INSTALL Instructions for fetchmail ================================== Building from Git repository: see README.git Packagers and port/emerge maintainers: see README.packaging. If you have installed binaries (e.g. from a Linux RPM or DPKG, Solaris package or FreeBSD port), you can skip to step 5 below. --------------------------------------------------------------------- The Frequently Asked Questions list, included as the file FAQ in this distribution, answers the most common questions about configuring and running fetchmail. --------------------------------------------------------------------- 1. PREPARATIONS: USEFUL THINGS TO INSTALL FIRST 1.1 Choose a TLS/SSL library. OpenSSL has been used for a long time and is tested and proven. See README.SSL for details. Forked libraries deriving from OpenSSL and under the SSLeay or OpenSSL license cannot be used due to licensing issues, and are not supported. This affects, f.i., LibreSSL, unless it is part of the operating system (f. i., on OpenBSD). However, LibreSSL diverges from OpenSSL and is not supported by the fetchmail maintainer. Since 6.4.27, there has been experimental support for recent wolfSSL versions, which is under GNU GPL v2 or later license and hence may be easier for a consistent GPLv2+ licensing of fetchmail. This support requires a C99 or newer compiler, and requires up-to-date wolfSSL versions as wolfSSL keeps fixing vulnerabilities in newer version, so new fetchmail releases will consistently raise the bar on wolfSSL version. Choose between OpenSSL or wolfSSL. 1.1a OpenSSL If you are installing OpenSSL yourself, it is recommended that you build shared OpenSSL libraries, it works better and updating OpenSSL does not then require you to reinstall all applications that use OpenSSL. Try after unpacking OpenSSL: ./config shared && make && make test && make install 1.1b wolfSSL If you are installing wolfSSL yourself, be sure to use a hardened build with all OpenSSL APIs - you may add --enable-debug, and note that --enable-opensslextra does NOT suffice. Also note that overriding AM_CFLAGS or CFLAGS in wolfSSL's build may break the OpenSSL compatibility layer. ./configure --enable-opensslall --enable-harden make && make test && make install fetchmail's configure option --with-wolfssl takes precedence over --with-ssl. 1.2 gettext (internationalization) Internationalization of fetchmail requires GNU gettext (libintl and libiconv). Fetchmail, as of version 6.3.0, no longer ships its own libintl copy. Note that some systems include gettext in their libc. 1.3 OTP/OPIE If you want support for RFC1938-compliant one-time passwords, you'll need to install Craig Metz's OPIE libraries first and *make sure they're on the normal library path* where configure will find them. Then configure with --enable-OPIE, and fetchmail build process will detect them and compile appropriately. Note: there is no point in doing this unless your server is OTP-enabled. To test this, telnet to the server port and give it a valid USER id. If the OK response includes the string "otp-", you should install OPIE. You need version 2.32 or better. The OPIE library sources are available at http://www.inner.net/pub/opie/ You can also find OPIE and IPV6-capable servers there. 1.4 IPv6 Building in IPv6 support *requires* an up-to-date operating system. Recent Linux versions with glibc 2.1.1 or newer, FreeBSD, Solaris should be fine. If you have trouble with intl or gettext functions, try using the configure option '--with-included-gettext'. 2. CONFIGURE 2.1 Basic options Installing fetchmail is easy. From within this directory, type: When using OpenSSL: ./configure It is possible to either specify the install path, or pkg-config module name, with --with-ssl, examples: ./configure --with-ssl=/opt/openssl3 ./configure --with-ssl=eopenssl30 When using wolfSSL (adjust the trust file location, see below): ./configure --with-wolfssl \ WOLFSSL_TRUST_FILE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem Here, you need to adjust the file path according to where your ca_cert_nss or ca-certificates package installs the default trust bundle in PEM format with BEGIN CERTIFICATE lines. wolfSSL 5.1 cannot parse BEGIN TRUSTED CERTIFICATE bundles. Some typical locations as of 2021 are: on Fedora Linux: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem on Debian/Ubuntu: /etc/ssl/certs/ca-certificates.crt on FreeBSD: /usr/local/share/certs/ca-root-nss.crt The autoconfiguration script will spend a bit of time figuring out the specifics of your system. If you want to specify a particular compiler (e.g. you have gcc but want to compile with cc), set the environment variable CC before you run configure. The configure script accepts certain standard configuration options. These include --prefix, --exec-prefix, --bindir, --infodir, --mandir, and --srcdir. Run 'configure --help' for more. POP2 support is no longer compiled in by default, as POP2 is way obsolete and there don't seem to be any live servers for it anymore. You can configure it back in if you want with 'configure --enable-POP2', but leaving it out cuts the executable's size slightly. Support for CompuServe's RPA authentication method (rather similar to APOP) is available but also not included in the standard build. You can compile it in with 'configure --enable-RPA'. Support for Microsoft's NTLM authentication method is also available but not included in the standard build either. You can compile it in with 'configure --enable-NTLM'. Support for authentication using RFC1731 GSSAPI is available but also not included by default. You can compile it in with 'configure --with-gssapi', which looks for GSSAPI support in standard locations (/usr, /usr/local). If you set --with-GSSAPI=DIR you can direct the build to look for GSSAPI support under DIR. Hooks for the OpenSSL library (see http://www.openssl.org/) are included in the distribution. Fetchmail 6.4 enables these by default. Fetchmail's configure script will query pkg-config (pkgconf) or failing that, probe some default locations for the include/openssl/ssl.h file. If this doesn't work (i. e. configure prints "SSL support enabled, but OpenSSL not found" and aborts), you need to give the explicit prefix of your OpenSSL installation (specify the directory that contains OpenSSL's "include" subdirectory), for instance: "--with-ssl=/example/path" would assume that you have an /example/path/include/openssl/ssl.h header file. 2.2 Advanced options Specifying --with-kerberos=DIR or --with-kerberos5=DIR will tell the fetchmail build process to look in DIR for Kerberos support. Configure normally looks in /usr/kerberos and /usr/athena; if you specify this option with an argument it will look in DIR first. Unfortunately, there doesn't seem to be good standardization of where Kerberos lives. If your configuration doesn't match one of the four that fetchmail's configure.in knows about, you may find you have to hand-hack the Makefile a bit. You may also want to hand-hack the Makefile if you're writing a custom or bleeding-edge resolver library. In that case you will probably want to add -lresolv or whatever to the definition of LOADLIBS. It is also possible to explicitly condition out the support for POP3, IMAP, and ETRN (with configure arguments of --disable-POP3, --disable-IMAP, and --disable-ETRN respectively). 3. BUILD Run make This should compile fetchmail for your system. If fetchmail fails to build properly, see the FAQ section B on build-time problems. On multi-core computers, run make -j8 on a computer that supports 8 CPU threads at the same time (for instance, Octocore computers or Quad-core computers supporting two threads per core). 4. INSTALL Lastly, become root and run make install This will install fetchmail. By default, fetchmail will be installed in /usr/local/bin, with the man page in /usr/local/man/man1. You can use the configure options --bindir and --mandir to change these. If you are tight on disk space, you can run instead make install-strip NOTE: If you are using an MTA other than sendmail (such as qmail, exim, or smail), see the FAQ (section T) for discussion of any special configuration steps that may be necessary. 5. SET UP A RUN CONTROL FILE See the man page for a description of how to configure your individual preferences. If you're upgrading from popclient, see question F4 in the FAQ file. 6. TEST I strongly recommend that your first fetchmail run use the -v, -a and -k options, in case there is something not quite right with your server, your local delivery configuration or your port 25 listener. Also, beware of aliases that direct your local mail back to the server host! This software is known to work with the qpop/popper series of freeware POP3 servers; also with the IMAP2bis and IMAP4 servers that are distributed with Pine from the University of Washington; also with the Cyrus IMAP server from CMU. This covers all the servers commonly hosted on Linux and *BSD systems. It also works with the IMAP service of Microsoft Exchange, despite the fact that Microsoft Exchange is extremely broken (returns incorrect message lengths in LIST responses). See the FAQ, section S, for detailed advice on running with various servers. 7. REPORTING BUGS You should read the FAQ file question G3 before reporting a bug. 8. USE IT Once you've verified your configuration, you can start fetchmail to run in background and forget about it. Enjoy! END of text file INSTALL