From d6c728ad218f79305ad759eba6d787d125c67ec3 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Sun, 11 Feb 2001 23:26:10 +0000 Subject: Let's get rid of the old protocols with preauthentication bundled in. svn path=/trunk/; revision=3071 --- fetchmail-FAQ.html | 48 ++++++++++++++++++++++-------------------------- 1 file changed, 22 insertions(+), 26 deletions(-) (limited to 'fetchmail-FAQ.html') diff --git a/fetchmail-FAQ.html b/fetchmail-FAQ.html index d4d0123e..84d06ae9 100644 --- a/fetchmail-FAQ.html +++ b/fetchmail-FAQ.html @@ -10,7 +10,7 @@
Back to Fetchmail Home Page To Site Map -$Date: 2001/02/10 21:24:24 $ +$Date: 2001/02/11 23:26:07 $

Frequently Asked Questions About Fetchmail

@@ -352,7 +352,7 @@ on the Web with a search for that title.

G7. What is the best server to use with fetchmail?

-The short answer: IMAP4rev1 running over Unix.

+The short answer: IMAP 2000 running over Unix.

Here's a longer answer:

@@ -374,7 +374,12 @@ the fetchmailconf utility).

If you have the option, we recommend using or installing an IMAP4rev1 server; it has the best facilities for tracking message `seen' states. It also recovers from interrupted connections more gracefully than -POP3, and enables some significant performance optimizations.

+POP3, and enables some significant performance optimizations. The new +IMAP 2000 +is particularly nice, as it supports CRAM-MD5 so you don't have to +ship your mail password over the net en clair (fetchmail autodetects +this capability). Older versions had support for GSSAPI giving a +similar effect, .

Don't be fooled by NT/Exchange propaganda. M$ Exchange is just plain broken (see item S2) and NT cannot handle the @@ -384,13 +389,6 @@ over Solaris! For extended discussion, see John Kirch's excellent white paper on Unix vs. NT performance.

-You can find sources for IMAP software at The IMAP Connection; we like the -open-source UW IMAP -server, which is the reference implementation of IMAP. UW IMAP's -support for GSSAPI gives you a good way to authenticate without -sending a password en clair.

- Source for a high-quality supported implementation of POP is available from the Eudora FTP site. Don't use 2.5, which has a rather restrictive license. @@ -462,7 +460,11 @@ response to a CAPABILITY query). Do a fetchmail -v to see these, or telnet direct to the server port (110 for POP3, 143 for IMAP).

-The facility you are most likely to have available is APOP. This is a +If your mailserver is using IMAP 2000, you'll have CRAM-MD5 support +built in. Fetchmail autodetects this; you can skip the rest of this +section.

+ +The POP3 facility you are most likely to have available is APOP. This is a POP3 feature supported by many servers (fetchmailconf's autoprobe facility will detect it and tell you if you have it). If you see something in the greeting line that looks like an @@ -478,12 +480,12 @@ Alternatively, you may have Kerberos available. This may require you to set up some magic files in your home directory on your client machine, but means you can omit specifying any password at all.

-Fetchmail supports two different Kerberos schemes. One is a -POP3 variant called KPOP; consult the documentation of your mail -server to see if you have it (one clue is the string "krb-IV" in the -greeting line on port 110). The other is an IMAP facility described -by RFC1731. You can tell if this one is present by looking for -AUTH=KERBEROS_V4 in the CAPABILITY response.

+Fetchmail supports two different Kerberos schemes. One is a POP3 +variant called KPOP; consult the documentation of your mail server to +see if you have it (one clue is the string "krb-IV" in the greeting +line on port 110). The other is an IMAP and POP3 facility described +by RFC1731 and RFC1734. You can tell if this one is present by looking +for AUTH=KERBEROS_V4 in the CAPABILITY response.

If you are fetching mail from a CompuServe POP3 account, you can use their RPA authentication (which works much like APOP). See -Sadly, there is at present (September 1999) no OTP or APOP-like -facility generally available on IMAP servers. However, there do exist -patches which will OTP-enable the University of Washington IMAP -daemon, version 4.2-FINAL. We have a report that the GSSAPI support -in fetchmail works with the GSSAPI support in the most recent version -of UW IMAP. Or you can use SSL for complete -end-to-end encryption if you have an SSL-enabled mailserver.

- You can get both POP3 and IMAP OTP patches from Craig Metz at http://www.inner.net/pub/.

@@ -514,6 +508,8 @@ there is not currently a standard way to do this; fetchmail also uses this method, so the two will interoperate happily. They better, because this is how Craig gets his mail ;-)

+Finally, you can use SSL for complete +end-to-end encryption if you have an SSL-enabled mailserver.

G10. Is any special configuration needed to use a dynamic IP address?

@@ -2967,7 +2963,7 @@ switching to IMAP and using a short expunge interval.

Back to Fetchmail Home Page To Site Map -$Date: 2001/02/10 21:24:24 $ +$Date: 2001/02/11 23:26:07 $

Eric S. Raymond <esr@snark.thyrsus.com>
-- cgit v1.2.3