Fetchmail - the mail-retrieval daemon Files

fetchmail-7.0.0 (not yet released):

NOTE THIS IS AN ALPHA RELEASE THAT HAS NOT BEEN THOROUGHLY TESTED!
XXX and FIXME - see the big merge of 2019-08-25, and 2021-01-03

# INCOMPATIBLE CHANGES
* The SSL/TLS options were massively changed and disentangled, to be clearer.
* --tlsmode starttls=must is now the default as a consequence of the previous 
  sslcertck default.
  If you need an unencrypted connection, use --tlsmode none.
  If you need an SSL-wrapped connection that starts immediately on a 
  separate port, use --tlsmode wrapped.
* See the REMOVED FEATURES section below for further incompatibilities.

# MAJOR CHANGES
* The POP3 code now always uses UIDL, except if "fetchall" is in effect.
  Fixes BerliOS Bug #16172. Fixes Debian Bug#345788. The --uidl option
  is now gone.
* The --ssl* options have been replaced by new --tls* options. They are, unless 
  otherwise documented, still understood by their old names.
  Some have been or will shortly be renamed further to make them more 
  descriptive.
  XXX FIXME TODO ^ revisit tense.

# FEATURES ADDED
* fetchmail has some hooks for OAUTH2, courtesy of Matthew M.  Ogilvie.  This 
  requires a helper script (in Python) that ships in the contrib/ section.
  Note that OAUTH2 is formally unsupported by fetchmail and may be removed
  at any time, including patchlevel releases. See above, and README.OAUTH2.
* Fetchmail can now retrieve credentials from PWMD. This needs to be enabled at 
  compile-time and requires run-time configuration. See README.PWMD for details.
  Contributed by Ben Kibbey, author of libpwmd and pwmd.
* Fetchmail can now run an external command to retrieve credentials 
  (passwords), see the fetchmail man page for passwordeval.
* Fetchmail now supports a retrieve-error command line or rcfile option that 
  takes exactly one argument, abort (default), continue or markseen.  This 
  specifies the policy used by fetchmail to handle messages whose bodies fail 
  to be retrieved due to server errors.  Both the continue and markseen options 
  will skip the message with errors and allow the session to continue so that 
  subsequent messages can be retrieved.  The markseen option will also mark the 
  message with errors as seen.
  The default policy is to abort the session whenever a server error occurs. 
  Contributed by Craig Brown.
* Fetchmailconf offers CRAM-MD5 and APOP authentication. XXX FIXME: check
* The SSL/TLS/STARTTLS operation mode is now selected through a new --tlsmode 
  option, which cleans up the incomprehensible --ssl and --sslproto mess of 
  fetchmail versions before v7.0.0.
* The SSL/TLS/STARTTLS protocol version can now be selected through a new 
  --tlsprotocolversion switch.
* The SSL/TLS cipher in use is now reported in verbose mode.
* FIXME: The SHA1 fingerprint is now printed along with the MD5 digest of the 
  server's certificate; however, this can not yet be matched - matches are 
  still against MD5 only.

# REMOVED FEATURES
* IMAP2 and POP2 protocol support were removed.
* APOP, CRAM-MD5, MSN, NTLM, OPIE (OTP/X-OTP) and RPA authenticators were 
  removed.  They all depended in one form or another on MD4 and MD5 and are
  considered weak cryptographic algorithms so should no longer be used.
* RPOP support (not actually a protocol, but a variant of POP3) was removed.
* POP3: the (--)uidl option has been removed. It is always on.
* POP3: LAST is no longer used. It was removed from POP3 in the year 1994, and 
  it could cause mail loss when the connection was interrupted or if clients 
  besides fetchmail polled the mailbox.
* The MX and host alias DNS lookups that fetchmail performs in multidrop mode 
  have been removed. They were based on the mistaken assumption that the 
  IMAP/POP3 server was also the MX server, which is rarely the case.  They have 
  never supported IPv6 (including IPv6-mapped IPv4) either.
  Non-DNS based alias keywords such as "aka" remain.
* Kerberos IV support was removed.
* The --ssl option is obsolescent and triggers a warning that users should use 
  --tlsmode wrapped instead. It is understood as an alias for --tlsmode 
  wrapped.
* The --sslproto option was removed. Two new options were added in its place, 
  --tlsmode and --tlsprotocolversion.
* A lot of outdated and/or unsafe-to-use material got dropped from contrib/.

# KNOWN BUGS AND WORKAROUNDS
  (This section floats upwards through the NEWS file so it stays with the 
  current release information)
* Fetchmail does not handle messages without Message-ID header well
  (See sourceforge.net bug #780933)
* Fetchmail currently uses 31-bit signed integers in several places
  where unsigned and/or wider types should have been used, for instance,
  for mailbox sizes, and misreports sizes of 2 GibiB and beyond. 
  Fixing this requires C89 compatibility to be relinquished.
* BSMTP is mostly untested and errors can cause corrupt output.
* Sun Workshop 6 (SPARC) is known to miscompile the configuration file lexer in 
  64-bit mode.  Either compile 32-bit code or use GCC to compile 64-bit 
  fetchmail.  Note that fetchmail doesn't take advantage of 64-bit code, 
  so compiling 32-bit SPARC code should not cause any difficulties.
* Fetchmail does not track pending deletes across crashes.
* The command line interface is sometimes a bit stubborn, for instance, 
  fetchmail -s doesn't work with a daemon running.
* Linux systems may return duplicates of an IP address in some circumstances if 
  no or no global IPv6 addresses are configured.
  (No workaround. Ubuntu Bug#582585, Novell Bug#606980.)
* Kerberos 5 may be broken, particularly on Heimdal, and provide bogus error 
  messages. This will not be fixed, because the maintainer has no Kerberos 5 
  server to test against. Use GSSAPI.

-------------------------------------------------------------------------------