Fetchmail secure connection troubles

From SME Server
Revision as of 23:40, 31 March 2010 by Nicolatiana (talk | contribs)
Jump to navigation Jump to search

Sometimes your ISP may have a misconfiguration and your fetchmail can get this error:

Jan 12 06:45:32 smesmb fetchmail[4260]: POP3< .
Jan 12 06:45:32 smesmb fetchmail[4260]: mail.dominiocliente.it: upgrade to TLS succeeded.
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3> AUTH CRAM-MD5
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3< + PDE1NjUzNzUuMTI2MzI3NTE4NkBldGluZXQuaW5mbz4=
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3> aW5mb0BzdHVkaW8tbWcuaXQgNTEzM2Y0Zjg4MGY5NzFjOTQ0YzY1ZDZkY2RkYzFlNGQ=
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3< -ERR secure access to this account is disabled
Jan 12 06:45:32 smesmb fetchmail[4260]:
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3> USER info@dominiocliente.it
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3< +OK please send the PASS
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3> PASS *
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3< -ERR secure access to this account is disabled
Jan 12 06:45:32 smesmb fetchmail[4260]: secure access to this account is disabled
Jan 12 06:45:32 smesmb fetchmail[4260]: Authorization failure on info@dominiocliente.it@mail.dominiocliente.it
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3> QUIT
Jan 12 06:45:32 smesmb fetchmail[4260]: POP3< +OK CommuniGate Pro POP3 Server connection closed

the ISP mail server, during tha authentication phase, shows as available for fetchmail a secure connection (even if this connection is NOT available as a secure one for that user); fetchmail then tries to authenticate with TLS and the connection is refused; the solution is to force fetchmail to avoid using secure protocols (command line switch --sslproto ' ')

Copy the file:

/etc/e-smith/templates/etc/fetchmail/90fetchmail

in:

/etc/e-smith/templates-custom/etc/fetchmail/90fetchmail


Then with your favourite editor find the following lines in 90fetchmail:

# FetchMails service configuration
             $ServOpt = ' timeout ' . ( $FM->prop('timeout') || 60 ) . $ServOpt;
             my $ssl = ;
             if ( $mtype =~ s/^S// ) { $ssl = 'options ssl' }
                     my $mdbg='-d0 --silent --syslog';
                     if($Debug eq "YES") { $mdbg='-d0 --verbose --syslog'; }
                     my $staticvalue  = "/usr/bin/fetchmail $mdbg --fetchmailrc - <<EOF\n" ;
             $staticvalue .= "set postmaster \"postmaster\@$dom\"\n" ;
             $staticvalue .= "set bouncemail\nset properties \"\"\n" ;

and modify the following line:

my $staticvalue  = "/usr/bin/fetchmail $mdbg --sslproto ' --fetchmailrc - <<EOF\n" ;
                           

adding the --slproto ' switch.

Note that ' is not " but a double ' (this is like saying sslproto none)

Complete with:

expand-template /etc/fetchmail