From d9382ebc8fcaf704b41d00cd0a43df6fe4655473 Mon Sep 17 00:00:00 2001 From: Matthias Andree Date: Sun, 18 Aug 2019 23:54:45 +0200 Subject: Update FAQ, fix/mark broken links. --- fetchmail-FAQ.html | 193 ++++++++++++++++++----------------------------------- 1 file changed, 66 insertions(+), 127 deletions(-) diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index 40230f54..bb87222b 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -42,7 +42,7 @@ case you need the new option.

If you have a question or answer you think ought to be added to this FAQ list, file it to one of the trackers at our SourceForge.net + href="https://sourceforge.net/projects/fetchmail/">our SourceForge.net project site or post to one of the fetchmail mailing lists (see below).

@@ -96,8 +96,8 @@ below).

Fetchmail configuration file grammar questions

F1. Why does my old .fetchmailrc no longer work?
-F2. The .fetchmailrc parser won't accept my all-numeric user name.
-F3. The .fetchmailrc parser won't accept my host or username beginning with 'no'.
+F2. The .fetchmailrc parser won't accept my all-numeric user name.
+F3. The .fetchmailrc parser won't accept my host or username beginning with 'no'.
F4. I'm getting a 'parse error' message I don't understand.

Configuration questions

@@ -309,7 +309,7 @@ up to mail retrieval and rerouting for an entire client domain. Fetchmail is easy to configure, unobtrusive in operation, powerful, feature-rich, and well documented.

-

Fetchmail is Open Source +

Fetchmail is Open Source Software. The openness of the sources enables you to review and customize the code, and contribute your changes.

@@ -322,7 +322,7 @@ fetchmail's code for years, which is a hint that open source code does not audit itself.

Fetchmail is licensed under the GNU General Public +href="https://www.gnu.org/licenses/old-licenses/gpl-2.0.html">GNU General Public License v2. Details, including an exception that allows linking against OpenSSL, are in the COPYING file in the fetchmail distribution.

@@ -492,24 +492,21 @@ tips? <fetchmail-users@lists.sourceforge.net> for bug reports and people who want to discuss configuration issues of fetchmail. Please see G3 above for information you need to -report. It's a Mailman list, see http://lists.sourceforge.net/mailman/listinfo/fetchmail-users -for info and subscription.

+report.

There is a fetchmail-devel list <fetchmail-devel@lists.sourceforge.net> for people who want to discuss -fixes and improvements in fetchmail and help co-develop it. It's a -Mailman list, which you can sign up for at http://lists.sourceforge.net/mailman/listinfo/fetchmail-devel.

+fixes and improvements in fetchmail and help co-develop it.

There is also an announcements-only list, -<fetchmail-announce@lists.sourceforge.net>, which you can sign up for at http://lists.sourceforge.net/mailman/listinfo/fetchmail-announce.

+<fetchmail-announce@lists.sourceforge.net>.

+ +

For all lists, see https://sourceforge.net/p/fetchmail/mailman/ for subscription, archive and search links.

G7. So, what's this I hear about a fetchmail paper?

Eric S. Raymond also considered fetchmail development a sociological -experiment, an extended test to see if my theory about the critical -features of the Linux development model is correct.

+experiment, an extended test to see if his theory about the critical +features of the Linux development model was correct.

He considers the experiment a success. He wrote a paper about it titled The @@ -547,10 +544,7 @@ utility - unfortunately it does not detect SSL-wrapped variants).

IMAP4rev1 or UIDL-capable POP3 server.

A decent POP3/IMAP server that has recently become popular is Dovecot.

- -

Avoid qmail, - it's broken and unmaintained.

+ href="https://www.dovecot.org/">Dovecot.

G9. What is the best mail program to use with fetchmail?

@@ -561,9 +555,9 @@ use, and user agents are as a rule almost equally indifferent to how mail is delivered into your system mailbox. So any of the popular Unix mail agents – elm, pine, mh, or -mutt – will work fine with +href="http://alpine.x10host.com/alpine/">alpine (a rewrite of pine), nmh (the successor to MH), or +mutt – will work fine with fetchmail.

All this having been said, I can't resist putting in a discreet @@ -576,22 +570,16 @@ in a class by itself. You won't need its built-in POP3 support, though.

G10. How can I avoid sending my password en clair?

-

Depending on what your mail server you are talking to, this -ranges from trivial to impossible. It may even be next to -useless.

- -

In general there is little point in trying to secure your fetchmail -transaction unless you trust the security of the server host you are -retrieving mail from. Your vulnerability is more likely to be an -insecure local network on the server end (e.g. to somebody with a -TCP/IP packet sniffer intercepting Ethernet traffic between the modem -concentrator or DSL POP you dial in to and the mailserver host).

- -

Having realized this, you need to ask whether password +

You need to ask whether password encryption alone will really address your security exposure. If you think you might be snooped between server and client, it's better to use end-to-end encryption such as GnuPG (see below) on your whole -mail stream so none of it can be read. One of the advantages of +mail stream so none of it can be read.

+ +

Then, you can use SSL or TLS for complete +end-to-end encryption if you have a TLS-enabled mailserver.

+ +

One of the advantages of fetchmail over conventional SMTP-push delivery is that you may be able to arrange encryption by using ssh(1); see K3.

@@ -599,7 +587,7 @@ to arrange encryption by using ssh(1); see K3.

mail could have been snooped in transit to your POP server from wherever it originated. For best security, agree with your correspondents to use a tool such as GnuPG (Gnu Privacy Guard) or PGP + href="https://www.gnupg.org/">GnuPG (Gnu Privacy Guard) or PGP (Pretty Good Privacy).

If ssh/sshd isn't available, or you find it too complicated for @@ -614,9 +602,7 @@ to a CAPABILITY query). Do a fetchmail -v to see these, or telnet direct to the server port (110 for POP3, 143 for IMAP).

-

If your mailserver is using IMAP 2000, it'll have CRAM-MD5 -support built in. Fetchmail autodetects this; you can skip the rest -of this section.

+

Your server may have CRAM-MD5 support built in.

The POP3 facility you are most likely to have available is APOP. This is a POP3 feature supported by many servers (fetchmailconf's @@ -644,32 +630,13 @@ described by RFC1731 and RFC1734. You can tell if this one is present by looking for AUTH=KERBEROS_V4 in the CAPABILITY response.

-

If you are fetching mail from a CompuServe POP3 account, you can -use their RPA authentication. See I1 for details. -If you are fetching mail from -Microsoft Exchange using IMAP, you will be able to use NTLM.

-

Your POP3 server may have the RFC1938 OTP capability to use -one-time passwords (if it doesn't, you can get OTP patches for the -2.2 version of the Qualcomm popper from Craig -Metz). To check this, look for the string "otp-" in the +one-time passwords. To check this, look for the string "otp-" in the greeting line. If you see it, and your fetchmail was built with OPIE support compiled in (see the distribution INSTALL file), fetchmail will detect it also. When using OTP, you will specify a password but it will not be sent en clair.

-

You can get both POP3 and IMAP OTP patches from Craig Metz at http://www.inner.net/opie.

- -

These patches use a SASL authentication method named "X-OTP" -because there is not currently a standard way to do this; fetchmail -also uses this method, so the two will interoperate happily. They -better, because this is how Craig gets his mail ;-)

- -

Finally, you can use SSL or TLS for complete -end-to-end encryption if you have a TLS-enabled mailserver.

-

G11. Is any special configuration needed to use a dynamic IP address?

@@ -753,7 +720,7 @@ to use firewalls?

No. You can use fetchmail with SOCKS, the standard tool for indirecting TCP/IP through a firewall. You can find out about SOCKS, and download the SOCKS software including server and client -code, at the SOCKS distribution +code, at the http://www.socks.nec.com/ Link defunct SOCKS distribution site.

The specific recipe for using fetchmail with a firewall is at

As of release 6.3.0, fetchmail's Makefile[.in] should work flawlessly with BSD's portable make used on -FreeBSD. With older releases, use GNU make (usually installed as -gmake; otherwise try pkg_add -r gmake).

+FreeBSD.

B2. Lex bombs out while building the fetchmail lexer.

@@ -883,6 +849,11 @@ directory.

F1. Why does my old .fetchmailrc file no longer work?

+

If your file predates 6.4.0

+ +

Note that fetchmail no longer supports SSLv2, and you should +avoid SSLv3 or TLSv1.0 if possible.

+

If your file predates 6.3.0

The netsec option was discontinued and needs to be @@ -1012,30 +983,15 @@ options, like 'protocol'.

Do similarly for any 'monitor' or 'batchlimit' options.

-

F2. The .fetchmailrc parser won't accept -my all-numeric user name.

- -

Either upgrade to a post-5.0.5 fetchmail or put string quotes -around it. :-)

+

F2. The .fetchmailrc parser won't accept +my all-numeric user name.

-

The configuration file parser in older fetchmail versions -treated any all-numeric token as a number, which confused it when -it was expecting a name. String quoting forces the token's -class.

+

This referred to an older fetchmail 5.x version. Upgrade.

-

The lexical analyzer in 5.0.6 and beyond is smarter and assumes -any token following "username" or "password" is a string.

+

F3. The .fetchmailrc parser won't accept +my host or username beginning with 'no'.

-

F3. The .fetchmailrc parser won't accept -my host or username beginning with 'no'.

- -

See F2. You're caught in an unfortunate crack -between the newer-style syntax for negated options ('no keep', 'no -rewrite' etc.) and the older style run-on syntax ('nokeep', -'norewrite' etc.).

- -

Upgrade to a 5.0.6 or later fetchmail, or put string quotes -around your token.

+

This referred to an older fetchmail 5.x version. Upgrade.

F4. I'm getting a 'parse error' message I don't understand.

@@ -1230,9 +1186,8 @@ cyberspammer.com REJECT

would refuse mail from spammer@aol.com, any user from cyberspammer.com (or any host within the cyberspammer.com domain), and any host on the 192.168.212.* network. (This feature can be -used to do other things as well; see the sendmail -documentation for details)

+used to do other things as well; see the sendmail +documentation for details)

To actually set up the database, run

@@ -1415,8 +1370,7 @@ qmail?

qmail as your local SMTP server

-

Avoid qmail, - it's broken and unmaintained.

+

Don't! Avoid qmail and netqmail, they are broken and unmaintained.

Turn on the forcecr option; qmail's listener mode doesn't like header or message lines terminated with bare @@ -1556,7 +1510,7 @@ MMDF?

MMDF itself is difficult to configure, but it turns out that connecting fetchmail to MMDF's SMTP channel isn't that hard. You can read an MMDF +href="https://aplawrence.com/Unixart/uucptofetch.html">MMDF recipe that describes replacing a UUCP link with fetchmail feeding MMDF.

@@ -1865,7 +1819,7 @@ accept mail sent to user@my-company.co.uk)

Note that Demon may delete mail on the server which is more than 30 days old; see their POP3 +href="http://help.demon.net/help-articles/troubleshooting-and-faqs/30-day-mail-deletion-information/">POP3 page for details.

The SDPS extension

@@ -1931,11 +1885,12 @@ mda "sed -e '1s/^\t/Received: /' | formail | /usr/bin/procmail -d <user>" Geocities' servers sometimes think that the first 45 messages have already been read.

-

I5. How can I use fetchmail with Hotmail or Lycos Webmail?

+

I5. How can I use fetchmail with Hotmail or Lycos Webmail?

-

You can't directly. But you can use fetchmail with hotmail or lycos -webmail with the help of the HotWayDaemon +

It appears that both services offer POP3 or IMAP access these days.

+

Other than that, it might be possible to use +the HotWayDaemon daemon. You don't even need to install hotwayd as a daemon in inetd.conf but can use it as a plugin. Your configuration should look like this:

@@ -1948,29 +1903,15 @@ poll localhost protocol pop3 tracepolls

As a second option you may consider using gotmail.

+href="https://sourceforge.net/projects/getlive/">GetLive, a successor to the discontinued Gotmail.

I6. How can I use fetchmail with MSN?

-

You can't. MSN uses something that looks like POP3, except the -authentication part is nonstandard. And of course they don't -document it, so nobody but their Windows clients can speak it.

- -

This is a customer lock-in tactic; we recommend boycotting MSN -as the only appropriate response.

- -

As of 5.0.8, we have support for the client side of NTLM -authentication. It's possible this may enable fetchmail to talk to -MSN; if so, somebody should report it so this FAQ can be -corrected.

+

See I5 above.

I7. How can I use fetchmail with SpryNet?

-

The SpryNet POP3 servers mark a message queried with TOP as -seen. This means that if your connection drops in mid-message, it -may end up invisibly stuck on your mail spool. Use the -fetchall flag to ensure that it's recovered on the -next cycle.

+

SpryNet is no more.

I8. How can I use fetchmail with comcast.net or other Maillennium servers?

@@ -1981,8 +1922,8 @@ truncate "TOP" responses after 64 - 82 kB (we have varying reports), in violation of Internet Standard #53 aka. RFC-1939 (POP3). Don't mistake this for a fetchmail bug. (Reported July 2003.) Comcast documented they haven't understood what this is about in two -messages from April 2004.

+ href="https://www.mhonarc.org/archive/html/fetchmail-friends/2004-04/msg00054.html">two + messages from April 2004.

Beginning with version 6.3.2, fetchmail will fall back to the RETR command if the greeting string contains "Maillennium POP3/PROXY server", @@ -1999,7 +1940,7 @@ sites.)

schemes based on OAuth 2.0 that require clients and users to jump through quite a few hoops, and use web browsers for signing in. If this hinders access to your account through fetchmail, you may need to turn on access for "less secure apps" at https://www.google.com/settings/security/lesssecureapps.
+ href="https://myaccount.google.com/lesssecureapps">https://myaccount.google.com/lesssecureapps.
It is disputable whether an application that does not include web browsing capabilities or heavy-weight libraries is "less secure" as Google claims.

@@ -2109,7 +2050,7 @@ installed under /usr/krb5 so I run configure

Setting up Kerberos V authentication is beyond the scope of this FAQ (you may find Jim Rome's paper How to Kerberize +href="https://web.ornl.gov/~romeja/HowToKerb.html">How to Kerberize your site helpful), but you'll at least need to add a credential for imap/[mailhost] to the keytab of the mail server (IMAP doesn't just use the host key). Then you'll need to have your @@ -2128,8 +2069,8 @@ cleartext in your .fetchmailrc, or across the network.

SSL?

You'll need to have the OpenSSL libraries installed, and they -should at least be version 0.9.8, with 1.0.1 preferred. +href="https://www.openssl.org/">OpenSSL libraries installed, and they +should at least be version 1.0.2. Configure with --with-ssl. If you have the OpenSSL libraries installed in commonly-used default locations, this will suffice. If you have them installed in a non-default location, @@ -2431,8 +2372,7 @@ systems.)

R8. Fetchmail is timing out after fetching certain messages but before deleting them

-

There's a TCP/IP stalling problem under Redhat 6.0 (and possibly -other recent Linuxes) that can cause this symptom. Brian Boutel +

There's a TCP/IP stalling problem under Redhat Linux 6.0 that can cause this symptom. Brian Boutel writes:

@@ -2519,14 +2459,14 @@ applications linked against older OpenSSL versions.

Note: OpenSSL's c_rehash script is broken in several versions, which can cause malfunction if several OpenSSL tools versions are installed in parallel in separate directories. In such cases, you may need a workaround to -get things going. Assuming your OpenSSL 1.0.0 is installed in -/opt/openssl1.0.0 and your certificates are in +get things going. Assuming your OpenSSL 1.0.2 is installed in +/opt/openssl1.0.2 and your certificates are in /home/hans/certs, you'd do this (the corresponding fetchmail option is --sslcertpath /home/hans/certs on the commandline and sslcertpath /home/hans/cert in the rcfile):

-env PATH=/opt/openssl1.0.0/bin /opt/openssl1.0.0/bin/c_rehash /home/hans/certs
+env PATH=/opt/openssl1.0.2/bin /opt/openssl1.0.2/bin/c_rehash /home/hans/certs
 

R15. Help, I'm getting Authorization failure!

@@ -2697,8 +2637,7 @@ your server mailbox forever.

Workaround: add the 'fetchall' keyword to your fetch options.

-

Solution: switch to an IMAP4 -server.

+

Solution: switch to an IMAP4 server.


Multidrop-mode problems

@@ -3312,8 +3251,8 @@ happened with Domino's incoming mail format configured to "Prefers MIME". Solution: switch Domino to "Keep in Sender's format".

Reference: Anthony - Kim's list post + href="https://www.mhonarc.org/archive/html/fetchmail-friends/2006-03/msg00000.html">Anthony + Kim's list post

X10. Fetchmail delivers partial @@ -3604,7 +3543,7 @@ Using A4 format reaches far more people than (formerly known as DIN A4, from DIN 476) format. Besides that, A4 paper is available in North America. For further information on the Letter-vs-A4 story, see:

-