sanity check well-known POP3/IMAP ports vs. SSL

Gitlab: Closes #31.
(cherry picked from commit da6eb347af326912560f56081d603a0a78c3d56d)

2 files changed, 13 insertions, 0 deletions

diff --git a/NEWS b/NEWS
index 8afb8e70..3caf3b36 100644
--- a/NEWS
+++ b/NEWS
@@ -130,6 +130,9 @@ fetchmail-6.4.22 (not yet released):
 * IMAP: When fetchmail is in not-authenticated state and the server volunteers 
   CAPABILITY information, use it and do not re-probe. (After STARTTLS, fetchmail 
   must and will re-probe explicitly.)
+* For typical POP3/IMAP ports 110, 143, 993, 995, if port and --ssl option
+  do not match, emit a warning and continue. Closes Gitlab #31.
+  (cherry-picked from 6.5 beta branch "legacy_6x")
 
 --------------------------------------------------------------------------------
 fetchmail-6.4.21 (released 2021-08-09, 30042 LoC):
diff --git a/fetchmail.c b/fetchmail.c
index 6ca9db94..ddac95df 100644
--- a/fetchmail.c
+++ b/fetchmail.c
@@ -1412,6 +1412,16 @@ static int load_params(int argc, char **argv, int optind)
 				   ctl->server.pollname);
 		    exit(PS_SYNTAX);
 		}
+		switch (ctl->server.protocol) {
+			case P_POP3: case P_APOP:
+				if (port == 995 && !ctl->use_ssl) report(stderr, GT_("WARNING: %s configuration invalid, you normally need --ssl for port 995/service pop3s.\n"), ctl->server.pollname);
+				if (port == 110 &&  ctl->use_ssl) report(stderr, GT_("WARNING: %s configuration invalid, you should normally omit --ssl for port 110/service pop3.\n"), ctl->server.pollname);
+				break;
+			case P_IMAP:
+				if (port == 993 && !ctl->use_ssl) report(stderr, GT_("WARNING: %s configuration invalid, you normally need --ssl for port 993/service imaps.\n"), ctl->server.pollname);
+				if (port == 143 &&  ctl->use_ssl) report(stderr, GT_("WARNING: %s configuration invalid, you should normally omit --ssl for port 143/service imap.\n"), ctl->server.pollname);
+				break;
+		}
 	    }
 	    if (ctl->listener == LMTP_MODE)
 	    {