I'm getting an error when trying to connect Fetchmail to an IMAP
server via Stunnel. It appears that the initial SSL negotiation
works just fine with Stunnel. But once it's talking through SSL
to IMAP, it tries to do STARTTLS (presumably because IMAP has
STARTTLS in its capabilities). Things don't work at that point.
I'm wondering if it's right for Fetchmail to be trying to set up
2 layers of SSL. Should that even work? How can I tell fetchmail
to NOT try to do any more SSL/TLS layers after it has one going?
Here is the session log from running fetchmail -v (names changed):
fetchmail: 6.1.0 querying server.example.com (protocol IMAP) at Sun Dec 15
05:39:08 2002: poll started
fetchmail: Issuer Organization: Example, LLC
fetchmail: Issuer CommonName: server.example.com
fetchmail: Server CommonName: server.example.com
fetchmail: server.example.com key fingerprint:
C8:58:B9:8A:91:E3:06:85:F4:5A:B1:6F:D9:4E:9F:32
fetchmail: Warning: server certificate verification: self signed certificate
fetchmail: Issuer Organization: Example, LLC
fetchmail: Issuer CommonName: server.example.com
fetchmail: Server CommonName: server.example.com
fetchmail: Warning: server certificate verification: self signed certificate
fetchmail: IMAP< * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS
AUTH=LOGIN] localhost IMAP4rev1 2001.315 at Sun, 15 Dec 2002 05:39:08 -0600
(CST)
fetchmail: IMAP> A0001 CAPABILITY
fetchmail: IMAP< * CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS SCAN
SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND LOGIN-REFERRALS
STARTTLS AUTH=LOGIN
fetchmail: IMAP< A0001 OK CAPABILITY completed
fetchmail: IMAP> A0002 STARTTLS
fetchmail: IMAP< A0002 OK STARTTLS completed
6564:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:467:
fetchmail: SSL connection failed.
fetchmail: Authorization failure on testuser(_at_)server(_dot_)example(_dot_)com
fetchmail: IMAP> A0003 LOGOUT
fetchmail: 6.1.0 querying server.example.com (protocol IMAP) at Sun Dec 15
05:39:08 2002: poll completed
fetchmail: Query status=3 (AUTHFAIL)
fetchmail: normal termination, status 3
The .fetchmailrc file has:
poll server.example.com protocol imap user testuser ssl pass PWPWPWPW mda
'/usr/bin/procmail -d %T'
fetchmail --version gives me:
This is fetchmail release 6.1.0+SSL+NLS
Fallback MDA: (none)
Linux server.example.com 2.4.20 #1 Sat Nov 30 03:17:36 CST 2002 i686 unknown
Taking options from command line and /home/imaprecv/.fetchmailrc
Idfile is /home/imaprecv/.fetchids
Fetchmail will forward misaddressed multidrop messages to imaprecv.
Options for retrieving from testuser(_at_)server(_dot_)example(_dot_)com:
True name of server is server.example.com.
Protocol is IMAP.
All available authentication methods will be tried.
SSL encrypted sessions enabled.
Server nonresponse timeout is 300 seconds (default).
Default mailbox selected.
Only new messages will be retrieved (--all off).
Fetched messages will not be kept on the server (--keep off).
Old messages will not be flushed before message retrieval (--flush off).
Rewrite of server-local addresses is enabled (--norewrite off).
Carriage-return stripping is enabled (stripcr on).
Carriage-return forcing is disabled (forcecr off).
Interpretation of Content-Transfer-Encoding is enabled (pass8bits off).
MIME decoding is disabled (mimedecode off).
Idle after poll is disabled (idle off).
Nonempty Status lines will be kept (dropstatus off)
Delivered-To lines will be kept (dropdelivered off)
Messages will be delivered with "/usr/bin/procmail -d %T".
Single-drop mode: 1 local name(s) recognized.
No UIDs saved from this host.
System is:
Pentium 4
Linux 2.4.20
Slackware 9.0-beta
OpenSSL 0.9.6h
glibc 2.3.1
Stunnel 4.03
IMAP (Pine 4.50) (UWash?)
--
-----------------------------------------------------------------
| Phil Howard - KA9WGN | Dallas | http://linuxhomepage.com/ |
| phil-nospam(_at_)ipal(_dot_)net | Texas, USA | http://ka9wgn.ham.org/ |
-----------------------------------------------------------------