LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 05-22-2010, 05:12 AM   #1
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Rep: Reputation: 15
Question Fetchmail


Hola, i need to ask you how can i make some fetchmail jobs to download mails from my gmail account into my mail account in my own server ???
my server is :
Quote:
Linux Centos 5.4
Postfix Mail Server
i make a file named .fetchmailrc in my home directory and set its permissions to 755and the content of this file is :
Quote:
set postmaster “postmaster”
set bouncemail
set no spambounce
set properties “”
poll imap.googlemail.com:993 protocol imap username "username@gmail.com" password "password"
i think something is not completed, i need to make that fetch to a specific user only, not all users
Thanks in advance

Last edited by abakhiet; 05-22-2010 at 05:27 AM. Reason: adding more ...
 
Old 05-22-2010, 06:13 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
You need to compile fetchmail with ssl support
Code:
poll pop.gmail.com with proto POP3
user 'user' there with password 'password' is 'user' here options keep no rewrite ssl sslkey '/home/user/ssl' sslcert '/home/use/ssl'
http://www.axllent.org/docs/networki...with_fetchmail
 
1 members found this post helpful.
Old 05-22-2010, 10:55 AM   #3
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
Thanks my friend, but i make all the settings in the article, but it gives me an error :
Quote:
-bash-3.2$ fetchmail -d0 -vk pop.gmail.com
fetchmail: 6.3.6 querying pop.gmail.com (protocol POP3) at Sat 22 May 2010 05:53:49 PM EEST: poll started
Trying to connect to 74.125.77.109/995...connected.
fetchmail: Server certificate verification error: unable to get local issuer certificate
4445:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:912:
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from abakhiet@gmail.com@pop.gmail.com
fetchmail: 6.3.6 querying pop.gmail.com (protocol POP3) at Sat 22 May 2010 05:53:54 PM EEST: poll completed
fetchmail: Query status=2 (SOCKET)
fetchmail: normal termination, status 2
and my .fetchmailrc file content is :
Quote:
# set username
set postmaster "user5"
# set polling time (5 minutes)
set daemon 600

poll pop.gmail.com
proto pop3
user "usert@gmail.com"
pass "blanked"
is abakhiet ssl
sslcertck sslcertpath /home/user5/.certs/

Last edited by abakhiet; 05-22-2010 at 11:32 AM. Reason: add more details ...
 
Old 05-22-2010, 01:04 PM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Here is how I do it:
Code:
$ mkdir ~/.certs 
$ cd ~/.certs
$wget --no-check-certificate -O Equifax.pem \
 https://www.geotrust.com/resources/r..._Authority.cer
$c_rehash .
get the cerificate
Code:
$ openssl s_client -connect pop.gmail.com:995 -showcerts
Copy the certificate to gmail.pem
Get the fingerprint
Code:
$ openssl x509 -noout -in gmail.pem -enddate -fingerprint -md5 -dates
This will give you a fingerprint.
Use this fingerprint in fetchmailrc
Quote:
poll pop.gmail.com with proto POP3
user "{USERNAME@gmail.com}", with password "{PASSWORD}", is {localmailbox} here
options ssl sslfingerprint '92:73:17:4C:34:4B:68:F7:B2:17:71:42:0D:7F:9F:33'
sslcertck sslcertpath /home/{USER}/.certs
test if everything is correct
Code:
fetchmail -d0 -vk pop.gmail.com
 
1 members found this post helpful.
Old 05-23-2010, 01:27 AM   #5
abakhiet
Member
 
Registered: Apr 2010
Location: Assiut, Egypt
Posts: 166

Original Poster
Rep: Reputation: 15
thanks a lot my friend, but really i need to download messages from my gmail account only one time in the day in a certain hour, so how can i do this ???
 
Old 05-23-2010, 03:45 AM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
You can run fetchmail in a cronjob
Don't run it as a deamon
 
1 members found this post helpful.
Old 09-22-2010, 04:44 PM   #7
graemev
LQ Newbie
 
Registered: Sep 2010
Posts: 13

Rep: Reputation: 0
helped a lot but many bumps in the road

This lead me to a working solution , however several things were different

1: my googlemail account is googlemail.com not gmail.com ... despite all the google entries saying I still connect to gmail.com , in fact I had to use googlemail.com as the server. Specifically:

openssl s_client -connect imap.googlemail.com:993 -showcerts > from-imap.googlemail.com

(note port no differs for imap)

NB you user id is full so "graeme.foobar@googlemail.com" (not graeme.foobar)


I had to download a whole series of certificates:

That line above gives me TWO certificates (both google, they have there own CA ... save cash :-) ) so I stored these in:

imap.googlemail.com.pem
and
Google-Internet-Authority.pem

The latter is signed by equifax, which you can see by doing:

openssl x509 -in Google-Internet-Authority.pem -text

Which says:

Issuer: C=US, O=Equifax, OU=Equifax Secure Certificate Authority

So I go to:

http://www.geotrust.com/resources/ro...tes/index.html

An dthe description there which matched in my case was:

http://www.geotrust.com/resources/ro..._Authority.cer

(I'm sure there must be a better way to find the correct root certificate ... not just it's description :-( )

I renamed this to .pem and reran c_rehash .

So the chain appears to be:

imap.googlemail.com is certified by google-Internet-Authority which
is in turn certified by Equifax Secure Certificate Authorit.
 
Old 05-15-2011, 12:26 PM   #8
graemev
LQ Newbie
 
Registered: Sep 2010
Posts: 13

Rep: Reputation: 0
certificate aged out ...

So for those of you coming across this, the certificate has aged out (looks like 22Apr2011) so it was failing:

fetchmail: imap.googlemail.com fingerprints do not match!
20791:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:951:
fetchmail: SSL connection failed.

Looking at the cert downloaded above, I see:

# openssl x509 -noout -in /var/lib/fetchmail/.certs/imap.googlemail.com.pem -enddate -fingerprint -md5 -dates
MD5 Fingerprint=FC:5D:72:53:40:85:65:9B:8D:61:03:10:01:21:C6:62
notBefore=Apr 22 20:17:57 2010 GMT
notAfter=Apr 22 20:27:57 2011 GMT

(yep expired 22Apr ... I only just realised I wasn't getting googlemail :-)

So I need to get new cert:

Here I need to do:

openssl s_client -connect imap.googlemail.com:993 -showcerts > from-imap.googlemail.com

Also try this:

openssl s_client -connect imap.gmail.com:993 -showcerts > from-imap.gmail.com

From these I extracted:

googlemail.pem
gmail.pem
Google-Internet-Authority.pem

The Google-Internet-Authority.pem is still good , so I only need other two.

So I copy these into fetchmails .cert directory and do:

#c_rehash $PWD

THEN (I forgot @ 1st) remember to copy the fingerprint:

# openssl x509 -noout -in googlemail.pem -enddate -fingerprint -md5 -dates
MD5 Fingerprint=66:F8:8A:EA:34:2C:BE:57:33:17:B6:02:BE:A2:0F:6E
notBefore=Feb 16 04:41:53 2011 GMT
notAfter=Feb 16 04:51:53 2012 GMT

And stick this into the fetchmail RC:

poll imap.googlemail.com with proto IMAP
user "graeme.foobar@googlemail.com", with password "password here", is graeme here
options ssl sslfingerprint '66:F8:8A:EA:34:2C:BE:57:33:17:B6:02:BE:A2:0F:6E'
sslcertck sslcertpath /var/lib/fetchmail/.certs
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Fetchmail abrooks29 Linux - Enterprise 0 02-04-2006 11:24 AM
fetchmail plisken Linux - Software 2 04-29-2003 03:56 PM
Using Fetchmail! RKris Linux - Software 2 08-25-2002 05:14 AM
fetchmail wonderpun Linux - General 1 08-21-2002 10:17 AM
fetchmail green_t Linux - General 3 03-06-2001 08:38 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 09:56 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration