| View previous topic :: View next topic |
| Author |
Message |
v1pEr
n00b
Joined: 20 Apr 2009
Posts: 63
|
 Posted: Mon Jul 20, 2009 3:10 pm Post subject: [SOLVED] fetchmail + hotmail: SSL error |
 |
|
I'm used to running fetchmail with gotmail, but as hotmail now finally supports pop3 I'd like to do it that way.
So I have this part in my fetchmailrc:
| Code: | poll pop3.live.com
with proto POP3 port 995
user 'xxx@hotmail.com' there with password xxx' is 'v1per' here
keep
sslfingerprint 'D0:3C:4D:59:F6:95:37:59:EA:A9:5D:4C:CE:D3:2A:A1'
sslcertpath /home/v1per/.certs
sslproto ssl23
ssl |
But whenever I run fetchmail, I get this:
| Code: | RoSe v1per # fetchmail -vvvv -N -d0 -f /etc/fetchmailrc
fetchmail: WARNING: Running as root is discouraged.
fetchmail: 6.3.9 querying pop3.live.com (protocol POP3) at Mon Jul 20 17:03:48 2009: poll started
fetchmail: Trying to connect to 65.55.172.253/995...connected.
fetchmail: SSL connection failed.
fetchmail: socket error while fetching from xxx@hotmail.com@pop3.live.com
fetchmail: 6.3.9 querying pop3.live.com (protocol POP3) at Mon Jul 20 17:03:49 2009: poll completed
fetchmail: Query status=2 (SOCKET)
fetchmail: Writing fetchids file.
fetchmail: normal termination, status 2
fetchmail: Writing fetchids file. |
I searched high and low but there doesn't seem to be much documentation on how to get this running...
Last edited by v1pEr on Tue Jul 21, 2009 10:04 am; edited 1 time in total |
|
| Back to top |
|
 |
Mike Hunt
Watchman
Joined: 19 Jul 2009
Posts: 5287
|
| Posted: Mon Jul 20, 2009 5:21 pm Post subject: |
|
|
Can you try with a simpler fetchmailrc? Mine for gmail is like this | Code: | $ cat .fetchmailrc
poll pop.gmail.com
proto POP3
user 'myusername@gmail.com'
pass 'supertopsecret'
ssl |
Works perfect every time, and when I used hotmail this worked as well.  |
|
| Back to top |
|
|
cach0rr0
Bodhisattva
Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas
|
| Posted: Mon Jul 20, 2009 10:22 pm Post subject: |
|
|
i would steer clear of adding a fingerprint, as the fella above me suggested
i dont use either, but am making a blind guess here - hotmail has 8 gazillion nodes, likely a different cert for each. If you're only allowing one specific cert, you'll get a conflict unless you connect to that one specific node that has the cert you've specified
again, this is coming from someone without a clue how fetchmail is intended to work, just a general pointer
as well there's no reason to specify an SSL method I don't think. What if hotmail supports TLSv1 at some point? |
|
| Back to top |
|
|
v1pEr
n00b
Joined: 20 Apr 2009
Posts: 63
|
| Posted: Tue Jul 21, 2009 10:04 am Post subject: |
|
|
| Oh my god, I cannot believe it was that simple. It's working now, thank you a lot for helping me with a such a stupid and convenient solution. |
|
| Back to top |
|
|
Mike Hunt
Watchman
Joined: 19 Jul 2009
Posts: 5287
|
| Posted: Tue Jul 21, 2009 4:44 pm Post subject: |
|
|
Sure, no problem v1pEr  |
|
| Back to top |
|
|
WackyDoo
n00b
Joined: 16 Mar 2004
Posts: 44
Location: Ottawa
|
| Posted: Tue Jul 21, 2009 5:44 pm Post subject: |
|
|
| Mike Hunt wrote: | Can you try with a simpler fetchmailrc? Mine for gmail is like this | Code: | $ cat .fetchmailrc
poll pop.gmail.com
proto POP3
user 'myusername@gmail.com'
pass 'supertopsecret'
ssl |
Works perfect every time, and when I used hotmail this worked as well. |
I would add the "sslcrtck" option to ensure that the server cert is signed by one of your trusted certs in /etc/ssl/certs. Running
| Code: |
openssl s_client -connect pop3.live.com:995 -CApath /etc/ssl/certs
|
shows that the server cert is signed by | Quote: | | GTE CyberTrust Global Root |
which should be one of your machines "trusted" cert authorities. Otherwise you are vulnerable to a man-in-the-middle attack. |
|
| Back to top |
|
|
|
Networking & Security
