@@ -188,6 +188,7 @@ messages but before deleting them
errors.
R13. What does "Interrupted system call" mean?
R14. Since upgrading fetchmail/OpenSSL, I can no longer connect!
+R15. Help, I'm getting Authorization failure!
Hangs and lockups
@@ -321,8 +322,10 @@ fetchmail's code for years, which is a hint that open source code does
not audit itself.
Fetchmail is licensed under the GNU General Public
-License.
+href="http://www.gnu.org/licenses/old-licenses/gpl-2.0.html">GNU General Public
+License v2. Details, including an exception that allows linking
+against OpenSSL, are in the COPYING file in the fetchmail
+distribution.
If you found this FAQ in the distribution, see the README for
fetchmail's full feature list.
@@ -525,11 +528,11 @@ paper on the Web with a search for that title.
-Fetchmail will work with any POP, IMAP, ETRN, or ODMR server
+
Fetchmail will work with any POP3, IMAP, ETRN, or ODMR server
that conforms to the relevant standards/RFCs (and even some outright
broken ones like Microsoft Exchange and Novell GroupWise). This doesn't mean it works equally
-well with all, however. POP2 servers, and POP3 servers without UIDL,
+well with all, however. POP3 servers without UIDL
limit fetchmail's capabilities in various ways described on the manual
page.
@@ -685,7 +688,7 @@ client machine had when it started up.
time) doesn't match the original, the most benign possible result
is that your MTA thinks it's seeing a relaying attempt and refuses.
More frequently, fetchmail will try to connect to a nonexistent
-host address and time out. Worst case, you could up forwarding your
+host address and time out. Worst case, you could end up forwarding your
mail to the wrong machine!
Use the smtpaddress option to force the appended
@@ -1592,11 +1595,20 @@ so broken that it's unusable. One symptom is that messages without
a terminating newline get the POP3 message termination dot emitted
-- you guessed it -- right after the last character of the message,
with no terminating newline added. This will hang fetchmail or any
-other RFC-compliant server. IMAP is alleged to work OK, though.
-
-Older versions of Exchange are semi-usable. They randomly drop
-attachments on the floor, though. Microsoft acknowledges this
-as a known bug and apparently has no plans to fix it.
+other RFC-compliant client. IMAP is alleged to work OK, though.
+
+Exchange 2003 SP2 has been observed to alter MIME boundary
+lines in multipart messages between one IMAP FETCH command and the next
+under some circumstances -- for instance, when the top-level
+Content-Transfer-Encoding is "binary" (which is commonplace with Perl's
+MIME::Lite module). This causes MUAs to not detect attachments, but
+render the whole message body as one lump of hardly legible to
+unintelligible text, rather than nicely presenting text part and
+attachments or images separately. The cause is that Exchange uses its
+own message store and needs to convert back to MIME message format
+on-the-fly, and apparently this is sometimes subject to such
+inconsistencies.
+
Fetchmail using IMAP usually supports the proprietary NTLM mode used
with Microsoft Exchange servers. "Usually" here means that it fails on some
@@ -1716,9 +1728,6 @@ explicitly to your mailbox name.
-
But, the best option involves finding a server that runs better
-software.
-
@@ -2000,6 +2009,15 @@ sorts of strange effects, for instance, your sent mail may show up in
the mail that fetchmail fetches. It's best to avoid fetching mail from
Google until they are using standards-compliant software.
+If you still need to use Google's mail service, these links may help (valid as of 2011-04-13):
+
+
How to set up well-known security and authentication
methods
@@ -2072,13 +2090,15 @@ IMAP-GSS protocol?
Fetchmail can use RFC1731 GSSAPI authorization to safely
identify you to your IMAP server, as long as you can share
Kerberos V credentials with your mail host and you have a GSSAPI-capable
-IMAP server - those are few.
+IMAP server.
fetchmail does not compile in support for GSS by
-default, since it requires libraries from the Kerberos V
-distribution (available via FTP at athena-dist.mit.edu).
-If you have these, compiling in GSS support is simple: add a
+default, since it requires libraries from a Kerberos V
+distribution, such as MIT
+ Kerberos or Heimdal
+ Kerberos.
+
+If you have these, compiling in GSS support is simple: add a
--with-gssapi=[/path/to/krb5/root] option to
configure. For instance, I have all of my Kerberos V libraries
installed under /usr/krb5 so I run configure
@@ -2501,6 +2521,38 @@ option is --sslcertpath /home/hans/certs on the commandline and
env PATH=/opt/openssl1.0.0/bin /opt/openssl1.0.0/bin/c_rehash /home/hans/certs
+
+
+First, try upgrading to fetchmail 6.3.18 or newer. Release 6.3.18 has
+received a considerable number of bug fixes for the authentication
+feature (AUTH, AUTHENTICATE, SASL). Most notably, fetchmail aborts SASL
+authentication attempts properly with an asterisk if it detects that it
+cannot make progress with a particular authentication scheme. This fixes
+issues where GSSAPI-enabled fetchmail cannot authenticate against
+Microsoft Exchange 2007 and 2010. Note that this is a
+bug in old fetchmail versions!
+
+Fetchmail by default attempts to authenticate using various schemes.
+Fetchmail tries these schemes in order of descending security, meaning
+the most secure schemes are tried first.
+
+However, sometimes the server offers a secure authentication scheme
+that is not properly configured, or an authentication scheme such as
+GSSAPI that requires credentials to be acquired externally. In some
+situations, fetchmail cannot know that the scheme will fail beforehand,
+without trying it. In most cases, fetchmail should proceed to the next
+authentication scheme automatically, but this sometimes does not
+work.
+
+Solution: Configure the right authentication scheme
+explicitly, for instance, with --auth cram-md5 or --auth
+ password on the command line or auth "cram-md5" or
+ auth "password" in the rcfile. Details can be found
+ in the manual page.
+ Note that auth password should only be used
+ across secure links (see the sslcertck and ssl/sslproto options).
+
+
Hangs and lockups