<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home
Page</a></td>
-<td width="30%" align="center">To <a href="/~esr/sitemap.html">Site
-Map</a></td>
-<td width="30%" align="right">$Date: 2002/09/10 17:02:48 $</td>
+<td width="30%" align="right">$Date: 2004/01/13 08:46:00 $</td>
</tr>
</table>
<a href="#S1">S1. How can I use fetchmail with qpopper?</a><br/>
<a href="#S2">S2. How can I use fetchmail with Microsoft Exchange?</a><br/>
-<a href="#S3">S3. How can I use fetchmail with Compuserve RPA?</a><br/>
-<a href="#S4">S4. How can I use fetchmail with Demon Internet's SDPS?</a><br/>
-<a href="#S5">S5. How can I use fetchmail with usa.net's servers?</a><br/>
-<a href="#S6">S6. How can I use fetchmail with HP OpenMail?</a><br/>
-<a href="#S7">S7. How can I use fetchmail with geocities POP3 servers?</a><br/>
-<a href="#S8">S8. How can I use fetchmail with Hotmail?</a><br/>
-<a href="#S9">S9. How can I use fetchmail with MSN?</a><br/>
-<a href="#S10">S10. How can I use fetchmail with SpryNet?</a><br/>
-<a href="#S11">S11. How can I use fetchmail with FTGate?</a><br/>
-<a href="#S12">S12. How can I use fetchmail with MailMax?</a><br/>
-<a href="#S13">S13. How can I use fetchmail with Novell GroupWise?</a><br/>
-<a href="#S14">S14. How can I use fetchmail with InterChange?</a><br/>
-<a href="#S15">S15. How can I use fetchmail with www.gmx.de?</a><br/>
+<a href="#S3">S3. How can I use fetchmail with HP OpenMail?</a><br/>
+<a href="#S4">S4. How can I use fetchmail with Novell GroupWise?</a><br/>
+<a href="#S5">S5. How can I use fetchmail with InterChange?</a><br/>
+<a href="#S6">S6. How can I use fetchmail with MailMax?</a><br/>
+<a href="#S7">S7. How can I use fetchmail with FTGate?</a><br/>
+
+<h1>How to fetchmail work with specific ISPs:</h1>
+
+<a href="#I1">I1. How can I use fetchmail with Compuserve RPA?</a><br/>
+<a href="#I2">I2. How can I use fetchmail with Demon Internet's SDPS?</a><br/>
+<a href="#I3">I3. How can I use fetchmail with usa.net's servers?</a><br/>
+<a href="#I4">I4. How can I use fetchmail with geocities POP3 servers?</a><br/>
+<a href="#I5">I5. How can I use fetchmail with Hotmail or Lycos Webmail?</a><br/>
+<a href="#I6">I6. How can I use fetchmail with MSN?</a><br/>
+<a href="#I7">I7. How can I use fetchmail with SpryNet?</a><br/>
+<a href="#I8">I8. How can I use fetchmail with comcast.net?</a><br/>
<h1>How to set up well-known security and authentication
methods:</h1>
<a href="#X7">X7. Some mail attachments are hanging
fetchmail.</a><br/>
<a href="#X8">X8. A spurious ) is being appended to my
-messages.</a><br/>
-
+messages.</a><br/>
<h1>Other problems:</h1>
messages over and over?</a><br/>
<a href="#O10">O10. Why is the received date on all my messages the
same?</a><br/>
-
+<a href="#O11">O11. I keep getting messages that say "Repoll
+immediately" in my logs.</a><br/>
+<a href="#O12">O12. Fetchmail no longer expunges mail on a 451 SMTP response.</a><br/>
+<a href="#O13">O13. I want timestamp information in my fetchmail logs.</a>
<h1>Answers:</h1>
<p>The latest HTML FAQ is available alongside the latest fetchmail
sources at the fetchmail home page: <a
-href="http://www.tuxedo.org/~esr/fetchmail">http://www.tuxedo.org/~esr/fetchmail</a>.
+href="http://fetchmail.berlios.de/">http://fetchmail.berlios.de/</a>.
You can also usually find both in the <a
href="http://sunsite.unc.edu/pub/Linux/system/mail/pop/!INDEX.html">
POP mail tools directory on Sunsite</a>.</p>
<p>You can do spam filtering better with procmail or maildrop on
the server side and (if you're the server sysadmin) sendmail.cf
-domain exclusions. You can do other policy things better with the
+domain exclusions. If you really want fetchmail to do it from the
+client side, yse a <code>preconnect</code> command to call
+<a href='http://mailfilter.sourceforge.net/'>mailfilter</a>.</p>
+
+<p>You can do other policy things better with the
<code>mda</code> option and script wrappers around fetchmail. If
it's a prime-time-vs.-non-prime-time issue, ask yourself whether a
wrapper script called from crontab would do the job.</p>
<p>For reasons fetchmail doesn't have other commonly-requested
features (such as password encryption, or multiple concurrent polls
-from the same instance of fetchmail) see the <a
-href="http://www.tuxedo.org/~esr/fetchmail/design-notes.html">design
-notes</a>.</p>
+from the same instance of fetchmail) see <a
+href="esrs-design-notes.html">ESR's design
+notes</a>. Note that this document is partially obsoleted by the
+<a href="design-notes.html">updated design notes.</a></p>
<p>Fetchmail is a mature project, no longer in constant active
development. It is no longer my top project, and I am going to be
the Linux development model is correct.</p>
<p>The experiment was a success. I wrote a paper about it titled <a
-href="http://www.tuxedo.org/~esr/writings/cathedral.html">The
+href="http://www.catb.org/~esr/writings/cathedral.html">The
Cathedral and the Bazaar</a> which was first presented at Linux
Kongress '97 in Bavaria and very well received there. It was also
given at Atlanta Linux Expo, Linux Pro '97 in Warsaw, and the first
<p>Fetchmail will work with any POP, IMAP, ETRN, or ODMR server
that conforms to the relevant RFCs (and even some outright broken
ones like <a href="#S2">Microsoft Exchange</a> and <a
-href="#S12">Novell GroupWise</a>). This doesn't mean it works
+href="#S6">Novell GroupWise</a>). This doesn't mean it works
equally well with all, however. POP2 servers, and POP3 servers
without LAST, limit fetchmail's capabilities in various ways
described on the manual page.</p>
ranges from trivial to impossible. It may even be next to
useless.</p>
-<p>Most people use fetchmail over phone wires, which are hard to
-tap. Anybody with the skill and resources to do this could get into
-your server mailbox with much less effort by subverting the server
-host. So if your provider setup is modem wires going straight into
-a service box, you probably don't need to worry.</p>
+<p>Most people use fetchmail over phone wires (whether plain old
+copper or DSL), which are hard to tap. Anybody with the skill and
+resources to do this could get into your server mailbox with much less
+effort by subverting the server host. So if your provider setup is
+phone-company wire going straight into a service box, you probably
+don't need to worry.</p>
-<p>In general there is little point in trying to secure your
-fetchmail transaction unless you trust the security of the server
-host you are retrieving mail from. Your vulnerability is more
-likely to be an insecure local network on the server end (e.g. to
-somebody with a TCP/IP packet sniffer intercepting Ethernet traffic
-between the modem concentrator you dial in to and the mailserver
-host).</p>
+<p>In general there is little point in trying to secure your fetchmail
+transaction unless you trust the security of the server host you are
+retrieving mail from. Your vulnerability is more likely to be an
+insecure local network on the server end (e.g. to somebody with a
+TCP/IP packet sniffer intercepting Ethernet traffic between the modem
+concentrator or DSL POP you dial in to and the mailserver host).</p>
<p>Having realized this, you need to ask whether password
encryption alone will really address your security exposure. If you
<p>If you are fetching mail from a CompuServe POP3 account, you can
use their RPA authentication (which works much like APOP). See <a
-href="#S3">S3</a> for details. If you are fetching mail from
+href="#I1">I1</a> for details. If you are fetching mail from
Microsoft Exchange using IMAP, you will be able to use NTLM.</p>
<p>Your POP3 server may have the RFC1938 OTP capability to use
<p>You can get both POP3 and IMAP OTP patches from <a id="cmetz"
name="cmetz">Craig Metz</a> at <a
-href="http://www.inner.net/pub/">http://www.inner.net/pub/</a>.</p>
+href="http://www.inner.net/opie">http://www.inner.net/opie</a>.</p>
<p>These patches use a SASL authentication method named "X-OTP"
because there is not currently a standard way to do this; fetchmail
<h2><a id="F3" name="F3">F3. The .fetchmailrc parser won't accept
my host or username beginning with `no'.</a></h2>
-<p>See <a href="#F2">F2</a> You're caught in an unfortunate crack
+<p>See <a href="#F2">F2</a>. You're caught in an unfortunate crack
between the newer-style syntax for negated options (`no keep', `no
rewrite' etc.) and the older style run-on syntax (`nokeep',
`norewrite' etc.).</p>
convert \n to \r\n, but its rules are not the intuitive and
correct-for-RFC822 ones. Use `forcecr'.</p>
+<hr/>
<h2><a id="T7" name="T7">T7. How can I use fetchmail with Courier
IMAP?</a></h2>
<code>smtphost</code> or <code>smtpaddress</code>.</p>
<hr/>
-<h2><a href="T8">T8. How can I use fetchmail with vbmailshield?</a></h2>
+<h2><a name="T8">T8. How can I use fetchmail with vbmailshield?</a></h2>
<p>vbmailshield's SMTP interpreter is broken. It doesn't understand RSET.</p>
with no terminating newline added. This will hang fetchmail or any
other RFC-compliant server. IMAP is alleged to work OK, though.</p>
-<p>Older versions of Exchange are semi-usable.</p>
+<p>Older versions of Exchange are semi-usable. They randomly drop
+attachments on the floor, though. Microsoft acknowledges this
+as a known bug and apparently has no plans to fix it.</p>
<p>Fetchmail using IMAP supports the proprietary NTLM mode used
with M$ Exchange servers. To enable this, configure fetchmail with
<p>But, the best option involves a tactical nuclear weapon (an old
ASROC will do), pissing off a lot people who live downwind from
Redmond, and your choice of any Linux, NetBSD, FreeBSD, or Solaris
-CD.</p>
+CD-ROM.</p>
+
+<hr/>
+<h2><a id="S3" name="S3">S3. How can I use fetchmail with HP
+OpenMail?</a></h2>
+
+<p>No special configuration is required, but OpenMail versions
+prior to 6.0 have an annoying bug similar to the big one in <a
+href="#S2">Microsoft Exchange</a>. The message sizes it gives in
+the LIST are rounded to the nearest 1024 bytes. It also has a nasty
+habit of discarding headers it doesn't recognize, such as X- and
+Resent- headers.</p>
+
+<p>As with M$ Exchange, the only real fix for these problems is to
+get a POP (or preferably IMAP) server that isn't brain-dead.
+OpenMail's project manager claims these bugs have been fixed in
+6.0.</p>
+
+<p>We've had a more recent report (December 2001) that the TOP
+command fails, returning only one line regrardless of its argument,
+on something identifying itself as "OpenMail POP3 interface".</p>
+
+<hr/>
+<h2><a id="S4" name="S4">S4. How can I use fetchmail with Novell GroupWise?</a></h2>
+
+<p>The Novell GroupWise IMAP server would be better named
+GroupFoolish; it is (according to the designer of IMAP) unusably
+broken. Among other things, it doesn't include a required content
+length in its BODY[TEXT] response.</p>
+
+<p>Fetchmail works around this problem, but we strongly recommend
+voting with your dollars for a server that isn't brain-dead. If you
+stick with code as shoddy as GroupWise seems to be, you will
+probably pay for it with other problems.</p>
+
+<hr/>
+<h2><a id="S5" name="S5">S5. How can I use fetchmail with
+InterChange?</a></h2>
+
+<p>You can't. At least not if you want to be able to see
+attachments. InterChange has a bug similar to the MailMax server;
+it reports the message length with attachments but doesn't download
+them on TOP or RETR.</p>
-<p>I'll provide the CD.</p>
+<p>On Jan 9 2001, the people at InfiniteMail sent me mail informing
+me that their new 3.61.08 release of InterChange fixes this
+problem. I don't have any reports one way or the other yet.</p>
+
+<hr/>
+<h2><a id="S6" name="S6">S6. How can I use fetchmail with MailMax?</a></h2>
+
+<p>You can't. At least not if you want to be able to see
+attachments. MailMax has a bug; it reports the message length with
+attachments but doesn't download them on TOP or RETR.</p>
+
+<p>Also, we're told that TOP sometimes fails to retrieve the entire
+message even when enough lines have been specified. The MailMax
+developers have acknowledged this bug as of 4 May 2000, but there
+is no fix yet. If you must use this server, force RETR with the
+<tt>fetchall</tt> option.</p>
+
+<hr/>
+<h2><a id="S7" name="S7">S7. How can I use fetchmail with FTGate?</a></h2>
+
+<p>The FTGate V2 server (and possibly older versions as well) has a
+weird bug. It answers OK twice to a TOP request! Use the
+<code>fetchall</code> option to force use of RETR and work around
+this bug.</p>
<hr/>
-<h2><a id="S3" name="S3">S3. How can I use fetchmail with
-CompuServe RPA?</a></h2>
+<h2><a id="I1" name="I1">I1. How can I use fetchmail with CompuServe RPA?</a></h2>
<p>First, make sure your fetchmail has the RPA support compiled in.
Stock fetchmail binaries (such as you might get from an RPM) don't.
</pre>
<hr/>
-<h2><a id="S4" name="S4">S4. How can I use fetchmail with Demon
+<h2><a id="I2" name="I2">I2. How can I use fetchmail with Demon
Internet's SDPS?</a></h2>
<h3>Single-drop mode</h3>
<p>Note that Demon may delete mail on the server which is more than
30 days old; see their <a
-href="http://www.demon.net/helpdesk/products/mail/sdps-tech.shtm">POP3
+href="http://www.demon.net/helpdesk/products/mail/sdps-tech.shtml">POP3
page</a> for details.</p>
<h3>The SDPS extension</h3>
it may fail. To force SDPS mode, pick "sdps" as your protocol.</p>
<hr/>
-<h2><a id="S5" name="S5">S5. How can I use fetchmail with usa.net's
+<h2><a id="I3" name="I3">I3. How can I use fetchmail with usa.net's
servers?</a></h2>
<p>Enable `<code>fetchall</code>'. A user reports that the 2.2
another provider.)</p>
<hr/>
-<h2><a id="S6" name="S6">S6. How can I use fetchmail with HP
-OpenMail?</a></h2>
-
-<p>No special configuration is required, but OpenMail versions
-prior to 6.0 have an annoying bug similar to the big one in <a
-href="#S2">Microsoft Exchange</a>. The message sizes it gives in
-the LIST are rounded to the nearest 1024 bytes. It also has a nasty
-habit of discarding headers it doesn't recognize, such as X- and
-Resent- headers.</p>
-
-<p>As with M$ Exchange, the only real fix for these problems is to
-get a POP (or preferably IMAP) server that isn't brain-dead.
-OpenMail's project manager claims these bugs have been fixed in
-6.0.</p>
-
-<p>We've had a more recent report (December 2001) that the TOP
-command fails, returning only one line regrardless of its argument,
-on something identifying itself as "OpenMail POP3 interface".</p>
-
-<hr/>
-<h2><a id="S7" name="S7">S7. How can I use fetchmail with geocities
+<h2><a id="I4" name="I4">I4. How can I use fetchmail with geocities
POP3 servers?</a></h2>
<p>Nathan Cutler reports that the the mail.geocities.com POP3
Geocities are lame, you should boycott them anyway.</p>
<hr/>
-<h2><a id="S8" name="S8">S8. How can I use fetchmail with Hotmail?</a></h2>
+<h2><a id="I5" name="I5">I5. How can I use fetchmail with Hotmail or Lycos Webmail?</a></h2>
+
+<p>You can't directly. But you can use fetchmail with hotmail or lycos
+webmail with the help of the <a
+href='http://people.freenet.de/courierdave/'>HotWayDaemon</a>
+daemon. You don't even need to install hotwayd as a daemon in
+<samp>inetd.conf</samp> but can use it as a plugin. Your
+configuration should look like this:</p>
+
+<pre>
+poll localhost protocol pop3 tracepolls
+ plugin "/usr/local/sbin/hotwayd -l 0 -p yourproxy:yourproxyport"
+ username "youremail@hotmail.com" password "yourpassword"
+ fetchall
+</pre>
-<p>You can't, yet. But <a
-href="http://linux.cudeso.be/linuxdoc/gotmail.php">gotmail</a> might
-be what you need.</p>
+<p>As a second option you may consider using <a
+href="http://linux.cudeso.be/linuxdoc/gotmail.php">gotmail</a>.</p>
<hr/>
-<h2><a id="S9" name="S9">S9. How can I use fetchmail with MSN?</a></h2>
+<h2><a id="I6" name="I6">I6. How can I use fetchmail with MSN?</a></h2>
<p>You can't. MSN uses something that looks like POP3, except the
authentication part is nonstandard. And of course they don't
corrected.</p>
<hr/>
-<h2><a id="S10" name="S10">S10. How can I use fetchmail with
-SpryNet?</a></h2>
+<h2><a id="I7" name="I7">I7. How can I use fetchmail with SpryNet?</a></h2>
<p>The SpryNet POP3 servers mark a message queried with TOP as
seen. This means that if your connection drops in mid-message, it
next cycle.</p>
<hr/>
-<h2><a id="S11" name="S11">S11. How can I use fetchmail with
-FTGate?</a></h2>
-
-<p>The FTGate V2 server (and possibly older versions as well) has a
-weird bug. It answers OK twice to a TOP request! Use the
-<code>fetchall</code> option to force use of RETR and work around
-this bug.</p>
-
-<hr/>
-<h2><a id="S12" name="S12">S12. How can I use fetchmail with
-MailMax?</a></h2>
-
-<p>You can't. At least not if you want to be able to see
-attachments. MailMax has a bug; it reports the message length with
-attachments but doesn't download them on TOP or RETR.</p>
-
-<p>Also, we're told that TOP sometimes fails to retrieve the entire
-message even when enough lines have been specified. The MailMax
-developers have acknowledged this bug as of 4 May 2000, but there
-is no fix yet. If you must use this server, force RETR with the
-<tt>fetchall</tt> option.</p>
-
-<hr/>
-<h2><a id="S13" name="S13">S13. How can I use fetchmail with Novell GroupWise?</a></h2>
-
-<p>The Novell GroupWise IMAP server would be better named
-GroupFoolish; it is (according to the designer of IMAP) unusably
-broken. Among other things, it doesn't include a required content
-length in its BODY[TEXT] response.</p>
-
-<p>Fetchmail works around this problem, but we strongly recommend
-voting with your dollars for a server that isn't brain-dead. If you
-stick with code as shoddy as GroupWise seems to be, you will
-probably pay for it with other problems.</p>
-
-<hr/>
-<h2><a id="S14" name="S14">S14. How can I use fetchmail with
-InterChange?</a></h2>
+<h2><a id="I8" name="I8">I8. How can I use fetchmail with comcast.net?</a></h2>
-<p>You can't. At least not if you want to be able to see
-attachments. InterChange has a bug similar to the MailMax server;
-it reports the message length with attachments but doesn't download
-them on TOP or RETR.</p>
+<p>Stock fetchmail will work with a comcast.net server...<em>but</em>
+the Maillennium POP3 server comcat uses seems to have an 80K limit on
+the length of downloaded messages if you use POP3 TOP to retrieve.
+Anything larger is silently truncated. Don't mistake this for a
+fetchmail bug. (Reported July 2003.)</p>
-<p>On Jan 9 2001, the people at InfiniteMail sent me mail informing
-me that their new 3.61.08 release of InterChange fixes this
-problem. I don't have any reports one way or the other yet.</p>
-
-<h2><a id="S15" name="S15">S15. How can I use fetchmail with www.gmx.de?</a></h2>
-
-<p>You can't, not reliably anyway. The GMX StreamProxy server behaves
-badly on authentication failures, sending back a non-conformant error
-message (missing an <code>-ERR</code> tag) that confuses
-fetchmail.</p>
+<p>Workaround: use the <tt>fetchall</tt> option.</p>
<hr/>
-<h2><a id="K1" name="K1">K1. How can I use fetchmail with
-SOCKS?</a></h2>
+<h2><a id="K1" name="K1">K1. How can I use fetchmail with SOCKS?</a></h2>
<p>Giuseppe Guerini added a --with-socks option that supports
linking with socks library. If you specify the value of this option
<p>To use fetchmail with IPv6, you need a system that supports
IPv6, the "Basic Socket Interface Extensions for IPv6" (RFC 2133).
-This currently means that you need to have a BSD/OS or NetBSD
-system with the NRL IPv6+IPsec software distribution or a Linux
-system with a 2.2 or later kernel and net-tools. It should not be
-hard to build fetchmail on other IPv6 implementations if you can
-port the inet6-apps kit.</p>
-
-<p>To use fetchmail with networking security (read: IPsec), you
-need a system that supports IPsec, the API described in the
-"Network Security API for Sockets"
-(draft-metz-net-security-api-01.txt), and the inet6-apps kit. This
-currently means that you need to have a BSD/OS or NetBSD system
-with the NRL IPv6+IPsec software distribution. A Linux IPsec
-implementation supporting this API will probably appear in the
-coming months.</p>
+</p>
<p>The NRL IPv6+IPsec software distribution can be obtained from:
<a
href="http://web.mit.edu/network/isakmp">http://web.mit.edu/network/isakmp</a></p>
-<p>The inet6-apps kit can be obtained from <a
-href="http://ftp.ps.pl/pub/linux/IPv6/inet6-apps/">http://ftp.ps.pl/pub/linux/IPv6/inet6-apps/</a>.</p>
-
<p>More information on using IPv6 with Linux can be obtained
from:</p>
<li><a
href="http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html">
http://www.bieringer.de/linux/IPv6/IPv6-HOWTO/IPv6-HOWTO.html</a></li>
-
-<li><a
-href="http://www.ipv6.inner.net/ipv6">http://www.ipv6.inner.net/ipv6</a>
-(via IPv6)</li>
-
-<li><a
-href="http://www.inner.net/ipv6">http://www.inner.net/ipv6</a> (via
-IPv4)</li>
</ul>
<hr/>
protocol imap username MYUSERNAME password MYPASSWORD
</pre>
+<p>You should note that SSL is only secure against a "man-in-the-middle"
+attack if the client is able to verify that the peer's public key is the
+correct one, and has not been substituted by an attacker. fetchmail can do
+this in one of two ways: by verifying the SSL certificate, or by checking
+the fingerprint of the peer's public key.</p>
+
+<p>There are three parts to SSL certificate verification: checking that the
+domain name in the certificate matches the hostname you asked to connect to;
+checking that the certificate expiry date has not passed; and checking that
+the certificate has been signed by a known Certificate Authority (CA). This
+last step takes some preparation, as you need to install the root
+certificates of all the CA's which you might come across.</p>
+
+<p>The easiest way to do this is using the root CA keys supplied in the
+OpenSSL distribution, which means you need to download and unpack the
+source tarball from www.openssl.org. Once you have done that:</p>
+
+<ol>
+<li><code>mkdir /etc/ssl/certs</code></li>
+<li>in the openssl-x.x.x/certs directory: <code>cp *.pem /etc/ssl/certs/</code></li>
+<li>in the openssl-x.x.x/tools directory: edit c_rehash and set
+<code>$dir="/etc/ssl"</code></li>
+<li>run "perl c_rehash". This generates a number of symlinks within the
+/etc/ssl/certs/ directory</li>
+</ol>
+
+<p>Now in .fetchmailrc, set option sslcertpath to point to this
+directory:</p>
+
+<pre>
+poll pop3.example.com proto pop3 uidl no dns
+ user foobar@example.com password xyzzy is foobar ssl sslcertpath /etc/ssl/certs
+</pre>
+
+<p>If the server certificate has not been signed by a known CA (e.g. it is a
+self-signed certificate), then this certificate validation will always
+fail.</p>
+
+<p>Certificate verification is always attempted. If it fails, by default a
+warning is printed but the connection carries on (which means you are not
+protected against attack). If your server's certificate has been properly
+set up and verifies correctly, then add the "sslcertck" option to enforce
+validation. If your server doesn't have a valid certificate though (e.g. it
+has a self-signed certificate) then it will never verify, and the only way
+you can protect yourself is by checking the fingerprint.</p>
+
+<p>To check the peer fingerprint: first use fetchmail -v once to connect to
+the host, at a time when you are pretty sure that there is no attack in
+progress (e.g. you are not traversing any untrusted network to reach the
+server). Make a note of the fingerprint shown. Now embed this in your
+.fetchmailrc using the sslfingerprint option: e.g.</p>
+
+<pre>
+poll pop3.example.com proto pop3 uidl no dns
+ user foobar@example.com password xyzzy is foobar ssl sslfingerprint "67:3E:02:94:D3:5B:C3:16:86:71:37:01:B1:3B:BC:E2"
+</pre>
+
+<p>When you next connect, the public key presented by the server will be
+verified against the fingerprint given. If it's different, it may mean that
+a man-in-the-middle attack is in progress - or it might just mean that the
+server changed its key. It's up to you to determine which has happened.</p>
+
<hr/>
<h2><a id="R1" name="R1">R1. Fetchmail isn't working, and -v shows
`SMTP connect failed' messages.</a></h2>
greeting line from the listener. If the SMTP host is inaccessible
or the listener is down, fix that first.</p>
-<p>In Red Hat Linux 6.9, SMTP is disabled by default. To fix this,
+<p>In Red Hat Linux 6.x, SMTP is disabled by default. To fix this,
set "DAEMON=yes" in your /etc/sysconfig/sendmail file, then restart
sendmail by running "/sbin/service sendmail restart".</p>
<p>There's a TCP/IP stalling problem under Redhat 6.0 (and possibly
other recent Linuxes) that can cause this symptom. Brian Boutel
-writes:<</p></p>
+writes:</p>
<blockquote>
<p>TCP timestamps are turned on on my Linux boxes (I assume it's
<h2><a id="X6" name="X6">X6. My mail attachments are being dropped
or mangled.</a></h2>
-<p>This isn't fetchmail's doing -- fetchmail never drops lines in
-message bodies or attachments. It may be your POP server, or it may
-be the sender's mail user agent (or a bad combination of both).</p>
+<p>Fetchmail doesn't discard attachments; fetchmail doesn't have any idea
+that attachments are there. Fetchmail treats the body of each message as
+an uninterpreted byte stream and passes it through without alteration.
+If you are not receiving attachments through fetchmail, it is because
+your mailserver is not sending them to you.</p>
-<p>The Mail Max POP3 server and the InterChange and Imail IMAP
-servers are known to simply drop MIME attachments when uploading
-messages. We've had sporadic reports of problems with Microsoft
-Exchange and Outlook servers. Windows- and NT-based POP servers
+<p>The fix for this is to replace your mailserver with one that works.
+If its operating system makes this difficult, you should replace its
+operating system with one that works. Windows- and NT-based POP servers
seem especially prone to mangle attachments. If you are running one
of these, replacing your server with a Unix machine is probably the
only effective solution.</p>
+<p>We've had sporadic reports of problems with Microsoft Exchange and
+Outlook servers. These sometimes randomly fail to ship
+attachments to your client. This is a known bug, acknowledged by
+Microsft.</p>
+
+<p>They may also mangle the attachments they do pass through. If you
+see unreadable attachments with a ContentType of "application/x-tnef",
+you're having this problem. The <a
+href="http://world.std.com/~damned/software.html">TNEF</a> utility may
+help.</p>
+
+<p>The Mail Max POP3 server and the InterChange and Imail IMAP
+servers are known to simply drop MIME attachments when uploading
+messages.</p>
+
<p>We've also had a report that Lotus Notes sometimes trashes the
MIME type of messages. In particular, it seems to modify MIME
-headers introducing type application/pdf, mangling the type to
+headers of type application/pdf, mangling the type to
application/octet-stream. It may corrupt other MIME types as
well.</p>
rumor that this bug is scheduled to be fixed in Domino release 6;
you can find a workaround at contrib/domino.)</p>
-<p>Another rich source of attachment problems is Microsoft Exchange
-and Microsoft Outlook. If you see unreadable attachments with a
-ContentType of "application/x-tnef", you're having this problem.
-The <a href="http://world.std.com/~damned/software.html">TNEF</a>
-utility may help.</p>
-
<p>Rob Funk explains: Unfortunately there also remain many mail
user agents that don't write correct MIME messages. One big
offender is Sun MailTool attachments, which are formatted enough
messages seen or delete them. The solution is to either (a) wait
for the other client to finish, or (b) terminate it.</p>
-<p>James Stevens <James.Stevens@kyzo.com> writes:</p>
+<p>James Stevens <James.Stevens at kyzo.com> writes:</p>
<p><em>We had a Linux box dialing the Net and collecting mail from
an NT POP3 server. Fetchmail was correctly collecting and deleting
<p>This is a design choice in your MTA, not fetchmail. It's taking
the received date from the last Received header.</p>
+<hr />
+<h2><a name="O11">O11. I keep getting messages that say "Repoll
+immediately" in my logs.</a></h2>
+
+<p>This is your server barfing on the CAPA probe that fetchmail sends.</p>
+
+<p>If you run fetchmail in daemon mode (say "set daemon 600"), you will
+get the message only once per run.</p>
+
+<p>If you set an authentication method explicitly (say, with
+<code>auth password</code>), you will never get the message.</p>
+
+<hr />
+<h2><a name="O12">O12. Fetchmail no longer expunges mail on a 451 SMTP response.</a></h2>
+
+<p>This is a feature, not a bug.</p>
+
+<p>Any 4xx response (like 451) indicates a transient (temporary) error.
+This means that the mail could be accepted if retried later. Lookup
+failures are normally transient errors as a mail should not get
+rejected if a dns server is unreachable or down.</p>
+
+<p>A permanent reject response is of the form 5xx (like 550).</p>
+
+<p>You could tell your SMTP server to not lookup any addresses if you are
+not keen on checking the sender addresses. This problem typically
+occurs if your mail server is not checking the sender addresses, but
+your local server is.</p>
+
+<p>Or you could declare <code>antispam 451</code>.</p>
+
+<p>Or, you could check your nameserver configuration and query logs for
+dns errors.</p>
+
+<p>All these issues are not related to fetchmail directly.</p>
+
+<hr />
+<h2><a name="O13">O13. I want timestamp information in my fetchmail logs.</a></h2>
+
+<p>Write a <code>preconnect</code> command in your configuration file that
+does something like "date >> $HOME/Procmail/fetchmail.log".</p>
+
<hr/>
<table width="100%" cellpadding="0" summary="Canned page footer">
<tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home
Page</a></td>
-<td width="30%" align="center">To <a href="/~esr/sitemap.html">Site
-Map</a></td>
-<td width="30%" align="right">$Date: 2002/09/10 17:02:48 $</td>
+<td width="30%" align="right">$Date: 2004/01/13 08:46:00 $</td>
</tr>
</table>
projects / ~andy / fetchmail / blobdiff