path: root/INSTALL

INSTALL Instructions for fetchmail
==================================

Building from Git repository: see README.git

Packagers and port/emerge maintainers: see README.packaging.


If you have installed binaries (e.g. from a Linux RPM or DPKG, Solaris
package or FreeBSD port), you can skip to step 5 below.

---------------------------------------------------------------------
The Frequently Asked Questions list, included as the file FAQ in this
distribution, answers the most common questions about configuring and
running fetchmail.
---------------------------------------------------------------------


1. PREPARATIONS: USEFUL THINGS TO INSTALL FIRST

1.1 Choose a TLS/SSL library.

OpenSSL has been used for a long time and is tested and proven.
See README.SSL for details.

Forked libraries deriving from OpenSSL and under the SSLeay or OpenSSL license
cannot be used due to licensing issues, and are not supported.
This affects, f.i., LibreSSL.

Since 6.4.25, there is experimental support for wolfSSL 5.0.0 or newer,
which is under GNU GPL v2 or later license and hence may be easier for
a consistent GPLv2+ licensing of fetchmail.

Choose between OpenSSL or wolfSSL.

1.1a OpenSSL

If you are installing OpenSSL yourself, it is recommended that you build
shared OpenSSL libraries, it works better and updating OpenSSL does not
then require you to reinstall all applications that use OpenSSL.

Try after unpacking OpenSSL:

	./config shared && make && make test && make install

1.1b wolfSSL

If you are installing wolfSSL yourself, be sure to use a hardened build
with all OpenSSL APIs (as of 5.0.0):

	./configure --enable-opensslall --enable-harden
	make && make test && make install

fetchmail's configure option --with-wolfssl takes precedence over --with-ssl.

1.2 gettext (internationalization)

Internationalization of fetchmail requires GNU gettext (libintl and
libiconv). Fetchmail, as of version 6.3.0, no longer ships its own
libintl copy.  Note that some systems include gettext in their libc.

1.3 OTP/OPIE

If you want support for RFC1938-compliant one-time passwords, you'll
need to install Craig Metz's OPIE libraries first and *make sure
they're on the normal library path* where configure will find them.  Then
configure with --enable-OPIE, and fetchmail build process will detect
them and compile appropriately.

Note: there is no point in doing this unless your server is
OTP-enabled.  To test this, telnet to the server port and give it
a valid USER id.  If the OK response includes the string "otp-",
you should install OPIE.  You need version 2.32 or better.

The OPIE library sources are available at http://www.inner.net/pub/opie/
You can also find OPIE and IPV6-capable servers there.

1.4 IPv6

Building in IPv6 support *requires* an up-to-date operating system.
Recent Linux versions with glibc 2.1.1 or newer, FreeBSD, Solaris should
be fine.

If you have trouble with intl or gettext functions, try using the
configure option '--with-included-gettext'.


2. CONFIGURE

2.1 Basic options

Installing fetchmail is easy.  From within this directory, type:

When using OpenSSL:

  ./configure

When using wolfSSL (adjust the location, see below):

  ./configure --with-wolfssl \
  WOLFSSL_TRUST_FILE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

Here, you need to adjust the file path according to where your ca_cert_nss or
ca-certificates package installs the default trust bundle in PEM format with
BEGIN CERTIFICATE lines. Some typical locations as of 2021 are:
on Fedora Linux:  /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
on Debian/Ubuntu: /etc/ssl/certs/ca-certificates.crt
on FreeBSD:       /usr/local/share/certs/ca-root-nss.crt

The autoconfiguration script will spend a bit of time figuring out the
specifics of your system.  If you want to specify a particular compiler
(e.g. you have gcc but want to compile with cc), set the environment
variable CC before you run configure.

The configure script accepts certain standard configuration options.
These include --prefix, --exec-prefix, --bindir, --infodir, --mandir,
and --srcdir.  Run 'configure --help' for more.

POP2 support is no longer compiled in by default, as POP2 is way obsolete
and there don't seem to be any live servers for it anymore.  You can
configure it back in if you want with 'configure --enable-POP2', but
leaving it out cuts the executable's size slightly.

Support for CompuServe's RPA authentication method (rather similar to
APOP) is available but also not included in the standard build.  You
can compile it in with 'configure --enable-RPA'.

Support for Microsoft's NTLM authentication method is also available
but not included in the standard build either.  You can compile it in
with 'configure --enable-NTLM'.

Support for authentication using RFC1731 GSSAPI is available
but also not included by default.  You can compile it in with
'configure --with-gssapi', which looks for GSSAPI support in standard
locations (/usr, /usr/local).  If you set --with-GSSAPI=DIR
you can direct the build to look for GSSAPI support under DIR.

Hooks for the OpenSSL library (see http://www.openssl.org/) are
included in the distribution.  Fetchmail 6.4 enables these by default.
Fetchmail's configure script will query pkg-config (pkgconf) or failing that,
probe some default locations for the include/openssl/ssl.h file. If this
doesn't work (i. e. configure prints "SSL support enabled, but OpenSSL not
found" and aborts), you need to give the explicit prefix of your OpenSSL
installation (specify the directory that contains OpenSSL's "include"
subdirectory), for instance: "--with-ssl=/example/path" would assume that you
have an /example/path/include/openssl/ssl.h header file.

2.2 Advanced options

Specifying --with-kerberos=DIR or --with-kerberos5=DIR will tell the
fetchmail build process to look in DIR for Kerberos support.
Configure normally looks in /usr/kerberos and /usr/athena; if you
specify this option with an argument it will look in DIR first.

Unfortunately, there doesn't seem to be good standardization of where
Kerberos lives.  If your configuration doesn't match one of the four
that fetchmail's configure.in knows about, you may find you have to
hand-hack the Makefile a bit.

You may also want to hand-hack the Makefile if you're writing a custom
or bleeding-edge resolver library.  In that case you will probably
want to add -lresolv or whatever to the definition of LOADLIBS.

It is also possible to explicitly condition out the support for
POP3, IMAP, and ETRN (with configure arguments of --disable-POP3,
--disable-IMAP, and --disable-ETRN respectively).


3. BUILD

Run

	make

This should compile fetchmail for your system.  If fetchmail fails to build
properly, see the FAQ section B on build-time problems.

On multi-core computers, run

	make -j8

on a computer that supports 8 CPU threads at the same time (for instance,
Octocore computers or Quad-core computers supporting two threads per core).


4. INSTALL

Lastly, become root and run

	make install

This will install fetchmail.  By default, fetchmail will be installed
in /usr/local/bin, with the man page in /usr/local/man/man1.  You can
use the configure options --bindir and --mandir to change these.

If you are tight on disk space, you can run instead

	make install-strip

NOTE: If you are using an MTA other than sendmail (such as qmail,
exim, or smail), see the FAQ (section T) for discussion of any special
configuration steps that may be necessary.


5. SET UP A RUN CONTROL FILE

See the man page for a description of how to configure your individual
preferences.

If you're upgrading from popclient, see question F4 in the FAQ file.


6. TEST

I strongly recommend that your first fetchmail run use the -v, -a and -k
options, in case there is something not quite right with your server,
your local delivery configuration or your port 25 listener.  Also,
beware of aliases that direct your local mail back to the server host!

This software is known to work with the qpop/popper series of freeware
POP3 servers; also with the IMAP2bis and IMAP4 servers that are
distributed with Pine from the University of Washington; also with the
Cyrus IMAP server from CMU.  This covers all the servers commonly
hosted on Linux and *BSD systems.  It also works with the IMAP service
of Microsoft Exchange, despite the fact that Microsoft Exchange is
extremely broken (returns incorrect message lengths in LIST
responses).

See the FAQ, section S, for detailed advice on running with various
servers.


7. REPORTING BUGS

You should read the FAQ file question G3 before reporting a bug.


8. USE IT

Once you've verified your configuration, you can start fetchmail to
run in background and forget about it.  Enjoy!


END of text file INSTALL