X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail.man;h=44677490eb73bed2b0ec1659ba551da6b4086ff4;hb=fe032553e2a0ba0d867bc3b0855d7bf877f0bebd;hp=231e163db364c1b337ed3917256a99884025399b;hpb=eb9e1e4176d89ee30d33381273e22325584675d3;p=~andy%2Ffetchmail diff --git a/fetchmail.man b/fetchmail.man index 231e163d..44677490 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -10,7 +10,7 @@ .\" Load www macros to process .URL requests, this requires groff: .mso www.tmac .\" -.TH fetchmail 1 "fetchmail 6.3.19" "fetchmail" "fetchmail reference manual" +.TH fetchmail 1 "fetchmail 6.3.23" "fetchmail" "fetchmail reference manual" .SH NAME fetchmail \- fetch mail from a POP, IMAP, ETRN, or ODMR-capable server @@ -474,9 +474,9 @@ Also see \-\-sslcert above. (Keyword: sslproto) .br Forces an SSL/TLS protocol. Possible values are \fB''\fP, -\&'\fBSSL23\fP' (note however that fetchmail, since v6.3.20, prohibits -negotiation of SSLv2 -- it has been deprecated for 15 years and is -insecure), \&'\fBSSL3\fP', and +\&'\fBSSL2\fP' (not supported on all systems), +\&'\fBSSL23\fP', (use of these two values is discouraged +and should only be used as a last resort) \&'\fBSSL3\fP', and \&'\fBTLS1\fP'. The default behaviour if this option is unset is: for connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will opportunistically try STARTTLS negotiation with TLS1. You can configure @@ -1366,6 +1366,8 @@ The option turns off use of .BR syslog (3), assuming it's turned on in the \fI~/.fetchmailrc\fP file. +This option is overridden, in certain situations, by \fB\-\-logfile\fP (which +see). .PP The .B \-N @@ -1377,8 +1379,7 @@ fetchmail runs as the child of a supervisor process such as .BR init (8) or Gerrit Pape's .BR runit (8). -Note that this also causes the logfile option to be ignored (though -perhaps it shouldn't). +Note that this also causes the logfile option to be ignored. .PP Note that while running in daemon mode polling a POP2 or IMAP2bis server, transient errors (such as DNS failures or sendmail delivery refusals) @@ -1702,13 +1703,16 @@ Keep permanently undeliverable mail as though a temporary error had occurred (default). T} set logfile \-L \& T{ -Name of a file to append error and status messages to. +Name of a file to append error and status messages to. Only effective +in daemon mode and if fetchmail detaches. If effective, overrides \fBset +syslog\fP. T} set idfile \-i \& T{ Name of the file to store UID lists in. T} set syslog \& \& T{ -Do error logging through syslog(3). +Do error logging through syslog(3). May be overriden by \fBset +logfile\fP. T} set no syslog \& \& T{ Turn off error logging through syslog(3). (default) @@ -2226,7 +2230,8 @@ authentication. These defaults may be overridden by later options. There are some global option statements: 'set logfile' followed by a string sets the same global specified by \-\-logfile. A command-line \-\-logfile option will override this. Note that \-\-logfile is -only effective if fetchmail detaches itself from the terminal and the +only effective if fetchmail detaches itself from the terminal, is in +daemon mode, and if the logfile already exists before fetchmail is run, and it overrides \-\-syslog in this case. Also, \&'set daemon' sets the poll interval as \-\-daemon does. This can be @@ -2781,14 +2786,15 @@ then that name is used as the default local name. Otherwise session ID (this elaborate logic is designed to handle the case of multiple names per userid gracefully). -.IP \fBFETCHMAIL_IMAP_DELETED_REMAINS_UNSEEN\fP -(since v6.3.20): -If this environment variable is set and not empty, fetchmail will NOT mark -messages retrieved through IMAP as \\Seen when they are deleted. This may suppress -delivery notifications on some systems (some versions of HP OpenMail) and change them -to mention "deleted without being read" on others (some versions of Microsoft Exchange). -The default (if this variable is unset or empty) is to mark messages as \\Seen -and \\Deleted at the same time. +.IP \fBFETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE\fP +(since v6.3.22): +If this environment variable is set and not empty, fetchmail will disable +a countermeasure against an SSL CBC IV attack (by setting +SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS). This is a security risk, but may be +necessary for connecting to certain non-standards-conforming servers. +See fetchmail's NEWS file and fetchmail-SA-2012-01.txt for details. +Earlier fetchmail versions (v6.3.21 and older) used to disable this +countermeasure, but v6.3.22 no longer does that as a safety precaution. .IP \fBFETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS\fP (since v6.3.17): @@ -2822,7 +2828,7 @@ it). Running \fBfetchmail\fP in foreground while a background fetchmail is running will do whichever of these is appropriate to wake it up. -.SH BUGS AND KNOWN PROBLEMS +.SH BUGS, LIMITATIONS, AND KNOWN PROBLEMS .PP Please check the \fBNEWS\fP file that shipped with fetchmail for more known bugs than those listed here. @@ -2832,6 +2838,10 @@ character, for instance "demonstr@ti on". These are rather uncommon and only hurt when using UID-based \-\-keep setups, so the 6.3.X versions of fetchmail won't be fixed. .PP +Fetchmail cannot handle configurations where you have multiple accounts +that use the same server name and the same login. Any user@server +combination must be unique. +.PP The assumptions that the DNS and in particular the checkalias options make are not often sustainable. For instance, it has become uncommon for an MX server to be a POP3 or IMAP server at the same time. Therefore the