Re: [Fetchmail-users] Warning users about authentication failures

[Matthias A. <mat...@gm...>]

Am 21.06.25 um 12:48 schrieb Matthias Andree via Fetchmail-users:
> Am 20.06.25 um 14:30 schrieb Andrea Venturoli:
>> Hello.
>>
>> Suppose you set up fetchmail to get messages fro a service (POP or 
>> IMAP) and it works; then something happens (e.g. the password 
>> expires) and it stops working.
>> While I (as the sysadmin) can see this in the logs, I wish the user 
>> who reads the emails was informed.
>> In the past this worked: he received a mail from fetchmail itself 
>> saying auth was failing and another mail when everything was solved.
>> However, this hasn't been working for me for some time (after some 
>> upgrade, I think, but without any change to configuration).
>>
>> What are the requirements to have these informational messages?
>> Some setting? Some prerequisite?
>> Has anything purposedly changed? (I don't know since when, however... 
>> possibly several months). 
>
>
> Hi Andrea,
>
> these warnings work only in daemon mode (run.poll_interval) and if 
> fetchmail runs for a sufficiently long time, counting in intervals. If 
> fetchmail didn't authenticate successfully, it should send the warning 
> after 3 failed attempts; if it did authenticate ever before, after 10 
> (both hardcoded). See below. I quick test with fetchmail 6.5.4 and 
> arguments
>
>  --mda "cat >/dev/null ; exit 75" and --proto imap --auth external 
> --user -d 1 --nodetach on one of my servers complained "MDA returned 
> nonzero status 75" and when using --mda "cat >/tmp/debug.txt || exit 
> 75" put the warning message into the file -- so it seems to be working 
> still.
>
> If fetchmail is triggered purely by cron or systemd timer or similar, 
> they won't work. Changes to configuration files also trigger fetchmail 
> to discard state and re-execute itself.
>
>
> This is from the 6.5.X code (the "in background" comment is 
> inaccurate, --nodetach won't impact this):
>
>> /*
>>                     * If we're running in background, try to mail the
>>                     * calling user a heads-up about the authentication
>>                     * failure once it looks like this isn't a fluke
>>                     * due to the server being temporarily inaccessible.
>>                     * When we get third succesive failure, we notify 
>> the user
>>                     * but only if we haven't already managed to get
>>                     * authorization.  After that, once we get 
>> authorization
>>                     * we let the user know service is restored.
>>                     */
>> if(run.poll_interval
>>                        && !ctl->wehavesentauthnote
>>                        && ((ctl->wehaveauthed && ++ctl->authfailcount 
>> >= 10)
>>                            || (!ctl->wehaveauthed && 
>> ++ctl->authfailcount >= 3))
>>                        && !open_warning_by_mail(ctl))
>>                    {
>>
> The thing is that fetchmail doesn't store these 
> authfailcount/wehaveauthed/wehavesentauthnote variables to disk.
>
> HTH & feel free to ask further questions 


Oh, one more thing, this only happens on authentication failures and 
timeouts BUT NOT on other errors, for instance, server/client 
synchronization errors, for instance, if the user deletes an IMAP folder 
(mailbox) and it can no longer be selected when using the --folder option.