-
-
Notifications
You must be signed in to change notification settings - Fork 1
/
FAQ
2957 lines (2285 loc) · 134 KB
/
FAQ
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
(This file was generated from ../fetchmail-FAQ.html)
__________________________________________________________________
Frequently Asked Questions About Fetchmail
Support? Bug reports? Please read G3 for what information is required
to get your problem solved as quickly as possible.
Note that this FAQ is occasionally updated from the Git repository and
speaks in the past tense ("since") about a fetchmail release that is
not yet available. Please try a release candidate for that version in
case you need the new option.
If you have a question or answer you think ought to be added to this
FAQ list, file it to one of the trackers at our SourceForge.net project
site or post to one of the fetchmail mailing lists (see below).
Contents
Detailed Contents
G. General problems
B. Build-time problems
F. Fetchmail configuration file grammar questions
C. Configuration questions
T. How to make fetchmail play nice with various MTAs
S. How to make fetchmail work with various servers
I. How to fetchmail work with specific ISPs
K. How to set up well-known security and authentication
R. Runtime fatal errors
H. Hangs and lockups
D. Disappearing mail
M. Multidrop-mode problems
X. Mangled mail
O. Other problems
Detailed Contents
General problems
G1. What is fetchmail and why should I bother?
G2. Where do I find the latest FAQ and fetchmail sources?
G3. Something doesn't work/I think I've found a bug. Will you fix it?
G4. I have this idea for a neat feature. Will you add it?
G5. I want to make fetchmail remove kept mail after some days.
G6. Is there a mailing list for exchanging tips?
G7. So, what's this I hear about a fetchmail paper?
G8. What is the best server to use with fetchmail?
G9. What is the best mail program to use with fetchmail?
G10. How can I avoid sending my password en clair?
G11. Is any special configuration needed to use a dynamic IP address?
G12. Is any special configuration needed to use firewalls?
G13. Is any special configuration needed to send mail?
G14. Is fetchmail Y2K-compliant?
G15. Is there a way in fetchmail to support disconnected IMAP mode?
G16. How will fetchmail perform under heavy loads?
Build-time problems
[DEL: B1. Make coughs and dies when building on FreeBSD. :DEL]
B2. Lex bombs out while building the fetchmail lexer.
B3. I get link failures when I try to build fetchmail.
B4. I get build failures in the intl directory.
Fetchmail configuration file grammar questions
F1. Why does my old .fetchmailrc no longer work?
[DEL: F2. The .fetchmailrc parser won't accept my all-numeric user
name. :DEL]
[DEL: F3. The .fetchmailrc parser won't accept my host or username
beginning with 'no'. :DEL]
F4. I'm getting a 'parse error' message I don't understand.
Configuration questions
C1. Why do I need a .fetchmailrc when running as root on my own
machine?
C2. How can I arrange for a fetchmail daemon to get killed when I log
out?
C3. How do I know what interface and address to use with --interface?
C4. How can I set up support for sendmail's anti-spam features?
C5. How can I poll some of my mailboxes more/less often than others?
C6. Fetchmail works OK started up manually, but not from an init
script.
C7. How can I forward mail to another host?
C8. Why is "NOMAIL" an error?/I frequently get messages from cron!
How to make fetchmail play nice with various MTAs
T1. How can I use fetchmail with sendmail?
T2. How can I use fetchmail with qmail?
T3. How can I use fetchmail with exim?
T4. How can I use fetchmail with smail?
T5. How can I use fetchmail with SCO's MMDF?
T6. How can I use fetchmail with Lotus Notes?
T7. How can I use fetchmail with Courier IMAP?
T8. How can I use fetchmail with vbmailshield?
How to make fetchmail work with various servers
[DEL: S1. How can I use fetchmail with qpopper? :DEL]
S2. How can I use fetchmail with Microsoft Exchange?
S3. How can I use fetchmail with HP OpenMail?
S4. How can I use fetchmail with Novell GroupWise?
S5. How can I use fetchmail with InterChange?
S6. How can I use fetchmail with MailMax?
S7. How can I use fetchmail with FTGate?
How to fetchmail work with specific ISPs
I1. How can I use fetchmail with Compuserve RPA?
I2. How can I use fetchmail with Demon Internet's SDPS?
I3. How can I use fetchmail with usa.net's servers?
I4. How can I use fetchmail with geocities POP3 servers?
I5. How can I use fetchmail with Hotmail or Lycos Webmail?
I6. How can I use fetchmail with MSN?
I7. How can I use fetchmail with SpryNet?
I8. How can I use fetchmail with comcast.net or other Maillennium
servers?
I9. How can I use fetchmail with GMail/Google Mail?
How to set up well-known security and authentication methods
K1. How can I use fetchmail with SOCKS?
K2. How can I use fetchmail with IPv6 and IPsec?
K3. How can I get fetchmail to work with ssh?
K4. What do I have to do to use the IMAP-GSS protocol?
K5. How can I use fetchmail with SSL?
K6. How can I tell fetchmail not to try TLS if the server advertises
it? Why does fetchmail use SSL even though not configured?
Runtime fatal errors
R1. Fetchmail isn't working, and -v shows 'SMTP connect failed'
messages.
R2. When I try to configure an MDA, fetchmail doesn't work.
R3. Fetchmail dumps core when given an invalid rc file.
[DEL: R4. Fetchmail dumps core in -V mode, but operates normally
otherwise. :DEL]
R5. Running fetchmail in daemon mode doesn't work.
R6. Fetchmail randomly dies with socket errors.
R7. Fetchmail running as root stopped working after an OS upgrade
R8. Fetchmail is timing out after fetching certain messages but before
deleting them
R9. Fetchmail is timing out during message fetches
[DEL: R10. Fetchmail is dying with SIGPIPE. :DEL]
R11. My server is hanging or emitting errors on CAPA.
R12. Fetchmail isn't working and reports getaddrinfo errors.
R13. What does "Interrupted system call" mean?
R14. Since upgrading fetchmail/OpenSSL, I can no longer connect!
R15. Help, I'm getting Authorization failure!
Hangs and lockups
H1. Fetchmail hangs when used with pppd.
H2. Fetchmail hangs during the MAIL FROM exchange.
H3. Fetchmail hangs while fetching mail.
Disappearing mail
D1. I think I've set up fetchmail correctly, but I'm not getting any
mail.
D2. All my mail seems to disappear after a dropped connection.
D3. Mail that was being fetched when I interrupted my fetchmail seems
to have been vanished.
Multidrop-mode problems
M1. I've declared local names, but all my multidrop mail is going to
root anyway.
M2. I can't seem to get fetchmail to route to a local domain properly.
M3. I tried to run a mailing list using multidrop, and I have a mail
loop!
[DEL: M4. My multidrop fetchmail seems to be having DNS problems. :DEL]
M5. I'm seeing long DNS delays before each message is processed.
M6. How do I get multidrop mode to work with majordomo?
M7. Multidrop mode isn't parsing envelope addresses from my Received
headers as it should.
M8. Users are getting multiple copies of messages.
Mangled mail
X1. Spurious blank lines are appearing in the headers of fetched mail.
X2. My mail client can't see a Subject line.
X3. Messages containing "From" at start of line are being split.
X4. My mail is being mangled in a new and different way.
[DEL: X5. Using POP3, retrievals seems to be fetching too much! :DEL]
X6. My mail attachments are being dropped or mangled.
X7. Some mail attachments are hanging fetchmail.
X8. A spurious ) is being appended to my messages.
X9. Missing "Content-Transfer-Encoding" header with Domino IMAP
X10. Fetchmail delivers partial messages
Other problems
O1. The --logfile option doesn't work if the logfile doesn't exist.
O2. Every time I get a POP or IMAP message the header is dumped to all
my terminal sessions.
O3. Does fetchmail reread its rc file every poll cycle?
O4. Why do deleted messages show up again when I take a line hit while
downloading?
O5. Why is fetched mail being logged with my name, not the real From
address?
O6. I'm seeing long sendmail delays or hangs near the start of each
poll cycle.
O7. Why doesn't fetchmail deliver mail in date-sorted order?
O8. I'm using pppd. Why isn't my monitor option working?
O9. Why does fetchmail keep retrieving the same messages over and over?
[DEL: O10. Why is the received date on all my messages the same? :DEL]
O11. I keep getting messages that say "Repoll immediately" in my logs.
O12. Fetchmail no longer expunges mail on a 451 SMTP response.
O13. I want timestamp information in my fetchmail logs.
O14. Fetchmail no longer deletes oversized mails with --flush.
O15. Fetchmail always retains the first message in the mailbox.
O16. Why is the Fetchmail FAQ only available in ISO-216 A4 format? How
do I get the FAQ in Letter format?
O17. Linux logs "TCP(fetchmail:...): Application bug, race in
MSG_PEEK."
__________________________________________________________________
General problems
G1. What is fetchmail and why should I bother?
Fetchmail is a one-stop solution to the remote mail retrieval problem
for Unix machines, quite useful to anyone with an intermittent or
dynamic-IP connection to a remote mailserver, SLIP or PPP dialup, or
leased line when SMTP isn't desired. Fetchmail can collect mail using
any variant of POP or IMAP and forwards to a the local SMTP (via TCP
socket) or LMTP (via TCP or Unix socket) listener or into an MDA
program, enabling all the normal forwarding/filtering/aliasing
mechanisms that would apply to local mail or mail arriving via a
full-time TCP/IP connection.
Fetchmail is not a toy or a coder's learning exercise, but an
industrial-strength tool capable of transparently handling every
retrieval demand from those of a simple single-user ISP connection up
to mail retrieval and rerouting for an entire client domain. Fetchmail
is easy to configure, unobtrusive in operation, powerful, feature-rich,
and well documented.
Fetchmail is Open Source Software. The openness of the sources enables
you to review and customize the code, and contribute your changes.
A former fetchmail maintainer once claimed that Open Source software
were the strongest quality assurance, but the current maintainers do
not believe that open source alone is a criterion for quality – the
remotely exploitable POP3 vulnerability (CVE-2005-2335) lingered
undiscovered in fetchmail's code for years, which is a hint that open
source code does not audit itself.
Fetchmail is licensed under the GNU General Public License v2. Details,
including an exception that allows linking against OpenSSL, are in the
COPYING file in the fetchmail distribution.
If you found this FAQ in the distribution, see the README for
fetchmail's full feature list.
G2. Where do I find the latest FAQ and fetchmail sources?
The latest HTML FAQ is available alongside the latest fetchmail sources
at the fetchmail home page: https://www.fetchmail.info/. We used to have
new versions in the iBiblio site, but they have stopped accepting
uploads, and the fetchmail versions on iBiblio are outdated.
A text dump of this FAQ is included in the fetchmail distribution.
Because it freezes at distribution release time, it may not be
completely current.
The fetchmail sources are also available in the Git repositories at
https://gitlab.com/fetchmail/fetchmail and
https://sourceforge.net/p/fetchmail/git/.
G3. Something does not work/I think I've found a bug. Will you fix it?
The first thing you should to is to upgrade to the newest version of
fetchmail, and then see if the problem reproduces. So you'll probably
save us both time if you upgrade and test with the latest version
before sending in a bug report.
Bugs will be fixed, provided you include enough diagnostic information
for me to go on. Send bugs to fetchmail-users. When sending bugs or
asking for help, please do not make up information except your password
and please report the following:
1. Your operating system.
2. Your compiler version, if you built from source; otherwise, the
name and origin of the RPM or other binary package you installed.
3. The name and version of the SMTP listener or MDA you are forwarding
to.
4. Any command-line options you used.
5. The output of env LC_ALL=C fetchmail -V called with whatever other
command-line options you used.
6. The output of env LC_ALL=C fetchmail --nodetach -vvv --nosyslog
with whatever other command-line options you use routinely.
It is very important that the transcript include your POP/IMAP
server's greeting line, so I can identify it in case of server
problems. This transcript will not reveal your passwords, which are
specially masked out precisely so transcripts can be passed around.
If you have FTP access to your remote mail account, and you have any
suspicion that the bug was triggered by a particular message, please
include a copy of the message that triggered the bug.
If your bug is something that used to work but stopped working when you
upgraded, then you can help pin the bug down by bisecting, i. e. trying
intermediate versions of fetchmail until you identify the revision that
broke your feature. The smart way to do this is by binary search on the
version sequence. First, try the version halfway between your last good
one and the current one. If it works, the failure was introduced in the
upper half of the sequence; if it doesn't, the failure was introduced
in the lower half. Now bisect that half in the same way. In a very few
tries, you should be able to identify the exact adjacent pair of
versions between which your bug was introduced. Please include session
transcripts (as described in the last bullet point above) of both the
working and failing versions. Often, the source of the problem can
instantly identified by looking at the differences in protocol
transactions.
It may helpful if you include your .fetchmailrc file, but not necessary
unless your symptom seems to involve an error in configuration parsing.
If you do send in your .fetchmailrc, mask the passwords first!
Otherwise, fetchmail -V – as directed above – will usually suffice.
If fetchmail seems to run and fetch mail, but the headers look mangled
(that is, headers are missing or blank lines are inserted in the
headers) then read the FAQ items in section X before submitting a bug
report. Pay special attention to the item on diagnosing mail mangling.
There are lots of ways for other programs in the mail chain to screw up
that look like fetchmail's fault, but you may be able to fix these by
tweaking your configuration.
If the bug involves a core dump or hang, a gdb stack trace is good to
have. (Bear in mind that you can attach gdb to a running but hung
process by giving the process ID as a second argument.) You will need
to reconfigure with:
CFLAGS=-g LDFLAGS=" " ./configure
Then rebuild in order to generate a version that can be traced with a
debugger such as gdb, dbx or idb.
Best of all is a mail file which, when fetched, will reproduce the bug
under the latest (current) version.
Any bug I can reproduce will usually get fixed quite quickly. Bugs I
can't reproduce are a crapshoot. If the solution isn't obvious when I
first look, it may evade me for a long time (or to put it another way,
fetchmail is well enough tested that the easy bugs have long since been
found). So if you want your bug fixed rapidly, it is not just
sufficient but necessary that you give me a way to easily reproduce it.
G4. I have this idea for a neat feature. Will you add it?
If it's reasonable for fetchmail and cannot be solved with reasonable
effort outside of fetchmail, perhaps.
You can do spam filtering better with procmail or maildrop on the
server side and (if you're the server sysadmin) sendmail.cf domain
exclusions. If you really want fetchmail to do it from the client side,
use a preconnect command to call mailfilter.
You can do other policy things better with the mda option and script
wrappers around fetchmail. If it's a prime-time-vs.-non-prime-time
issue, ask yourself whether a wrapper script called from crontab would
do the job.
fetchmail's first job is transport though, and it should do this well.
If a feature would cause fetchmail to deteriorate in other respects,
the feature will probably not be added.
For reasons fetchmail doesn't have other commonly-requested features
(such as password encryption, or multiple concurrent polls from the
same instance of fetchmail) see ESR's design notes. Note that this
document is partially obsoleted by the updated design notes.
G5. I want to make fetchmail remove kept mail after some days.
The second-most-requested feature for fetchmail, after content-based
filtering, is the ability to have it remove messages from a maildrop
after N days, typically to be used with the keep option. Several
messaging programs with graphical user interface support this feature.
This feature is not yet implemented. It may be at a future date, spare
time of developers permitting.
For the time being, the contrib/ directory contains some unsupported
tools that may help, namely mold-remover.py and delete-later.
G6. Is there a mailing list for exchanging tips?
There is a fetchmail-users list <[email protected]>
for bug reports and people who want to discuss configuration issues of
fetchmail. Please see G3 above for information you need to report.
Then there is a fetchmail-devel list
<[email protected]> for people who want to discuss
fixes and improvements in fetchmail and help co-develop it.
Finally, there is also an announcements-only list,
For all lists, see https://sourceforge.net/p/fetchmail/mailman/ for
subscription, archive and search links.
G7. So, what's this I hear about a fetchmail paper?
Eric S. Raymond also considered fetchmail development a sociological
experiment, an extended test to see if his theory about the critical
features of the Linux development model was correct.
He considers the experiment a success. He wrote a paper about it titled
The Cathedral and the Bazaar which was first presented at Linux
Kongress '97 in Bavaria and very well received there. It was also given
at Atlanta Linux Expo, Linux Pro '97 in Warsaw, and the first Perl
Conference, at UniForum '98, and was the basis of an invited
presentation at Usenix '98. The folks at Netscape told ESR it helped
them decide to give away the source for Netscape Communicator.
If you're reading a non-HTML dump of this FAQ, you can find the paper
on the Web with a search for that title.
G8. What is the best server to use with fetchmail?
Fetchmail will work with any POP, IMAP, ETRN, or ODMR server that
conforms to the relevant standards/RFCs (and even some outright broken
ones like Microsoft Exchange and Novell GroupWise). This doesn't mean
it works equally well with all, however. POP2 servers, and POP3 servers
without UIDL, limit fetchmail's capabilities in various ways described
on the manual page.
Most modern Unixes (and effectively all Linux/*BSD systems) come with
POP3 support preconfigured (but beware of the horribly broken POP3
server mentioned in D2). An increasing minority also feature IMAP (you
can detect IMAP support by using the 'Probe for supported protocols'
function in the fetchmailconf utility - unfortunately it does not
detect SSL-wrapped variants).
If you have the option, we recommend using or installing an IMAP4rev1
or UIDL-capable POP3 server.
A decent POP3/IMAP server that has recently become popular is Dovecot.
G9. What is the best mail program to use with fetchmail?
Fetchmail will work with all popular mail transport programs. It also
doesn't care which user agent you use, and user agents are as a rule
almost equally indifferent to how mail is delivered into your system
mailbox. So any of the popular Unix mail agents – elm, alpine (a
rewrite of pine), nmh (the successor to MH), or mutt – will work fine
with fetchmail.
All this having been said, I can't resist putting in a discreet plug
for mutt. Mutt's interface is only a little different from that of its
now-moribund ancestor elm, but its flexibility and excellent handling
of MIME and PGP put it in a class by itself. You won't need its
built-in POP3 support, though.
G10. How can I avoid sending my password en clair?
You need to ask whether password encryption alone will really address
your security exposure. If you think you might be snooped between
server and client, it's better to use end-to-end encryption such as
GnuPG (see below) on your whole mail stream so none of it can be read.
Then, you can use SSL or TLS for complete end-to-end encryption if you
have a TLS-enabled mailserver.
One of the advantages of fetchmail over conventional SMTP-push delivery
is that you may be able to arrange encryption by using ssh(1); see K3.
Note that ssh is not a complete privacy solution either, as your mail
could have been snooped in transit to your POP server from wherever it
originated. For best security, agree with your correspondents to use a
tool such as GnuPG (Gnu Privacy Guard) or PGP (Pretty Good Privacy).
If ssh/sshd isn't available, or you find it too complicated for you to
set up, password encryption will at least keep a malicious cracker from
deleting your mail, and require him to either tap your connection
continuously or crack root on the server in order to read it.
You can deduce what encryptions your mail server has available by
looking at the server greeting line (and, for IMAP, the response to a
CAPABILITY query). Do a fetchmail -v to see these, or telnet direct to
the server port (110 for POP3, 143 for IMAP).
Your server may have CRAM-MD5 support built in.
The POP3 facility you are most likely to have available is APOP. This
is a POP3 feature supported by many servers (fetchmailconf's autoprobe
facility will detect it and tell you if you have it). If you see
something in the greeting line that looks like an
angle-bracket-enclosed Internet address with a numeric left-hand part,
that's an APOP challenge (it will vary each time you log in). For some
hosts, you need to register a secret on the host (using popauth(8) or
some program like that). Specify the secret as your password in your
.fetchmailrc; it will be used to encrypt the current challenge, and the
encrypted form will be sent back the the server for verification. Note
that APOP is no longer considered secure since March 2007.
Alternatively, you may have Kerberos available. This may require you to
set up some magic files in your home directory on your client machine,
but means you can omit specifying any password at all.
Fetchmail supports two different Kerberos schemes. One is a POP3
variant called KPOP; consult the documentation of your mail server to
see if you have it (one clue is the string "krb-IV" in the greeting
line on port 110). The other is an IMAP and POP3 facility described by
RFC1731 and RFC1734. You can tell if this one is present by looking for
AUTH=KERBEROS_V4 in the CAPABILITY response.
Your POP3 server may have the RFC1938 OTP capability to use one-time
passwords. To check this, look for the string "otp-" in the greeting
line. If you see it, and your fetchmail was built with OPIE support
compiled in (see the distribution INSTALL file), fetchmail will detect
it also. When using OTP, you will specify a password but it will not be
sent en clair.
G11. Is any special configuration needed to use a dynamic IP address?
Yes. In order to avoid giving indigestion to certain picky MTAs
(notably exim), fetchmail always makes the RCPT TO address it feeds the
MTA a fully qualified one with a hostname part. Normally it does this
by appending @ and "localhost", but when you are using Kerberos or ETRN
mode it will append @ and your machine's fully-qualified domain name
(FQDN).
Appending the FQDN can create problems when fetchmail is running in
daemon mode and outlasts the dynamic IP address assignment your client
machine had when it started up.
Since the new IP address (looked up at RCPT TO interpretation time)
doesn't match the original, the most benign possible result is that
your MTA thinks it's seeing a relaying attempt and refuses. More
frequently, fetchmail will try to connect to a nonexistent host address
and time out. Worst case, you could end up forwarding your mail to the
wrong machine!
Use the smtpaddress option to force the appended hostname to one with a
(fixed) IP address of 127.0.0.1 in your /etc/hosts. (The name
'localhost' will usually work; or you can use the IP address itself.)
Only one fetchmail option interacts directly with your IP address,
'interface'. This option can be used to set the gateway device and
restrict the IP address range fetchmail will use. Such a restriction is
sometimes useful for security reasons, especially on multihomed sites.
See C3.
I recommend against trying to set up the interface option when
initially developing your poll configuration – it's never necessary to
do this just to get a link working. Get the link working first, observe
the actual address range you see on connections, and add an interface
option (if you need one) later.
You can't use ETRN if you have a dynamic IP address (your ISP changes
your IP address occasionally, possibly with every connect). You need to
have your own registered domain and a definite IP address registered
for that domain. The server needs to be configured to accept mail for
your domain but then queue it to forward to your machine. ETRN just
tells to server to flush its queue for your domain. Fetchmail doesn't
actually get the mail in that case.
You can use On-Demand Mail Relay (ODMR) with a dynamic IP address;
that's what it was designed for, and it provides capabilities very
similar to ETRN. Unfortunately ODMR servers are still not yet widely
deployed, as of 2006.
If you're using a dynamic-IP configuration, one other (non-fetchmail)
problem you may run into with outgoing mail is that some sites will
bounce your email because the hostname you're giving them isn't real
(and doesn't match what they get doing a reverse DNS on your
dynamically-assigned IP address). If this happens, you need to hack
your sendmail so it masquerades as your host. Setting
DMsmarthost.here
in your sendmail.cf will work, or you can set
MASQUERADE_AS(smarthost.here)
in the m4 configuration and do a reconfigure. (In both cases, replace
smarthost.here with the actual name of your mailhost.) See the sendmail
FAQ for more details.
G12. Is any special configuration needed to use firewalls?
No. You can use fetchmail with SOCKS, the standard tool for indirecting
TCP/IP through a firewall. You can find out about SOCKS, and download
the SOCKS software including server and client code, at the [DEL:
https://www.socks.nec.com/ :DEL] Link defunct SOCKS distribution site.
The specific recipe for using fetchmail with a firewall is at K1
G13. Is any special configuration needed to send mail?
A user asks: but how do we send mail out to the POP3 server? Do I need
to implement another tool or will fetchmail do this too?
Fetchmail only handles the receiving side. The sendmail or other
preinstalled MTA on your client machine will handle sending mail
automatically; it will ship mail that is submitted while the connection
is active, and put mail that is submitted while the connection is
inactive into the outgoing queue.
Normally, sendmail is also run periodically (every 15 minutes on most
Linux systems) in a mode that tries to ship all the mail in the
outgoing queue. If you have set up something like pppd to automatically
dial out when your kernel is called to open a TCP/IP connection, this
will ensure that the mail gets out.
G14. Is fetchmail Y2K-compliant?
Fetchmail is fully Y2K-compliant.
Fetchmail could theoretically have problems when the 32-bit time_t
counters roll over in 2038, but I doubt it. Timestamps aren't used for
anything but log entry generation. Anyway, if you aren't running on a
64-bit machine by then, you'll deserve to lose.
G15. Is there a way in fetchmail to support disconnected IMAP mode?
No. Fetchmail is a mail transport agent, best understood as a protocol
gateway between POP3/IMAP servers and SMTP. Disconnected operation
requires an elaborate interactive client. It's a very different
problem.
G16. How will fetchmail perform under heavy loads?
Fetchmail streams message bodies line-by-line; the most core it ever
requires per message is enough memory to hold the RFC822 header, and
that storage is freed when body processing begins. It is, accordingly,
quite economical in its use of memory. It will store the UID or UIDL
data in core however, which can become considerable if you are keeping
lots of messages on the server.
After startup time, a fetchmail running in daemon mode stats its
configuration file once per poll cycle to see whether it has changed
and should be rescanned. Other than that, a fetchmail in normal
operation doesn't touch the disk at all; that job is left up to the MTA
or MDA the fetchmail talks to.
Fetchmail's performance is usually bottlenecked by latency on the POP
server or (less often) on the TCP/IP link to the server. This is not a
problem readily solved by tuning fetchmail, or even by buying more
TCP/IP capacity (which tends to improve bandwidth but not necessarily
latency).
__________________________________________________________________
Build-time problems
[DEL: B1. Make coughs and dies when building on FreeBSD. :DEL]
As of release 6.3.0, fetchmail's Makefile[.in] should work flawlessly
with BSD's portable make used on FreeBSD.
B2. Lex bombs out while building the fetchmail lexer.
fetchmail 6.3.0 and newer ship with the lexer and parser in .c formats,
so you do not need to use lex unless you hacked the .l or .y files.
fetchmail's lexer has been developed with GNU flex and uses some of its
specialties, so the lexer cannot be compiled with the lex tools shipped
by some UNIX vendors (HP, SGI, Sun).
B3. I get link failures when I try to build fetchmail.
If you get errors resembling these:
mxget.o(.text+0x35): undefined referenceto '__res_search'
mxget.o(.text+0x99): undefined reference to '__dn_skipname'
mxget.o(.text+0x11c): undefined reference to '__dn_expand'
mxget.o(.text+0x187): undefined reference to '__dn_expand'
make: *** [fetchmail] Error 1
then you must add "-lresolv" to the LOADLIBS line in your Makefile once
you have installed the 'bind' package.
If you get link errors involving dcgettext, like these:
rcfile_y.o: In function 'yyparse':
rcfile_y.o(.text+0x3aa): undefined reference to 'dcgettext__'
rcfile_y.o(.text+0x4f2): undefined reference to 'dcgettext__'
rcfile_y.o(.text+0x5ee): undefined reference to 'dcgettext__'
rcfile_y.o: In function 'yyerror':
rcfile_y.o(.text+0xc7c): undefined reference to 'dcgettext__'
rcfile_y.o(.text+0xcc8): undefined reference to 'dcgettext__'
rcfile_y.o(.text+0xdf9): more undefined references to 'dcgettext__' follow
install an up to date version of GNU gettext, reconfigure and rebuild
fetchmail. If that does not help, reconfigure with '--disable-nls'
added to the "./configure" command and rebuild.
B4. I get build failures in the intl directory.
Reconfigure with --disable-nls and recompile.
__________________________________________________________________
Fetchmail configuration file grammar questions
F1. Why does my old .fetchmailrc file no longer work?
If your file predates 6.4.0
Note that fetchmail no longer supports SSLv2, and you should avoid
SSLv3 or TLSv1.0 if possible.
If your file predates 6.3.0
The netsec option was discontinued and needs to be removed.
If your file predates 5.8.9
If you were using ETRN mode, change your smtphost option to a
fetchdomains option.
If your file predates 5.8.3
The 'via localhost' special case for use with ssh tunnelling is gone.
Use the %h feature of plugin instead.
If your file predates 5.6.8
In 5.6.8, the preauth keyword and option were changed back to auth. The
preauth synonym will still be supported through a few more point
releases.
If your file predates 5.6.5
The imap-gss, imap-k4, and imap-login protocol types are gone. This is
a result of a major re-factoring of the authentication machinery;
fetchmail can now use Kerberos V4 and GSSAPI not just with IMAP but
with POP3 servers that have RFC1734 support for the AUTH command.
When trying to identify you to an IMAP or POP mailserver, fetchmail now
first tries methods that don't require a password (GSSAPI,
KERBEROS_IV); then it looks for methods that mask your password
(CRAM-MD5, X-OTP); and only if it the server doesn't support any of
those will it ship your password en clair.
Setting the preauth option to any value other than 'password' will
prevent from looking for a password in your .netrc file or querying for
it at startup time.
If your file predates 5.1.0
In 5.1.0, the auth keyword and option were changed to preauth.
If your file predates 4.5.5
If the dns option is on (the default), you may need to make sure that
any hostname you specify (for mail hosts or for an SMTP target) is a
canonical fully-qualified hostname). In order to avoid DNS overhead and
complications, fetchmail no longer tries to derive the fetchmail client
machine's canonical DNS name at startup.
If your file predates 4.0.6:
Just after the 'via' option was introduced, I realized that the
interactions between the 'via', 'aka', and 'localdomains' options were
out of control. Their behavior had become complex and confusing, so
much so that I was no longer sure I understood it myself. Users were
being unpleasantly surprised.
Rather than add more options or crock the code, I re-thought it. The
redesign simplified the code and made the options more orthogonal, but
may have broken some complex multidrop configurations.
Any multidrop configurations that depended on the name just after the
'poll' or 'skip' keyword being still interpreted as a DNS name for
address-matching purposes, even in the presence of a 'via' option, will
break.
It is theoretically possible that other unusual configurations (such as
those using a non-FQDN poll name to generate Kerberos IV tickets) might
also break; the old behavior was sufficiently murky that we can't be
sure. If you think this has happened to you, contact the maintainer.
If your file predates 3.9.5:
The 'remote' keyword has been changed to 'folder'. If you try to use
the old keyword, the parser will utter a warning.
If your file predates 3.9:
It could be because you're using a .fetchmailrc that's written in the
old popclient syntax without an explicit 'username' keyword leading the
first user entry attached to a server entry.
This error can be triggered by having a user option such as 'keep' or
'fetchall' before the first explicit username. For example, if you
write
poll openmail protocol pop3
keep user "Hal DeVore" there is hdevore here
the 'keep' option will generate an entire user entry with the default
username (the name of fetchmail's invoking user).
The popclient compatibility syntax was removed in 4.0. It complicated
the configuration file grammar and confused users.
If your file predates 2.8:
The 'interface', 'monitor' and 'batchlimit' options changed after 2.8.
They used to be global options with 'set' syntax like the batchlimit
and logfile options. Now they're per-server options, like 'protocol'.
If you had something like
set interface = "sl0/10.0.2.15"
in your .fetchmailrc file, simply delete that line and insert
'interface sl0/10.0.2.15' in the server options part of your 'defaults'
declaration.
Do similarly for any 'monitor' or 'batchlimit' options.
[DEL: F2. The .fetchmailrc parser won't accept my all-numeric user name. :DEL]
This referred to an older fetchmail 5.x version. Upgrade.
[DEL: F3. The .fetchmailrc parser won't accept my host or username beginning
with 'no'. :DEL]
This referred to an older fetchmail 5.x version. Upgrade.
F4. I'm getting a 'parse error' message I don't understand.
The most common cause of mysterious parse errors is putting a server
option after a user option. Check the manual page; you'll probably find
that by moving one or more options closer to the 'poll' keyword you can
eliminate the problem.
Yes, I know these ordering restrictions are hard to understand.
Unfortunately, they're necessary in order to allow the 'defaults'
feature to work.
__________________________________________________________________
Configuration questions
C1. Why do I need a .fetchmailrc when running as root on my own machine?
Ian T. Zimmerman <[email protected]> asked:
On the machine where I'm the only real user, I run fetchmail as root
from a cron job, like this:
fetchmail -u "itz" -p POP3 -s bolero.rahul.net
This used to work as is (with no .fetchmailrc file in root's home
directory) with the last version I had (1.7 or 1.8, I don't remember).
But with 2.0, it RECPs all mail to the local root user, unless I create
a .fetchmailrc in root's home directory containing:
skip bolero.rahul.net proto POP3
user itz is itz
It won't work if the second line is just "user itz". This is silly.
It seems fetchmail decides to RECP the 'default local user' (i.e. the
uid running fetchmail) unless there are local aliases, and the
'default' aliases (itz->itz) don't count. They should.
Answer:
No they shouldn't. I thought about this for a while, and I don't much
like the conclusion I reached, but it's unavoidable. The problem is
that fetchmail has no way to know, in general, that a local user 'itz'
actually exists.
"Ah!" you say, "Why doesn't it check the password file to see if the
remote name matches a local one?" Well, there are two reasons.
One: it's not always possible. Suppose you have an SMTP host declared
that's not the machine fetchmail is running on? You lose.
Two: How do you know server itz and SMTP-host itz are the same person?
They might not be, and fetchmail shouldn't assume they are unless
local-itz can explicitly produce credentials to prove it (that is, the
server-itz password in local-itz's .fetchmailrc file.).
Once you start running down possible failure modes and thinking about
ways to tinker with the mapping rules, you'll quickly find that all the
alternatives to the present default are worse or unacceptably more
complicated or both.
C2. How can I arrange for a fetchmail daemon to get killed when I log out?
The easiest way to dispatch fetchmail on logout (which will work
reliably only if you have just one login going at any time) is to
arrange for the command 'fetchmail -q' to be called on logout. Under
bash, you can arrange this by putting 'fetchmail -q' in the file
'~/.bash_logout'. Most csh variants execute '~/.logout' on logout. For
other shells, consult your shell manual page.
Automatic startup/shutdown of fetchmail is a little harder to arrange
if you may have multiple login sessions going. In the contrib
subdirectory of the fetchmail distribution there is some shell code you
can add to your .bash_login and .bash_logout profiles that will
accomplish this. Thank James Laferriere <[email protected]> for it.
Some people start up and shut down fetchmail using the ppp-up and
ppp-down scripts of pppd.
C3. How do I know what interface and address to use with --interface?
This depends a lot on your local networking configuration (and right
now you can't use it at all except under Linux and the newer BSDs).
However, here are some important rules of thumb that can help. If they
don't work, ask your local sysop or your Internet provider.
First, you may not need to use --interface at all. If your machine only
ever does SLIP or PPP to one provider, it's almost certainly by a point
to point modem connection to your provider's local subnet that's pretty
secure against snooping (unless someone can tap your phone or the
provider's local subnet!). Under these circumstances, specifying an
interface address is fairly pointless.
What the option is really for is sites that use more than one provider.
Under these circumstances, typically one of your provider IP addresses
is your mailserver (reachable fairly securely via the modem and
provider's subnet) but the others might ship your packets (including
your password) over unknown portions of the general Internet that could
be vulnerable to snooping. What you'll use --interface for is to make
sure your password only goes over the one secure link.
To determine the device:
1. If you're using a SLIP link, the correct device is probably sl0.
2. If you're using a PPP link, the correct device is probably ppp0.
3. If you're using a direct connection over a local network such as an
ethernet, use the command 'netstat -r' to look at your routing
table. Try to match your mailserver name to a destination entry; if
you don't see it in the first column, use the 'default' entry. The
device name will be in the rightmost column.
To determine the address and netmask:
1. If you're talking to slirp, the correct address is probably
10.0.2.15, with no netmask specified. (It's possible to configure
slirp to present other addresses, but that's the default.)
2. If you have a static IP address, run 'ifconfig <device>', where
<device> is whichever one you've determined. Use the IP address
given after "inet addr:". That is the IP address for your end of
the link, and is what you need. You won't need to specify a
netmask.
3. If you have a dynamic IP address, your connection IP will vary
randomly over some given range (that is, some number of the least
significant bits change from connection to connection). You need to
declare an address with the variable bits zero and a complementary
netmask that sets the range.
To illustrate the rule for dynamic IP addresses, let's suppose you're
hooked up via SLIP and your IP provider tells you that the dynamic
address pool is 255 addresses ranging from 205.164.136.1 to
205.164.136.255. Then
interface "sl0/205.164.136.0/255.255.255.0"
would work. To range over any value of the last two octets (65536
addresses) you would use
interface "sl0/205.164.0.0/255.255.0.0"
C4. How can I set up support for sendmail's anti-spam features?
This answer covers versions of sendmail from 8.9.3-20 (the version
installed in Red Hat 6.2) upwards. If you have an older version,
upgrade to sendmail 8.9.
Stock sendmails can now do anti-spam exclusions based on a database of
filter rules. The human-readable form of the database is at
/etc/mail/access. The database itself is at /etc/mail/access.db.
The table itself uses email addresses, domain names, and network
numbers as keys. For example,
[email protected] REJECT
cyberspammer.com REJECT
192.168.212 REJECT
would refuse mail from [email protected], any user from cyberspammer.com
(or any host within the cyberspammer.com domain), and any host on the
192.168.212.* network. (This feature can be used to do other things as
well; see the sendmail documentation for details)
To actually set up the database, run
makemap hash deny <deny
in /etc/mail.
To test, send a message to your mailing address from that host and then
pop off the message with fetchmail, using the -v argument. You can
monitor the SMTP transaction, and when the FROM address is parsed, if
sendmail sees that it is an address in spamlist, fetchmail will flush
and delete it.
Under no circumstances put your mailhost or any host you accept mail
from using fetchmail into your reject file. You will lose mail if you
do this!!!
C5. How can I poll some of my mailboxes more/less often than others?
Use the interval keyword on the ones that should be checked less often.
For example, if you do a poll every 5 minutes, and want to poll some
mailboxes every 5 minutes and some every 30 minutes, use something like
this:
poll mainsite.example.com proto pop3 user ....
poll secondary.example.com proto pop3 interval 6 user ...
Then secondary.example.com will be polled every 6th time that
mainsite.example.com is polled, which with a polling interval of every
5 minutes means that secondary.example.com will be polled every 30
minutes.