Re: [Fetchmail-users] Warning users about authentication failures

[Matthias A. <mat...@gm...>]

Am 20.06.25 um 14:30 schrieb Andrea Venturoli:
> Hello.
>
> Suppose you set up fetchmail to get messages fro a service (POP or 
> IMAP) and it works; then something happens (e.g. the password expires) 
> and it stops working.
> While I (as the sysadmin) can see this in the logs, I wish the user 
> who reads the emails was informed.
> In the past this worked: he received a mail from fetchmail itself 
> saying auth was failing and another mail when everything was solved.
> However, this hasn't been working for me for some time (after some 
> upgrade, I think, but without any change to configuration).
>
> What are the requirements to have these informational messages?
> Some setting? Some prerequisite?
> Has anything purposedly changed? (I don't know since when, however... 
> possibly several months). 


Hi Andrea,

these warnings work only in daemon mode (run.poll_interval) and if 
fetchmail runs for a sufficiently long time, counting in intervals. If 
fetchmail didn't authenticate successfully, it should send the warning 
after 3 failed attempts; if it did authenticate ever before, after 10 
(both hardcoded). See below. I quick test with fetchmail 6.5.4 and arguments

  --mda "cat >/dev/null ; exit 75" and --proto imap --auth external 
--user -d 1 --nodetach on one of my servers complained "MDA returned 
nonzero status 75" and when using --mda "cat >/tmp/debug.txt || exit 75" 
put the warning message into the file -- so it seems to be working still.

If fetchmail is triggered purely by cron or systemd timer or similar, 
they won't work. Changes to configuration files also trigger fetchmail 
to discard state and re-execute itself.


This is from the 6.5.X code (the "in background" comment is inaccurate, 
--nodetach won't impact this):

> /*
>                     * If we're running in background, try to mail the
>                     * calling user a heads-up about the authentication
>                     * failure once it looks like this isn't a fluke
>                     * due to the server being temporarily inaccessible.
>                     * When we get third succesive failure, we notify 
> the user
>                     * but only if we haven't already managed to get
>                     * authorization.  After that, once we get 
> authorization
>                     * we let the user know service is restored.
>                     */
> if(run.poll_interval
>                        && !ctl->wehavesentauthnote
>                        && ((ctl->wehaveauthed && ++ctl->authfailcount 
> >= 10)
>                            || (!ctl->wehaveauthed && 
> ++ctl->authfailcount >= 3))
>                        && !open_warning_by_mail(ctl))
>                    {
>
The thing is that fetchmail doesn't store these 
authfailcount/wehaveauthed/wehavesentauthnote variables to disk.

HTH & feel free to ask further questions

Regards,
Matthias