1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
INSTALL Instructions for fetchmail
==================================
Building from Git repository: see README.git
Packagers and port/emerge maintainers: see README.packaging.
If you have installed binaries (e.g. from a Linux RPM or DPKG, Solaris
package or FreeBSD port), you can skip to step 5 below.
---------------------------------------------------------------------
The Frequently Asked Questions list, included as the file FAQ in this
distribution, answers the most common questions about configuring and
running fetchmail.
---------------------------------------------------------------------
1. PREPARATIONS: USEFUL THINGS TO INSTALL FIRST
1.1 Choose a TLS/SSL library.
OpenSSL has been used for a long time and is tested and proven.
See README.SSL for details.
Forked libraries deriving from OpenSSL and under the SSLeay or OpenSSL license
cannot be used due to licensing issues, and are not supported.
This affects, f.i., LibreSSL, unless it is part of the operating system
(f. i., on OpenBSD).
Since 6.4.25, there is experimental support for wolfSSL 5.0.0 or newer,
which is under GNU GPL v2 or later license and hence may be easier for
a consistent GPLv2+ licensing of fetchmail. This support requires a C99
or newer compiler.
Choose between OpenSSL or wolfSSL.
1.1a OpenSSL
If you are installing OpenSSL yourself, it is recommended that you build
shared OpenSSL libraries, it works better and updating OpenSSL does not
then require you to reinstall all applications that use OpenSSL.
Try after unpacking OpenSSL:
./config shared && make && make test && make install
1.1b wolfSSL
If you are installing wolfSSL yourself, be sure to use a hardened build
with all OpenSSL APIs (as of 5.0.0):
./configure --enable-opensslall --enable-harden
make && make test && make install
fetchmail's configure option --with-wolfssl takes precedence over --with-ssl.
1.2 gettext (internationalization)
Internationalization of fetchmail requires GNU gettext (libintl and
libiconv). Fetchmail, as of version 6.3.0, no longer ships its own
libintl copy. Note that some systems include gettext in their libc.
1.3 OTP/OPIE
If you want support for RFC1938-compliant one-time passwords, you'll
need to install Craig Metz's OPIE libraries first and *make sure
they're on the normal library path* where configure will find them. Then
configure with --enable-OPIE, and fetchmail build process will detect
them and compile appropriately.
Note: there is no point in doing this unless your server is
OTP-enabled. To test this, telnet to the server port and give it
a valid USER id. If the OK response includes the string "otp-",
you should install OPIE. You need version 2.32 or better.
The OPIE library sources are available at http://www.inner.net/pub/opie/
You can also find OPIE and IPV6-capable servers there.
1.4 IPv6
Building in IPv6 support *requires* an up-to-date operating system.
Recent Linux versions with glibc 2.1.1 or newer, FreeBSD, Solaris should
be fine.
If you have trouble with intl or gettext functions, try using the
configure option '--with-included-gettext'.
2. CONFIGURE
2.1 Basic options
Installing fetchmail is easy. From within this directory, type:
When using OpenSSL:
./configure
It is possible to either specify the install path, or pkg-config
module name, with --with-ssl, examples:
./configure --with-ssl=/opt/openssl3
./configure --with-ssl=eopenssl30
When using wolfSSL (adjust the trust file location, see below):
./configure --with-wolfssl \
WOLFSSL_TRUST_FILE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
Here, you need to adjust the file path according to where your ca_cert_nss or
ca-certificates package installs the default trust bundle in PEM format with
BEGIN CERTIFICATE lines. wolfSSL 5.0.0 cannot parse BEGIN TRUSTED CERTIFICATE bundles.
Some typical locations as of 2021 are:
on Fedora Linux: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
on Debian/Ubuntu: /etc/ssl/certs/ca-certificates.crt
on FreeBSD: /usr/local/share/certs/ca-root-nss.crt
The autoconfiguration script will spend a bit of time figuring out the
specifics of your system. If you want to specify a particular compiler
(e.g. you have gcc but want to compile with cc), set the environment
variable CC before you run configure.
The configure script accepts certain standard configuration options.
These include --prefix, --exec-prefix, --bindir, --infodir, --mandir,
and --srcdir. Run 'configure --help' for more.
POP2 support is no longer compiled in by default, as POP2 is way obsolete
and there don't seem to be any live servers for it anymore. You can
configure it back in if you want with 'configure --enable-POP2', but
leaving it out cuts the executable's size slightly.
Support for CompuServe's RPA authentication method (rather similar to
APOP) is available but also not included in the standard build. You
can compile it in with 'configure --enable-RPA'.
Support for Microsoft's NTLM authentication method is also available
but not included in the standard build either. You can compile it in
with 'configure --enable-NTLM'.
Support for authentication using RFC1731 GSSAPI is available
but also not included by default. You can compile it in with
'configure --with-gssapi', which looks for GSSAPI support in standard
locations (/usr, /usr/local). If you set --with-GSSAPI=DIR
you can direct the build to look for GSSAPI support under DIR.
Hooks for the OpenSSL library (see http://www.openssl.org/) are
included in the distribution. Fetchmail 6.4 enables these by default.
Fetchmail's configure script will query pkg-config (pkgconf) or failing that,
probe some default locations for the include/openssl/ssl.h file. If this
doesn't work (i. e. configure prints "SSL support enabled, but OpenSSL not
found" and aborts), you need to give the explicit prefix of your OpenSSL
installation (specify the directory that contains OpenSSL's "include"
subdirectory), for instance: "--with-ssl=/example/path" would assume that you
have an /example/path/include/openssl/ssl.h header file.
2.2 Advanced options
Specifying --with-kerberos=DIR or --with-kerberos5=DIR will tell the
fetchmail build process to look in DIR for Kerberos support.
Configure normally looks in /usr/kerberos and /usr/athena; if you
specify this option with an argument it will look in DIR first.
Unfortunately, there doesn't seem to be good standardization of where
Kerberos lives. If your configuration doesn't match one of the four
that fetchmail's configure.in knows about, you may find you have to
hand-hack the Makefile a bit.
You may also want to hand-hack the Makefile if you're writing a custom
or bleeding-edge resolver library. In that case you will probably
want to add -lresolv or whatever to the definition of LOADLIBS.
It is also possible to explicitly condition out the support for
POP3, IMAP, and ETRN (with configure arguments of --disable-POP3,
--disable-IMAP, and --disable-ETRN respectively).
3. BUILD
Run
make
This should compile fetchmail for your system. If fetchmail fails to build
properly, see the FAQ section B on build-time problems.
On multi-core computers, run
make -j8
on a computer that supports 8 CPU threads at the same time (for instance,
Octocore computers or Quad-core computers supporting two threads per core).
4. INSTALL
Lastly, become root and run
make install
This will install fetchmail. By default, fetchmail will be installed
in /usr/local/bin, with the man page in /usr/local/man/man1. You can
use the configure options --bindir and --mandir to change these.
If you are tight on disk space, you can run instead
make install-strip
NOTE: If you are using an MTA other than sendmail (such as qmail,
exim, or smail), see the FAQ (section T) for discussion of any special
configuration steps that may be necessary.
5. SET UP A RUN CONTROL FILE
See the man page for a description of how to configure your individual
preferences.
If you're upgrading from popclient, see question F4 in the FAQ file.
6. TEST
I strongly recommend that your first fetchmail run use the -v, -a and -k
options, in case there is something not quite right with your server,
your local delivery configuration or your port 25 listener. Also,
beware of aliases that direct your local mail back to the server host!
This software is known to work with the qpop/popper series of freeware
POP3 servers; also with the IMAP2bis and IMAP4 servers that are
distributed with Pine from the University of Washington; also with the
Cyrus IMAP server from CMU. This covers all the servers commonly
hosted on Linux and *BSD systems. It also works with the IMAP service
of Microsoft Exchange, despite the fact that Microsoft Exchange is
extremely broken (returns incorrect message lengths in LIST
responses).
See the FAQ, section S, for detailed advice on running with various
servers.
7. REPORTING BUGS
You should read the FAQ file question G3 before reporting a bug.
8. USE IT
Once you've verified your configuration, you can start fetchmail to
run in background and forget about it. Enjoy!
END of text file INSTALL
|