aboutsummaryrefslogtreecommitdiffstats
path: root/website/index.html
diff options
context:
space:
mode:
Diffstat (limited to 'website/index.html')
-rw-r--r--website/index.html285
1 files changed, 285 insertions, 0 deletions
diff --git a/website/index.html b/website/index.html
new file mode 100644
index 00000000..344513ed
--- /dev/null
+++ b/website/index.html
@@ -0,0 +1,285 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
+ "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel="stylesheet" href="sitestyle.css" type="text/css">
+<meta name="description" content="The Fetchmail Project">
+<meta name="keywords" content="fetchmail, pop3, imap, email, mail">
+<meta name="MSSmartTagsPreventParsing" content="TRUE">
+<title>Fetchmail</title>
+</head>
+<body>
+
+<div id="Header">
+<table width="100%" cellpadding="0" summary="Canned page header">
+<tr>
+<td>Fetchmail</td>
+<td align="right"><!-- update date -->2008-06-17</td>
+</tr>
+</table>
+</div>
+
+<div id="Menu">
+ <hr/>
+ <a href="index.html" title="Main">Main</a><br />
+ <a href="fetchmail-features.html">Features</a><br />
+ <a href="fetchmail-man.html">Manual</a><br />
+ <a href="fetchmail-FAQ.html" title="Fetchmail FAQ">FAQ</a><br />
+ <a href="fetchmail-FAQ.pdf" title="Fetchmail FAQ as PDF">FAQ (PDF)</a><br />
+ <a href="design-notes.html">Design Notes</a><br />
+ <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">Download</a><br />
+ <a href="http://mknod.org/svn/fetchmail/">Development Code</a><br />
+ <a href="http://developer.berlios.de/projects/fetchmail/">Project Page</a><br />
+ <hr/>
+</div>
+
+<div id="Content">
+
+<img src="bighand.png" width="100" height="71" alt="logo: a hand presenting an envelope" align="right" />
+
+<h1>Fetchmail</h1>
+<!--
+<div style="background-color:#ffffff;color:#008000;"> <h1>fetchmail 6.3.6 release candidate #5</h1>
+<p>On 2006-12-19, <a
+href="http://mandree.home.pages.de/fetchmail/">fetchmail-6.3.6-rc5 was released</a>, fixing several annoying bugs. <a href="http://mandree.home.pages.de/fetchmail/NEWS-6.3.6-rc5.txt">Click here for details.</a></p> </div>
+-->
+
+<div style="background-color:#80ff80;color:#000000;">
+<h1>ADDITIONAL FIXES FOR FETCHMAIL 6.3.8 RELEASE</h1>
+<p>New 2008-06-17: After the fetchmail-6.3.8 release described below,
+two denial-of-service vulnerabilities (<a href="#cve-2007-4565">CVE-2007-4565</a>) were discovered, but a new
+release is not yet available. Patches are parts of the security announcements:</p>
+<ul>
+ <li><a href="#cve-2008-2711">CVE-2008-2711:</a> <a
+ href="fetchmail-SA-2008-01.txt">fetchmail-SA-2008-01.txt</a></li>
+ <li><a href="#cve-2007-4565">CVE-2007-4565:</a> <a
+ href="fetchmail-SA-2007-02.txt">fetchmail-SA-2007-02.txt</a></li>
+</ul>
+<p>On 2008-04-24, the <a href="fetchmail-FAQ.html">FAQ</a> <a
+ href="fetchmail-FAQ.pdf">(also available as PDF)</a>, <a
+ href="fetchmail-man.html">manual page</a> and <a href="fetchmail-SA-2007-01.txt">fetchmail-SA-2007-01.txt (CVE-2007-1558)</a> have been revised.</p>
+<p>On 2007-04-06, <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">fetchmail-6.3.8
+was released (this is the download link),</a> fixing up further fallout from the CVE-2006-5867 fix, fixing long-standing bugs, and strengthening the APOP client in response to CVE-2007-1558. <a href="https://developer.berlios.de/project/shownotes.php?group_id=1824&amp;release_id=12610">Click here to see the change details.</a></p> </div>
+
+<div style="background-color:#ffff80;color:#000000;font-size:80%;"> <h1>FETCHMAIL 6.2.X UNSUPPORTED AND VULNERABLE - USE 6.3.X INSTEAD</h1>
+<p>fetchmail 6.2.X versions are susceptible to CVE-2006-5867 and CVE-2007-1558 and should be replaced by the most current 6.3.X version. Support has been discontinued as of 2006-01-22.</p>
+
+<!--
+<p>On 2006-01-22, fetchmail 6.2.X has reached end of its support life. No
+further releases of 6.2.X versions will be made and no bug reports for 6.2.X
+will be accepted unless the bug persists in the 6.3.X releases. Users are asked
+to upgrade to the most current 6.3.X release; care was taken to keep 6.3.X as
+compatible as possible with 6.2.X to ensure a smooth upgrade experience. See
+above for 6.3.X release news.</p>
+-->
+
+</div>
+
+<div style="background-color:#ff8080;color:#000000;font-size:85%"> <h1>SECURITY ALERTS</h1>
+<p><strong>NEW</strong> <a name="cve-2008-2711" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711">CVE-2008-2711:</a> Fetchmail can <a href="fetchmail-SA-2008-01.txt">crash in verbose mode when logging long message headers.</a> This bug will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2008-01.txt">patch contained in the security announcement.</a></p>
+<p><a name="cve-2007-4565" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565">CVE-2007-4565:</a> Fetchmail can <a href="fetchmail-SA-2007-02.txt">crash when the SMTP server refuses a warning message generated by fetchmail.</a> This bug was introduced in fetchmail 4.6.8 and will be fixed in release 6.3.9. For the nonce, use the <a href="fetchmail-SA-2007-02.txt">patch contained in this security announcement.</a></p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558">CVE-2007-1558:</a> Fetchmail's APOP client was found to <a href="fetchmail-SA-2007-01.txt">validate APOP challenges insufficiently, making man-in-the-middle attacks on APOP secrets unnecessarily easier than need be.</a> This bug was long-standing, fetchmail 6.3.8 validates the APOP challenge stricter.</p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974">CVE-2006-5974:</a> Fetchmail was found to <a href="fetchmail-SA-2006-03.txt">crash when refusing a message that was bound to be delivered by an MDA.</a> This bug was introduced into fetchmail 6.3.5 and fixed in 6.3.6.</p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867">CVE-2006-5867:</a> Fetchmail was found to <a href="fetchmail-SA-2006-02.txt">omit TLS or send the password in clear text despite the configuration stating otherwise.</a> This was a long-standing bug reported by Isaac Wilcox, fixed in fetchmail 6.3.6. There will be no 6.2.X releases to fix this bug in 6.2.X.</p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321">CVE-2006-0321:</a> Fetchmail was found to <a href="fetchmail-SA-2006-01.txt">crash after bouncing a message with bad addresses. This bug was introduced with fetchmail 6.3.0 and fixed in fetchmail 6.3.2.</a></p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348">CVE-2005-4348:</a> Fetchmail was found to contain <a href="fetchmail-SA-2005-03.txt">a bug (null pointer dereference) that can be exploited to a denial of service attack</a> when fetchmail runs in multidrop mode. 6.2.5.5 and 6.3.1 have this bug fixed.</p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088">CVE-2005-3088:</a> Fetchmailconf was found to <a href="fetchmail-SA-2005-02.txt">open the configuration files world-readable, writing data to them, and only then tightening up permissions</a>, which may cause password information to be visible to other users. This bug affected fetchmail 6.2.0, 6.2.5 and 6.2.5.2. The bug is fixed in fetchmail 6.2.5.4 and 6.3.0.</p>
+<p><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335">CVE-2005-2335:</a> Fetchmail was found to contain a <a href="fetchmail-SA-2005-01.txt">remotely exploitable code injection vulnerability (potentially privileged code)</a> in the POP3 code, affecting both the 6.2.0 and 6.2.5 releases. 6.2.5.2, 6.2.5.4 and 6.3.0 have got this bug fixed. (Other versions have not been checked if they contain this bug.)</p>
+
+<p><strong>Please <a href="http://developer.berlios.de/project/showfiles.php?group_id=1824">update to fetchmail version 6.3.8</a> and apply the two patches from the security announcements CVE-2007-4565 and CVE-2008-2711 above.</strong></p>
+
+</div>
+
+<h1>What fetchmail does:</h1>
+
+<p>Fetchmail is a full-featured, robust, well-documented
+remote-mail retrieval and forwarding utility intended to be used over
+on-demand TCP/IP links (such as SLIP or PPP connections). It supports
+every remote-mail protocol now in use on the Internet: POP2, POP3,
+RPOP, APOP, KPOP, all flavors of <a
+href="http://www.imap.org">IMAP</a>, ETRN, and ODMR. It can even
+support IPv6 and IPSEC.</p>
+
+<p>Fetchmail retrieves mail from remote mail servers and forwards it via
+SMTP, so it can then be read by normal mail user agents such as <a
+href="http://www.mutt.org/">mutt</a>, elm(1) or BSD Mail.
+It allows all your system MTA's filtering, forwarding, and aliasing
+facilities to work just as they would on normal mail.</p>
+
+<p>Fetchmail offers better protection against password-sniffing than any
+other Unix remote-mail client. It supports APOP, KPOP, OTP, Compuserve
+RPA, Microsoft NTLM, and IMAP RFC1731 encrypted authentication methods
+including CRAM-MD5 to avoid sending passwords en clair. It can be
+configured to support end-to-end encryption via tunneling with <a
+href="http://www.openssh.com/">ssh, the Secure Shell</a>.</p>
+
+<p>Fetchmail can be used as a POP/IMAP-to-SMTP gateway for an entire DNS
+domain, collecting mail from a single drop box on an ISP and
+SMTP-forwarding it based on header addresses. (We don't really
+recommend this, though, as it may lose important envelope-header
+information. ETRN or a UUCP connection is better.)</p>
+
+<p>Fetchmail can be started automatically and silently as a system daemon
+at boot time. When running in this mode with a short poll interval,
+it is pretty hard for anyone to tell that the incoming mail link is
+not a full-time "push" connection.</p>
+
+<p>Fetchmail is easy to configure. You can edit its dotfile directly, or
+use the interactive GUI configurator (fetchmailconf) supplied with the
+fetchmail distribution. It is also directly supported in linuxconf
+versions 1.16r8 and later.</p>
+
+<p>Fetchmail is fast and lightweight. It packs all its standard
+features (POP3, IMAP, and ETRN support) in 196K of core on a
+Pentium under Linux.</p>
+
+<p>Fetchmail is <a href="http://www.opensource.org">open-source</a>
+and <a href="http://www.gnu.org/philosophy/free-sw.html">free
+software</a>.</p>
+
+<h1>Where to find out more about fetchmail:</h1>
+
+<p>See the <a href="fetchmail-features.html">Fetchmail Feature List</a> for more
+about what fetchmail does.</p>
+
+<p>See the on-line <a href="fetchmail-man.html">manual page</a> for
+basics.</p>
+
+<p>See the <a href="fetchmail-FAQ.html">HTML Fetchmail FAQ</a> for
+troubleshooting help.</p>
+
+<p>See the <a href="design-notes.html">Fetchmail Design Notes</a>
+for discussion of some of the design choices in fetchmail.</p>
+
+<p>See the project's <a href="todo.html">To-Do list</a> for indications
+of known problems and requested features.</p>
+
+<p>The developers use <a
+href="http://subversion.tigris.org/">Subversion</a> for revision control.
+To get the latest development version, point your subversion client at <a
+href="http://mknod.org/svn/fetchmail/trunk/">http://mknod.org/svn/fetchmail/trunk/</a>.</p>
+
+<p>See the <a
+href="http://developer.berlios.de/projects/fetchmail/">project
+page</a> for more, including <a
+href="http://developer.berlios.de/project/showfiles.php?group_id=1824">downloads</a>.
+(However, note that we no longer use the subversion repository that Berlios provides.)</p>
+
+<h1>Getting help with fetchmail:</h1>
+
+<p>
+There is a fetchmail-users list for help and other user discussion
+of fetchmail. It's a MailMan list, which you can sign up for at <a
+href="http://lists.berlios.de/mailman/listinfo/fetchmail-users">
+fetchmail-users@lists.berlios.de</a>. There is also a
+fetchmail-devel list for people who want to discuss fixes and
+improvements in fetchmail and help co-develop it. That one is at <a
+href="http://lists.berlios.de/mailman/listinfo/fetchmail-devel">
+fetchmail-devel@lists.berlios.de</a>.
+Finally, there is an announcements-only list, <a
+href="http://lists.berlios.de/mailman/listinfo/fetchmail-announce">
+fetchmail-announce@lists.berlios.de</a>.</p>
+
+<p>Note: before submitting a question to the lists, <strong>please read
+the <a href="fetchmail-FAQ.html">FAQ</a></strong> (especially item <a
+href="fetchmail-FAQ.html#G3">G3</a> on how to report bugs). We
+tend to get the same three newbie questions over and over again. The
+FAQ covers them like a blanket.</p>
+
+<h1>Maintainer History</h1>
+<p>Fetchmail originated as a program called <i>popclient</i>, written
+by Carl Harris. In 1996, <a href="http://www.catb.org/~esr/">Eric
+S. Raymond</a> took over; he soon renamed the program to fetchmail after
+adding IMAP support.</p>
+<p>In 2004 a new team took over, led by <a
+href="http://developer.berlios.de/users/rfunk/">Rob Funk</a>, <a
+href="http://developer.berlios.de/users/bob/">Graham Wilson</a>, and <a
+href="http://developer.berlios.de/users/m-a/">Matthias Andree</a>. Since then,
+Graham Wilson has retreated, and <a
+href="http://developer.berlios.de/users/shetye/">Sunil Shetye</a> has
+contributed several important pieces of code.</p>
+
+<h1>You can help improve fetchmail:</h1>
+
+<p>We welcome your code contributions. But even if you don't write code,
+you can help fetchmail improve.</p>
+
+<p><strong>If you administer a site that runs a post-office server, you may be
+able help improve fetchmail by lending us a test account on your site.
+Note that we do not need a shell account for this purpose, just a
+mailbox and a mail address. Nor are we interested in collecting maildrops per
+se -- what we're collecting is different <em>kinds of servers</em>.</strong></p>
+
+<p>Before each release, we run a test harness that sends date-stamped
+test mail to each site on our regression-test list, then tries to
+retrieve it. Please take a look at the <a href="testservers.html">
+list of test servers</a>. If you can lend us an account on a kind
+of server that is <em>not</em> already on this list, please do.</p>
+
+<h1>Where you can use fetchmail:</h1>
+
+<p>The fetchmail code was developed under Linux, but has also been
+extensively tested under 4.4BSD, SunOS, Solaris, AIX, and NEXTSTEP. It
+should be readily portable to other Unix variants (it requires only
+POSIX plus BSD sockets, and uses GNU autoconf).</p>
+
+<p>Fetchmail is supported only for Unix by its official maintainers.
+However, it is reported to build and run correctly under BeOS,
+AmigaOS, Rhapsody, and QNX as well. There is a CygWin port.</p>
+
+<h1>Related works</h1>
+
+<h2>Similar software</h2>
+
+<p><strong>fdm:</strong> A recently appeared software package that integrates basic filtering is <a href="http://fdm.sourceforge.net/">Nicholas Marriott's fdm</a>.
+
+<p><strong>getmail:</strong> When fetchmail's development was
+stalled before the latest team took over, <a
+href="http://pyropus.ca/software/getmail/">Charles Cazabon's getmail</a> came
+along as an intended replacement. It still doesn't do everything that
+fetchmail does, and often suffers from Python library shortcomings, for
+instance when it comes to SSL, but it's close enough to give us a bit of
+competition.</p>
+
+<p><strong>animail:</strong> Another contender with integrated filtering is <a href="http://juanjoalvarez.net/animaileng">Juanjo Álvarez Martínez's Animail</a>.</p>
+
+<h2>Complementary and extension software</h2>
+
+<p>Jochen Hayek is developing a set of
+<a href="http://www.b.shuttle.de/hayek/JHimap_utils/">
+IMAP tools in Python</a> that read your .fetchmailrc file and are
+designed to work with fetchmail. Jochen's tools can report selected
+header lines, or move incoming messages to named mailboxes based on
+the contents of headers.</p>
+
+<!-- no longer true
+<p>Donncha O Caoihm has written a Perl script called
+<a href="http://blogs.linux.ie/xeer/install-sendmail/">install-sendmail</a>
+that assists you in installing sendmail and fetchmail together.</p>
+-->
+
+<p>Peter Hawkins has written a script called <a
+href="http://linux.cudeso.be/linuxdoc/gotmail.php">gotmail</a> that
+can retrieve Hotmail. Another script, <a
+href="http://yosucker.sourceforge.net">yosucker</a>, can retrieve
+Yahoo webmail.</p>
+
+<p>There's a program called
+<a href="http://mailfilter.sourceforge.net/">mailfilter</a> which can be used
+to do spam filtering, that works particularly well called from fetchmail's
+<code>preconnect</code> directive.</p>
+
+<p>A hacker identifying himself simply as 'Steines' has written a
+filter which rewrites the to-line with a line which only includes
+receipients for a given domain and renames the old to-line. It also
+rewrites the domain-part of addresses if the offical domain is
+different from the local domain. You can find it <a
+href="http://www.steines.com/mailf/">here</a>.</p>
+
+</div>
+
+<a href="http://developer.berlios.de">
+<img src="http://developer.berlios.de/bslogo.php?group_id=1824&amp;type=1" width="124" height="32" border="0" alt="BerliOS Logo" align="right" /></a>
+
+</body>
+</html>
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-21 22:34:16 +0000