Things to do:
-Scrollbars on fetchmailconf help windows (Debian normal bug #51770).
-
Notify user by mail when pop server nonexistent (Debian wishlist #47143).
In the SSL support, we need to add server certificate validation (In
before close (sigh...NFS might still betray us...).
* Added Martijn Lievaart's sendmail hacks for multidrop to the contrib
directory.
+* Fix bug in processing of plugout option.
+* Add support for `ssh' preauth type to suppress password prompts at startup.
+* Support for RFC2449 extended POP3 responses [IN-USE] and [LOGIN-DELAY].
* Log bounced messages via syslog (Debian bug #50184).
+* Add scrollbars on fetchmailconf help windows (Debian bug #51770).
* Debian buglist cleanup.
fetchmail-5.2.5 (Mon Jan 31 02:02:48 EST 2000), 18445 lines:
stringdump("preauth", "kerberos_v4");
else if (ctl->server.preauthenticate == A_KERBEROS_V5)
stringdump("preauth", "kerberos_v5");
+ else if (ctl->server.preauthenticate == A_SSH)
+ stringdump("preauth", "ssh");
else
stringdump("preauth", "password");
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="/~esr/index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2000/01/08 22:37:39 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<HR>
<H1 ALIGN=CENTER>Design Notes On Fetchmail</H1>
<DD> A One-Time Password System
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1939.txt">RFC1939</A>
<DD> Post Office Protocol - Version 3
+<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1957.txt">RFC1957</A>
+<DD> Some Observations on Implementations of the Post Office Protocol (POP3)
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc1985.txt">RFC1985</A>
<DD> SMTP Service Extension for Remote Message Queue Starting
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2033.txt">RFC2033</A>
<DD> IMAP4 Compatibility With IMAP2bis
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2062.txt">RFC2062</A>
<DD> Internet Message Access Protocol - Obsolete Syntax
+<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC2195</A>
+<DD> IMAP/POP AUTHorize Extension for Simple Challenge/Response
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2195.txt">RFC2449</A>
<DD> IMAP/POP AUTHorize Extension for Simple Challenge/Response
<DT><A HREF="ftp://ftp.isi.edu/in-notes/rfc2449.txt">RFC2449</A>
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 2000/01/08 22:37:39 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS>
free_str_list(&msgblk.recipients);
return(PS_IOERR);
}
- else if (!run.use_syslog && outlevel >= O_VERBOSE)
+ else if ((run.poll_interval == 0 || nodetach) && outlevel >= O_VERBOSE)
fputs("#", stderr);
/* write error notifications */
sizeticker += linelen;
while (sizeticker >= SIZETICKER)
{
- if (!run.use_syslog && outlevel > O_SILENT)
+ if ((run.poll_interval == 0 || nodetach) && outlevel > O_SILENT)
{
fputc('.', stdout);
fflush(stdout);
* in daemon mode but the connection to the outside world
* is down.
*/
- if (err_no == EHOSTUNREACH && run.poll_interval)
- goto ehostunreach;
-
- report_build(stderr, _("fetchmail: %s connection to %s failed"),
- protocol->name, ctl->server.pollname);
-#ifdef HAVE_RES_SEARCH
- if (h_errno != 0)
+ if (!(err_no == EHOSTUNREACH && run.poll_interval))
{
- if (h_errno == HOST_NOT_FOUND)
- report_complete(stderr, _(": host is unknown\n"));
- else if (h_errno == NO_ADDRESS)
- report_complete(stderr, _(": name is valid but has no IP address\n"));
- else if (h_errno == NO_RECOVERY)
- report_complete(stderr, _(": unrecoverable name server error\n"));
- else if (h_errno == TRY_AGAIN)
- report_complete(stderr, _(": temporary name server error\n"));
+ report_build(stderr, _("fetchmail: %s connection to %s failed"),
+ protocol->name, ctl->server.pollname);
+#ifdef HAVE_RES_SEARCH
+ if (h_errno != 0)
+ {
+ if (h_errno == HOST_NOT_FOUND)
+ report_complete(stderr,
+ _(": host is unknown\n"));
+ else if (h_errno == NO_ADDRESS)
+ report_complete(stderr,
+ _(": name is valid but has no IP address\n"));
+ else if (h_errno == NO_RECOVERY)
+ report_complete(stderr,
+ _(": unrecoverable name server error\n"));
+ else if (h_errno == TRY_AGAIN)
+ report_complete(stderr,
+ _(": temporary name server error\n"));
+ else
+ report_complete(stderr,
+ _(": unknown DNS error %d\n"), h_errno);
+ }
else
- report_complete(stderr, _(": unknown DNS error %d\n"), h_errno);
- }
- else
#endif /* HAVE_RES_SEARCH */
- report_complete(stderr, ": %s\n", strerror(err_no));
+ report_complete(stderr, ": %s\n", strerror(err_no));
- ehostunreach:
+ }
#endif /* INET6_ENABLE */
ok = PS_SOCKET;
set_timeout(0);
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/12/21 03:45:26 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<HR>
<H2>Since 5.0:</H2>
<UL>
+<LI>
+Fetchail now recognizes the RFC 2449 extended responses [IN-USE] and
+[LOGIN-DELAY].
+
<LI>
Fetchmail running in daemon mode now restarts itself quietly when the
rc file is touched.
<table width="100%" cellpadding=0><tr>
<td width="30%">Back to <a href="index.html">Fetchmail Home Page</a>
<td width="30%" align=center>To <a href="/~esr/sitemap.html">Site Map</a>
-<td width="30%" align=right>$Date: 1999/12/21 03:45:26 $
+<td width="30%" align=right>$Date: 2000/02/05 04:10:38 $
</table>
<P><ADDRESS>Eric S. Raymond <A HREF="mailto:esr@thyrsus.com"><esr@snark.thyrsus.com></A></ADDRESS>
if (ctl->active && !(implicitmode && ctl->server.skip)&&!ctl->password)
{
if (ctl->server.preauthenticate == A_KERBEROS_V4 ||
- ctl->server.preauthenticate == A_KERBEROS_V5 ||
+ ctl->server.preauthenticate == A_KERBEROS_V5 ||
+ ctl->server.preauthenticate == A_SSH ||
#ifdef GSSAPI
- ctl->server.protocol == P_IMAP_GSS ||
+ ctl->server.protocol == P_IMAP_GSS ||
#endif /* GSSAPI */
- ctl->server.protocol == P_IMAP_K4)
+ ctl->server.protocol == P_IMAP_K4)
/* Server won't care what the password is, but there
must be some non-null string here. */
ctl->password = ctl->remotename;
struct stat rcstat;
if (stat(rcfile, &rcstat) == -1)
- report(stderr, _("couldn't time-check %s\n"), rcfile);
+ {
+ if (errno != ENOENT)
+ report(stderr,
+ _("couldn't time-check %s (error %d)\n"),
+ rcfile, errno);
+ }
else if (rcstat.st_mtime > parsetime)
{
report(stdout, _("restarting fetchmail (%s changed)\n"), rcfile);
def_opts.listener = SMTP_MODE;
/* note the parse time, so we can pick up on modifications */
- if (stat(rcfile, &rcstat) == -1)
- report(stderr, _("couldn't time-check the run-control file\n"));
- else
+ parsetime = 0; /* foil compiler warnings */
+ if (stat(rcfile, &rcstat) != -1)
parsetime = rcstat.st_mtime;
+ else if (errno != ENOENT)
+ report(stderr, _("couldn't time-check the run-control file\n"));
/* this builds the host list */
if ((st = prc_parse_file(rcfile, !versioninfo)) != 0)
putchar('\n');
if (ctl->server.preauthenticate == A_KERBEROS_V4)
printf(_(" Kerberos V4 preauthentication enabled.\n"));
- if (ctl->server.preauthenticate == A_KERBEROS_V5)
+ else if (ctl->server.preauthenticate == A_KERBEROS_V5)
printf(_(" Kerberos V5 preauthentication enabled.\n"));
+ else if (ctl->server.preauthenticate == A_SSH)
+ printf(_(" End-to-end encryption assumed.\n"));
#ifdef SSL_ENABLE
if (ctl->use_ssl)
printf(" SSL encrypted sessions enabled.\n");
#define A_PASSWORD 0 /* password or inline authentication */
#define A_KERBEROS_V4 1 /* preauthenticate w/ Kerberos V4 */
#define A_KERBEROS_V5 2 /* preauthenticate w/ Kerberos V5 */
+#define A_SSH 3 /* preauthentication at session level */
/*
* Definitions for buffer sizes. We get little help on setting maxima
This option permits you to specify a preauthentication type (see USER
AUTHENTICATION below for details). The possible values are
\&`\fBpassword\fR', `\fBkerberos_v5\fR' and `\fBkerberos\fR' (or, for
-excruciating exactness, `\fBkerberos_v4\fR'). This option is provided
-primarily for developers; choosing KPOP protocol automatically selects
-Kerberos preauthentication, and all other alternatives use password
+excruciating exactness, `\fBkerberos_v4\fR'), and \fBssh\fR. Use
+\fBssh\fR to suppress fetchmail's normal inquiry for a password when
+you are using an end-to-end secure connection such as an ssh tunnel.
+Other values of this option are provided primarily for developers;
+choosing KPOP protocol automatically selects Kerberos
+preauthentication, and all other alternatives use password
authentication (though APOP uses a generated one-time key as the
password and IMAP-K4 uses RFC1731 Kerberos v4 authentication). This
option does not work with ETRN.
a data structure assignment in the language Python. This option
is meant to be used with an interactive
.I ~/.fetchmailrc
-editor written in Python.
+editor like
+.IR fetchmailconf ,
+written in Python.
.SH USER AUTHENTICATION AND ENCRYPTION
Every mode except ETRN requires authentication of the client.
If your IMAP daemon returns the PREAUTH response in its greeting line,
fetchmail will notice this and skip the normal authentication step.
This could be useful, e.g. if you start imapd explicitly using ssh.
+In this case you can declare the preauthentication value `ssh' on that
+site entry to stop \fI.fetchmail\fR from asking you for a password
+when it starts up.
.PP
If you are using POP3, and the server issues a one-time-password
challenge conforming to RFC1938, \fIfetchmail\fR will use your
RFC 937
.TP 5
POP3:
-RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939, RFC 2449
+RFC 1081, RFC 1225, RFC 1460, RFC 1725, RFC 1939, RFC 1957, RFC2195, RFC 2449
.TP 5
APOP:
RFC 1460, RFC 1725, RFC 1939
# by Eric S. Raymond, <esr@snark.thyrsus.com>.
# Requires Python with Tkinter, and the following OS-dependent services:
# posix, posixpath, socket
-version = "1.19"
+version = "1.20"
from Tkinter import *
from Dialog import *
"IMAP-K4":143,
"ETRN":25}
-preauthlist = ("password", "kerberos")
+preauthlist = ("password", "kerberos", "ssh")
listboxhelp = {
'title' : 'List Selection Help',
helpwin.title(helpdict['title'])
helpwin.iconname(helpdict['title'])
Label(helpwin, text=helpdict['banner']).pack()
- textwin = Message(helpwin, text=helpdict['text'], width=600)
- textwin.pack()
+ textframe = Frame(helpwin)
+ scroll = Scrollbar(textframe)
+ helpwin.textwidget = Text(textframe, setgrid=TRUE)
+ textframe.pack(side=TOP, expand=YES, fill=BOTH)
+ helpwin.textwidget.config(yscrollcommand=scroll.set)
+ helpwin.textwidget.pack(side=LEFT, expand=YES, fill=BOTH)
+ scroll.config(command=helpwin.textwidget.yview)
+ scroll.pack(side=RIGHT, fill=BOTH)
+ helpwin.textwidget.insert(END, helpdict['text']);
Button(helpwin, text='Done',
command=lambda x=helpwin: Widget.destroy(x), bd=2).pack()
+ textframe.pack(side=TOP)
def make_icon_window(base, image):
try:
only for Linux and freeBSD systems. See the fetchmail
manual page for details on these.
-The ssl option enables SSL communication with a maolserver
+The ssl option enables SSL communication with a mailserver
supporting Secure Sockets Layer. The sslkey and sslcert options
declare key and certificate files for use with SSL.
self.master.destroy()
self.onexit()
-# Run a command an a scrolling text widget, displaying its output
+# Run a command in a scrolling text widget, displaying its output
class RunWindow(Frame):
def __init__(self, command, master, parent):
else
expunge_period = 1;
- if (preauth)
+ /*
+ * If either (a) we saw a PREAUTH token in the capability response, or
+ * (b) the user specified ssh preauthentication, then we're done.
+ */
+ if (preauth || ctl->server.preauthenticate == A_SSH)
return(PS_SUCCESS);
#if OPIE_ENABLE
ctl->server.preauthenticate = A_KERBEROS_V5;
else if (strcmp(optarg, "kerberos_v4") == 0)
ctl->server.preauthenticate = A_KERBEROS_V4;
+ else if (strcmp(optarg, "ssh") == 0)
+ ctl->server.preauthenticate = A_SSH;
else {
fprintf(stderr,_("Invalid preauthentication `%s' specified.\n"), optarg);
errflag++;
P(_(" -p, --protocol specify retrieval protocol (see man page)\n"));
P(_(" -U, --uidl force the use of UIDLs (pop3 only)\n"));
P(_(" -P, --port TCP/IP service port to connect to\n"));
- P(_(" --preauth preauthentication type (password or kerberos)\n"));
+ P(_(" --preauth preauthentication type (password/kerberos/ssh)\n"));
P(_(" -t, --timeout server nonresponse timeout\n"));
P(_(" -E, --envelope envelope address header\n"));
P(_(" -Q, --qvirtual prefix to remove from local user id\n"));
else if (strstr(bufp,"lock")
|| strstr(bufp,"Lock")
|| strstr(bufp,"LOCK")
- || strstr(bufp,"wait"))
+ || strstr(bufp,"wait")
+ /* these are blessed by RFC 2449 */
+ || strstr(bufp,"[IN-USE]")||strstr(bufp,"[LOGIN-DELAY]"))
ok = PS_LOCKBUSY;
else
ok = PS_AUTHFAIL;
ctl->server.sdps = TRUE;
#endif /* SDPS_ENABLE */
+ /*
+ * In theory, we ought to probe with CAPA here (RFC 2449).
+ * But AFAIK this commpand is not widely implemented, and
+ * we have our own tests for optional commands, and it seems
+ * vanishingly unlikely that the RFC 2449 extended responses
+ * [IN-USE] and [LOGIN-DELAY] will ever be accidentally spoofed.
+ * So we'll not bother, and save ourselves the overhead.
+ */
+
switch (ctl->server.protocol) {
case P_POP3:
#ifdef RPA_ENABLE
kerberos(_v)?4 { SETSTATE(0); return KERBEROS4; }
kerberos(_v)?5 { SETSTATE(0); return KERBEROS5; }
kerberos { SETSTATE(0); return KERBEROS; }
+ssh { SETSTATE(0); return SSH; }
<PREAUTH>password { SETSTATE(0); return PASSWORD; }
timeout { return TIMEOUT;}
envelope { return ENVELOPE; }
interface { return INTERFACE; }
monitor { return MONITOR; }
plugin { return PLUGIN; }
-plugout { return PLUGIN; }
+plugout { return PLUGOUT; }
batchlimit { return BATCHLIMIT; }
fetchlimit { return FETCHLIMIT; }
expunge { return EXPUNGE; }
}
%token DEFAULTS POLL SKIP VIA AKA LOCALDOMAINS PROTOCOL
-%token PREAUTHENTICATE TIMEOUT KPOP SDPS KERBEROS4 KERBEROS5 KERBEROS
+%token PREAUTHENTICATE TIMEOUT KPOP SDPS KERBEROS4 KERBEROS5 KERBEROS SSH
%token ENVELOPE QVIRTUAL USERNAME PASSWORD FOLDER SMTPHOST MDA BSMTP LMTP
%token SMTPADDRESS SPAMRESPONSE PRECONNECT POSTCONNECT LIMIT WARNINGS
%token NETSEC INTERFACE MONITOR PLUGIN PLUGOUT
current.server.preauthenticate = A_KERBEROS_V4;
#endif /* KERBEROS_V5 */
}
+ | PREAUTHENTICATE SSH {current.server.preauthenticate = A_SSH;}
| TIMEOUT NUMBER {current.server.timeout = $2;}
| ENVELOPE NUMBER STRING
* side is acknowledged at the TCP level.
*/
if (recv(sock, &ch, 1, MSG_PEEK) > 0)
- while (recv(sock, &ch, 1, MSG_NOSIGNAL) > 0)
+ while (read(sock, &ch, 1) > 0)
continue;
/* if there's an error closing at this point, not much we can do */