Menu
▾
▴
Re: [Fetchmail-users] Fetchmail Random SSL Connection Failures
|
From: Matthias A. <mat...@gm...> - 2022-03-13 07:45:03
|
Am 13.03.22 um 05:41 schrieb Martin E. Main: > > Hi, > > I am hoping for some advice on errors I am seeing with my fetchmail > configuration. Until recently I had been using fetchmail under the > Centos 7 distro with no problem whatsoever, but with RH decision to > abandon Centos, I moved to Ubuntu 20.04 and started experiencing > periodic errors. These errors are almost random and affect only one of > the servers I download from, Google has not shown the same problems. > From reading some online advice, I added /no sslcertck/ and /sslproto > 'SSL3+'/ which did appear to improve the frequency and I almost > thought it had eliminated the problem after a few days of no errors in > daily logfile, but this is not the case. Any advice or direction very > welcome. > > Thanks, > [I am replying to the moderator's copy, so this reply may hit the list before Martin's original post does.] Hello Martin, * it is a bit unfortunate that in the verbose logs, there is no event with failing connection. * your Ubuntu fetchmail and OpenSSL packages are out of date. it is unfortunate that Ubuntu are so bad about maintaining software. They freeze their stuff and abandon it. fetchmail 6.4.2 is two years old... two years of missed fixes, including SSL fixes. HOWEVER, * It seems that accountservergroup.com do support TLSv1.2, so sslproto with SSLv3, TLSv1 or TLSv1.1 the respective "+" variants should not be used. * Chances are that some of their load balancing experiences trouble and some servers are not responding properly. Take this up with their support. * You may want to recompile openssl 1.1.1[latest version you find] and fetchmail 6.4.28 into a separate prefix and run them and see if that improves the situation. I am truncating some logs in my quote. > Martin > > Log File > > ------------------------------------------------------------------------------------------- > > Mar 11 12:54:02 mmsys fetchmail[1667]: Unknown login or authentication > error on hm...@ma...@shared103.accountservergroup.com > > Mar 11 12:54:02 mmsys fetchmail[1667]: socket error while fetching > from hm...@ma...@mail.martinmain.net > > Mar 11 13:54:01 mmsys fetchmail[1667]: shared103.accountservergroup.com: > > Mar 11 13:54:01 mmsys fetchmail[1667]: System error during > SSL_connect(): handshake failed at protocol or connection level. > > Mar 11 13:54:01 mmsys fetchmail[1667]: > shared103.accountservergroup.com: SSL connection failed. > > Mar 11 13:54:01 mmsys fetchmail[1667]: socket error while fetching > from ad...@ma...@mail.martinmain.net > > [...] > > fetchmail: 6.4.2 querying mail.martinmain.net (protocol IMAP) at Sun > Mar 13 08:05:39 2022: poll started > > Trying to connect to 162.215.249.52/993...connected. > > fetchmail: Loaded OpenSSL library 0x1010106f newer than headers > 0x1010104f, trying to continue. > > fetchmail: Server certificate: > > fetchmail: Issuer Organization: Sectigo Limited > > fetchmail: Issuer CommonName: Sectigo RSA Domain Validation Secure > Server CA > > fetchmail: Subject CommonName: *.accountservergroup.com > > fetchmail: Subject Alternative Name: *.accountservergroup.com > > fetchmail: Subject Alternative Name: accountservergroup.com > > fetchmail: mail.martinmain.net key fingerprint: > 68:19:3D:CF:B5:DB:82:E7:1A:F0:CC:58:D4:23:16:86 > > fetchmail: SSL/TLS: using protocol TLSv1.2, cipher > ECDHE-RSA-AES256-GCM-SHA384, 256/256 secret/processed bits > > fetchmail: IMAP< * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR > LOGIN-REFERRALS ID ENABLE IDLE NAMESPACE AUTH=PLAIN AUTH=LOGIN] > Dovecot ready. > [...] |
