Re: [Fetchmail-users] ANNOUNCE: The 6.6.0.rc1 release of fetchmail is available (TLS/STARTTLS support for SMTP)

[Matthias A. <mat...@gm...>]

Am 11.10.25 um 03:01 schrieb axreios:
> Compiled this one without a problem on up-to-date Artix Linux and it is
> working well for my little system.  Thanks again for your good efforts!

Thanks. Do you use SMTP AUTH (esmtppassword and maybe esmtpname) there 
or on the void linux you've tested 6.5.7.rc1 on at all, or an smtp 
server that isn't named "localhost" (its default)?

The SMTP AUTH and TLS stuff including netrc attempts is the only 
user-facing feature (meaning non-detail) that changed in the recent 
release candidates or 6.5.6 for that matter (yes it did touch a few 
other files such as sink.c and options.c but that's minor detail), and 
TLS is deliberately disabled for the default "localhost" because 
certificates can't usefully mention that name and because it's normally 
mapped to the loopback address and those spying SMTP there (aka people 
with physical access) already have privileged access and can just as 
well directly read password files or attach debuggers to your process.  
You can use localhost/tls/servername=realname.example.org or 
localhost/starttls/servername=realname.example.org (for smtphost, 
respectively) though.

You can of course try to authenticate to your SMTP server on localhost 
if that supports it, and you could also force TLS or STARTTLS for 
localhost, but the latter will usually lead to certificate validation or 
"connection" or "SMTP" issues.

So while the test is still valuable in that the new code doesn't seem to 
cause nasty surprises, I'd also be happy to hear from anyone fetching 
mail on one host and forwarding it to another. Please share some details 
on fetchmail version and what's used - and you may want to look at a -vv 
verbose output to see if fetchmail tries logging in and/or uses TLS or 
STARTTLS at all. TLS needs to be added as /tls to the smtphost's name. 
STARTTLS may work on port 25 but if it's only on offer on port 587 you 
also need to configure either /starttls in smtphost, or port /587 or 
service /smtps.    Say, myhost1.example.org fetching mail and injecting 
on mailhost.example.com would use --smtphost mailhost.example.com/tls or 
--smtphost mailhost.example.com/starttls/25. Or /25/starttls. (Order of 
smtphost /xxx options doesn't matter except that the hostname must come 
first. Fetchmail calculates the default port from the seen or missing 
/*tls options first and then overrides it with a portname or service 
name even if that's before the /*tls options.)

Thanks again!

Happy fetching,
Matthias