, it would be easiest to shut down > fetchmail, > edit the .fetchmailrc to start with what's shown below, and restart > fetchmail (you may want to use --keep on the command line initially > in > case you need to fix mail routing after that): > > poll linuxsrv02.usdcservers.net aka toadnet.com > ... (other options remain here) ... > > The "aka toadnet.com" part is needed for multidrop mailboxes only > (such > that fetchmail knows it needs to rewrite toadnet.com domains). > > > > > After installing the beta the poll shows: > > > > fetchmail: 6.4.0.beta2 querying toadnet.com (protocol POP3) at Thu > > 22 > > Dec 2016 05:29:14 PM CST: poll started > > [...] > > fetchmail: Server certificate: > > fetchmail: Issuer Organization: cPanel, Inc. > > fetchmail: Issuer CommonName: cPanel, Inc. Certification Authority > > fetchmail: Subject CommonName: linuxsrv02.usdcservers.net > > fetchmail: Subject Alternative Name: linuxsrv02.usdcservers.net > > fetchmail: Subject Alternative Name: www.linuxsrv02.usdcservers.net > > fetchmail: Server CommonName mismatch: linuxsrv02.usdcservers.net > > != > > toadnet.com > > fetchmail: toadnet.com key fingerprint: > > EE:5B:31:D6:26:5B:74:9A:19:BF:2F:40:4A:0F:F9:E4 > > fetchmail: OpenSSL reported: error:14090086:SSL > > routines:ssl3_get_server_certificate:certificate verify failed > > fetchmail: toadnet.com: upgrade to TLS failed. > > fetchmail: Unknown login or authentication error on *@toadnet.com@t > > oadn > > et.com > > fetchmail: socket error while fetching from *@toadnet.com@toadnet.c > > om > Changing my .fetchmailrc to: poll linuxsrv02.usdcservers.net aka toadnet.com proto pop3 timeout 180 interval 60 username "@toadnet.com" password "" is cpollock here it works perfectly. The log file now shows fetchmail: 6.4.0.beta2 querying linuxsrv02.usdcservers.net (protocol POP3) at Fri 23 Dec 2016 11:54:48 AM CST: poll started fetchmail: Trying to connect to 107.181.163.242/110...connected. fetchmail: POP3< +OK Dovecot ready. fetchmail: POP3> CAPA fetchmail: POP3< +OK fetchmail: POP3< CAPA fetchmail: POP3< TOP fetchmail: POP3< UIDL fetchmail: POP3< RESP-CODES fetchmail: POP3< PIPELINING fetchmail: POP3< AUTH-RESP-CODE fetchmail: POP3< STLS fetchmail: POP3< USER fetchmail: POP3< SASL PLAIN LOGIN fetchmail: POP3< . fetchmail: POP3> STLS fetchmail: POP3< +OK Begin TLS negotiation now. fetchmail: Certificate chain, from root to peer, starting at depth 3: fetchmail: Issuer Organization: AddTrust AB fetchmail: Issuer CommonName: AddTrust External CA Root fetchmail: Subject CommonName: AddTrust External CA Root fetchmail: Certificate at depth 2: fetchmail: Issuer Organization: AddTrust AB fetchmail: Issuer CommonName: AddTrust External CA Root fetchmail: Subject CommonName: COMODO RSA Certification Authority fetchmail: Certificate at depth 1: fetchmail: Issuer Organization: COMODO CA Limited fetchmail: Issuer CommonName: COMODO RSA Certification Authority fetchmail: Subject CommonName: cPanel, Inc. Certification Authority fetchmail: Server certificate: fetchmail: Issuer Organization: cPanel, Inc. fetchmail: Issuer CommonName: cPanel, Inc. Certification Authority fetchmail: Subject CommonName: linuxsrv02.usdcservers.net fetchmail: Subject Alternative Name: linuxsrv02.usdcservers.net fetchmail: Subject Alternative Name: www.linuxsrv02.usdcservers.net fetchmail: linuxsrv02.usdcservers.net key fingerprint: EE:5B:31:D6:26:5B:74:9A:19:BF:2F:40:4A:0F:F9:E4 fetchmail: SSL/TLS: using protocol TLSv1.2, cipher ECDHE-RSA-AES256- GCM-SHA384, 256/256 secret/processed bits fetchmail: POP3> CAPA fetchmail: POP3< +OK fetchmail: POP3< CAPA fetchmail: POP3< TOP fetchmail: POP3< UIDL fetchmail: POP3< RESP-CODES fetchmail: POP3< PIPELINING fetchmail: POP3< AUTH-RESP-CODE fetchmail: POP3< USER fetchmail: POP3< SASL PLAIN LOGIN fetchmail: POP3< . fetchmail: linuxsrv02.usdcservers.net: upgrade to TLS succeeded. fetchmail: POP3> USER *@toadnet.com fetchmail: POP3< +OK fetchmail: POP3> PASS * fetchmail: POP3< +OK Logged in. fetchmail: selecting or re-polling default folder fetchmail: POP3> STAT fetchmail: POP3< +OK 0 0 fetchmail: No mail for *@toadnet.com at linuxsrv02.usdcservers.net fetchmail: POP3> QUIT fetchmail: POP3< +OK Logging out. Looks good here now. Everything works including yahoo where I had to set the security to "Allow apps that use less secure sign in" which is stupid in my opinion. Good job! -- Chris KeyID 0xE372A7DA98E6705C 31.11972; -97.90167 (Elev. 1092 ft) 11:58:53 up 2 days, 21:04, 1 user, load average: 1.00, 0.55, 0.37 Ubuntu 16.04.1 LTS, kernel 4.4.0-57-generic #78-Ubuntu SMP Fri Dec 9 23:50:32 UTC 2016 |
