X-Git-Url: http://pileus.org/git/?a=blobdiff_plain;f=fetchmail.man;h=56026d0bea96acb40d896a9c351a9565036c215b;hb=b0cd8b7a095f7b3968f55cbf9efe2075c7ee9677;hp=495a60e3fa3647b1e8ec4ecb11dd6441b85a757b;hpb=7fcb06adb32c6e08d68f90e302b36c642f16ab85;p=~andy%2Ffetchmail diff --git a/fetchmail.man b/fetchmail.man index 495a60e3..56026d0b 100644 --- a/fetchmail.man +++ b/fetchmail.man @@ -10,7 +10,7 @@ .\" Load www macros to process .URL requests, this requires groff: .mso www.tmac .\" -.TH fetchmail 1 "fetchmail 6.3.19" "fetchmail" "fetchmail reference manual" +.TH fetchmail 1 "fetchmail 6.3.22" "fetchmail" "fetchmail reference manual" .SH NAME fetchmail \- fetch mail from a POP, IMAP, ETRN, or ODMR-capable server @@ -365,7 +365,7 @@ email if this happens. .IP Beginning with fetchmail 6.3.10, the SMTP client uses the recommended minimum timeouts from RFC-5321 while waiting for the SMTP/LMTP server it is talking to. -You can raise the timeouts even more, but you cannot shorten it. This is to +You can raise the timeouts even more, but you cannot shorten them. This is to avoid a painful situation where fetchmail has been configured with a short timeout (a minute or less), ships a long message (many MBytes) to the local MTA, which then takes longer than timeout to respond "OK", which it eventually @@ -474,7 +474,8 @@ Also see \-\-sslcert above. (Keyword: sslproto) .br Forces an SSL/TLS protocol. Possible values are \fB''\fP, -\&'\fBSSL2\fP', '\fBSSL23\fP', (use of these two values is discouraged +\&'\fBSSL2\fP' (not supported on all systems), +\&'\fBSSL23\fP', (use of these two values is discouraged and should only be used as a last resort) \&'\fBSSL3\fP', and \&'\fBTLS1\fP'. The default behaviour if this option is unset is: for connections without \-\-ssl, use \&'\fBTLS1\fP' so that fetchmail will @@ -2780,6 +2781,16 @@ then that name is used as the default local name. Otherwise session ID (this elaborate logic is designed to handle the case of multiple names per userid gracefully). +.IP \fBFETCHMAIL_DISABLE_CBC_IV_COUNTERMEASURE\fP +(since v6.3.22): +If this environment variable is set and not empty, fetchmail will disable +a countermeasure against an SSL CBC IV attack (by setting +SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS). This is a security risk, but may be +necessary for connecting to certain non-standards-conforming servers. +See fetchmail's NEWS file and fetchmail-SA-2012-01.txt for details. +Earlier fetchmail versions (v6.3.21 and older) used to disable this +countermeasure, but v6.3.22 no longer does that as a safety precaution. + .IP \fBFETCHMAIL_INCLUDE_DEFAULT_X509_CA_CERTS\fP (since v6.3.17): If this environment variable is set and not empty, fetchmail will always load @@ -2812,7 +2823,7 @@ it). Running \fBfetchmail\fP in foreground while a background fetchmail is running will do whichever of these is appropriate to wake it up. -.SH BUGS AND KNOWN PROBLEMS +.SH BUGS, LIMITATIONS, AND KNOWN PROBLEMS .PP Please check the \fBNEWS\fP file that shipped with fetchmail for more known bugs than those listed here. @@ -2822,6 +2833,10 @@ character, for instance "demonstr@ti on". These are rather uncommon and only hurt when using UID-based \-\-keep setups, so the 6.3.X versions of fetchmail won't be fixed. .PP +Fetchmail cannot handle configurations where you have multiple accounts +that use the same server name and the same login. Any user@server +combination must be unique. +.PP The assumptions that the DNS and in particular the checkalias options make are not often sustainable. For instance, it has become uncommon for an MX server to be a POP3 or IMAP server at the same time. Therefore the