Fetchmail installed but no settings under "user"

Hello,

I just found out, that I cannot find the settings of fetchmail under user-advanced settings. reinstalling fetchmail does not work.
thanks for help :slight_smile:

Hi,
you could try to edit /etc/fetchmailrc directly in order to see if it is working. In case you want to fetch multiple email accounts for one user this is the only working way anyway.

Here’s an example line for fetchmailrc (fetching from gmx):
poll pop.gmx.net with proto POP3 auth password user 'gmx_user' there with password 'SuperSecret#123' is 'localuser@localdomain.de' here nokeep ssl #UID='localuser'

Hi, thank you for your mail.
the fetchmailrc is still there with content, but fetchmail does not work because of some certificate issues:

Blockquote
Server-CommonName stimmt nicht überein: Parallels Panel != mail2.provider.de
Apr 22 07:35:40 ucs fetchmail[47696]: Fehler bei Server-Zertifikat-Überprüfung: self signed certificate
Apr 22 07:35:40 ucs fetchmail[47696]: Fehlendes Zertifikat als Vertrauensquelle: /C=US/ST=Virginia/L=Herndon/O=Parallels/OU=Parallels Panel/CN=Parallels Panel/emailAddress=info@parallels.com
Apr 22 07:35:40 ucs fetchmail[47696]: Das kann bedeuten, dass das Wurzelzertifikat nicht unter den vertrauenswürdigen CA-Zertifikaten ist, oder dass c_rehash auf dem Verzeichnis ausgeführt werden muss. Details sind in der fetchmail-Handbuchseite im bei --sslcertpath beschrieben.
Apr 22 07:35:40 ucs fetchmail[47696]: OpenSSL berichtete: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
Apr 22 07:35:40 ucs fetchmail[47696]: mail2.provider.de: Upgrade auf TLS fehlgeschlagen.
Apr 22 07:35:40 ucs fetchmail[47696]: Unbekannter Einlogg- oder Authentifikationsfehler bei user@provider.de@mail2.provider.de
Apr 22 07:35:40 ucs fetchmail[47696]: Socket-Fehler beim Abholen von user@provider.de@mail2.provider.de

I also tried to use the real name of mail2.provider.de, but that doesn’t work either.

regards,
Christoph

A few line above there is the first error.
First solve this.

Hi, thank you for your reply.
I asked the Mailprovider to give me a good certificate, but he refused. Anyway I try to fetch the mails without ssl, so why does fetchmail complains about the cert?
Do you know how to tell fetchmail to accept a selfsigned certificate?
Thanks in advance
Christoph

Why don’t you install letsencrypt and get a valid certificate for your UCS instance?

In addition:

  • If you try to connect to an external mailserver, you will need to provide your local mail-domain. Your fetchmail needs to logon with its host- and domain name. Both have to be mentioned in your certificate.
  • The extract of your logfile does not show, what your mail domain and what the provider’s domain is.
  • If you want to use an encrypted connection, please checkout the needed ports an encryption-method:
    Ports 587, 465
    Encryption STARTTLS, TLS/SSL
  • Mail providers mention on their help pages the needed port(s) and encryption.

Hi, thank you, but I think you misunderstand. My UCS has a valid certificate from LetEncrypt, but I don’ try to connect to a mail server, but to an pop3 server on port 110 or 995. Unfortunately the pop3 server of the provider responses with the self signed certificate.
Regards
Christoph

Maybe this might help:

Thanks for the hint, I tried but fetchmail does not give me the fingerprint. I tried to get the certificate with

echo “quit” | openssl s_client -showcerts -connect mail2.provider.de:995

and save the given certificate in /etch/ssl/certs/mail2.provider.de.pem, did a c_rehash, but still does not work. What now works is a “no sslcertck”.
When I try to provide the fingerprint in the fetchmailrc, I get an error, that the fingerprint is wrong.
(got it now with)

echo “quit” | openssl s_client -connect mail2.provider.de:995 | sed -n /BEGIN/,/END/p | openssl x509 -noout -fingerprint

To be honest: all the code was not my idea, but googles :slight_smile:

In my world, I saved the selfsigned certificate of the (foreign) pop3 server to my trusted certificates. Where am I wrong?

Regards
Christoph

Mastodon