fetchmail authentication error

From: Haines Brown <brownh(at)hartford-hwp.com>
Date: Thu Jan 31 2008 - 15:14:18 EST

For some time I've been running fetchmail and getting the warning: "upgrade to TLS failed." I was told I could ignore it, for fetchmail can only use TLS (Transpost Layer Security protocol) if it's compiled with SSL support, which my binary version does not support. I'm using fetchmail 6.3.6.1etch1.

I've also had the error: "Server CommonName mismatch: localhost != pop.hartford-hwp.com", but this didn't keep fetchmail from working.

I suspect the From: line of this message has some odd garbage, and this may be related to my authentication problem, but I've no idea how to proceed to repair it.

For no obvious reason, fetchmail failed to retrieve mail and times out after five minutes. I got:  

  fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com
  fetchmail: Server certificate verification error: self signed certificate
  fetchmail: timeout after 300 seconds waiting for server pop.hartford-hwp.com.
  fetchmail: socket error while fetching from
             brownh@hartford-hwp.com@pop.hartford-hwp.com

  fetchmail: Query status=2 (SOCKET)

In looking into this certificate verification problem, I find that it can be ignored, but I went ahead and did:

  $ mkdir ~/.certs

  $     openssl s_client -connect imap.example.com:993 | \

	> sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' 
	> .certs/imap.pem

	gethostbyname failure
	connect:errno=0
  $     c_rehash ~/.certs

This creates empty file: ~/.certs/imap.pem

I next add the line to .fetchmail.rc:

        sslcertck sslcertpath $HOME/.certs

I finally do: c_rehash

The problem is that my ~/.certs/imap/pem is empty. I assume there should be something in it.

$ fetchmail -cvv
fetchmail: 6.3.6 querying pop.hartford-hwp.com (protocol POP3) at Thu 31 J an 2008 02:15:34 PM EST: poll started
Trying to connect to 209.237.134.152/110...connected.

fetchmail: POP3< +OK Hello there.
fetchmail: POP3> CAPA
fetchmail: POP3< +OK Here's what I can do:
fetchmail: POP3< STLS
fetchmail: POP3< TOP
fetchmail: POP3< USER
fetchmail: POP3< LOGIN-DELAY 10
fetchmail: POP3< PIPELINING
fetchmail: POP3< UIDL
fetchmail: POP3< IMPLEMENTATION Courier Mail Server
fetchmail: POP3< .
fetchmail: POP3> STLS
fetchmail: POP3< +OK Begin SSL/TLS negotiation now.
fetchmail: Issuer Organization: Courier Mail Server
fetchmail: Issuer CommonName: localhost
fetchmail: Server CommonName: localhost
fetchmail: Server CommonName mismatch: localhost != pop.hartford-hwp.com
fetchmail: pop.hartford-hwp.com key fingerprint: 27:33:38:C0:92:FF:CE:37:E

2:BC:70:7C:25:24:E5:03
fetchmail: Server certificate verification error: self signed certificate 14813:error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed:s3_clnt.c:894:
fetchmail: pop.hartford-hwp.com: upgrade to TLS failed. fetchmail: Unknown login or authentication error on brownh@hartford-hwp.co m@mymail.myregisteredsite.com
fetchmail: socket error while fetching from brownh@hartford-hwp.com@pop.ha rtford-hwp.com
fetchmail: 6.3.6 querying pop.hartford-hwp.com (protocol POP3) at Thu 31 J an 2008 02:15:34 PM EST: poll completed
fetchmail: normal termination, status 2

It seems as if I've enabled certificate verification so that the error can no longer be ignored.

-- 
 
       Haines Brown, KB1GRM

	 
        


-- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Thu Jan 31 16:39:41 2008