HOWTO: Ubuntu 10.04 fetchmail with new ssl settings
jemandel
Newbie

I am using fetchmail on Ubuntu 10.04. I had it working for the old POP3 server, and wanted to use the new POP3S.

I grabbed the certificate for incoming.verizon.net

openssl s_client -connect incoming.verizon.net:995 -showcerts

This provide two certificates:

0 s:/C=US/ST=Texas/L=Irving/O=Verizon Data Services LLC/OU=ctnisdres/CN=incoming.verizon.net
i:/O=Cybertrust Inc/CN=Cybertrust SureServer Standard Validation CA
1 s:/O=Cybertrust Inc/CN=Cybertrust SureServer Standard Validation CA
i:/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root

I copied each of these (from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE-----) to .pem files in /etc/fetchmail/certs and rehashed:

sudo c_rehash /etc/fetchmail/certs/
Doing /etc/fetchmail/certs/
GTE.pem => 4fe8d121.0
incoming.verizon.net.pem => 8d7c72c2.0

I modified .fetchmailrc to use ssl

set syslog
set daemon 60
set postmaster "XXXX"
poll incoming.verizon.net
with nodns,
with protocol pop3,
user "XXXX" there is XXXX here,
with password YYYY
options ssl
sslcertck sslcertpath /etc/fetchmail/certs/;

and ran fetchmail so as to emit full diagnostics:

env LC_ALL=C fetchmail -vvv  --nodetach --nosyslog

It tells me:

fetchmail: starting fetchmail 6.3.18 daemon
fetchmail: 6.3.18 querying incoming.verizon.net (protocol POP3) at Sat Jan 7 21:31:20 2012: poll started
Trying to connect to 206.46.232.10/995...connected.
fetchmail: Certificate chain, from root to peer, starting at depth 2:
fetchmail: Issuer Organization: GTE Corporation
fetchmail: Issuer CommonName: GTE CyberTrust Global Root
fetchmail: Subject CommonName: GTE CyberTrust Global Root
fetchmail: Certificate at depth 1:
fetchmail: Issuer Organization: GTE Corporation
fetchmail: Issuer CommonName: GTE CyberTrust Global Root
fetchmail: Subject CommonName: Cybertrust SureServer Standard Validation CA
fetchmail: Server certificate:
fetchmail: Issuer Organization: Cybertrust Inc
fetchmail: Issuer CommonName: Cybertrust SureServer Standard Validation CA
fetchmail: Subject CommonName: incoming.verizon.net
fetchmail: Subject Alternative Name: incoming.verizon.net
fetchmail: incoming.verizon.net key fingerprint: A6:3D:EE:40:EE:E8:74:A7:4C:9D:1A:07:E1:68:A1:8E
fetchmail: POP3< +OK Messaging Multiplexor (Sun Java(tm) System Messaging Server 6.3-11.01 (built Feb 12 2010)) <752ce20c6ce62f1355224403e33516aa@vms171007.mailsrvcs.net>

 Next project will be to implement SMTPS for outgoing.verizon.net.

Hope this helps,

{edited for privacy}

0 Likes
Reply
0 Replies