"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
-<meta name="generator"
-content="HTML Tidy for Linux/x86 (vers 1st February 2002), see www.w3.org"/>
<title>The Fetchmail FAQ</title>
<link rev="made" href="mailto:esr@thyrsus.com"/>
<meta name="description"
<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home
Page</a></td>
-<td width="30%" align="center">To <a href="/~esr/sitemap.html">Site
-Map</a></td>
-<td width="30%" align="right">$Date: 2002/09/04 13:58:24 $</td>
+<td width="30%" align="right">$Date: 2004/01/13 08:46:00 $</td>
</tr>
</table>
<a href="#F1">F1. Why does my old .fetchmailrc no longer work?</a><br/>
<a href="#F2">F2. The .fetchmailrc parser won't accept my all-numeric user name.</a><br/>
-<a href="#F3">F3. The .fetchmailrc parser won't accept my host or username beginning with `no'.</a><br/>
-<a href="#F4">F4. I'm getting a `parse error' message I don't understand.</a><br/>
+<a href="#F3">F3. The .fetchmailrc parser won't accept my host or username beginning with 'no'.</a><br/>
+<a href="#F4">F4. I'm getting a 'parse error' message I don't understand.</a><br/>
<h1>Configuration questions:</h1>
<h1>How to make fetchmail work with various servers:</h1>
<a href="#S1">S1. How can I use fetchmail with qpopper?</a><br/>
-<a href="#S2">S2. How can I use fetchmail with Microsoft
-Exchange?</a><br/>
-<a href="#S3">S3. How can I use fetchmail with Compuserve
-RPA?</a><br/>
-<a href="#S4">S4. How can I use fetchmail with Demon Internet's
-SDPS?</a><br/>
-<a href="#S5">S5. How can I use fetchmail with usa.net's
-servers?</a><br/>
-<a href="#S6">S6. How can I use fetchmail with HP
-OpenMail?</a><br/>
-<a href="#S7">S7. How can I use fetchmail with geocities POP3
-servers?</a><br/>
-<a href="#S8">S8. How can I use fetchmail with Hotmail?</a><br/>
-<a href="#S9">S9. How can I use fetchmail with MSN?</a><br/>
-<a href="#S10">S10. How can I use fetchmail with SpryNet?</a><br/>
-<a href="#S11">S11. How can I use fetchmail with FTGate?</a><br/>
-<a href="#S12">S12. How can I use fetchmail with MailMax?</a><br/>
-<a href="#S13">S13. How can I use fetchmail with Novell
-GroupWise?</a><br/>
-<a href="#S14">S14. How can I use fetchmail with
-InterChange?</a><br/>
-<a href="#S15">S15. How can I use fetchmail with GMX?</a><br/>
-
+<a href="#S2">S2. How can I use fetchmail with Microsoft Exchange?</a><br/>
+<a href="#S3">S3. How can I use fetchmail with HP OpenMail?</a><br/>
+<a href="#S4">S4. How can I use fetchmail with Novell GroupWise?</a><br/>
+<a href="#S5">S5. How can I use fetchmail with InterChange?</a><br/>
+<a href="#S6">S6. How can I use fetchmail with MailMax?</a><br/>
+<a href="#S7">S7. How can I use fetchmail with FTGate?</a><br/>
+
+<h1>How to fetchmail work with specific ISPs:</h1>
+
+<a href="#I1">I1. How can I use fetchmail with Compuserve RPA?</a><br/>
+<a href="#I2">I2. How can I use fetchmail with Demon Internet's SDPS?</a><br/>
+<a href="#I3">I3. How can I use fetchmail with usa.net's servers?</a><br/>
+<a href="#I4">I4. How can I use fetchmail with geocities POP3 servers?</a><br/>
+<a href="#I5">I5. How can I use fetchmail with Hotmail or Lycos Webmail?</a><br/>
+<a href="#I6">I6. How can I use fetchmail with MSN?</a><br/>
+<a href="#I7">I7. How can I use fetchmail with SpryNet?</a><br/>
+<a href="#I8">I8. How can I use fetchmail with comcast.net?</a><br/>
<h1>How to set up well-known security and authentication
methods:</h1>
<a href="#K1">K1. How can I use fetchmail with SOCKS?</a><br/>
-<a href="#K2">K2. How can I use fetchmail with IPv6 and
-IPsec?</a><br/>
-<a href="#K3">K3. How can I get fetchmail to work with
-ssh?</a><br/>
-<a href="#K4">K4. What do I have to do to use the IMAP-GSS
-protocol?</a><br/>
+<a href="#K2">K2. How can I use fetchmail with IPv6 and IPsec?</a><br/>
+<a href="#K3">K3. How can I get fetchmail to work with ssh?</a><br/>
+<a href="#K4">K4. What do I have to do to use the IMAP-GSS protocol?</a><br/>
<a href="#K5">K5. How can I use fetchmail with SSL?</a><br/>
-
+<a href="#K6">K6. How can I tell fetchmail not to try TLS if the server
+ advertises it?</a><br/>
<h1>Runtime fatal errors:</h1>
-<a href="#R1">R1. Fetchmail isn't working, and -v shows `SMTP
+<a href="#R1">R1. Fetchmail isn't working, and -v shows 'SMTP
connect failed' messages.</a><br/>
<a href="#R2">R2. When I try to configure an MDA, fetchmail doesn't
work.</a><br/>
normally otherwise.</a><br/>
<a href="#R5">R5. Running fetchmail in daemon mode doesn't
work.</a><br/>
-<a href="#R6">R6. Fetchmail randomly dies with socket
-errors.</a><br/>
+<a href="#R6">R6. Fetchmail randomly dies with socket errors.</a><br/>
<a href="#R7">R7. Fetchmail running as root stopped working after
an OS upgrade</a><br/>
<a href="#R8">R8. Fetchmail is timing out after fetching certain
messages but before deleting them</a><br/>
-<a href="#R9">R9. Fetchmail is timing out during message
-fetches</a><br/>
+<a href="#R9">R9. Fetchmail is timing out during message fetches</a><br/>
<a href="#R10">R10. Fetchmail is dying with SIGPIPE.</a><br/>
-<a href="#R11">R11. My server is hanging up or emitting errors on
-CAPA.</a><br/>
-
-
+<a href="#R11">R11. My server is hanging or emitting errors on CAPA.</a><br/>
+<a href="#R12">R12. Fetchmail isn't working and reports getaddrinfo
+ errors.</a>
<h1>Hangs and lockups:</h1>
<a href="#H1">H1. Fetchmail hangs when used with pppd.</a><br/>
<a href="#X7">X7. Some mail attachments are hanging
fetchmail.</a><br/>
<a href="#X8">X8. A spurious ) is being appended to my
-messages.</a><br/>
-
+messages.</a><br/>
<h1>Other problems:</h1>
messages over and over?</a><br/>
<a href="#O10">O10. Why is the received date on all my messages the
same?</a><br/>
-
+<a href="#O11">O11. I keep getting messages that say "Repoll
+immediately" in my logs.</a><br/>
+<a href="#O12">O12. Fetchmail no longer expunges mail on a 451 SMTP response.</a><br/>
+<a href="#O13">O13. I want timestamp information in my fetchmail logs.</a>
<h1>Answers:</h1>
<p>The latest HTML FAQ is available alongside the latest fetchmail
sources at the fetchmail home page: <a
-href="http://www.tuxedo.org/~esr/fetchmail">http://www.tuxedo.org/~esr/fetchmail</a>.
+href="http://fetchmail.berlios.de/">http://fetchmail.berlios.de/</a>.
You can also usually find both in the <a
href="http://sunsite.unc.edu/pub/Linux/system/mail/pop/!INDEX.html">
POP mail tools directory on Sunsite</a>.</p>
<p>You can do spam filtering better with procmail or maildrop on
the server side and (if you're the server sysadmin) sendmail.cf
-domain exclusions. You can do other policy things better with the
+domain exclusions. If you really want fetchmail to do it from the
+client side, yse a <code>preconnect</code> command to call
+<a href='http://mailfilter.sourceforge.net/'>mailfilter</a>.</p>
+
+<p>You can do other policy things better with the
<code>mda</code> option and script wrappers around fetchmail. If
it's a prime-time-vs.-non-prime-time issue, ask yourself whether a
wrapper script called from crontab would do the job.</p>
<p>For reasons fetchmail doesn't have other commonly-requested
features (such as password encryption, or multiple concurrent polls
-from the same instance of fetchmail) see the <a
-href="http://www.tuxedo.org/~esr/fetchmail/design-notes.html">design
-notes</a>.</p>
+from the same instance of fetchmail) see <a
+href="esrs-design-notes.html">ESR's design
+notes</a>. Note that this document is partially obsoleted by the
+<a href="design-notes.html">updated design notes.</a></p>
<p>Fetchmail is a mature project, no longer in constant active
development. It is no longer my top project, and I am going to be
the Linux development model is correct.</p>
<p>The experiment was a success. I wrote a paper about it titled <a
-href="http://www.tuxedo.org/~esr/writings/cathedral.html">The
+href="http://www.catb.org/~esr/writings/cathedral.html">The
Cathedral and the Bazaar</a> which was first presented at Linux
Kongress '97 in Bavaria and very well received there. It was also
given at Atlanta Linux Expo, Linux Pro '97 in Warsaw, and the first
<p>Fetchmail will work with any POP, IMAP, ETRN, or ODMR server
that conforms to the relevant RFCs (and even some outright broken
ones like <a href="#S2">Microsoft Exchange</a> and <a
-href="#S12">Novell GroupWise</a>). This doesn't mean it works
+href="#S6">Novell GroupWise</a>). This doesn't mean it works
equally well with all, however. POP2 servers, and POP3 servers
without LAST, limit fetchmail's capabilities in various ways
described on the manual page.</p>
with POP3 support preconfigured (but beware of the horribly broken
POP3 server mentioned in <a href="#D2">D2</a>). An increasing
minority also feature IMAP (you can detect IMAP support by running
-fetchmail in AUTO mode, or by using the `Probe for supported
+fetchmail in AUTO mode, or by using the 'Probe for supported
protocols' function in the fetchmailconf utility).</p>
<p>If you have the option, we recommend using or installing an
IMAP4rev1 server; it has the best facilities for tracking message
-`seen' states. It also recovers from interrupted connections more
+'seen' states. It also recovers from interrupted connections more
gracefully than POP3, and enables some significant performance
optimizations. The new <a
href="ftp://ftp.cac.washington.edu/imap/imap.tar.Z">IMAP 2000</a>
ranges from trivial to impossible. It may even be next to
useless.</p>
-<p>Most people use fetchmail over phone wires, which are hard to
-tap. Anybody with the skill and resources to do this could get into
-your server mailbox with much less effort by subverting the server
-host. So if your provider setup is modem wires going straight into
-a service box, you probably don't need to worry.</p>
+<p>Most people use fetchmail over phone wires (whether plain old
+copper or DSL), which are hard to tap. Anybody with the skill and
+resources to do this could get into your server mailbox with much less
+effort by subverting the server host. So if your provider setup is
+phone-company wire going straight into a service box, you probably
+don't need to worry.</p>
-<p>In general there is little point in trying to secure your
-fetchmail transaction unless you trust the security of the server
-host you are retrieving mail from. Your vulnerability is more
-likely to be an insecure local network on the server end (e.g. to
-somebody with a TCP/IP packet sniffer intercepting Ethernet traffic
-between the modem concentrator you dial in to and the mailserver
-host).</p>
+<p>In general there is little point in trying to secure your fetchmail
+transaction unless you trust the security of the server host you are
+retrieving mail from. Your vulnerability is more likely to be an
+insecure local network on the server end (e.g. to somebody with a
+TCP/IP packet sniffer intercepting Ethernet traffic between the modem
+concentrator or DSL POP you dial in to and the mailserver host).</p>
<p>Having realized this, you need to ask whether password
encryption alone will really address your security exposure. If you
<p>If you are fetching mail from a CompuServe POP3 account, you can
use their RPA authentication (which works much like APOP). See <a
-href="#S3">S3</a> for details. If you are fetching mail from
+href="#I1">I1</a> for details. If you are fetching mail from
Microsoft Exchange using IMAP, you will be able to use NTLM.</p>
<p>Your POP3 server may have the RFC1938 OTP capability to use
<p>You can get both POP3 and IMAP OTP patches from <a id="cmetz"
name="cmetz">Craig Metz</a> at <a
-href="http://www.inner.net/pub/">http://www.inner.net/pub/</a>.</p>
+href="http://www.inner.net/opie">http://www.inner.net/opie</a>.</p>
<p>These patches use a SASL authentication method named "X-OTP"
because there is not currently a standard way to do this; fetchmail
<p>Use the <code>smtpaddress</code> option to force the appended
hostname to one with a (fixed) IP address of 127.0.0.1 in your
-<code>/etc/hosts</code>. (The name `localhost' will usually work;
+<code>/etc/hosts</code>. (The name 'localhost' will usually work;
or you can use the IP address itself).</p>
<p>Only one fetchmail option interacts directly with your IP
-address, `<code>interface</code>'. This option can be used to set
+address, '<code>interface</code>'. This option can be used to set
the gateway device and restrict the IP address range fetchmail will
use. Such a restriction is sometimes useful for security reasons,
especially on multihomed sites. See <a href="#C3">C3</a>.</p>
fetchmail lexer.</a></h2>
<p>In the immortal words of Alan Cox the last time this came up:
-``Take the Solaris lex and stick it up the backside of a passing
+"Take the Solaris lex and stick it up the backside of a passing
Sun salesman, then install <a
href="ftp://ftp.gnu.org/pub/non-gnu/flex/">flex</a> and use that.
-All will be happier.''</p>
+All will be happier."</p>
<p>I couldn't have put it better myself, and ain't going to try
now.</p>
<p>If you get errors resembling these</p>
<pre>
-mxget.o(.text+0x35): undefined referenceto `__res_search'
-mxget.o(.text+0x99): undefined reference to`__dn_skipname'
-mxget.o(.text+0x11c): undefined reference to`__dn_expand'
-mxget.o(.text+0x187): undefined reference to`__dn_expand'
+mxget.o(.text+0x35): undefined referenceto '__res_search'
+mxget.o(.text+0x99): undefined reference to '__dn_skipname'
+mxget.o(.text+0x11c): undefined reference to '__dn_expand'
+mxget.o(.text+0x187): undefined reference to '__dn_expand'
make: *** [fetchmail] Error 1
</pre>
<p>then you must add "-lresolv" to the LOADLIBS line in your
-Makefile once you have installed the `bind' package.</p>
+Makefile once you have installed the 'bind' package.</p>
<p>If you get link errors involving <tt>dcgettext</tt>, like
this:</p>
<pre>
-rcfile_y.o: In function `yyparse':
-rcfile_y.o(.text+0x3aa): undefined reference to `dcgettext__'
-rcfile_y.o(.text+0x4f2): undefined reference to `dcgettext__'
-rcfile_y.o(.text+0x5ee): undefined reference to `dcgettext__'
-rcfile_y.o: In function `yyerror':
-rcfile_y.o(.text+0xc7c): undefined reference to `dcgettext__'
-rcfile_y.o(.text+0xcc8): undefined reference to `dcgettext__'
-rcfile_y.o(.text+0xdf9): more undefined references to `dcgettext__' follow
+rcfile_y.o: In function 'yyparse':
+rcfile_y.o(.text+0x3aa): undefined reference to 'dcgettext__'
+rcfile_y.o(.text+0x4f2): undefined reference to 'dcgettext__'
+rcfile_y.o(.text+0x5ee): undefined reference to 'dcgettext__'
+rcfile_y.o: In function 'yyerror':
+rcfile_y.o(.text+0xc7c): undefined reference to 'dcgettext__'
+rcfile_y.o(.text+0xcc8): undefined reference to 'dcgettext__'
+rcfile_y.o(.text+0xdf9): more undefined references to 'dcgettext__' follow
</pre>
<p>reconfigure with <tt>configure --with-included-gettext</tt>.
<h3>If your file predates 5.8.3</h3>
-<p>The `via localhost' special case for use with ssh tunnelling is
+<p>The 'via localhost' special case for use with ssh tunnelling is
gone. Use the %h feature of <tt>plugin</tt> instead.</p>
<h3>If your file predates 5.6.8</h3>
support any of those will it ship your password en clair.</p>
<p>Setting the <tt>preauth</tt> option to any value other than
-`password' will prevent from looking for a password in your
+'password' will prevent from looking for a password in your
<tt>.netrc</tt> file or querying for it at startup time.</p>
<h3>If your file predates 5.1.0</h3>
<h3>If your file predates 4.0.6:</h3>
-<p>Just after the `<code>via</code>' option was introduced, I
-realized that the interactions between the `<code>via</code>',
-`<code>aka</code>', and `<code>localdomains</code>' options were
+<p>Just after the '<code>via</code>' option was introduced, I
+realized that the interactions between the '<code>via</code>',
+'<code>aka</code>', and '<code>localdomains</code>' options were
out of control. Their behavior had become complex and confusing, so
much so that I was no longer sure I understood it myself. Users
were being unpleasantly surprised.</p>
configurations.</p>
<p>Any multidrop configurations that depended on the name just
-after the `<code>poll</code>' or `<code>skip</code>' keyword being
+after the '<code>poll</code>' or '<code>skip</code>' keyword being
still interpreted as a DNS name for address-matching purposes, even
-in the presence of a `<code>via</code>' option, will break.</p>
+in the presence of a '<code>via</code>' option, will break.</p>
<p>It is theoretically possible that other unusual configurations
(such as those using a non-FQDN poll name to generate Kerberos IV
<h3>If your file predates 3.9.5:</h3>
-<p>The `<code>remote</code>' keyword has been changed to
-`<code>folder</code>'. If you try to use the old keyword, the
+<p>The '<code>remote</code>' keyword has been changed to
+'<code>folder</code>'. If you try to use the old keyword, the
parser will utter a warning.</p>
<h3>If your file predates 3.9:</h3>
<p>It could be because you're using a .fetchmailrc that's written
in the old popclient syntax without an explicit
-`<code>username</code>' keyword leading the first user entry
+'<code>username</code>' keyword leading the first user entry
attached to a server entry.</p>
<p>This error can be triggered by having a user option such as
-`<code>keep</code>' or `<code>fetchall</code>' before the first
+'<code>keep</code>' or '<code>fetchall</code>' before the first
explicit username. For example, if you write</p>
<pre>
keep user "Hal DeVore" there is hdevore here
</pre>
-<p>the `<code>keep</code>' option will generate an entire user
+<p>the '<code>keep</code>' option will generate an entire user
entry with the default username (the name of fetchmail's invoking
user).</p>
<h3>If your file predates 2.8:</h3>
-<p>The `<code>interface</code>', `<code>monitor</code>' and
-`<code>batchlimit</code>' options changed after 2.8.</p>
+<p>The '<code>interface</code>', '<code>monitor</code>' and
+'<code>batchlimit</code>' options changed after 2.8.</p>
-<p>They used to be global options with `<code>set</code>' syntax
+<p>They used to be global options with '<code>set</code>' syntax
like the batchlimit and logfile options. Now they're per-server
-options, like `<code>protocol</code>'.</p>
+options, like '<code>protocol</code>'.</p>
<p>If you had something like</p>
</pre>
<p>in your .fetchmailrc file, simply delete that line and insert
-`interface sl0/10.0.2.15' in the server options part of your
-`defaults' declaration.</p>
+'interface sl0/10.0.2.15' in the server options part of your
+'defaults' declaration.</p>
-<p>Do similarly for any `<code>monitor</code>' or
-`<code>batchlimit</code>' options.</p>
+<p>Do similarly for any '<code>monitor</code>' or
+'<code>batchlimit</code>' options.</p>
<hr/>
<h2><a id="F2" name="F2">F2. The .fetchmailrc parser won't accept
<hr/>
<h2><a id="F3" name="F3">F3. The .fetchmailrc parser won't accept
-my host or username beginning with `no'.</a></h2>
+my host or username beginning with 'no'.</a></h2>
-<p>See <a href="#F2">F2</a> You're caught in an unfortunate crack
-between the newer-style syntax for negated options (`no keep', `no
-rewrite' etc.) and the older style run-on syntax (`nokeep',
-`norewrite' etc.).</p>
+<p>See <a href="#F2">F2</a>. You're caught in an unfortunate crack
+between the newer-style syntax for negated options ('no keep', 'no
+rewrite' etc.) and the older style run-on syntax ('nokeep',
+'norewrite' etc.).</p>
<p>Upgrade to a 5.0.6 or later fetchmail, or put string quotes
around your token.</p>
<hr/>
-<h2><a id="F4" name="F4">F4. I'm getting a `parse error' message I
+<h2><a id="F4" name="F4">F4. I'm getting a 'parse error' message I
don't understand.</a></h2>
<p>The most common cause of mysterious parse errors is putting a
server option after a user option. Check the manual page; you'll
probably find that by moving one or more options closer to the
-`poll' keyword you can eliminate the problem.</p>
+'poll' keyword you can eliminate the problem.</p>
<p>Yes, I know these ordering restrictions are hard to understand.
-Unfortunately, they're necessary in order to allow the `defaults'
+Unfortunately, they're necessary in order to allow the 'defaults'
feature to work.</p>
<hr/>
<p>It won't work if the second line is just "<code>user
itz</code>". This is silly.</p>
-<p>It seems fetchmail decides to RECP the `default local user'
+<p>It seems fetchmail decides to RECP the 'default local user'
(i.e. the uid running fetchmail) unless there are local aliases,
-and the `default' aliases (itz->itz) don't count. They
+and the 'default' aliases (itz->itz) don't count. They
should.</p>
<p>Answer:</p>
<p>No they shouldn't. I thought about this for a while, and I don't
much like the conclusion I reached, but it's unavoidable. The
problem is that fetchmail has no way to know, in general, that a
-local user `itz' actually exists.</p>
+local user 'itz' actually exists.</p>
<p>"Ah!" you say, "Why doesn't it check the password file to see if
the remote name matches a local one?" Well, there are two
<p>The easiest way to dispatch fetchmail on logout (which will work
reliably only if you have just one login going at any time) is to
-arrange for the command `fetchmail -q' to be called on logout.
-Under bash, you can arrange this by putting `fetchmail -q' in the
-file `~/.bash_logout'. Most csh variants execute `~/.logout' on
+arrange for the command 'fetchmail -q' to be called on logout.
+Under bash, you can arrange this by putting 'fetchmail -q' in the
+file '~/.bash_logout'. Most csh variants execute '~/.logout' on
logout. For other shells, consult your shell manual page.</p>
<p>Automatic startup/shutdown of fetchmail is a little harder to
ppp0.</li>
<li>If you're using a direct connection over a local network such
-as an ethernet, use the command `netstat -r' to look at your
+as an ethernet, use the command 'netstat -r' to look at your
routing table. Try to match your mailserver name to a destination
-entry; if you don't see it in the first column, use the `default'
+entry; if you don't see it in the first column, use the 'default'
entry. The device name will be in the rightmost column.</li>
</ol>
10.0.2.15, with no netmask specified. (It's possible to configure
slirp to present other addresses, but that's the default.)</li>
-<li>If you have a static IP address, run `ifconfig <device>',
+<li>If you have a static IP address, run 'ifconfig <device>',
where <device> is whichever one you've determined. Use the IP
address given after "inet addr:". That is the IP address for your
end of the link, and is what you need. You won't need to specify a
included in sendmail's configuration, you can leave the
<code>rewrite</code> option off.</p>
-<p>If your sendmail complains ``sendmail does not relay'', make
+<p>If your sendmail complains "sendmail does not relay", make
sure your sendmail.cf file says <code>Cwlocalhost</code> so that
-sendmail recognizes `localhost' as a name of its host.</p>
+sendmail recognizes 'localhost' as a name of its host.</p>
<p>If you're mailing from another machine on your local network,
also ensure that its IP address is listed in ip_allow or name in
name_allow (usually in /etc/mail/)</p>
<p>If you find that your sendmail doesn't like the address
-`FETCHMAIL-DAEMON@localhost' (which is used in the bouncemail that
+'FETCHMAIL-DAEMON@localhost' (which is used in the bouncemail that
fetchmail generates), you may have to set
<code>FEATURE(accept_unqualified_senders)</code>.</p>
A=procmail -Y -a $u -d $h
</pre>
-<p>For both hacks, you have to declare `<code>envelope
+<p>For both hacks, you have to declare '<code>envelope
"Delivered-To:"</code>' on the fetchmail side, to put the virtual
-domain (e.g. `domain.com') with RELAY permission into your access
-file and to add a line reading `<code>domain.com
-local:local-pop-user</code>' for the first and `<code>domain.com
+domain (e.g. 'domain.com') with RELAY permission into your access
+file and to add a line reading '<code>domain.com
+local:local-pop-user</code>' for the first and '<code>domain.com
mdrop:local-pop-user</code>' for the second hack to your
mailertable.</p>
<p>You will notice that if the mail already has a Delivered-To
header, sendmail will not add another.  Further, editing
sendmail.cf directly is not very comfortable.  Solutions for
-both problems can be found in Peter `Rattacresh' Backes' `hybrid'
+both problems can be found in Peter 'Rattacresh' Backes' 'hybrid'
patch against sendmail.  Have a look at it, you can find it in
the contrib subdirectory.</p>
possible to set up one fetchmail link to be reliably collect the
mail for an entire domain.</p>
-<p>One of the basic features of qmail is the `Delivered-To:'
+<p>One of the basic features of qmail is the 'Delivered-To:'
message header. Whenever qmail delivers a message to a local
mailbox it puts the username and hostname of the envelope recipient
on this line. The major reason for this is to prevent mail
loops.</p>
<p>To set up qmail to batch mail for a disconnected site the
-ISP-mailhost will have normally put that site in its `virtualhosts'
+ISP-mailhost will have normally put that site in its 'virtualhosts'
control file so it will add a prefix to all mail addresses for this
site. This results in mail sent to
'username@userhost.userdom.dom.com' having a 'Delivered-To:' line
<p>To use this line you must:</p>
<ol>
-<li>Ensure the option `envelope Delivered-To:' is in the fetchmail
+<li>Ensure the option 'envelope Delivered-To:' is in the fetchmail
config file.</li>
<li>Ensure you have a localdomains containing 'userdom.dom.com' or
-`userhost.dom.com' respectively.</li>
+'userhost.dom.com' respectively.</li>
</ol>
<p>So far this reliably delivers messages to the correct machine of
<p>Peter Wilson adds:</p>
-<p>``My ISP uses "alias-unzzippedcom-" as the prefix, which means
+<p>"My ISP uses "alias-unzzippedcom-" as the prefix, which means
that I need to name my file ".qmail-unzzippedcom-default". This is
due to qmail's assumption that a message sent to user-xyz is
handled by the file ~user/.qmail-xyz (or
-~user/.qmail-default).''</p>
+~user/.qmail-default)."</p>
<p>Luca Olivetti adds:</p>
<p>If you aren't using qmail locally, or you don't want to set up
the alias mechanism described above, you can use the option
-`<code>qvirtual "mbox-userstr-"</code>' in your fetchmail config
+'<code>qvirtual "mbox-userstr-"</code>' in your fetchmail config
file to strip the prefix from the local user name.</p>
<hr/>
addresses you pass to it have to be canonical (e.g. with a fully
qualified hostname part). Therefore fetchmail tries to pass fully
qualified RCPT TO addresses. But exim does not by default accept
-`localhost' as a fully qualified domain. This can be fixed.</p>
+'localhost' as a fully qualified domain. This can be fixed.</p>
-<p>In exim.conf, add `localhost' to your local_domains declaration
+<p>In exim.conf, add 'localhost' to your local_domains declaration
if it's not already present. For example, the author's site at
thyrsus.com would have a line reading:</p>
single fetchmail session, smail sometimes delivers them in an order
other than received-date order. This can be annoying because it
scrambles conversational threads. This is not fetchmail's problem,
-it is an smail `feature' and has been reported to the maintainers
+it is an smail 'feature' and has been reported to the maintainers
as a bug.</p>
<p>Very recent smail versions require an
<p>The Lotus Notes SMTP gateway tries to deduce when it should
convert \n to \r\n, but its rules are not the intuitive and
-correct-for-RFC822 ones. Use `forcecr'.</p>
+correct-for-RFC822 ones. Use 'forcecr'.</p>
+<hr/>
<h2><a id="T7" name="T7">T7. How can I use fetchmail with Courier
IMAP?</a></h2>
<code>smtphost</code> or <code>smtpaddress</code>.</p>
<hr/>
-<h2><a href="T8">T8. How can I use fetchmail with vbmailshield?</a></h2>
+<h2><a name="T8">T8. How can I use fetchmail with vbmailshield?</a></h2>
<p>vbmailshield's SMTP interpreter is broken. It doesn't understand RSET.</p>
with no terminating newline added. This will hang fetchmail or any
other RFC-compliant server. IMAP is alleged to work OK, though.</p>
-<p>Older versions of Exchange are semi-usable.</p>
+<p>Older versions of Exchange are semi-usable. They randomly drop
+attachments on the floor, though. Microsoft acknowledges this
+as a known bug and apparently has no plans to fix it.</p>
<p>Fetchmail using IMAP supports the proprietary NTLM mode used
with M$ Exchange servers. To enable this, configure fetchmail with
the --enable-NTLM option and recompile it. Specify a user option
-value that looks like `user@domain': the part to the left of the @
+value that looks like 'user@domain': the part to the left of the @
will be passed as the username and the part to the right as the
NTLM domain.</p>
<p>But, the best option involves a tactical nuclear weapon (an old
ASROC will do), pissing off a lot people who live downwind from
Redmond, and your choice of any Linux, NetBSD, FreeBSD, or Solaris
-CD.</p>
+CD-ROM.</p>
+
+<hr/>
+<h2><a id="S3" name="S3">S3. How can I use fetchmail with HP
+OpenMail?</a></h2>
+
+<p>No special configuration is required, but OpenMail versions
+prior to 6.0 have an annoying bug similar to the big one in <a
+href="#S2">Microsoft Exchange</a>. The message sizes it gives in
+the LIST are rounded to the nearest 1024 bytes. It also has a nasty
+habit of discarding headers it doesn't recognize, such as X- and
+Resent- headers.</p>
+
+<p>As with M$ Exchange, the only real fix for these problems is to
+get a POP (or preferably IMAP) server that isn't brain-dead.
+OpenMail's project manager claims these bugs have been fixed in
+6.0.</p>
+
+<p>We've had a more recent report (December 2001) that the TOP
+command fails, returning only one line regrardless of its argument,
+on something identifying itself as "OpenMail POP3 interface".</p>
+
+<hr/>
+<h2><a id="S4" name="S4">S4. How can I use fetchmail with Novell GroupWise?</a></h2>
+
+<p>The Novell GroupWise IMAP server would be better named
+GroupFoolish; it is (according to the designer of IMAP) unusably
+broken. Among other things, it doesn't include a required content
+length in its BODY[TEXT] response.</p>
+
+<p>Fetchmail works around this problem, but we strongly recommend
+voting with your dollars for a server that isn't brain-dead. If you
+stick with code as shoddy as GroupWise seems to be, you will
+probably pay for it with other problems.</p>
+
+<hr/>
+<h2><a id="S5" name="S5">S5. How can I use fetchmail with
+InterChange?</a></h2>
+
+<p>You can't. At least not if you want to be able to see
+attachments. InterChange has a bug similar to the MailMax server;
+it reports the message length with attachments but doesn't download
+them on TOP or RETR.</p>
+
+<p>On Jan 9 2001, the people at InfiniteMail sent me mail informing
+me that their new 3.61.08 release of InterChange fixes this
+problem. I don't have any reports one way or the other yet.</p>
+
+<hr/>
+<h2><a id="S6" name="S6">S6. How can I use fetchmail with MailMax?</a></h2>
+
+<p>You can't. At least not if you want to be able to see
+attachments. MailMax has a bug; it reports the message length with
+attachments but doesn't download them on TOP or RETR.</p>
+
+<p>Also, we're told that TOP sometimes fails to retrieve the entire
+message even when enough lines have been specified. The MailMax
+developers have acknowledged this bug as of 4 May 2000, but there
+is no fix yet. If you must use this server, force RETR with the
+<tt>fetchall</tt> option.</p>
+
+<hr/>
+<h2><a id="S7" name="S7">S7. How can I use fetchmail with FTGate?</a></h2>
-<p>I'll provide the CD.</p>
+<p>The FTGate V2 server (and possibly older versions as well) has a
+weird bug. It answers OK twice to a TOP request! Use the
+<code>fetchall</code> option to force use of RETR and work around
+this bug.</p>
<hr/>
-<h2><a id="S3" name="S3">S3. How can I use fetchmail with
-CompuServe RPA?</a></h2>
+<h2><a id="I1" name="I1">I1. How can I use fetchmail with CompuServe RPA?</a></h2>
<p>First, make sure your fetchmail has the RPA support compiled in.
Stock fetchmail binaries (such as you might get from an RPM) don't.
directions).</p>
<p>Give your CompuServe pass-phrase in lower case as your password.
-Add `@compuserve.com' to your user ID so that it looks like `user
+Add '@compuserve.com' to your user ID so that it looks like 'user
<UserID>@compuserve.com', where <UserID> can be either
your numerical userID or your E-mail nickname. An RPA-enabled
fetchmail will automatically check for csi.com in the POP server's
greeting line. If that's found, and your user ID ends with
-`@compuserve.com', it will query the server to see if it is
+'@compuserve.com', it will query the server to see if it is
RPA-capable, and if so do an RPA transaction rather than a
plain-text password handshake.</p>
</pre>
<hr/>
-<h2><a id="S4" name="S4">S4. How can I use fetchmail with Demon
+<h2><a id="I2" name="I2">I2. How can I use fetchmail with Demon
Internet's SDPS?</a></h2>
<h3>Single-drop mode</h3>
<p>Note that Demon may delete mail on the server which is more than
30 days old; see their <a
-href="http://www.demon.net/helpdesk/products/mail/sdps-tech.shtm">POP3
+href="http://www.demon.net/helpdesk/products/mail/sdps-tech.shtml">POP3
page</a> for details.</p>
<h3>The SDPS extension</h3>
it may fail. To force SDPS mode, pick "sdps" as your protocol.</p>
<hr/>
-<h2><a id="S5" name="S5">S5. How can I use fetchmail with usa.net's
+<h2><a id="I3" name="I3">I3. How can I use fetchmail with usa.net's
servers?</a></h2>
-<p>Enable `<code>fetchall</code>'. A user reports that the 2.2
+<p>Enable '<code>fetchall</code>'. A user reports that the 2.2
version of USA.NET's POP server reports that you must use the
-`<code>fetchall</code>' option to make sure that all of the mail is
+'<code>fetchall</code>' option to make sure that all of the mail is
retrieved, otherwise some may be left on the server. This is almost
certainly a server bug.</p>
don't handle the TOP command properly, either. Regardless of the
argument you give it, they retrieve only about 10 lines of the
message. Fetchmail normally uses TOP for message retrieval in order
-to avoid marking messages seen, but `<code>fetchall</code>' forces
+to avoid marking messages seen, but '<code>fetchall</code>' forces
it to use RETR instead.</p>
<p>Also, we're told USA.NET adds a ton of hops to your messages.
another provider.)</p>
<hr/>
-<h2><a id="S6" name="S6">S6. How can I use fetchmail with HP
-OpenMail?</a></h2>
-
-<p>No special configuration is required, but OpenMail versions
-prior to 6.0 have an annoying bug similar to the big one in <a
-href="#S2">Microsoft Exchange</a>. The message sizes it gives in
-the LIST are rounded to the nearest 1024 bytes. It also has a nasty
-habit of discarding headers it doesn't recognize, such as X- and
-Resent- headers.</p>
-
-<p>As with M$ Exchange, the only real fix for these problems is to
-get a POP (or preferably IMAP) server that isn't brain-dead.
-OpenMail's project manager claims these bugs have been fixed in
-6.0.</p>
-
-<p>We've had a more recent report (December 2001) that the TOP
-command fails, returning only one line regrardless of its argument,
-on something identifying itself as "OpenMail POP3 interface".</p>
-
-<hr/>
-<h2><a id="S7" name="S7">S7. How can I use fetchmail with geocities
+<h2><a id="I4" name="I4">I4. How can I use fetchmail with geocities
POP3 servers?</a></h2>
<p>Nathan Cutler reports that the the mail.geocities.com POP3
Geocities are lame, you should boycott them anyway.</p>
<hr/>
-<h2><a id="S8" name="S8">S8. How can I use fetchmail with Hotmail?</a></h2>
+<h2><a id="I5" name="I5">I5. How can I use fetchmail with Hotmail or Lycos Webmail?</a></h2>
-<p>You can't, yet. But <a
-href="http://linux.cudeso.be/linuxdoc/gotmail.php">gotmail</a> might
-be what you need.</p>
+<p>You can't directly. But you can use fetchmail with hotmail or lycos
+webmail with the help of the <a
+href='http://people.freenet.de/courierdave/'>HotWayDaemon</a>
+daemon. You don't even need to install hotwayd as a daemon in
+<samp>inetd.conf</samp> but can use it as a plugin. Your
+configuration should look like this:</p>
+
+<pre>
+poll localhost protocol pop3 tracepolls
+ plugin "/usr/local/sbin/hotwayd -l 0 -p yourproxy:yourproxyport"
+ username "youremail@hotmail.com" password "yourpassword"
+ fetchall
+</pre>
+
+<p>As a second option you may consider using <a
+href="http://linux.cudeso.be/linuxdoc/gotmail.php">gotmail</a>.</p>
<hr/>
-<h2><a id="S9" name="S9">S9. How can I use fetchmail with MSN?</a></h2>
+<h2><a id="I6" name="I6">I6. How can I use fetchmail with MSN?</a></h2>
<p>You can't. MSN uses something that looks like POP3, except the
authentication part is nonstandard. And of course they don't
corrected.</p>
<hr/>
-<h2><a id="S10" name="S10">S10. How can I use fetchmail with
-SpryNet?</a></h2>
+<h2><a id="I7" name="I7">I7. How can I use fetchmail with SpryNet?</a></h2>
<p>The SpryNet POP3 servers mark a message queried with TOP as
seen. This means that if your connection drops in mid-message, it
next cycle.</p>
<hr/>
-<h2><a id="S11" name="S11">S11. How can I use fetchmail with
-FTGate?</a></h2>
+<h2><a id="I8" name="I8">I8. How can I use fetchmail with comcast.net?</a></h2>
-<p>The FTGate V2 server (and possibly older versions as well) has a
-weird bug. It answers OK twice to a TOP request! Use the
-<code>fetchall</code> option to force use of RETR and work around
-this bug.</p>
-
-<hr/>
-<h2><a id="S12" name="S12">S12. How can I use fetchmail with
-MailMax?</a></h2>
-
-<p>You can't. At least not if you want to be able to see
-attachments. MailMax has a bug; it reports the message length with
-attachments but doesn't download them on TOP or RETR.</p>
+<p>Stock fetchmail will work with a comcast.net server...<em>but</em>
+the Maillennium POP3 server comcat uses seems to have an 80K limit on
+the length of downloaded messages if you use POP3 TOP to retrieve.
+Anything larger is silently truncated. Don't mistake this for a
+fetchmail bug. (Reported July 2003.)</p>
-<p>Also, we're told that TOP sometimes fails to retrieve the entire
-message even when enough lines have been specified. The MailMax
-developers have acknowledged this bug as of 4 May 2000, but there
-is no fix yet. If you must use this server, force RETR with the
-<tt>fetchall</tt> option.</p>
+<p>Workaround: use the <tt>fetchall</tt> option.</p>
<hr/>
-<h2><a id="S13" name="S13">S13. How can I use fetchmail with Novell
-GroupWise?</a></h2>
-
-<p>The Novell GroupWise IMAP server would be better named
-GroupFoolish; it is (according to the designer of IMAP) unusably
-broken. Among other things, it doesn't include a required content
-length in its BODY[TEXT] response.</p>
-
-<p>Fetchmail works around this problem, but we strongly recommend
-voting with your dollars for a server that isn't brain-dead. If you
-stick with code as shoddy as GroupWise seems to be, you will
-probably pay for it with other problems.</p>
-
-<hr/>
-<h2><a id="S14" name="S14">S14. How can I use fetchmail with
-InterChange?</a></h2>
-
-<p>You can't. At least not if you want to be able to see
-attachments. InterChange has a bug similar to the MailMax server;
-it reports the message length with attachments but doesn't download
-them on TOP or RETR.</p>
-
-<p>On Jan 9 2001, the people at InfiniteMail sent me mail informing
-me that their new 3.61.08 release of InterChange fixes this
-problem. I don't have any reports one way or the other yet.</p>
-
-<h2><a id="S15" name="S15">S15. How can I use fetchmail with
-GMX?</a></h2>
-
-<p>Use IMAP. The GMX StreamProxy server behaves badly on
-authentication failures, sending back a non-conformant error
-message (missing an <code>-ERR</code> tag) that confuses
-fetchmail.</p>
-
-<hr/>
-<h2><a id="K1" name="K1">K1. How can I use fetchmail with
-SOCKS?</a></h2>
+<h2><a id="K1" name="K1">K1. How can I use fetchmail with SOCKS?</a></h2>
<p>Giuseppe Guerini added a --with-socks option that supports
linking with socks library. If you specify the value of this option
-as ``yes'', the configure script will try to find the Rconnect
+as "yes", the configure script will try to find the Rconnect
library and set the makefile up to link it. You can also specify a
directory containing the Rconnect library.</p>
<p>To use fetchmail with IPv6, you need a system that supports
IPv6, the "Basic Socket Interface Extensions for IPv6" (RFC 2133).
-This currently means that you need to have a BSD/OS or NetBSD
-system with the NRL IPv6+IPsec software distribution or a Linux
-system with a 2.2 or later kernel and net-tools. It should not be
-hard to build fetchmail on other IPv6 implementations if you can
-port the inet6-apps kit.</p>
-
-<p>To use fetchmail with networking security (read: IPsec), you
-need a system that supports IPsec, the API described in the
-"Network Security API for Sockets"
-(draft-metz-net-security-api-01.txt), and the inet6-apps kit. This
-currently means that you need to have a BSD/OS or NetBSD system
-with the NRL IPv6+IPsec software distribution. A Linux IPsec
-implementation supporting this API will probably appear in the
-coming months.</p>
+</p>
<p>The NRL IPv6+IPsec software distribution can be obtained from:
<a
href="http://web.mit.edu/network/isakmp">http://web.mit.edu/network/isakmp</a></p>
-<p>The inet6-apps kit can be obtained from <a
-href="http://ftp.ps.pl/pub/linux/IPv6/inet6-apps/">http://ftp.ps.pl/pub/linux/IPv6/inet6-apps/</a>.</p>
-
<p>More information on using IPv6 with Linux can be obtained
from:</p>
<li><a
href="http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html">
http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html</a></li>
-
-<li><a
-href="http://www.ipv6.inner.net/ipv6">http://www.ipv6.inner.net/ipv6</a>
-(via IPv6)</li>
-
-<li><a
-href="http://www.inner.net/ipv6">http://www.inner.net/ipv6</a> (via
-IPv4)</li>
</ul>
<hr/>
protocol imap username MYUSERNAME password MYPASSWORD
</pre>
+<p>You should note that SSL is only secure against a "man-in-the-middle"
+attack if the client is able to verify that the peer's public key is the
+correct one, and has not been substituted by an attacker. fetchmail can do
+this in one of two ways: by verifying the SSL certificate, or by checking
+the fingerprint of the peer's public key.</p>
+
+<p>There are three parts to SSL certificate verification: checking that the
+domain name in the certificate matches the hostname you asked to connect to;
+checking that the certificate expiry date has not passed; and checking that
+the certificate has been signed by a known Certificate Authority (CA). This
+last step takes some preparation, as you need to install the root
+certificates of all the CA's which you might come across.</p>
+
+<p>The easiest way to do this is using the root CA keys supplied in the
+OpenSSL distribution, which means you need to download and unpack the
+source tarball from www.openssl.org. Once you have done that:</p>
+
+<ol>
+<li><code>mkdir /etc/ssl/certs</code></li>
+<li>in the openssl-x.x.x/certs directory: <code>cp *.pem /etc/ssl/certs/</code></li>
+<li>in the openssl-x.x.x/tools directory: edit c_rehash and set
+<code>$dir="/etc/ssl"</code></li>
+<li>run "perl c_rehash". This generates a number of symlinks within the
+/etc/ssl/certs/ directory</li>
+</ol>
+
+<p>Now in .fetchmailrc, set option sslcertpath to point to this
+directory:</p>
+
+<pre>
+poll pop3.example.com proto pop3 uidl no dns
+ user foobar@example.com password xyzzy is foobar ssl sslcertpath /etc/ssl/certs
+</pre>
+
+<p>If the server certificate has not been signed by a known CA (e.g. it is a
+self-signed certificate), then this certificate validation will always
+fail.</p>
+
+<p>Certificate verification is always attempted. If it fails, by default a
+warning is printed but the connection carries on (which means you are not
+protected against attack). If your server's certificate has been properly
+set up and verifies correctly, then add the "sslcertck" option to enforce
+validation. If your server doesn't have a valid certificate though (e.g. it
+has a self-signed certificate) then it will never verify, and the only way
+you can protect yourself is by checking the fingerprint.</p>
+
+<p>To check the peer fingerprint: first use fetchmail -v once to connect to
+the host, at a time when you are pretty sure that there is no attack in
+progress (e.g. you are not traversing any untrusted network to reach the
+server). Make a note of the fingerprint shown. Now embed this in your
+.fetchmailrc using the sslfingerprint option: e.g.</p>
+
+<pre>
+poll pop3.example.com proto pop3 uidl no dns
+ user foobar@example.com password xyzzy is foobar ssl sslfingerprint "67:3E:02:94:D3:5B:C3:16:86:71:37:01:B1:3B:BC:E2"
+</pre>
+
+<p>When you next connect, the public key presented by the server will be
+verified against the fingerprint given. If it's different, it may mean that
+a man-in-the-middle attack is in progress - or it might just mean that the
+server changed its key. It's up to you to determine which has happened.</p>
+
+<hr/>
+<h2><a id="K6" name="K6">K6. How can I tell fetchmail not to use TLS
+ if the server advertises it?</a></h2>
+
+<p>Some servers advertise STLS (POP3) or STARTTLS (IMAP), and fetchmail
+will automatically attempt TLS negotiation if SSL was enabled at compile
+time. This can however cause problems if the upstream didn't configure
+his certificates properly.</p>
+
+<p>In order to prevent fetchmail from trying TLS (STLS, STARTTLS)
+negotiation, add this option:</p>
+
+<pre>sslproto ssl23</pre>
+
+<p>This restricts fetchmail's SSL/TLS protocol choice from the default
+"SSLv2, SSLv3, TLSv1" to the two SSL variants, disabling TLSv1. Note
+however that this causes the connection to be unencrypted unless an
+encrypting "plugin" is used or SSL is requested explicitly.</p>
+
<hr/>
<h2><a id="R1" name="R1">R1. Fetchmail isn't working, and -v shows
-`SMTP connect failed' messages.</a></h2>
+'SMTP connect failed' messages.</a></h2>
<p>Fetchmail itself is probably working, but your SMTP port 25
listener is down or inaccessible.</p>
<p>The first thing to check is if you can telnet to port 25 on your
-smtp host (which is normally `localhost' unless you've specified an
+smtp host (which is normally 'localhost' unless you've specified an
smtp option in your .fetchmailrc or on the command line) and get a
greeting line from the listener. If the SMTP host is inaccessible
or the listener is down, fix that first.</p>
-<p>In Red Hat Linux 6.9, SMTP is disabled by default. To fix this,
+<p>In Red Hat Linux 6.x, SMTP is disabled by default. To fix this,
set "DAEMON=yes" in your /etc/sysconfig/sendmail file, then restart
sendmail by running "/sbin/service sendmail restart".</p>
momentary seizure due to resource exhaustion while fetchmail was
polling it -- process table full or some other problem that stopped
the listener process from forking. If your SMTP host is not
-`localhost' or something else in /etc/hosts, the fetchmail glitch
+'localhost' or something else in /etc/hosts, the fetchmail glitch
could also have been caused by transient nameserver failure.</p>
<p>Try running fetchmail -v again; if it succeeds, you had one of
problem in <a href="#X1">X1</a>.)</p>
<p>Try sending yourself test mail and retrieving it using the
-command-line options `<code>-k -m cat</code>'. This will dump
+command-line options '<code>-k -m cat</code>'. This will dump
exactly what fetchmail retrieves to standard output (plus the
Received line fetchmail itself adds to the headers).</p>
<p>There's a TCP/IP stalling problem under Redhat 6.0 (and possibly
other recent Linuxes) that can cause this symptom. Brian Boutel
-writes:<</p></p>
+writes:</p>
<blockquote>
<p>TCP timestamps are turned on on my Linux boxes (I assume it's
at start of a text line.</p>
<hr/>
-<h2><a id="R11" name="R11">R11. My server is hanging up or emitting
+<h2><a id="R11" name="R11">R11. My server is hanging or emitting
errors on CAPA.</a></h2>
<p>Your POP3 server is broken. You can work around this with the
declaration <tt>auth password</tt> in your .fetchmailrc.</p>
+<hr/>
+<h2><a id="R12" name="R12">R12. Fetchmail isn't working and reports
+ getaddrinfo errors.</a></h2>
+<ol><li>Make sure you haven't mistyped the host name or address, and that
+ your DNS is working. If you cannot fix DNS, give the numeric host
+ literal, for instance, 192.168.0.1</li>
+ <li>Make sure your <code>/etc/services</code> file (or other
+ services database) contains the necessary service entries. If you
+ cannot fix the services database, use the --port option and give the
+ numeric port address. Common port addresses
+ are:<table>
+ <tr><th>service</th><th>port</th></tr>
+ <tr><td>IMAP</td><td>143</td></tr>
+ <tr><td>IMAP+SSL</td><td>993</td></tr>
+ <tr><td>POP3</td><td>110</td></tr>
+ <tr><td>POP3+SSL</td><td>995</td></tr>
+</table></li></ol>
<hr/>
<h2><a id="H1" name="H1">H1. Fetchmail hangs when used with
pppd.</a></h2>
-<p>Your problem may be with pppd's `demand' option. We have a
+<p>Your problem may be with pppd's 'demand' option. We have a
report that fetchmail doesn't play well with it, but works with
-pppd if `demand' is turned off. We have no idea why this is.</p>
+pppd if 'demand' is turned off. We have no idea why this is.</p>
<hr/>
<h2><a id="H2" name="H2">H2. Fetchmail hangs during the MAIL FROM
phone lines). Then it will re-queue any message that was being
downloaded at hangup time. Still, qpopper may require a noticeable
amount of time to do deletions and clean up its queue. (Fetchmail
-waits a bit before retrying in order to avoid a `lock busy'
+waits a bit before retrying in order to avoid a 'lock busy'
error.)</p>
<hr/>
listener. No interrupt can cause it to lose mail.</p>
<p>However, IMAP2bis has a design problem in that its normal fetch
-command marks a message `seen' as soon as the fetch command to get
+command marks a message 'seen' as soon as the fetch command to get
it is sent down. If for some reason the message isn't actually
delivered (you take a line hit during the download, or your port 25
listener can't find enough free disk space, or you interrupt the
-delivery in mid-message) that `seen' message can lurk invisibly in
+delivery in mid-message) that 'seen' message can lurk invisibly in
your server mailbox forever.</p>
-<p>Workaround: add the `<code>fetchall</code>' keyword to your
+<p>Workaround: add the '<code>fetchall</code>' keyword to your
fetch options.</p>
<p>Solution: switch to an <a href="http://www.imap.org">IMAP4</a>
recipient names it parses out of To/Cc/envelope-header lines as
matching the name of the mailserver machine. To check this, run
fetchmail in foreground with -v -v on. You will probably see a lot
-of messages with the format ``line rejected, %s is not an alias of
-the mailserver'' or ``no address matches; forwarding to %s.''</p>
+of messages with the format "line rejected, %s is not an alias of
+the mailserver" or "no address matches; forwarding to %s."</p>
<p>These errors usually indicate some kind of DNS configuration
problem either on the server or your client machine.</p>
-<p>The easiest workaround is to add a `<code>via</code>' option (if
+<p>The easiest workaround is to add a '<code>via</code>' option (if
necessary) and add enough aka declarations to cover all of your
-mailserver's aliases, then say `<code>no dns</code>'. This will
+mailserver's aliases, then say '<code>no dns</code>'. This will
take DNS out of the picture (though it means mail may be
uncollected if it's sent to an alias of the mailserver that you
don't have listed).</p>
may do (though you <em>are</em> going to get hurt by some mailing
list software; see the caveats under THE USE AND ABUSE OF MULTIDROP
MAILBOXES on the man page). If you want to try it, the way to do it
-is with the `<code>localdomains</code>' option.</p>
+is with the '<code>localdomains</code>' option.</p>
<p>In general, if you use localdomains you need to make sure of two
other things:</p>
<p><strong>1. You've actually set up your .fetchmailrc entry to
invoke multidrop mode.</strong></p>
-<p>Many people set a `<code>localdomains</code>' list and then
+<p>Many people set a '<code>localdomains</code>' list and then
forget that fetchmail wants to see more than one name (or the
-wildcard `*') in a `<code>here</code>' list before it will do
+wildcard '*') in a '<code>here</code>' list before it will do
multidrop routing.</p>
-<p><strong>2. You may have to set `no envelope'.</strong></p>
+<p><strong>2. You may have to set 'no envelope'.</strong></p>
<p>Normally, multidrop mode tries to deduce an envelope address
from a message before parsing the To/Cc/Bcc lines (this enables it
<p>Some ways of accumulating a whole domain's messages in a single
server mailbox mean it all ends up with a single envelope address
that is useless for rerouting purposes. You may have to set
-`<code>no envelope</code>' to prevent fetchmail from being
+'<code>no envelope</code>' to prevent fetchmail from being
bamboozled by this.</p>
<p>Check also answer <a href="#T1">T1</a> on a reliable way to do
<h2><a id="M5" name="M5">M5. I'm seeing long DNS delays before each
message is processed.</a></h2>
-<p>Use the `<code>aka</code>' option to pre-declare as many of your
+<p>Use the '<code>aka</code>' option to pre-declare as many of your
mailserver's DNS names as you can. When an address's host part
matches an aka name, no DNS lookup needs to be done to check
it.</p>
<p>If you're sure you've pre-declared all of your mailserver's DNS
-names, you can use the `<code>no dns</code>' option to prevent
+names, you can use the '<code>no dns</code>' option to prevent
other hostname parts from being looked up at all.</p>
<p>Sometimes delays are unavoidable. Some SMTP listeners try to
<p>Some (unusual) mailserver configurations will generate extra
Received lines which you need to skip. To arrange this, use the
-optional skip prefix argument of the `envelope' option; you may
-need to say something like `<code>envelope 1 Received</code>' or
-`<code>envelope 2 Received</code>'.</p>
+optional skip prefix argument of the 'envelope' option; you may
+need to say something like '<code>envelope 1 Received</code>' or
+'<code>envelope 2 Received</code>'.</p>
-<h3>The `by' clause doesn't contain a mailserver alias:</h3>
+<h3>The 'by' clause doesn't contain a mailserver alias:</h3>
<p>When fetchmail parses a Received line that looks like</p>
for <ksturgeon@fbceg.org>; Wed, 9 Sep 1998 17:01:59 -0700
</pre>
-<p>it checks to see if `iserv.ttns.net' is a DNS alias of your
-mailserver before accepting `ksturgeon@fbceg.org' as an envelope
+<p>it checks to see if 'iserv.ttns.net' is a DNS alias of your
+mailserver before accepting 'ksturgeon@fbceg.org' as an envelope
address. This check might fail if your DNS were misconfigured, or
-if you were using `no dns' and had failed to declare iserv.ttns.net
+if you were using 'no dns' and had failed to declare iserv.ttns.net
as an alias of your server.</p>
<hr/>
work, try to figure out which other program in your mail path is
inserting the blank line and replace that. If you can't do either
of these things, pick a different MDA (such as procmail) and
-declare it with the `<code>mda</code>' option.</p>
+declare it with the '<code>mda</code>' option.</p>
<hr/>
<h2><a id="X2" name="X2">X2. My mail client can't see a Subject
the BSD popper program (as distributed on Solaris 2.5 and
elsewhere) is broken this way.</p>
-<p>You can test this. Declare an mda of `cat' and send yourself one
+<p>You can test this. Declare an mda of 'cat' and send yourself one
piece of mail containing "From" at start of a line. If you see a
split message, your POP/IMAP server is at fault. Upgrade to a more
recent version.</p>
Mlocal, P=/usr/bin/procmail, F=lsDFMShP, S=10, R=20/40, A=procmail -Y -d $u
</pre>
-<p>describing your local delivery agent. Try inserting the `E'
+<p>describing your local delivery agent. Try inserting the 'E'
option in the flags part (the F= string). This will make sendmail
turn each dangerous start-of-line From into a >From, preventing
programs further downstream from acting up.</p>
<h2><a id="X6" name="X6">X6. My mail attachments are being dropped
or mangled.</a></h2>
-<p>This isn't fetchmail's doing -- fetchmail never drops lines in
-message bodies or attachments. It may be your POP server, or it may
-be the sender's mail user agent (or a bad combination of both).</p>
+<p>Fetchmail doesn't discard attachments; fetchmail doesn't have any idea
+that attachments are there. Fetchmail treats the body of each message as
+an uninterpreted byte stream and passes it through without alteration.
+If you are not receiving attachments through fetchmail, it is because
+your mailserver is not sending them to you.</p>
-<p>The Mail Max POP3 server and the InterChange and Imail IMAP
-servers are known to simply drop MIME attachments when uploading
-messages. We've had sporadic reports of problems with Microsoft
-Exchange and Outlook servers. Windows- and NT-based POP servers
+<p>The fix for this is to replace your mailserver with one that works.
+If its operating system makes this difficult, you should replace its
+operating system with one that works. Windows- and NT-based POP servers
seem especially prone to mangle attachments. If you are running one
of these, replacing your server with a Unix machine is probably the
only effective solution.</p>
+<p>We've had sporadic reports of problems with Microsoft Exchange and
+Outlook servers. These sometimes randomly fail to ship
+attachments to your client. This is a known bug, acknowledged by
+Microsft.</p>
+
+<p>They may also mangle the attachments they do pass through. If you
+see unreadable attachments with a ContentType of "application/x-tnef",
+you're having this problem. The <a
+href="http://world.std.com/~damned/software.html">TNEF</a> utility may
+help.</p>
+
+<p>The Mail Max POP3 server and the InterChange and Imail IMAP
+servers are known to simply drop MIME attachments when uploading
+messages.</p>
+
<p>We've also had a report that Lotus Notes sometimes trashes the
MIME type of messages. In particular, it seems to modify MIME
-headers introducing type application/pdf, mangling the type to
+headers of type application/pdf, mangling the type to
application/octet-stream. It may corrupt other MIME types as
well.</p>
rumor that this bug is scheduled to be fixed in Domino release 6;
you can find a workaround at contrib/domino.)</p>
-<p>Another rich source of attachment problems is Microsoft Exchange
-and Microsoft Outlook. If you see unreadable attachments with a
-ContentType of "application/x-tnef", you're having this problem.
-The <a href="http://world.std.com/~damned/software.html">TNEF</a>
-utility may help.</p>
-
<p>Rob Funk explains: Unfortunately there also remain many mail
user agents that don't write correct MIME messages. One big
offender is Sun MailTool attachments, which are formatted enough
<p>Fetchmail uses the local sendmail to perform final delivery,
which Netscape and other clients doesn't do; the announcement of
new messages is done by a daemon that sendmail pokes. There should
-be a ``biff'' command to control this. Type</p>
+be a "biff" command to control this. Type</p>
<pre>
biff n
<p>to turn it off. If this doesn't work, try the command</p>
<pre>
-chmod -x `tty`
+chmod -x $(tty)
</pre>
<p>which is essentially what <code>biff -n</code> will do. If this
-doesn't work, comment out any reference to ``comsat'' in your
+doesn't work, comment out any reference to "comsat" in your
/etc/inetd.conf file and restart inetd.</p>
<p>In Slackware Linux distributions, the last line in /etc/profile
messages seen or delete them. The solution is to either (a) wait
for the other client to finish, or (b) terminate it.</p>
-<p>James Stevens <James.Stevens@kyzo.com> writes:</p>
+<p>James Stevens <James.Stevens at kyzo.com> writes:</p>
<p><em>We had a Linux box dialing the Net and collecting mail from
an NT POP3 server. Fetchmail was correctly collecting and deleting
<p>This is a design choice in your MTA, not fetchmail. It's taking
the received date from the last Received header.</p>
+<hr />
+<h2><a name="O11">O11. I keep getting messages that say "Repoll
+immediately" in my logs.</a></h2>
+
+<p>This is your server barfing on the CAPA probe that fetchmail sends.</p>
+
+<p>If you run fetchmail in daemon mode (say "set daemon 600"), you will
+get the message only once per run.</p>
+
+<p>If you set an authentication method explicitly (say, with
+<code>auth password</code>), you will never get the message.</p>
+
+<hr />
+<h2><a name="O12">O12. Fetchmail no longer expunges mail on a 451 SMTP response.</a></h2>
+
+<p>This is a feature, not a bug.</p>
+
+<p>Any 4xx response (like 451) indicates a transient (temporary) error.
+This means that the mail could be accepted if retried later. Lookup
+failures are normally transient errors as a mail should not get
+rejected if a dns server is unreachable or down.</p>
+
+<p>A permanent reject response is of the form 5xx (like 550).</p>
+
+<p>You could tell your SMTP server to not lookup any addresses if you are
+not keen on checking the sender addresses. This problem typically
+occurs if your mail server is not checking the sender addresses, but
+your local server is.</p>
+
+<p>Or you could declare <code>antispam 451</code>.</p>
+
+<p>Or, you could check your nameserver configuration and query logs for
+dns errors.</p>
+
+<p>All these issues are not related to fetchmail directly.</p>
+
+<hr />
+<h2><a name="O13">O13. I want timestamp information in my fetchmail logs.</a></h2>
+
+<p>Write a <code>preconnect</code> command in your configuration file that
+does something like "date >> $HOME/Procmail/fetchmail.log".</p>
+
<hr/>
<table width="100%" cellpadding="0" summary="Canned page footer">
<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home
Page</a></td>
-<td width="30%" align="center">To <a href="/~esr/sitemap.html">Site
-Map</a></td>
-<td width="30%" align="right">$Date: 2002/09/04 13:58:24 $</td>
+<td width="30%" align="right">$Date: 2004/01/13 08:46:00 $</td>
</tr>
</table>
projects / ~andy / fetchmail / blobdiff